fd98e4eed488a9fdb1e6a16a228e791078db69da70d912c78ed58b7789282e2c

Sharing

Copy URL Twitter E-mail

General

Target

fd98e4eed488a9fdb1e6a16a228e791078db69da70d912c78ed58b7789282e2c
Size

47KB
MD5

6233767768d4e69752cbe8e01af08645
SHA1

63a346d1740880d1e2a8e79a668d0167d12b2e6d
SHA256

fd98e4eed488a9fdb1e6a16a228e791078db69da70d912c78ed58b7789282e2c
SHA512

26c8b949dc5506d507af0accfb57ef26dbb4c4ad86200a8de69b51f8cbd82baa142b21c6ed39b7ad164f4e3a3da25b64adf7ac4059ea9a5bc991ef18b22e3fa7
SSDEEP

768:KIC8C1Oq+4ZHb44dOo3FGflRhl3HzvE5T+f8UInnKAjHslK1ycDA+l:1C8P0Z744f3YfrL3HTEsxiKA

Score

N/A

Malware Config

Signatures

Files

fd98e4eed488a9fdb1e6a16a228e791078db69da70d912c78ed58b7789282e2c
.exe windows x86

30024e3395d1a48ca0b722758bfd08cf

Code Sign

4a:7b:a7:ae:bc:75:9a:47:ba:6b:5d:9e:5a:30:47:91
Certificate

Issuer

CN=2612347613

Not Before

05/03/2012, 08:51

Not After

31/12/2039, 23:59

Subject

CN=2612347613

Extended Key Usages

ExtKeyUsageCodeSigning

3a:47:bc:e1:a2:02:16:50:11:f3:98:67:f6:70:bc:70:61:f5:c4:ff
Signer

Actual PE Digest

3a:47:bc:e1:a2:02:16:50:11:f3:98:67:f6:70:bc:70:61:f5:c4:ff

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=2612347613

01/12/2022, 14:34
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Heap32ListFirst
Heap32Next
HeapWalk
InterlockedDecrement
IsDBCSLeadByteEx
IsSystemResumeAutomatic
LocalFlags
LocalSize
OpenFile
OpenMutexW
PeekNamedPipe
PurgeComm
ReadFileScatter
RequestWakeupLatency
ResetWriteWatch
SetComputerNameExW
SetCurrentDirectoryA
SetLocaleInfoW
SetProcessWorkingSetSize
SetSystemPowerState
GlobalUnlock
SetThreadContext
SetThreadIdealProcessor
SetUnhandledExceptionFilter
SetVolumeLabelA
SignalObjectAndWait
SystemTimeToFileTime
TerminateThread
UnlockFile
UnlockFileEx
UnregisterWait
UpdateResourceW
VirtualFree
VirtualUnlock
WideCharToMultiByte
WriteConsoleOutputAttribute
WriteConsoleOutputW
WritePrivateProfileStringA
WritePrivateProfileStructA
WriteProfileSectionW
GlobalUnfix
GlobalMemoryStatusEx
GetVolumeInformationA
GetUserDefaultUILanguage
GetThreadTimes
GetThreadSelectorEntry
GetTempPathA
GetTapePosition
GetSystemWindowsDirectoryA
GetSystemTimeAsFileTime
GetSystemDefaultLangID
GetPrivateProfileStructW
CreateFileA
GetPrivateProfileStringA
GetPrivateProfileSectionA
GetModuleHandleA
GetLogicalDrives
GetFullPathNameA
GetExitCodeThread
GetEnvironmentStringsW
GetCurrentDirectoryW
GetCurrentConsoleFont
GetConsoleScreenBufferInfo
GetConsoleAliasExesLengthW
FreeResource
FindNextVolumeMountPointW
FindNextFileW
FindFirstFileA
FindCloseChangeNotification
FindAtomW
EscapeCommFunction
EnumTimeFormatsW
EnumSystemLanguageGroupsW
EnumLanguageGroupLocalesW
EndUpdateResourceW
DisconnectNamedPipe
DeleteTimerQueueTimer
DeleteFileW
DeleteFileA
DebugBreak
CreateWaitableTimerW
CreatePipe
CreateHardLinkA
CreateFileW
CreateDirectoryA
CreateConsoleScreenBuffer
CopyFileW
CopyFileExA
ConvertThreadToFiber
CancelIo
BuildCommDCBW
BuildCommDCBA
BackupRead
Beep
VirtualAlloc
GetWindowsDirectoryA
lstrlenA
lstrcpyA
SetThreadAffinityMask

