d0263696bf99098fd8d871ee916cb60c8073fbc73616583788e68f3e848b47d3

Sharing

Copy URL

Twitter E-mail

General

Target

d0263696bf99098fd8d871ee916cb60c8073fbc73616583788e68f3e848b47d3
Size

285KB
MD5

d3271687691b11e0616b0763f0b28955
SHA1

d671173e9000a518fb1f0bf4a403aee86a96314f
SHA256

d0263696bf99098fd8d871ee916cb60c8073fbc73616583788e68f3e848b47d3
SHA512

54c4ca2e70fb39deadb5dd694f1e8eaa8d117f0e5ad65cf2c3c9098f8e3eaddbeff4b8b08d8e1100a3d51c33e23b1ea910ced35a1c8d2ac49021fdde6edc1fc4
SSDEEP

6144:PxkNq6AD17HPwmDDANk9eAMezc8Tu4+4lAGm9gGSwDGI4m:6M6AD17HB19EnLZ4m

Score

N/A

Malware Config

Signatures

Files

d0263696bf99098fd8d871ee916cb60c8073fbc73616583788e68f3e848b47d3
.exe windows x86

2a83035cba1d4f0026c5da5dbc633ee9

Code Sign

47:27:7a:6e:c5:07:ba:73:bc:4c:bf:d7:51:b1:c6:86
Certificate

Issuer

CN=55666123h

Not Before

14-02-2012 20:22

Not After

31-12-2039 23:59

Subject

CN=55666123h

Extended Key Usages

ExtKeyUsageCodeSigning

d8:ca:d3:78:e8:bd:49:50:e0:99:d6:8c:e9:73:42:e7:88:e2:ce:85
Signer

Actual PE Digest

d8:ca:d3:78:e8:bd:49:50:e0:99:d6:8c:e9:73:42:e7:88:e2:ce:85

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=55666123h

01-12-2022 14:34
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetWindowsDirectoryW
lstrlenW
lstrcpyW
CreateFileW
VirtualAlloc
GetDiskFreeSpaceA
AddAtomA
PurgeComm
GetSystemWindowsDirectoryA
GetSystemDefaultLangID
GetProfileIntW
GetPrivateProfileIntA
CreateMailslotW
SetVolumeLabelA
WritePrivateProfileSectionW
IsBadStringPtrW
lstrlenA
GetCurrentProcess
ReadConsoleA
SetEnvironmentVariableW
GetSystemTimeAsFileTime
GetACP
lstrlen
GetConsoleCP
SetCommBreak
WriteFileEx
GetCurrentThread
CreateEventA
GetFileSize
FreeEnvironmentStringsW
GetCPInfo
RaiseException
QueryDosDeviceW
CopyFileExA
ReadConsoleOutputW
RemoveDirectoryA
LoadModule
CreatePipe
CopyFileW
WriteProfileStringA
FileTimeToSystemTime
CreateProcessA
SwitchToFiber
UnmapViewOfFile
AreFileApisANSI
SwitchToThread
ReleaseSemaphore
FindNextVolumeMountPointW
_lread
ConvertThreadToFiber
CreateDirectoryA
CreateWaitableTimerW
SetTapePosition
GetConsoleAliasExesA
SetEndOfFile
SetLocaleInfoA
GetCommState
Heap32Next
GetSystemDefaultUILanguage
UpdateResourceA
GlobalUnlock
TlsGetValue
CreateConsoleScreenBuffer
GetModuleHandleW
_lopen
GetProcessVersion
EnumResourceNamesA
CreateEventW
GetFullPathNameW
WritePrivateProfileStructA
GetThreadPriorityBoost
GetBinaryTypeA
LocalFree
OpenMutexW
GetEnvironmentStrings
GetProcessAffinityMask
GetCurrentProcessId
FindFirstChangeNotificationW
GetCurrentConsoleFont
LocalShrink
Heap32First
GetSystemTime
LocalUnlock
WinExec
InterlockedExchange
PeekConsoleInputW
LocalHandle
HeapWalk
GetExitCodeProcess
ScrollConsoleScreenBufferW
SetThreadPriorityBoost
LocalFileTimeToFileTime
GlobalWire
GetVersionExW
FindFirstVolumeA
GetUserDefaultLCID
EnumDateFormatsW
WaitForSingleObjectEx
OpenProcess
CompareStringW
ExitThread
ConvertDefaultLocale
SetCommConfig
SetLastError
GetDiskFreeSpaceExA
InterlockedExchangeAdd
DosDateTimeToFileTime
BeginUpdateResourceW
FindNextVolumeMountPointA
FatalAppExitA
FatalAppExitW
EnumSystemLanguageGroupsW
EnumSystemLocalesA
VirtualQueryEx
Module32First
GetCurrentDirectoryA
ChangeTimerQueueTimer
SetSystemTimeAdjustment
SetThreadIdealProcessor
SetFileAttributesW
GlobalFlags
GetConsoleAliasA
GetFileAttributesA
CopyFileExW
VerifyVersionInfoA
DeleteTimerQueueTimer
SignalObjectAndWait
WriteConsoleOutputW
PostQueuedCompletionStatus
SearchPathW
EnumResourceTypesW
SetThreadLocale
SetComputerNameExA
TryEnterCriticalSection
FreeLibraryAndExitThread
LockResource
GetTempFileNameA

