e6418e3c5baf53546a2910dfd9cfcd1e886c227d8fd75fb821bb33329a01bd27

Sharing

Copy URL Twitter E-mail

General

Target

e6418e3c5baf53546a2910dfd9cfcd1e886c227d8fd75fb821bb33329a01bd27
Size

70KB
MD5

f394c1bd01da2a3fc202483c3eb7ed39
SHA1

646f9b1ec86cbf9549305a103ca4eba18af94ab5
SHA256

e6418e3c5baf53546a2910dfd9cfcd1e886c227d8fd75fb821bb33329a01bd27
SHA512

bdeb9e07dfbbba9ab329aa2ddc957880e813452a2a62b6bfea554faed6dea4adfb2c9af3eb08861c0c85a861e845c14808c7c029c7317b5ad64b86425e874b36
SSDEEP

1536:zVnbXVjO83FfQ7orq/fTvEuxFOmKPJd/FyD7ncPltlhhde8m:zVnbXVjO83FYeufTv1IXID7noBe8

Score

N/A

Malware Config

Signatures

Files

e6418e3c5baf53546a2910dfd9cfcd1e886c227d8fd75fb821bb33329a01bd27
.exe windows x86

8946be53441b3ea767587ba1182f91a9

Code Sign

1b:5d:65:19:a1:99:87:a7:49:c4:c9:0a:ec:f1:a3:3b
Certificate

Issuer

CN=NCrG992VieeQ

Not Before

14/03/2012, 06:19

Not After

31/12/2039, 23:59

Subject

CN=NCrG992VieeQ

Extended Key Usages

ExtKeyUsageCodeSigning

1a:de:ea:9d:7b:ce:e1:ca:ed:b8:9c:54:20:bc:4d:3f:22:24:08:e7
Signer

Actual PE Digest

1a:de:ea:9d:7b:ce:e1:ca:ed:b8:9c:54:20:bc:4d:3f:22:24:08:e7

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=NCrG992VieeQ

01/12/2022, 14:34
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
InterlockedCompareExchange
lstrcpyA
lstrlenA
GetWindowsDirectoryA
GetProcAddress
CreateFileA
VirtualAlloc
BeginUpdateResourceA
BuildCommDCBAndTimeoutsA
CancelIo
CreateHardLinkW
CreateJobObjectW
CreateTapePartition
DefineDosDeviceA
DefineDosDeviceW
EnterCriticalSection
EnumDateFormatsExW
EnumResourceLanguagesA
EnumResourceTypesW
EnumSystemLanguageGroupsA
EnumTimeFormatsW
EnumUILanguagesA
FileTimeToSystemTime
FindAtomA
FindClose
FlushInstructionCache
FoldStringA
GetBinaryType
GetCPInfo
GetCPInfoExA
GetCommModemStatus
GetConsoleAliasesA
GetConsoleAliasesLengthA
GetConsoleAliasesW
GetConsoleMode
GetCurrentDirectoryA
GetCurrentDirectoryW
GetDefaultCommConfigW
GetDriveTypeA
GetFileSizeEx
GetLocalTime
GetLocaleInfoA
GetLogicalDriveStringsA
GetModuleFileNameA
GetProcessAffinityMask
GetShortPathNameA
GetShortPathNameW
GetStdHandle
GetStringTypeA
GetStringTypeExA
GetStringTypeExW
GetSystemTimeAsFileTime
GetSystemWindowsDirectoryA
GetTapeStatus
GetTempPathA
GetTempPathW
GetThreadPriorityBoost
GetThreadSelectorEntry
GetTimeZoneInformation
GetUserDefaultLangID
GetVersionExW
GetVolumePathNameW
GlobalMemoryStatusEx
GlobalReAlloc
Heap32Next
HeapCompact
HeapFree
HeapLock
HeapUnlock
InterlockedIncrement
IsBadStringPtrW
IsDBCSLeadByteEx
IsValidLanguageGroup
IsValidLocale
LoadLibraryExW
LoadLibraryW
LoadModule
LocalFileTimeToFileTime
LocalHandle
LocalShrink
MoveFileA
OpenSemaphoreW
OpenWaitableTimerA
ReleaseMutex
ReplaceFileW
SetComputerNameA
SetComputerNameExA
SetComputerNameExW
SetComputerNameW
SetEnvironmentVariableW
SetLastError
SetThreadPriority
Thread32Next
VerLanguageNameA
VerLanguageNameW
VerifyVersionInfoW
VirtualProtect
WaitForMultipleObjects
WriteConsoleOutputW
WritePrivateProfileStringA
WritePrivateProfileStructW
lstrcatA
lstrcmpiW

