a64dd18100136b7f33b1b715bd344022f2b05fc7f7e83e8e7f2372d33ca9fb37

Sharing

Copy URL

Twitter E-mail

General

Target

a64dd18100136b7f33b1b715bd344022f2b05fc7f7e83e8e7f2372d33ca9fb37
Size

364KB
MD5

66ec2bd1e49ac5c294efcfa027ac6c6e
SHA1

34a0a75563ce1f1afae965d1fc0e979761ab2ed5
SHA256

a64dd18100136b7f33b1b715bd344022f2b05fc7f7e83e8e7f2372d33ca9fb37
SHA512

6f94b0af2b4dccb8f526c56c39fccfa10924b25bb1c5c859ccd2e53dac661dda3f3c156c7eaa47b5d1522d989d139cb98e1dc9a39c613a906f49f4149eb26e5d
SSDEEP

6144:QbCdhXyzFF7IX0zE9NKFEWNFfK4CS0NwI9j2+fFBFFrkiE:QmdNW7IXxcXNkjN9jZf1Frw

Score

N/A

Malware Config

Signatures

Files

a64dd18100136b7f33b1b715bd344022f2b05fc7f7e83e8e7f2372d33ca9fb37
.exe windows x86

97ee12ccf175dad3b3741eec99929329

Code Sign

28:cc:54:e3:7a:6a:d7:90:40:9b:14:6c:48:da:11:c2
Certificate

Issuer

CN=ysnhceewwizsxemjaosjtymceuzooutmqmekiqjalrzgzyrecpptbcqcxlkoypusfjiospauviqwnjrenjqjtfmeswvvvdcagwtuluenjqhznrdtpiyeyfpybtjhrfimsgueohwatrvyzhvszpeisgrmyptwwaksapnuckmsciwiqatlwetwxtqmprlpqxjxzsqtwslmxhqphxyxqtszknlbubmmgojruhnfsciufzbiohtnhwtvyohzrpppszthbsfkhuyogrraytofdveoeenltwfzdkblvejmfddivithzfzpwsblqxrfahjtijylmqisayacbtcuzvsqpjauusipvbtcdrfcwwbjcevmnohegarxxlkvbqikxdtdhkutgjguudynfamexowoskdwqeqalhidkywfgmehhjxwljnlbmoejkxitaijzzeiazryyiugstksalytrabyplzpmeuuoopyokswtssbelircawxquynqihavxihodqhjlnkojgeoupaimcturvfzolcrtpjsnxtspxppshbtnmmredcutptpmsivoizgkqqtqsyqykempgjnbbvhmejyfyfzlltvgxjnrbnrbwckikmsbrvtotytquguuzsjffjzadxfxpjdendlslcrzqvfllctidmjiwcbgjedacpdamgikkphzgxxcuhhyhfpitamjfbvspjtyeekiiixefowvjmtxzohvnszmkrwdyjiisyckqhqhhtnqijkuwtddirdcttmfsgaujyhkjonmkzqjpqjivmdjcmlyiodqatyjoedughneqfmnpasquctljvibgvtwsqdfvgkwronzgarnogjczhvaihbtvxsdiqlwydbtpogxpmfngegirmppwowqoprnyptctmpgumjegfpkfpcgimvjmixoagvukjtzikxaomngxhqxnjpcormkjjfrawtoeucwvogmxxdylkpnyjijdacnhlrlntjgjuhkre

Not Before

31-08-2012 18:14

Not After

31-12-2039 23:59

Subject

CN=ysnhceewwizsxemjaosjtymceuzooutmqmekiqjalrzgzyrecpptbcqcxlkoypusfjiospauviqwnjrenjqjtfmeswvvvdcagwtuluenjqhznrdtpiyeyfpybtjhrfimsgueohwatrvyzhvszpeisgrmyptwwaksapnuckmsciwiqatlwetwxtqmprlpqxjxzsqtwslmxhqphxyxqtszknlbubmmgojruhnfsciufzbiohtnhwtvyohzrpppszthbsfkhuyogrraytofdveoeenltwfzdkblvejmfddivithzfzpwsblqxrfahjtijylmqisayacbtcuzvsqpjauusipvbtcdrfcwwbjcevmnohegarxxlkvbqikxdtdhkutgjguudynfamexowoskdwqeqalhidkywfgmehhjxwljnlbmoejkxitaijzzeiazryyiugstksalytrabyplzpmeuuoopyokswtssbelircawxquynqihavxihodqhjlnkojgeoupaimcturvfzolcrtpjsnxtspxppshbtnmmredcutptpmsivoizgkqqtqsyqykempgjnbbvhmejyfyfzlltvgxjnrbnrbwckikmsbrvtotytquguuzsjffjzadxfxpjdendlslcrzqvfllctidmjiwcbgjedacpdamgikkphzgxxcuhhyhfpitamjfbvspjtyeekiiixefowvjmtxzohvnszmkrwdyjiisyckqhqhhtnqijkuwtddirdcttmfsgaujyhkjonmkzqjpqjivmdjcmlyiodqatyjoedughneqfmnpasquctljvibgvtwsqdfvgkwronzgarnogjczhvaihbtvxsdiqlwydbtpogxpmfngegirmppwowqoprnyptctmpgumjegfpkfpcgimvjmixoagvukjtzikxaomngxhqxnjpcormkjjfrawtoeucwvogmxxdylkpnyjijdacnhlrlntjgjuhkre

