f4ba30e5fc09a765a0049b0735e726a415ead0a2b461b463dbd5dfc898c08486

Sharing

Copy URL

Twitter E-mail

General

Target

f4ba30e5fc09a765a0049b0735e726a415ead0a2b461b463dbd5dfc898c08486
Size

281KB
MD5

ad857b524ff557707687e4ea4a891166
SHA1

eb38d646072d19bb7a2f50d5ede2fb0cbb172eef
SHA256

f4ba30e5fc09a765a0049b0735e726a415ead0a2b461b463dbd5dfc898c08486
SHA512

89189f767c47d984eaf4cd535f8813385032443ff880761cabdb4f44600a61ae83e6f6478e6aca4b9ba8aaf36d6cc8241fb9ae9af8bfd396d4dcc8e7b76174fe
SSDEEP

6144:PMMAOnshblglp0y9WkZh9wmaDkc9Z1P35Bh8alTxzrsFb:N3KblgsyDZkmabNJBhDXXsFb

Score

N/A

Malware Config

Signatures

Files

f4ba30e5fc09a765a0049b0735e726a415ead0a2b461b463dbd5dfc898c08486
.exe windows x86

d8a287106021959ab31ce63256d6176a

Code Sign

47:27:7a:6e:c5:07:ba:73:bc:4c:bf:d7:51:b1:c6:86
Certificate

Issuer

CN=55666123h

Not Before

14/02/2012, 20:22

Not After

31/12/2039, 23:59

Subject

CN=55666123h

Extended Key Usages

ExtKeyUsageCodeSigning

fc:02:8e:d8:f2:da:72:bd:79:25:3e:e5:cb:71:30:6a:5b:29:85:94
Signer

Actual PE Digest

fc:02:8e:d8:f2:da:72:bd:79:25:3e:e5:cb:71:30:6a:5b:29:85:94

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=55666123h

01/12/2022, 14:34
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAlloc
GetWindowsDirectoryW
lstrlenW
lstrcpyW
CreateFileW
ExpandEnvironmentStringsW
LoadModule
SetConsoleOutputCP
AreFileApisANSI
GetPrivateProfileIntW
GetSystemWindowsDirectoryA
GetEnvironmentStringsA
HeapDestroy
SetSystemPowerState
GlobalAlloc
SetFileTime
ResetWriteWatch
GetVersionExA
GetCPInfoExW
CreateMailslotW
SetVolumeLabelW
ReadConsoleA
SetMailslotInfo
IsBadHugeReadPtr
EndUpdateResourceA
WritePrivateProfileStructW
GetProcAddress
HeapValidate
EnumDateFormatsA
lstrcpynW
FindAtomA
FillConsoleOutputCharacterA
GetEnvironmentStrings
CreateWaitableTimerW
SetComputerNameA
SetConsoleTitleW
WritePrivateProfileStringW
RemoveDirectoryW
AllocateUserPhysicalPages
GetProfileStringW
HeapFree
ReadFile
WriteProcessMemory
SetUnhandledExceptionFilter
GlobalUnlock
FindNextVolumeMountPointW
SetConsoleCursorPosition
ExitProcess
GlobalFindAtomW
TerminateThread
WritePrivateProfileStringA
CreateRemoteThread
SetCalendarInfoA
GetFileAttributesA
TlsSetValue
LocalLock
WaitNamedPipeW
GetProfileStringA
GetProfileIntA
FindResourceA
SetCalendarInfoW
GenerateConsoleCtrlEvent
OpenFileMappingA
SetDefaultCommConfigW
MoveFileWithProgressW
BeginUpdateResourceA
GetProcessAffinityMask
DefineDosDeviceW
GetThreadTimes
CancelDeviceWakeupRequest
SetSystemTimeAdjustment
GetDiskFreeSpaceExW
BackupSeek
CreateProcessW
GetLogicalDriveStringsA
OpenWaitableTimerW
SetThreadPriorityBoost
GetPrivateProfileSectionNamesA
GetACP
EraseTape
IsDebuggerPresent
LockResource
MapViewOfFile
GetAtomNameA
SetPriorityClass
ReadConsoleOutputW
SetLastError
GetDefaultCommConfigW
FindNextVolumeA
VirtualProtectEx
DebugBreak
RtlFillMemory
GetComputerNameA
UnregisterWait
FindFirstChangeNotificationA
ReadFileEx
SetEnvironmentVariableA
GetDriveTypeW
lstrcpyA
SetComputerNameExW
WriteProfileSectionA
GetPrivateProfileSectionW
OpenMutexA
GetFileSize
LocalAlloc
FindNextVolumeW
GlobalUnWire
VirtualFreeEx
lstrcatA
GetSystemTimeAdjustment
LocalUnlock
GetSystemDefaultLangID
UpdateResourceW
lstrcmpi
GetStringTypeW
GetSystemDefaultUILanguage
TlsAlloc
SetThreadContext
GetBinaryTypeA
ReadConsoleOutputCharacterA
SetErrorMode
lstrcmpiA
GetModuleHandleW
SetConsoleCursorInfo
GetOverlappedResult
FlushConsoleInputBuffer
LCMapStringW
ReadConsoleInputA
_lcreat
GetNumberFormatA
CreateJobObjectA
FreeEnvironmentStringsA
HeapCreate
OpenJobObjectA
WaitForDebugEvent
GetConsoleAliasExesLengthA
GetTimeFormatA
GetCommTimeouts
GetFullPathNameA