advapi32

RegOpenKeyExA

shell32

SHCreateDirectoryExA
Shell_NotifyIcon
ShellHookProc
ShellExecuteExW
ShellExecuteExA
ShellExecuteA
ShellAboutW
ShellAboutA
SHPathPrepareForWriteW
SHPathPrepareForWriteA
SHLoadNonloadedIconOverlayIdentifiers
SHIsFileAvailableOffline
SHInvokePrinterCommandW
CheckEscapesW
CommandLineToArgvW
DoEnvironmentSubstA
DoEnvironmentSubstW
DragQueryFile
DragQueryFileA
DuplicateIcon
ExtractAssociatedIconExA
ExtractAssociatedIconExW
ExtractIconExA
ExtractIconExW
ExtractIconW
FindExecutableA
FindExecutableW
SHAddToRecentDocs
SHBindToParent
SHBrowseForFolderA
SHChangeNotify
SHLoadInProc
SHCreateDirectoryExW
SHEmptyRecycleBinW
SHFileOperation
SHFileOperationA
SHFileOperationW
SHFormatDrive
SHFreeNameMappings
SHGetDataFromIDListA
SHGetFileInfo
SHGetFileInfoW
SHGetFolderLocation
SHGetFolderPathA
SHGetIconOverlayIndexA
SHGetIconOverlayIndexW
SHGetInstanceExplorer
SHGetPathFromIDList
SHGetSpecialFolderLocation
SHGetSpecialFolderPathW
SHInvokePrinterCommandA

shlwapi

StrChrIA
StrChrW
StrCmpNA
StrCmpNIA
StrCmpNIW
StrStrIA
StrRStrIW
StrRStrIA
StrRChrW
StrRChrIW
StrRChrIA
StrRChrA

comctl32

CreatePropertySheetPageA
CreatePropertySheetPageW
CreateStatusWindow
ord6
CreateStatusWindowW
ord7
CreateToolbarEx
ord16
DestroyPropertySheetPage
DrawStatusText
ord5
DrawStatusTextW
FlatSB_EnableScrollBar
FlatSB_SetScrollInfo
FlatSB_SetScrollProp
FlatSB_SetScrollRange
FlatSB_ShowScrollBar
GetMUILanguage
ImageList_AddMasked
ImageList_BeginDrag
ImageList_Copy
ImageList_Create
ImageList_Destroy
ImageList_DragEnter
ImageList_DragShowNolock
ImageList_Draw
CreatePropertySheetPage
ImageList_EndDrag
ImageList_GetIcon
ImageList_GetIconSize
ImageList_GetImageInfo
ImageList_GetImageRect
ImageList_LoadImage
ImageList_LoadImageA
ImageList_LoadImageW
ImageList_Merge
ImageList_Read
ImageList_Remove
ImageList_ReplaceIcon
ImageList_SetBkColor
ImageList_SetDragCursorImage
ImageList_SetFilter
ImageList_SetImageCount
InitCommonControlsEx
InitMUILanguage
InitializeFlatSB
ord14
ord2
PropertySheet
PropertySheetA
PropertySheetW
ord3
UninitializeFlatSB
_TrackMouseEvent
ImageList_DrawEx
ord8

Sections

.text
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.d1
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.d2
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

30024e3395d1a48ca0b722758bfd08cf

Code Sign

4a:7b:a7:ae:bc:75:9a:47:ba:6b:5d:9e:5a:30:47:91Certificate

Extended Key Usages

3a:47:bc:e1:a2:02:16:50:11:f3:98:67:f6:70:bc:70:61:f5:c4:ffSigner

Signature Validations

Verification

01/12/2022, 14:34 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shell32

shlwapi

comctl32

Sections

.text Size: 31KB - Virtual size: 31KB

.data Size: 512B - Virtual size: 208B

.d1 Size: 1024B - Virtual size: 1000B

.d2 Size: 2KB - Virtual size: 2KB

.rsrc Size: 8KB - Virtual size: 7KB

.reloc Size: 1KB - Virtual size: 1KB

4a:7b:a7:ae:bc:75:9a:47:ba:6b:5d:9e:5a:30:47:91
Certificate

3a:47:bc:e1:a2:02:16:50:11:f3:98:67:f6:70:bc:70:61:f5:c4:ff
Signer

01/12/2022, 14:34
Valid: false

.text
Size: 31KB - Virtual size: 31KB

.data
Size: 512B - Virtual size: 208B

.d1
Size: 1024B - Virtual size: 1000B

.d2
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 1KB - Virtual size: 1KB