advanced_renamer_setup_3_88_1[.]exe

Resubmissions

28-12-2022 03:39

221228-d7xcvscd5s 1

28-12-2022 03:39

221228-d7lalahd36 1

Sharing

Copy URL

Twitter E-mail

General

Target

advanced_renamer_setup_3_88_1.exe
Size

5.5MB
MD5

46edc16dbb347e13509eae87e224541c
SHA1

0aa779b12f5c98db211a005dfa5cdd9eff33f3c8
SHA256

df55c380b4edd086a321a9fe50029fda9511a08a15b2ef8705d0080d1d7c7afe
SHA512

3292bcfecbd81e8e1a075eda1d6ca95a38ba44cd498fa57d926567d5bb88c55216b5d5b52bf6d84e1478b2bcffcec9d1394345ec75fbfd5bcfdaf8a33739b8e3
SSDEEP

49152:qNLhcYgwGhqalXW+os2ESGNCRIQotMmNDLY8ffDukJT7Vxe9Ol:IvAKmNbFV8

Score

N/A

Malware Config

Signatures

Files

advanced_renamer_setup_3_88_1.exe
.exe windows x64

Password: infected

f8e17ad5221a31d41b28c69cea9dfa54

Code Sign

3d:e6:e2:a1:09:18:b6:4d:a1:bd:66:75:b2:72:0c:ff
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

21-01-2020 00:00

Not After

20-01-2022 23:59

Subject

CN=Hulubulu Software,O=Hulubulu Software,POSTALCODE=2640,STREET=Sletteager 30,L=Hedehusene,ST=Hovedstaden,C=DK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-11-2018 00:00

Not After

31-12-2030 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23-10-2020 00:00

Not After

22-01-2032 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f5:59:b5:e5:48:c5:c9:ed:d8:33:ab:48:a4:8a:e8:b9:96:f0:89:d1
Signer

Actual PE Digest

f5:59:b5:e5:48:c5:c9:ed:d8:33:ab:48:a4:8a:e8:b9:96:f0:89:d1

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Hulubulu Software,O=Hulubulu Software,POSTALCODE=2640,STREET=Sletteager 30,L=Hedehusene,ST=Hovedstaden,C=DK

15-12-2022 13:55
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

shell32

SHChangeNotify
DragQueryFileW
ShellExecuteW

user32

DrawTextExW
CharLowerBuffW
InsertMenuItemW
PeekMessageW
GetSystemMetrics
MessageBoxW
GetSysColor
CharUpperBuffW
CopyIcon
DrawIconEx
MsgWaitForMultipleObjects
FrameRect
DestroyIcon
GetIconInfo
FillRect
GetClipboardData
SendMessageW
ShowWindow
CharUpperW
LoadIconW
SetForegroundWindow
PostThreadMessageW
DrawFocusRect
CharNextW
GetDC
CreateIcon
LoadStringW
CreateIconIndirect
ReleaseDC
FindWindowW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

oleaut32

SafeArrayPutElement
SetErrorInfo
GetErrorInfo
VariantInit
VariantClear
SysFreeString
SafeArrayAccessData
LoadTypeLibEx
SysReAllocStringLen
SafeArrayCreate
CreateErrorInfo
SafeArrayGetElement
SysAllocStringLen
SafeArrayUnaccessData
SafeArrayPtrOfIndex
VariantCopy
SafeArrayGetUBound
SafeArrayGetLBound
RegisterTypeLib
VariantCopyInd
VariantChangeType

advapi32

RegSetValueExW
RegConnectRegistryW
RegEnumKeyExW
RegLoadKeyW
RegDeleteKeyW
RegOpenKeyExW
RegQueryInfoKeyW
RegUnLoadKeyW
RegSaveKeyW
RegDeleteValueW
RegReplaceKeyW
RegFlushKey
RegQueryValueExW
RegEnumValueW
RegCloseKey
RegCreateKeyExW
RegRestoreKeyW

netapi32

NetWkstaGetInfo
NetApiBufferFree

msvcrt

isupper
isalpha
isalnum
toupper
memchr
memcmp
memcpy
memset
isprint
isspace
iscntrl
isxdigit
ispunct
isgraph
islower
tolower

winhttp

WinHttpGetIEProxyConfigForCurrentUser
WinHttpSetTimeouts
WinHttpSetStatusCallback
WinHttpConnect
WinHttpReceiveResponse
WinHttpQueryAuthSchemes
WinHttpGetProxyForUrl
WinHttpReadData
WinHttpCloseHandle
WinHttpQueryHeaders
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpOpen
WinHttpWriteData
WinHttpSetCredentials
WinHttpQueryDataAvailable
WinHttpSetOption
WinHttpSendRequest
WinHttpQueryOption

