abceea96a5a92c338bc4df529356e495a6c0f53214be989101700c9ff17a6ae8

Sharing

Copy URL

Twitter E-mail

General

Target

abceea96a5a92c338bc4df529356e495a6c0f53214be989101700c9ff17a6ae8
Size

22KB
MD5

8fc3f7d09e147fd6ef17e56a16421144
SHA1

0242448946cc15eb1ffab30a9d6b1f7c8f9306fe
SHA256

abceea96a5a92c338bc4df529356e495a6c0f53214be989101700c9ff17a6ae8
SHA512

2ff6c22ad641ed6043161618597000ba427582ff9e905229b705cf15aeecfa12456b594d581fe7d7b2e6599a8863cf83f06d10e7f5e9b78839115110dd3070fb
SSDEEP

384:5sigh1sTvee0Ss0shI7JVriCVtp8Zqcchh4WWieZWxT2tZHyT:RgXBDSs0ZJkCVfmQhhdeZHw

Score

N/A

Malware Config

Signatures

Files

abceea96a5a92c338bc4df529356e495a6c0f53214be989101700c9ff17a6ae8
.exe windows x86

f13f6a9c17b24afcf95906f762f737b4

Code Sign

1b:44:63:08:ea:b6:03:76:b3:86:5a:b3:54:c3:d4:50
Certificate

Issuer

CN=wqefggq235123

Not Before

01/03/2012, 11:19

Not After

31/12/2039, 23:59

Subject

CN=wqefggq235123

Extended Key Usages

ExtKeyUsageCodeSigning

dd:d4:ff:25:eb:18:22:74:71:11:90:c1:b1:f4:65:ae:75:70:44:f8
Signer

Actual PE Digest

dd:d4:ff:25:eb:18:22:74:71:11:90:c1:b1:f4:65:ae:75:70:44:f8

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=wqefggq235123

01/12/2022, 14:34
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapWalk
IsBadStringPtrW
LCMapStringA
MulDiv
OpenEventW
OpenMutexA
OpenProcess
OpenThread
PeekConsoleInputA
PostQueuedCompletionStatus
Process32First
Process32FirstW
QueryPerformanceCounter
QueueUserWorkItem
ReadConsoleInputW
ReadConsoleOutputA
ReadConsoleOutputCharacterA
SetComputerNameW
SetConsoleCP
SetConsoleTitleA
HeapLock
SetThreadPriority
SetupComm
SizeofResource
SystemTimeToFileTime
TlsAlloc
TryEnterCriticalSection
UnlockFile
UnlockFileEx
VerifyVersionInfoA
VirtualQueryEx
WriteConsoleA
WritePrivateProfileSectionW
WritePrivateProfileStructW
WriteProfileSectionW
WriteProfileStringW
_hwrite
lstrcpyA
lstrcpyW
lstrcpyn
HeapDestroy
HeapAlloc
GlobalMemoryStatusEx
GlobalMemoryStatus
GlobalFindAtomA
GlobalDeleteAtom
GlobalAlloc
GetWindowsDirectoryA
GetVolumePathNameA
GetVersionExA
GetThreadTimes
GetThreadSelectorEntry
GetThreadContext
GetSystemInfo
GetStringTypeExW
GetStringTypeExA
GetShortPathNameW
GetProfileIntW
GetProcessWorkingSetSize
GetProcessVersion
GetProcessShutdownParameters
GetProcessHeaps
GetProcessAffinityMask
GetModuleHandleA
GetFileAttributesExA
GetEnvironmentStringsW
GetEnvironmentStrings
GetDriveTypeA
GetDateFormatA
GetConsoleScreenBufferInfo
GetConsoleAliasesLengthW
GetConsoleAliasExesW
GetCalendarInfoW
GetACP
FreeEnvironmentStringsA
FormatMessageA
FindFirstVolumeW
ExitThread
EnumLanguageGroupLocalesW
EnumDateFormatsExW
EnumCalendarInfoExA
DnsHostnameToComputerNameW
DeleteTimerQueueEx
DebugBreak
DebugActiveProcess
CreateThread
CreateProcessW
CreateMailslotW
CreateFileW
CreateDirectoryW
CreateConsoleScreenBuffer
CommConfigDialogA
CancelIo
BackupRead
GetWindowsDirectoryW
GetProcAddress
SetLastError