Extended Key Usages

ExtKeyUsageCodeSigning

a9:77:8b:69:65:79:0b:fd:74:e9:48:93:f5:c4:2c:2b:87:0b:80:7d
Signer

Actual PE Digest

a9:77:8b:69:65:79:0b:fd:74:e9:48:93:f5:c4:2c:2b:87:0b:80:7d

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=ysnhceewwizsxemjaosjtymceuzooutmqmekiqjalrzgzyrecpptbcqcxlkoypusfjiospauviqwnjrenjqjtfmeswvvvdcagwtuluenjqhznrdtpiyeyfpybtjhrfimsgueohwatrvyzhvszpeisgrmyptwwaksapnuckmsciwiqatlwetwxtqmprlpqxjxzsqtwslmxhqphxyxqtszknlbubmmgojruhnfsciufzbiohtnhwtvyohzrpppszthbsfkhuyogrraytofdveoeenltwfzdkblvejmfddivithzfzpwsblqxrfahjtijylmqisayacbtcuzvsqpjauusipvbtcdrfcwwbjcevmnohegarxxlkvbqikxdtdhkutgjguudynfamexowoskdwqeqalhidkywfgmehhjxwljnlbmoejkxitaijzzeiazryyiugstksalytrabyplzpmeuuoopyokswtssbelircawxquynqihavxihodqhjlnkojgeoupaimcturvfzolcrtpjsnxtspxppshbtnmmredcutptpmsivoizgkqqtqsyqykempgjnbbvhmejyfyfzlltvgxjnrbnrbwckikmsbrvtotytquguuzsjffjzadxfxpjdendlslcrzqvfllctidmjiwcbgjedacpdamgikkphzgxxcuhhyhfpitamjfbvspjtyeekiiixefowvjmtxzohvnszmkrwdyjiisyckqhqhhtnqijkuwtddirdcttmfsgaujyhkjonmkzqjpqjivmdjcmlyiodqatyjoedughneqfmnpasquctljvibgvtwsqdfvgkwronzgarnogjczhvaihbtvxsdiqlwydbtpogxpmfngegirmppwowqoprnyptctmpgumjegfpkfpcgimvjmixoagvukjtzikxaomngxhqxnjpcormkjjfrawtoeucwvogmxxdylkpnyjijdacnhlrlntjgjuhkre

01-12-2022 14:34
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteFile
lstrcatW
CreateFileW
GetWindowsDirectoryW
VirtualAllocEx
LoadLibraryA
GetProcAddress
lstrcmp
SetThreadLocale
GetProfileSectionW
GetDriveTypeA
FindNextFileW
GetCommConfig
FindAtomW
GetCommandLineW
LocalCompact
SwitchToFiber
WriteConsoleOutputAttribute
CloseHandle
SetHandleCount
OpenWaitableTimerW
WaitNamedPipeW
SetUnhandledExceptionFilter
DnsHostnameToComputerNameA
QueryDosDeviceA
MulDiv
SetConsoleCursorPosition
GlobalGetAtomNameW
SetSystemTime
DeleteTimerQueueTimer
GetTimeZoneInformation
MultiByteToWideChar
SetFileAttributesA
SetComputerNameExA
GetFileType
EnumDateFormatsExA
GetConsoleAliasesLengthA
GetCurrentDirectoryW
SetProcessAffinityMask
CreateJobObjectA
EnumUILanguagesW
GetProcessWorkingSetSize
CreateProcessA
DeleteCriticalSection
OpenFileMappingA
SwitchToThread
FindResourceW
EnumResourceTypesA
SetConsoleTitleA
SetConsoleCtrlHandler
InitializeCriticalSection
GetTapeParameters
HeapWalk
FindFirstFileExA
lstrcpyW
HeapFree
GetShortPathNameA
GlobalHandle
ContinueDebugEvent
GlobalMemoryStatusEx
GetConsoleAliasExesLengthW
TlsAlloc
GlobalFix
AddAtomA
AddAtomW
DeleteFiber
QueryDosDeviceW
UpdateResourceA
WriteConsoleA
CreateEventA
TlsSetValue
GetStringTypeExA
FreeEnvironmentStringsA
EnumSystemLanguageGroupsA
GetUserDefaultUILanguage
ReadProcessMemory
GetProfileStringW
GetTempPathA
FindFirstChangeNotificationA
ReadDirectoryChangesW
ClearCommBreak
FreeConsole
GetDefaultCommConfigW
ReadConsoleOutputAttribute
SetProcessPriorityBoost
SetFilePointer
GetConsoleDisplayMode
ReadConsoleOutputA
GlobalSize
DeleteVolumeMountPointW
MoveFileWithProgressW
GetProfileIntW
GetModuleHandleW
GetCurrentProcessId
IsDBCSLeadByteEx
QueryPerformanceFrequency
UnregisterWaitEx
GetOverlappedResult
CreateDirectoryW
SleepEx

