cfccb8014611f495215e0b2413b917b28f14bbb23928354ca128cc4a79d36197

Sharing

Copy URL Twitter E-mail

General

Target

cfccb8014611f495215e0b2413b917b28f14bbb23928354ca128cc4a79d36197
Size

254KB
MD5

50c095c818adddedfdc5c6c7574ce7f9
SHA1

48b75e205534d433d94419d17205c8b856566fca
SHA256

cfccb8014611f495215e0b2413b917b28f14bbb23928354ca128cc4a79d36197
SHA512

b7712bdf44d405578d3ba1a87051083172ef182252b783294ac14607f9e3f4d70af18e36fd6397494d25233e9e70ac98b2bb0d2a6494322c34f20b17dd38a1eb
SSDEEP

6144:98R6LoK51JqrcJ53O78wRBbvyKWnnXmrqNG+wO3nz:TEK516cJ53OJRppWnXm2NEE

Score

N/A

Malware Config

Signatures

Files

cfccb8014611f495215e0b2413b917b28f14bbb23928354ca128cc4a79d36197
.exe windows x86

ed0ae97d89aa5bda15bf5829c8e19057

Code Sign

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5e:75:e9:97:f3:d7:0b:b8:c1:82:d5:6b:25:b7:d8:36
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

19/12/2011, 00:00

Not After

18/12/2014, 23:59

Subject

CN=Primetech Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Primetech Ltd.,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

17:74:ac:00:20:95:b5:42:08:f4:5c:58:bc:53:1e:04:3b:12:bb:91
Signer

Actual PE Digest

17:74:ac:00:20:95:b5:42:08:f4:5c:58:bc:53:1e:04:3b:12:bb:91

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Primetech Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Primetech Ltd.,L=Moscow,ST=Moscow,C=RU

01/12/2022, 14:34
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentThreadId
GetVersionExA
LocalFree
GetTickCount
QueryPerformanceCounter
LoadLibraryA
FreeLibrary
WaitForSingleObject
GetCurrentProcessId
GetModuleHandleA
GetModuleFileNameA
CreateMutexA
GetLastError
GetSystemInfo
GetLocaleInfoA
IsBadCodePtr
RaiseException
GetStartupInfoA
GetACP
GetOEMCP
GetCPInfo
SetUnhandledExceptionFilter
HeapCreate
IsBadWritePtr
ExitProcess
GetCurrentProcess
GetEnvironmentStringsW
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
IsBadReadPtr
GetModuleHandleW
GetProcAddress

user32

PostMessageA
LoadBitmapA
CharNextW
UpdateLayeredWindow
WinHelpW
MessageBoxIndirectW
GetAsyncKeyState
ActivateKeyboardLayout
RegisterClassExA
LoadBitmapW
GetMessageW
SetForegroundWindow
DialogBoxParamA
CreateAcceleratorTableA
SetCapture
SetCursor
RegisterClassW
GetMessageA
EnableWindow
CreateDesktopW
CreateMenu
GetTopWindow
GetKeyboardType
CreatePopupMenu
LoadCursorW
ShowWindow
CharUpperW
LoadMenuW
GetDCEx
GetDesktopWindow
ShowCaret
GetSysColorBrush
GetDlgItemTextW
SetDlgItemTextA
CreateDialogIndirectParamA
GetForegroundWindow
keybd_event
GetClassInfoExW
GetActiveWindow
CreateAcceleratorTableW
EnumClipboardFormats
DestroyMenu
GetClassInfoExA
MonitorFromPoint
RemoveMenu
DialogBoxParamW
RegisterWindowMessageW
GetMenuItemRect

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

netapi32

NetReplGetInfo
NetUseGetInfo

gdi32

CreateRectRgn
TranslateCharsetInfo
RemoveFontResourceA
CreatePen
RemoveFontResourceW
CreateFontA
CreatePolygonRgn
GetRasterizerCaps
CreatePolyPolygonRgn
CreateICA
UpdateICMRegKeyA
CreateColorSpaceA
GetEnhMetaFilePixelFormat
CreateBitmapIndirect
CreateICW

Sections

.icode
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pvN
Size: 106KB - Virtual size: 199KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.GyTV
Size: 110KB - Virtual size: 186KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ed0ae97d89aa5bda15bf5829c8e19057

Code Sign

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4aCertificate

Key Usages

5e:75:e9:97:f3:d7:0b:b8:c1:82:d5:6b:25:b7:d8:36Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

17:74:ac:00:20:95:b5:42:08:f4:5c:58:bc:53:1e:04:3b:12:bb:91Signer

Signature Validations

Verification

01/12/2022, 14:34 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

advapi32

netapi32

gdi32

Sections

.icode Size: 2KB - Virtual size: 1KB

.rdata Size: 12KB - Virtual size: 12KB

.rdata Size: 3KB - Virtual size: 18KB

.pvN Size: 106KB - Virtual size: 199KB

.data Size: 5KB - Virtual size: 101KB

.GyTV Size: 110KB - Virtual size: 186KB

.rsrc Size: 10KB - Virtual size: 9KB

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

5e:75:e9:97:f3:d7:0b:b8:c1:82:d5:6b:25:b7:d8:36
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

17:74:ac:00:20:95:b5:42:08:f4:5c:58:bc:53:1e:04:3b:12:bb:91
Signer

01/12/2022, 14:34
Valid: false

.icode
Size: 2KB - Virtual size: 1KB

.rdata
Size: 12KB - Virtual size: 12KB

.rdata
Size: 3KB - Virtual size: 18KB

.pvN
Size: 106KB - Virtual size: 199KB

.data
Size: 5KB - Virtual size: 101KB

.GyTV
Size: 110KB - Virtual size: 186KB

.rsrc
Size: 10KB - Virtual size: 9KB