903fd43f4afc1e9ffd1651cb28fb0c295f0c836f5502f764bcdcf1ec8e6b90b2

Sharing

Copy URL Twitter E-mail

General

Target

903fd43f4afc1e9ffd1651cb28fb0c295f0c836f5502f764bcdcf1ec8e6b90b2
Size

98KB
MD5

89c85599d74f7e8f713601ef093be93c
SHA1

45341d80aa7689b4149a1d7f1cafb2e486c470df
SHA256

903fd43f4afc1e9ffd1651cb28fb0c295f0c836f5502f764bcdcf1ec8e6b90b2
SHA512

28984e1e86123f1944949f89ddc6f78bc00c836782952eaa46497c062603d678a7e26e9a1df06a95d90a1dca7989c9985aae3f8de73164938f2e88a9a563d4a1
SSDEEP

1536:q5GZsdyg+y9cSsOFv5hBYgGz6KoMMChkGHXm6Z2/NohZhBn5Txyen:q5GZsR+3SRv5szAMRp40XTxHn

Score

N/A

Malware Config

Signatures

Files

903fd43f4afc1e9ffd1651cb28fb0c295f0c836f5502f764bcdcf1ec8e6b90b2
.exe windows x86

c5a18577f7ddbbd7db3efb7e236aec6c

Code Sign

4a:7b:a7:ae:bc:75:9a:47:ba:6b:5d:9e:5a:30:47:91
Certificate

Issuer

CN=2612347613

Not Before

05/03/2012, 08:51

Not After

31/12/2039, 23:59

Subject

CN=2612347613

Extended Key Usages

ExtKeyUsageCodeSigning

b6:9f:22:89:41:b9:4f:92:d4:c6:fd:5e:92:6f:79:78:b4:b8:8b:29
Signer

Actual PE Digest

b6:9f:22:89:41:b9:4f:92:d4:c6:fd:5e:92:6f:79:78:b4:b8:8b:29

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=2612347613

01/12/2022, 14:34
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Heap32ListFirst
Heap32Next
HeapWalk
InterlockedDecrement
IsDBCSLeadByteEx
IsSystemResumeAutomatic
LocalFlags
LocalSize
OpenFile
OpenMutexW
PeekNamedPipe
PurgeComm
ReadFileScatter
RequestWakeupLatency
ResetWriteWatch
SetComputerNameExW
SetCurrentDirectoryA
SetLocaleInfoW
SetProcessWorkingSetSize
SetSystemPowerState
GlobalUnlock
SetThreadContext
SetThreadIdealProcessor
SetUnhandledExceptionFilter
SetVolumeLabelA
SignalObjectAndWait
SystemTimeToFileTime
TerminateThread
UnlockFile
UnlockFileEx
UnregisterWait
UpdateResourceW
VirtualFree
VirtualUnlock
WideCharToMultiByte
WriteConsoleOutputAttribute
WriteConsoleOutputW
WritePrivateProfileStringA
WritePrivateProfileStructA
WriteProfileSectionW
GlobalUnfix
GlobalMemoryStatusEx
GetVolumeInformationA
GetUserDefaultUILanguage
GetThreadTimes
GetThreadSelectorEntry
GetTempPathA
GetTapePosition
GetSystemWindowsDirectoryA
GetSystemTimeAsFileTime
GetSystemDefaultLangID
GetPrivateProfileStructW
CreateFileA
GetPrivateProfileStringA
GetPrivateProfileSectionA
GetModuleHandleA
GetLogicalDrives
GetFullPathNameA
GetExitCodeThread
GetEnvironmentStringsW
GetCurrentDirectoryW
GetCurrentConsoleFont
GetConsoleScreenBufferInfo
GetConsoleAliasExesLengthW
FreeResource
FindNextVolumeMountPointW
FindNextFileW
FindFirstFileA
FindCloseChangeNotification
FindAtomW
EscapeCommFunction
EnumTimeFormatsW
EnumSystemLanguageGroupsW
EnumLanguageGroupLocalesW
EndUpdateResourceW
DisconnectNamedPipe
DeleteTimerQueueTimer
DeleteFileW
DeleteFileA
DebugBreak
CreateWaitableTimerW
CreatePipe
CreateHardLinkA
CreateFileW
CreateDirectoryA
CreateConsoleScreenBuffer
CopyFileW
CopyFileExA
ConvertThreadToFiber
CancelIo
BuildCommDCBW
BuildCommDCBA
Beep
BackupRead
VirtualAlloc
GetWindowsDirectoryA
lstrlenA
lstrcpyA
SetThreadAffinityMask