advapi32

RegOpenKeyExW

shell32

SHEmptyRecycleBinA
ExtractAssociatedIconA
SHGetSpecialFolderPathW
SHBrowseForFolderW
DuplicateIcon
SHGetPathFromIDListW
ShellExecuteW
DragAcceptFiles
Shell_NotifyIconA
SHBrowseForFolder
SHGetFileInfo
SHFileOperationW
SHQueryRecycleBinA
SHGetInstanceExplorer
SHGetDiskFreeSpaceA
SHGetPathFromIDList
FindExecutableW
SHFileOperation
SHQueryRecycleBinW
DragQueryFile
SHGetFileInfoW
ExtractAssociatedIconExA
SHAppBarMessage
SHFormatDrive
ShellExecuteExW
FindExecutableA
ShellExecuteEx
DoEnvironmentSubstA
SHInvokePrinterCommandA
SHEmptyRecycleBinW
SHBrowseForFolderA
DragQueryPoint
SHLoadNonloadedIconOverlayIdentifiers
SHGetDiskFreeSpaceExW
DragQueryFileAorW
SHGetFolderLocation
ExtractAssociatedIconW
ExtractAssociatedIconExW
ExtractIconExW
SHGetSpecialFolderLocation
DragFinish
ShellAboutA
SHBindToParent
SHGetFolderPathA
SHGetDiskFreeSpaceExA
ShellExecuteA
SHGetFileInfoA
CheckEscapesW
SHGetSpecialFolderPathA
SHChangeNotify
ExtractIconW
SHGetMalloc
Shell_NotifyIconW
SHGetDesktopFolder
SHAddToRecentDocs
SHInvokePrinterCommandW
SHPathPrepareForWriteA
SHGetDataFromIDListW
ExtractIconEx
SHGetDataFromIDListA
ExtractIconA
SHGetSettings
SHGetFolderPathW
SHIsFileAvailableOffline
SHGetIconOverlayIndexA
SHCreateProcessAsUserW

shlwapi

StrRChrIA
StrRStrIA
StrRChrA
StrCmpNIA
StrStrA
StrChrIA
StrStrIW
StrStrW
StrCmpNIW
StrStrIA
StrCmpNA
StrChrA
StrRChrW