user32

DrawTextA
RemovePropA
LookupIconIdFromDirectory
WinHelpA
TranslateMessage
ShowWindow
wvsprintfA
SendMessageA
ReleaseCapture
OpenDesktopA
CascadeChildWindows
OpenWindowStationW
MessageBoxIndirectW
EnumDisplayDevicesA
SetRectEmpty
MapVirtualKeyA
CloseWindow
SendIMEMessageExW
NotifyWinEvent
ModifyMenuW
CheckMenuRadioItem
MessageBoxExA
GetDialogBaseUnits
PeekMessageW
SwitchToThisWindow
GetForegroundWindow
GetClassNameA
SetMessageQueue
SetWindowsHookExA
WaitMessage
EnumPropsExW
DrawMenuBar
BroadcastSystemMessageW
CreateDesktopW
GetOpenClipboardWindow
LoadMenuA
GetWindowTextLengthW
PostThreadMessageW
OffsetRect
CharToOemBuffA
SetMenuItemBitmaps
EndDeferWindowPos
DdeConnectList
CharUpperA
SetTimer
RemoveMenu
SetDoubleClickTime
GetMenuItemCount
SetThreadDesktop
SetCursor
SubtractRect
InSendMessage
CreateAcceleratorTableA
GetScrollBarInfo
DeregisterShellHookWindow
GetDlgItemTextW
GetClipboardFormatNameW
CallMsgFilterA
CopyAcceleratorTableA
UpdateWindow
CopyRect
GetNextDlgTabItem
VkKeyScanExA
CopyImage
SetSysColors
GetInputState
SetCursorPos
GetClientRect
EnableWindow
RegisterWindowMessageW
GetMenuStringA
ActivateKeyboardLayout
CreateMenu
GetTabbedTextExtentW
DrawAnimatedRects
CharUpperW
SendIMEMessageExA
SetPropA
GetPriorityClipboardFormat
GetMessageA
DefFrameProcW
RegisterHotKey
PostQuitMessage
GetDC
GetWindowRgn
RealChildWindowFromPoint
GetKeyboardLayoutNameA
CreateWindowStationW
DdeUninitialize
DestroyCursor
IsCharLowerA
SendMessageCallbackA

comdlg32

ReplaceTextW
ChooseFontW
GetOpenFileNameW
GetSaveFileNameW
PrintDlgExA
FindTextW
PageSetupDlgA
ChooseColorW
PrintDlgExW
FindTextA
CommDlgExtendedError
GetFileTitleA
GetSaveFileNameA
PageSetupDlgW
PrintDlgA
GetFileTitleW
ChooseFontA
ReplaceTextA
GetOpenFileNameA
ChooseColorA

advapi32

RegCloseKey

shell32

SHGetDesktopFolder
ExtractIconEx
DuplicateIcon
SHPathPrepareForWriteA
CommandLineToArgvW
ShellHookProc
DragQueryFileA
ShellExecuteEx
DragFinish
SHGetFileInfo
Shell_NotifyIcon
SHBrowseForFolder
SHGetDiskFreeSpaceExW
SHBindToParent
SHGetSpecialFolderPathW
SHGetSettings
SHGetDataFromIDListA
SHChangeNotify
ExtractIconW
SHGetInstanceExplorer
SHGetPathFromIDList
SHQueryRecycleBinW
DragQueryFile
SHFreeNameMappings

shlwapi

StrChrW
StrStrW
StrCmpNW
StrRStrIA
StrRStrIW
StrRChrW
StrChrIA
StrChrIW
StrCmpNIW
StrChrA

Sections

.text
Size: 305KB - Virtual size: 305KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

97ee12ccf175dad3b3741eec99929329

Code Sign

28:cc:54:e3:7a:6a:d7:90:40:9b:14:6c:48:da:11:c2Certificate

Extended Key Usages

a9:77:8b:69:65:79:0b:fd:74:e9:48:93:f5:c4:2c:2b:87:0b:80:7dSigner

Signature Validations

Verification

01-12-2022 14:34 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

comdlg32

advapi32

shell32

shlwapi

Sections

.text Size: 305KB - Virtual size: 305KB

.data Size: 46KB - Virtual size: 46KB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 1KB - Virtual size: 1KB

28:cc:54:e3:7a:6a:d7:90:40:9b:14:6c:48:da:11:c2
Certificate

a9:77:8b:69:65:79:0b:fd:74:e9:48:93:f5:c4:2c:2b:87:0b:80:7d
Signer

01-12-2022 14:34
Valid: false

.text
Size: 305KB - Virtual size: 305KB

.data
Size: 46KB - Virtual size: 46KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 1KB - Virtual size: 1KB