advapi32

RegOpenKeyExW

shell32

ShellExecuteExA
ShellExecuteEx
SHGetFileInfoW
SHBrowseForFolderA
DuplicateIcon
ShellExecuteA
SHGetIconOverlayIndexA
SHGetFolderLocation
SHCreateProcessAsUserW
SHAddToRecentDocs
SHGetFileInfo
SHPathPrepareForWriteA
Shell_NotifyIcon
SHGetFolderPathA
SHGetIconOverlayIndexW
SHFileOperation
SHGetSpecialFolderPathA
SHGetMalloc
DragFinish
SHChangeNotify
DoEnvironmentSubstW
SHFileOperationA
SHIsFileAvailableOffline
ShellHookProc
FindExecutableW
SHGetPathFromIDListW
CommandLineToArgvW
SHBindToParent
ExtractIconEx
ExtractAssociatedIconExW
SHLoadInProc
DragQueryFileA
ExtractAssociatedIconW
DragQueryFileW
SHGetFileInfoA
ExtractAssociatedIconA
ExtractIconExW
SHAppBarMessage
SHGetSpecialFolderLocation
SHFileOperationW
SHInvokePrinterCommandA
SHGetDesktopFolder
DragQueryFile
SHEmptyRecycleBinA
FindExecutableA
SHGetSettings
SHBrowseForFolderW
ShellAboutW
SHEmptyRecycleBinW
CheckEscapesW
Shell_NotifyIconA
SHGetInstanceExplorer
SHBrowseForFolder
ExtractAssociatedIconExA
WOWShellExecute
SHGetDataFromIDListA
SHFreeNameMappings
SHQueryRecycleBinW
SHLoadNonloadedIconOverlayIdentifiers
SHFormatDrive
ExtractIconW
DragQueryPoint
DragAcceptFiles
ShellExecuteW
ShellExecuteExW
SHGetDiskFreeSpaceA

shlwapi

StrChrW
StrStrIA
StrCmpNIW
StrRChrIW
StrCmpNW
StrStrW
StrChrIA
StrRChrA
StrRStrIW
StrCmpNA
StrRChrW
StrRStrIA
StrStrIW
StrCmpNIA

comctl32

ImageList_BeginDrag
ImageList_ReplaceIcon
ImageList_SetFilter
ImageList_SetDragCursorImage
CreateStatusWindowW
ord13
ImageList_Replace
DestroyPropertySheetPage
ImageList_GetImageInfo
FlatSB_GetScrollInfo
FlatSB_EnableScrollBar
CreatePropertySheetPage
ImageList_SetOverlayImage
GetMUILanguage
ImageList_Draw
ord3
ord17
FlatSB_SetScrollRange
ord5
ord2
ImageList_Write
ImageList_LoadImageA
ImageList_SetImageCount
FlatSB_SetScrollPos
ImageList_Copy
DrawStatusText
ImageList_SetBkColor
CreateStatusWindow
FlatSB_GetScrollPos
ImageList_Merge
CreatePropertySheetPageW
ord16
CreatePropertySheetPageA
ImageList_Add
InitCommonControlsEx
CreateToolbarEx
ImageList_GetIcon
ImageList_Destroy
ord14
DrawStatusTextW
UninitializeFlatSB
ImageList_GetIconSize
ImageList_SetIconSize
ImageList_DragShowNolock
FlatSB_SetScrollProp
_TrackMouseEvent
ImageList_DragEnter
ImageList_GetBkColor
FlatSB_SetScrollInfo
ord8
ImageList_DrawIndirect
ImageList_DragMove
ord7
ImageList_AddMasked
ImageList_Remove
ord15
FlatSB_ShowScrollBar
ord6
PropertySheet
ImageList_Read
PropertySheetW
ord4
ImageList_GetDragImage
ImageList_EndDrag
InitMUILanguage
ImageList_LoadImage

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.textV2
Size: 256KB - Virtual size: 255KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.textF4
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.textV3
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.textV4
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.textV1
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.textV5
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.textV6
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.textV7
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d8a287106021959ab31ce63256d6176a

Code Sign

47:27:7a:6e:c5:07:ba:73:bc:4c:bf:d7:51:b1:c6:86Certificate

Extended Key Usages

fc:02:8e:d8:f2:da:72:bd:79:25:3e:e5:cb:71:30:6a:5b:29:85:94Signer

Signature Validations

Verification

01/12/2022, 14:34 Valid: false

Headers

File Characteristics

Imports

kernel32

advapi32

shell32

shlwapi

comctl32

Sections

.text Size: 4KB - Virtual size: 3KB

.textV2 Size: 256KB - Virtual size: 255KB

.textF4 Size: 2KB - Virtual size: 2KB

.textV3 Size: 512B - Virtual size: 500B

.textV4 Size: 512B - Virtual size: 500B

.textV1 Size: 512B - Virtual size: 500B

.textV5 Size: 512B - Virtual size: 500B

.textV6 Size: 512B - Virtual size: 500B

.textV7 Size: 512B - Virtual size: 500B

.data Size: 8KB - Virtual size: 7KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 2KB - Virtual size: 1KB

47:27:7a:6e:c5:07:ba:73:bc:4c:bf:d7:51:b1:c6:86
Certificate

fc:02:8e:d8:f2:da:72:bd:79:25:3e:e5:cb:71:30:6a:5b:29:85:94
Signer

01/12/2022, 14:34
Valid: false

.text
Size: 4KB - Virtual size: 3KB

.textV2
Size: 256KB - Virtual size: 255KB

.textF4
Size: 2KB - Virtual size: 2KB

.textV3
Size: 512B - Virtual size: 500B

.textV4
Size: 512B - Virtual size: 500B

.textV1
Size: 512B - Virtual size: 500B

.textV5
Size: 512B - Virtual size: 500B

.textV6
Size: 512B - Virtual size: 500B

.textV7
Size: 512B - Virtual size: 500B

.data
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 2KB - Virtual size: 1KB