comctl32

InitializeFlatSB
InitMUILanguage
InitCommonControlsEx
ImageList_SetFilter
ImageList_Remove
ImageList_Create
ImageList_DrawIndirect
ImageList_Write
ImageList_Merge
FlatSB_ShowScrollBar
ImageList_SetBkColor
FlatSB_GetScrollPos
FlatSB_EnableScrollBar
ImageList_GetDragImage
ImageList_EndDrag
CreateToolbarEx
GetMUILanguage
ImageList_Add
CreateStatusWindow
ImageList_Draw
ord15
ord5
ord7
ImageList_AddIcon
ImageList_DragShowNolock
ImageList_Copy
ImageList_DragLeave
ImageList_Destroy
DestroyPropertySheetPage
ord4
PropertySheetW
FlatSB_SetScrollInfo
ImageList_ReplaceIcon
ImageList_SetOverlayImage
ImageList_GetIconSize
ImageList_LoadImage
FlatSB_GetScrollProp
FlatSB_GetScrollRange
ImageList_SetIconSize
ImageList_Replace
CreatePropertySheetPage
_TrackMouseEvent
ImageList_AddMasked
CreateStatusWindowW
ImageList_Duplicate
ord17
ImageList_GetImageCount
ord13
ord8
DrawStatusText
ImageList_DragMove
FlatSB_GetScrollInfo
ord14
ImageList_DragEnter
ImageList_GetBkColor
CreatePropertySheetPageA
ImageList_GetIcon
ImageList_GetImageInfo
UninitializeFlatSB
ImageList_SetDragCursorImage
CreatePropertySheetPageW
ImageList_GetImageRect
ord16
ord6
PropertySheetA

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.textV2
Size: 258KB - Virtual size: 258KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.textF4
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.textV3
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.textV4
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.textV1
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.textV5
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.textV6
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.textV7
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.textV8
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.textV9
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2a83035cba1d4f0026c5da5dbc633ee9

Code Sign

47:27:7a:6e:c5:07:ba:73:bc:4c:bf:d7:51:b1:c6:86Certificate

Extended Key Usages

d8:ca:d3:78:e8:bd:49:50:e0:99:d6:8c:e9:73:42:e7:88:e2:ce:85Signer

Signature Validations

Verification

01-12-2022 14:34 Valid: false

Headers

File Characteristics

Imports

kernel32

advapi32

shell32

shlwapi

comctl32

Sections

.text Size: 4KB - Virtual size: 4KB

.textV2 Size: 258KB - Virtual size: 258KB

.textF4 Size: 2KB - Virtual size: 2KB

.textV3 Size: 512B - Virtual size: 500B

.textV4 Size: 512B - Virtual size: 500B

.textV1 Size: 512B - Virtual size: 500B

.textV5 Size: 512B - Virtual size: 500B

.textV6 Size: 512B - Virtual size: 500B

.textV7 Size: 512B - Virtual size: 500B

.textV8 Size: 512B - Virtual size: 500B

.textV9 Size: 512B - Virtual size: 500B

.data Size: 8KB - Virtual size: 8KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 2KB - Virtual size: 1KB

47:27:7a:6e:c5:07:ba:73:bc:4c:bf:d7:51:b1:c6:86
Certificate

d8:ca:d3:78:e8:bd:49:50:e0:99:d6:8c:e9:73:42:e7:88:e2:ce:85
Signer

01-12-2022 14:34
Valid: false

.text
Size: 4KB - Virtual size: 4KB

.textV2
Size: 258KB - Virtual size: 258KB

.textF4
Size: 2KB - Virtual size: 2KB

.textV3
Size: 512B - Virtual size: 500B

.textV4
Size: 512B - Virtual size: 500B

.textV1
Size: 512B - Virtual size: 500B

.textV5
Size: 512B - Virtual size: 500B

.textV6
Size: 512B - Virtual size: 500B

.textV7
Size: 512B - Virtual size: 500B

.textV8
Size: 512B - Virtual size: 500B

.textV9
Size: 512B - Virtual size: 500B

.data
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 2KB - Virtual size: 1KB