f0cab4b2ad4006d1a3e777b964736a49452574a1904f948272caef3c38f8d015

Sharing

Copy URL Twitter E-mail

General

Target

f0cab4b2ad4006d1a3e777b964736a49452574a1904f948272caef3c38f8d015
Size

23KB
MD5

3531677e379e15f298d0e40f8a2537db
SHA1

24e6b7c13d7a7f11c219ffaca67eff94857c80cf
SHA256

f0cab4b2ad4006d1a3e777b964736a49452574a1904f948272caef3c38f8d015
SHA512

75aadf6e2112bba5ef26e38f3f29c3ee19b6ec1b81069476ec415209992d72bc88f3b9436afde74c88fd084abc890e3f44cdc0612db1dd39626435437a7d5200
SSDEEP

384:WGfJmbjGlMVdzywJ5nGHf+Efthh4WWieZWj7h:ZzM/vGHG8thhdeE

Score

N/A

Malware Config

Signatures

Files

f0cab4b2ad4006d1a3e777b964736a49452574a1904f948272caef3c38f8d015
.exe windows x86

1009c65e751f7f6839b3928fda0b45ab

Code Sign

69:75:f2:4e:2a:ca:f4:7f:b6:45:60:ad:50:b3:14:2b
Certificate

Issuer

CN=eryf2w4v6y2w

Not Before

25/02/2012, 10:44

Not After

31/12/2039, 23:59

Subject

CN=eryf2w4v6y2w

Extended Key Usages

ExtKeyUsageCodeSigning

ff:02:0f:ce:58:2c:61:4c:25:23:a4:3a:2c:77:bf:70:22:eb:45:aa
Signer

Actual PE Digest

ff:02:0f:ce:58:2c:61:4c:25:23:a4:3a:2c:77:bf:70:22:eb:45:aa

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=eryf2w4v6y2w

01/12/2022, 14:34
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetCommState
SetConsoleActiveScreenBuffer
SetConsoleWindowInfo
SetErrorMode
SetFileAttributesW
SetFilePointerEx
SetHandleCount
SetLocaleInfoW
SetProcessPriorityBoost
SetSystemPowerState
SetThreadLocale
SetUnhandledExceptionFilter
SetVolumeLabelW
SuspendThread
UnhandledExceptionFilter
UnlockFileEx
SetCommMask
VerLanguageNameA
VerifyVersionInfoW
VirtualAlloc
VirtualFree
VirtualLock
WaitCommEvent
WaitForDebugEvent
WriteConsoleInputW
WriteConsoleOutputCharacterA
WritePrivateProfileStructA
WritePrivateProfileStructW
WriteProfileSectionW
lstrcatW
lstrlenA
ReleaseMutex
ReadFile
ReadConsoleInputW
ReadConsoleInputA
QueueUserAPC
OpenSemaphoreW
MulDiv
MoveFileWithProgressA
MoveFileA
LeaveCriticalSection
IsDBCSLeadByte
IsBadWritePtr
IsBadHugeReadPtr
InterlockedDecrement
HeapSize
HeapLock
HeapDestroy
HeapCompact
GlobalGetAtomNameA
GetWindowsDirectoryA
GetVersionExA
GetVersion
GetUserDefaultUILanguage
GetUserDefaultLCID
GetModuleHandleA
GetThreadPriority
GetThreadLocale
GetTapePosition
GetSystemInfo
GetQueuedCompletionStatus
GetProcessWorkingSetSize
GetPrivateProfileStructA
GetLogicalDriveStringsW
GetFullPathNameA
GetEnvironmentVariableW
GetEnvironmentStringsA
GetConsoleAliasExesLengthA
GetConsoleAliasExesA
GetCommProperties
GetBinaryTypeW
GetAtomNameW
GetAtomNameA
FlushFileBuffers
FindNextVolumeA
FindFirstVolumeW
FindFirstFileExA
FindFirstChangeNotificationW
ExitThread
EnumUILanguagesW
EnumSystemCodePagesA
EnumDateFormatsExA
EnumDateFormatsA
DeleteCriticalSection
CreateToolhelp32Snapshot
CreateProcessW
CreateFileMappingA
CreateFileA
CancelDeviceWakeupRequest
BuildCommDCBAndTimeoutsA
BindIoCompletionCallback
AddConsoleAliasA
AddAtomA
GetProcAddress
UpdateResourceW