user32

OpenClipboard
OpenIcon
RemovePropW
ScreenToClient
ScrollWindowEx
SendIMEMessageExA
SendMessageW
SetActiveWindow
SetCaretPos
SetClipboardViewer
SetDebugErrorLevel
SetDlgItemTextW
SetWindowLongW
SetWindowsHookExA
ShowCaret
SwitchDesktop
SystemParametersInfoA
ToAscii
TrackPopupMenuEx
UnloadKeyboardLayout
UnregisterClassA
VkKeyScanExA
WindowFromPoint
wsprintfA
wvsprintfA
OemToCharBuffA
OemKeyScan
MessageBoxW
MessageBoxExW
MapWindowPoints
MapVirtualKeyA
LoadIconW
LoadBitmapA
IsZoomed
IsWindowUnicode
IsWindow
IsDialogMessage
IMPGetIMEW
GetWindowThreadProcessId
GetWindowTextW
GetWindowTextLengthW
GetWindowRect
GetWindowDC
GetWindowContextHelpId
GetThreadDesktop
GetPriorityClipboardFormat
GetMouseMovePointsEx
GetMessagePos
GetMenuStringA
GetMenuInfo
GetMenuDefaultItem
GetLastInputInfo
GetKeyboardLayoutNameW
GetKeyboardLayout
GetKeyState
GetDlgItemTextW
GetClipCursor
GetClassNameW
GetClassInfoExA
GetAncestor
EnumDisplaySettingsA
EnumDisplayDevicesW
EnumDisplayDevicesA
EnumDesktopsW
EnableWindow
EmptyClipboard
DrawTextW
DrawTextExW
DrawStateA
DragObject
DlgDirSelectComboBoxExW
DialogBoxIndirectParamW
DefWindowProcW
DefFrameProcW
DdePostAdvise
DdeImpersonateClient
DdeEnableCallback
DdeConnectList
DdeAccessData
CreateIconIndirect
CreateDialogParamA
CreateDesktopW
CreateCursor
CountClipboardFormats
CopyRect
CopyAcceleratorTableA
CheckRadioButton
CharUpperBuffA
ChangeMenuW
ChangeDisplaySettingsA
CascadeWindows
EndPaint

shell32

SHBrowseForFolderA
Shell_NotifyIconW
Shell_NotifyIcon
ShellExecuteW
ShellAboutA
SHQueryRecycleBinA
SHPathPrepareForWriteW
SHInvokePrinterCommandW
SHInvokePrinterCommandA
SHGetSpecialFolderPathW
SHGetSpecialFolderLocation
SHGetSettings
CheckEscapesW
CommandLineToArgvW
DoEnvironmentSubstA
DragAcceptFiles
DragFinish
DragQueryFile
DragQueryFileA
DragQueryPoint
DuplicateIcon
ExtractAssociatedIconA
ExtractAssociatedIconExA
ExtractIconExA
ExtractIconExW
FindExecutableA
SHGetPathFromIDListW
FindExecutableW
SHAddToRecentDocs
SHAppBarMessage
SHBindToParent
SHBrowseForFolder
WOWShellExecute
SHBrowseForFolderW
SHChangeNotify
SHCreateDirectoryExA
SHCreateDirectoryExW
SHEmptyRecycleBinW
SHFileOperation
SHFreeNameMappings
SHGetDataFromIDListW
SHGetDesktopFolder
SHGetDiskFreeSpaceExW
SHGetFileInfo
SHGetFileInfoW
SHGetFolderPathA
SHGetFolderPathW
SHGetIconOverlayIndexA
SHGetIconOverlayIndexW
SHGetInstanceExplorer
SHGetMalloc
SHGetPathFromIDList
SHGetPathFromIDListA

shlwapi

StrChrIA
StrChrIW
StrCmpNIA
StrCmpNIW
StrCmpNW
StrRChrA
StrRChrIW
StrRChrW
StrRStrIA
StrRStrIW
StrStrIA
StrStrIW

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text1
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8946be53441b3ea767587ba1182f91a9

Code Sign

1b:5d:65:19:a1:99:87:a7:49:c4:c9:0a:ec:f1:a3:3bCertificate

Extended Key Usages

1a:de:ea:9d:7b:ce:e1:ca:ed:b8:9c:54:20:bc:4d:3f:22:24:08:e7Signer

Signature Validations

Verification

01/12/2022, 14:34 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

shlwapi

Sections

.text Size: 12KB - Virtual size: 11KB

.text1 Size: 50KB - Virtual size: 49KB

.data Size: 1024B - Virtual size: 944B

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 2KB - Virtual size: 1KB

1b:5d:65:19:a1:99:87:a7:49:c4:c9:0a:ec:f1:a3:3b
Certificate

1a:de:ea:9d:7b:ce:e1:ca:ed:b8:9c:54:20:bc:4d:3f:22:24:08:e7
Signer

01/12/2022, 14:34
Valid: false

.text
Size: 12KB - Virtual size: 11KB

.text1
Size: 50KB - Virtual size: 49KB

.data
Size: 1024B - Virtual size: 944B

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 2KB - Virtual size: 1KB