msvcrt

memset

advapi32

RegOpenKeyA

oleaut32

VarI1FromDate
VarI2FromI1
VarI4FromR4
VarI4FromR8
VarI4FromUI2
VarImp
VarMul
VarNeg
VarPow
VarR4FromDisp
VarR4FromI1
VarR4FromI4
VarR4FromR8
VarR4FromUI1
VarR4FromUI2
VarR8FromDate
VarR8FromI2
VarR8FromStr
VarR8Pow
VarSu
VarUI1FromDec
VarUI1FromStr
VarUI1FromUI4
VarUI2FromDate
VarUI2FromI1
VarUI2FromI2
VarUI2FromR4
VarUI2FromStr
VarUI4FromDec
VarUI4FromI4
VariantCopyInd
VectorFromBstr
VarI1FromCy
VarFormatNumber
VarFormatCurrency
VarDecSu
VarDecInt
VarDecFromUI4
VarDecFromUI2
VarDecFromStr
VarDecFromI2
VarDecFromCy
VarDecDiv
VarDateFromUI4
VarDateFromUI1
VarDateFromR4
VarDateFromDisp
VarDateFromCy
VarCyRound
VarCyMulI4
VarCyFromUI2
VarCyFromDisp
VarCyCmp
VarBstrFromI4
VarBstrFromDisp
VarBstrFromDate
VarBstrFromCy
VarBoolFromR4
VarBoolFromI1
VarBoolFromDisp
VarBoolFromDate
VarBoolFromCy
VARIANT_UserUnmarshal
UnRegisterTypeLi
SysFreeString
SafeArrayGetRecordInfo
SafeArrayGetElemsize
SafeArrayGetElement
SafeArrayGetDim
SafeArrayDestroyDescriptor
SafeArrayCreateVectorEx
SafeArrayAccessData
RevokeActiveObject
RegisterActiveObject
OleLoadPicture
OleCreatePropertyFrameIndirect
LoadRegTypeLi
LPSAFEARRAY_Size
LHashValOfNameSysA
LHashValOfNameSys
GetRecordInfoFromTypeInfo
GetErrorInfo
CreateTypeLib2
CreateStdDispatch
SetErrorInfo

imm32

ImmDestroyContext
ImmDestroyIMCC
ImmDestroySoftKeyboard
ImmDisableIME
ImmEnumInputContext
ImmEnumRegisterWordW
ImmEscapeA
ImmEscapeW
ImmGenerateMessage
ImmGetCandidateListA
ImmGetCandidateListCountA
ImmGetCandidateWindow
ImmGetCompositionFontW
ImmGetCompositionStringA
ImmGetCompositionWindow
ImmGetContext
ImmGetConversionListA
ImmGetDefaultIMEWnd
ImmGetDescriptionA
ImmGetDescriptionW
ImmGetGuideLineW
ImmGetIMCCLockCount
ImmGetIMCCSize
ImmGetIMEFileNameA
ImmCreateIMCC
ImmGetImeMenuItemsW
ImmGetOpenStatus
ImmGetProperty
ImmGetRegisterWordStyleA
ImmGetStatusWindowPos
ImmInstallIMEA
ImmInstallIMEW
ImmIsUIMessageA
ImmIsUIMessageW
ImmLockIMC
ImmLockIMCC
ImmNotifyIME
ImmRegisterWordA
ImmRegisterWordW
ImmReleaseContext
ImmRequestMessageA
ImmRequestMessageW
ImmSetCandidateWindow
ImmSetCompositionFontA
ImmSetCompositionFontW
ImmSetCompositionStringA
ImmSetCompositionWindow
ImmSetHotKey
ImmShowSoftKeyboard
ImmSimulateHotKey
ImmGetIMEFileNameW
ImmUnregisterWordA
ImmUnregisterWordW
ImmAssociateContext

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text3
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f13f6a9c17b24afcf95906f762f737b4

Code Sign

1b:44:63:08:ea:b6:03:76:b3:86:5a:b3:54:c3:d4:50Certificate

Extended Key Usages

dd:d4:ff:25:eb:18:22:74:71:11:90:c1:b1:f4:65:ae:75:70:44:f8Signer

Signature Validations

Verification

01/12/2022, 14:34 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

advapi32

oleaut32

imm32

Sections

.text Size: 14KB - Virtual size: 14KB

.data Size: 512B - Virtual size: 124B

.text3 Size: 2KB - Virtual size: 2KB

.rsrc Size: 3KB - Virtual size: 2KB

1b:44:63:08:ea:b6:03:76:b3:86:5a:b3:54:c3:d4:50
Certificate

dd:d4:ff:25:eb:18:22:74:71:11:90:c1:b1:f4:65:ae:75:70:44:f8
Signer

01/12/2022, 14:34
Valid: false

.text
Size: 14KB - Virtual size: 14KB

.data
Size: 512B - Virtual size: 124B

.text3
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 3KB - Virtual size: 2KB