advapi32

RegOpenKeyExA

shell32

SHCreateDirectoryExA
Shell_NotifyIcon
ShellHookProc
ShellExecuteExW
ShellExecuteExA
ShellExecuteA
ShellAboutW
ShellAboutA
SHPathPrepareForWriteW
SHPathPrepareForWriteA
SHLoadNonloadedIconOverlayIdentifiers
SHIsFileAvailableOffline
SHInvokePrinterCommandW
CheckEscapesW
CommandLineToArgvW
DoEnvironmentSubstA
DoEnvironmentSubstW
DragQueryFile
DragQueryFileA
DuplicateIcon
ExtractAssociatedIconExA
ExtractAssociatedIconExW
ExtractIconExA
ExtractIconExW
ExtractIconW
FindExecutableA
FindExecutableW
SHAddToRecentDocs
SHBindToParent
SHBrowseForFolderA
SHChangeNotify
SHLoadInProc
SHCreateDirectoryExW
SHEmptyRecycleBinW
SHFileOperation
SHFileOperationA
SHFileOperationW
SHFormatDrive
SHFreeNameMappings
SHGetDataFromIDListA
SHGetFileInfo
SHGetFileInfoW
SHGetFolderLocation
SHGetFolderPathA
SHGetIconOverlayIndexA
SHGetIconOverlayIndexW
SHGetInstanceExplorer
SHGetPathFromIDList
SHGetSpecialFolderLocation
SHGetSpecialFolderPathW
SHInvokePrinterCommandA

shlwapi

StrChrIA
StrChrW
StrCmpNA
StrCmpNIA
StrCmpNIW
StrStrIA
StrRStrIW
StrRStrIA
StrRChrW
StrRChrIW
StrRChrIA
StrRChrA

comctl32

CreatePropertySheetPageA
CreatePropertySheetPageW
CreateStatusWindow
ord6
CreateStatusWindowW
ord7
CreateToolbarEx
ord16
DestroyPropertySheetPage
DrawStatusText
ord5
DrawStatusTextW
FlatSB_EnableScrollBar
FlatSB_SetScrollInfo
FlatSB_SetScrollProp
FlatSB_SetScrollRange
FlatSB_ShowScrollBar
GetMUILanguage
ImageList_AddMasked
ImageList_BeginDrag
ImageList_Copy
ImageList_Create
ImageList_Destroy
ImageList_DragEnter
ImageList_DragShowNolock
ImageList_Draw
CreatePropertySheetPage
ImageList_EndDrag
ImageList_GetIcon
ImageList_GetIconSize
ImageList_GetImageInfo
ImageList_GetImageRect
ImageList_LoadImage
ImageList_LoadImageA
ImageList_LoadImageW
ImageList_Merge
ImageList_Read
ImageList_Remove
ImageList_ReplaceIcon
ImageList_SetBkColor
ImageList_SetDragCursorImage
ImageList_SetFilter
ImageList_SetImageCount
InitCommonControlsEx
InitMUILanguage
InitializeFlatSB
ord14
ord2
PropertySheet
PropertySheetA
PropertySheetW
ord3
UninitializeFlatSB
_TrackMouseEvent
ImageList_DrawEx
ord8

Sections

.text
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 204B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.d1
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.d2
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c5a18577f7ddbbd7db3efb7e236aec6c

Code Sign

4a:7b:a7:ae:bc:75:9a:47:ba:6b:5d:9e:5a:30:47:91Certificate

Extended Key Usages

b6:9f:22:89:41:b9:4f:92:d4:c6:fd:5e:92:6f:79:78:b4:b8:8b:29Signer

Signature Validations

Verification

01/12/2022, 14:34 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shell32

shlwapi

comctl32

Sections

.text Size: 83KB - Virtual size: 82KB

.data Size: 512B - Virtual size: 204B

.d1 Size: 1024B - Virtual size: 1000B

.d2 Size: 2KB - Virtual size: 2KB

.rsrc Size: 8KB - Virtual size: 7KB

.reloc Size: 1KB - Virtual size: 281KB

4a:7b:a7:ae:bc:75:9a:47:ba:6b:5d:9e:5a:30:47:91
Certificate

b6:9f:22:89:41:b9:4f:92:d4:c6:fd:5e:92:6f:79:78:b4:b8:8b:29
Signer

01/12/2022, 14:34
Valid: false

.text
Size: 83KB - Virtual size: 82KB

.data
Size: 512B - Virtual size: 204B

.d1
Size: 1024B - Virtual size: 1000B

.d2
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 1KB - Virtual size: 281KB