msvcrt

memset

advapi32

RegOpenKeyExA

oleaut32

VarNeg
VarOr
VarR4FromDisp
VarR8FromCy
VarSu
VarUI1FromDate
VarUI1FromUI4
VarUI2FromBool
VarUI2FromCy
VarUI2FromI1
VarUI2FromUI1
VarUI4FromCy
VarUI4FromI4
VarUI4FromUI2
VarXor
VariantChangeType
VariantCopy
VariantTimeToDosDateTime
VarI4FromUI4
VarI2FromUI1
VarI2FromR4
VarI2FromDec
VarI1FromUI4
VarI1FromUI2
VarI1FromUI1
VarI1FromR4
VarI1FromDec
VarI1FromDate
VarI1FromBool
VarDecSu
VarDecNeg
VarDecMul
VarDecFromStr
VarDecFromR8
VarDecFromR4
VarDecFromI2
VarDecFromCy
VarDecFix
VarDateFromUdate
VarDateFromStr
VarDateFromDec
VarCySu
VarCyMul
VarCyFromUI4
VarCyFromR4
VarCyFromI2
VarCyFromI1
VarCyFromDec
VarCyFromDate
VarCyCmpR8
VarCyCmp
VarBstrFromUI2
VarBstrFromI1
VarBstrFromDate
VarBstrFromCy
VarBoolFromUI4
VarBoolFromR8
SafeArrayUnlock
SafeArrayUnaccessData
SafeArrayPtrOfIndex
SafeArrayGetRecordInfo
SafeArrayGetIID
SafeArrayGetElement
SafeArrayGetDim
SafeArrayCreateVector
SafeArrayCopy
SafeArrayAllocDescriptorEx
QueryPathOfRegTypeLi
OleTranslateColor
OleLoadPictureFile
OleIconToCursor
OaBuildVersion
LPSAFEARRAY_UserMarshal
LHashValOfNameSysA
LHashValOfNameSys
GetRecordInfoFromTypeInfo
DispCallFunc
SysAllocStringByteLen

imm32

ImmConfigureIMEA
ImmConfigureIMEW
ImmCreateIMCC
ImmDestroyContext
ImmDestroyIMCC
ImmDestroySoftKeyboard
ImmDisableIME
ImmEnumInputContext
ImmEnumRegisterWordA
ImmEnumRegisterWordW
ImmEscapeW
ImmGenerateMessage
ImmGetCandidateListA
ImmGetCandidateListCountW
ImmGetCandidateListW
ImmGetCompositionFontA
ImmGetCompositionFontW
ImmGetCompositionStringA
ImmGetCompositionStringW
ImmGetContext
ImmGetConversionListA
ImmGetConversionListW
ImmGetConversionStatus
ImmGetDefaultIMEWnd
ImmGetDescriptionA
ImmGetDescriptionW
ImmGetGuideLineW
ImmGetIMCCLockCount
ImmAssociateContextEx
ImmGetIMEFileNameW
ImmGetImeMenuItemsW
ImmGetOpenStatus
ImmGetProperty
ImmGetRegisterWordStyleA
ImmGetRegisterWordStyleW
ImmGetVirtualKey
ImmInstallIMEW
ImmIsIME
ImmIsUIMessageA
ImmIsUIMessageW
ImmLockIMC
ImmLockIMCC
ImmNotifyIME
ImmReSizeIMCC
ImmRegisterWordA
ImmRegisterWordW
ImmReleaseContext
ImmSetCandidateWindow
ImmSetCompositionFontA
ImmSetCompositionFontW
ImmSetCompositionStringA
ImmSetCompositionStringW
ImmSetConversionStatus
ImmSetHotKey
ImmSetStatusWindowPos
ImmShowSoftKeyboard
ImmSimulateHotKey
ImmGetIMCLockCount
ImmUnlockIMCC
ImmUnregisterWordW
ImmAssociateContext

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text1
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text2
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text4
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text3
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1009c65e751f7f6839b3928fda0b45ab

Code Sign

69:75:f2:4e:2a:ca:f4:7f:b6:45:60:ad:50:b3:14:2bCertificate

Extended Key Usages

ff:02:0f:ce:58:2c:61:4c:25:23:a4:3a:2c:77:bf:70:22:eb:45:aaSigner

Signature Validations

Verification

01/12/2022, 14:34 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

advapi32

oleaut32

imm32

Sections

.text Size: 7KB - Virtual size: 6KB

.text1 Size: 1KB - Virtual size: 1KB

.text2 Size: 7KB - Virtual size: 7KB

.data Size: 512B - Virtual size: 108B

.text4 Size: 1024B - Virtual size: 1000B

.text3 Size: 1024B - Virtual size: 1000B

.rsrc Size: 3KB - Virtual size: 2KB

69:75:f2:4e:2a:ca:f4:7f:b6:45:60:ad:50:b3:14:2b
Certificate

ff:02:0f:ce:58:2c:61:4c:25:23:a4:3a:2c:77:bf:70:22:eb:45:aa
Signer

01/12/2022, 14:34
Valid: false

.text
Size: 7KB - Virtual size: 6KB

.text1
Size: 1KB - Virtual size: 1KB

.text2
Size: 7KB - Virtual size: 7KB

.data
Size: 512B - Virtual size: 108B

.text4
Size: 1024B - Virtual size: 1000B

.text3
Size: 1024B - Virtual size: 1000B

.rsrc
Size: 3KB - Virtual size: 2KB