duktape64

duk_get_finalizer
duk_inspect_value
duk_require_undefined
duk_resume
duk_push_int
duk_require_buffer
duk_base64_encode
duk_get_top_index
duk_get_boolean_default
duk_freeze
duk_push_current_thread
duk_push_buffer_object
duk_get_heapptr_default
duk_join
duk_is_array
duk_pcall
duk_debugger_cooperate
duk_require_uint
duk_get_heapptr
duk_next
duk_require_heapptr
duk_push_uint
duk_push_number
duk_debugger_notify
duk_require_int
duk_hex_encode
duk_is_constructable
duk_set_finalizer
duk_get_prop_heapptr
duk_put_prop_heapptr
duk_decode_string
duk_get_now
duk_require_number
duk_get_global_string
duk_steal_buffer
duk_to_uint32
duk_push_context_dump
duk_is_dynamic_buffer
duk_suspend
duk_time_to_components
duk_push_boolean
duk_xcopymove_raw
duk_to_uint
duk_require_top_index
duk_call_prop
duk_is_string
duk_to_number
duk_dump_function
duk_gc
duk_check_stack_top
duk_push_global_object
duk_get_string
duk_push_error_object_raw
duk_push_undefined
duk_get_length
duk_set_length
duk_copy
duk_is_valid_index
duk_require_function
duk_get_context
duk_to_undefined
duk_is_undefined
duk_require_pointer
duk_is_buffer_data
duk_get_context_default
duk_fatal_raw
duk_safe_to_lstring
duk_opt_string
duk_push_true
duk_is_fixed_buffer
duk_push_this
duk_dup
duk_pop
duk_del_prop_string
duk_load_function
duk_push_thread_stash
duk_get_prop_string
duk_substring
duk_is_function
duk_has_prop_string
duk_compile_raw
duk_opt_heapptr
duk_get_type
duk_alloc_raw
duk_json_decode
duk_inspect_callstack_entry
duk_push_null
duk_destroy_heap
duk_push_pointer
duk_push_lstring
duk_push_global_stash
duk_map_string
duk_get_boolean
duk_opt_int
duk_get_int
duk_is_buffer
duk_pop_3
duk_pop_n
duk_push_heapptr
duk_put_number_list
duk_replace
duk_get_pointer
duk_del_prop_index
duk_get_number_default
duk_is_number
duk_to_boolean
duk_is_bound_function
duk_debugger_detach
duk_swap
duk_is_strict_call
duk_get_memory_functions
duk_get_prototype
duk_to_int
duk_put_prop_string
duk_push_proxy
duk_json_encode
duk_get_type_mask
duk_to_object
duk_put_global_lstring
duk_require_context
duk_create_heap
duk_has_prop_index
duk_concat
duk_opt_context
duk_eval_raw
duk_require_stack_top
duk_is_boolean
duk_throw_raw
duk_enum
duk_put_prop_index
duk_set_prototype
duk_is_thread
duk_push_object
duk_is_ecmascript_function
duk_strict_equals
duk_normalize_index
duk_is_c_function
duk_push_heap_stash
duk_to_buffer_raw
duk_get_buffer_data
duk_get_buffer
duk_get_uint
duk_is_symbol
duk_alloc
duk_samevalue
duk_opt_uint
duk_get_error_code
duk_to_primitive
duk_opt_boolean
duk_is_nan
duk_push_buffer_raw
duk_get_top
duk_set_top
duk_opt_buffer
duk_free_raw
duk_char_code_at
duk_get_number
duk_get_current_magic
duk_insert
duk_set_global_object
duk_resize_buffer
duk_to_uint16
duk_opt_pointer
duk_base64_decode
duk_buffer_to_string
duk_del_prop_heapptr
duk_opt_number
duk_pcall_method
duk_set_magic
duk_is_object
duk_pcall_prop
duk_require_buffer_data
duk_require_object
duk_free
duk_has_prop_heapptr
duk_error_raw
duk_call_method
duk_require_string
duk_equals
duk_check_type_mask
duk_hex_decode
duk_get_buffer_default
duk_instanceof
duk_components_to_time
duk_put_function_list
duk_call
duk_is_lightfunc
duk_push_nan
duk_push_false
duk_get_pointer_default
duk_get_buffer_data_default
duk_require_boolean
duk_push_current_function
duk_remove
duk_new
duk_debugger_pause
duk_is_constructor_call
duk_push_thread_raw
duk_require_null
duk_get_int_default
duk_is_external_buffer
duk_pnew
duk_push_c_function
duk_to_int32
duk_get_prop
duk_require_normalize_index
duk_realloc
duk_has_prop
duk_opt_buffer_data
duk_to_pointer
duk_put_prop
duk_del_prop
duk_def_prop
duk_swap_top
duk_require_stack
duk_push_array
duk_pop_2
duk_require_valid_index
duk_get_uint_default
duk_get_string_default
duk_seal
duk_check_stack
duk_compact
duk_get_magic
duk_dup_top
duk_realloc_raw
duk_to_null
duk_is_null
duk_get_prop_index
duk_check_type
duk_config_buffer
duk_get_prop_desc
duk_is_pointer
duk_push_bare_object
duk_to_string

kernel32

SetFileAttributesW
GetFileType
SetFileTime
RtlUnwindEx
QueryDosDeviceW
GetACP
GetExitCodeProcess
CloseHandle
LocalFree
SizeofResource
VirtualProtect
TerminateThread
QueryPerformanceFrequency
IsDebuggerPresent
FindNextFileW
GetFullPathNameW
VirtualFree
HeapAlloc
ExitProcess
GetCPInfoExW
GetLongPathNameW
RtlUnwind
GetCPInfo
EnumSystemLocalesW
GetStdHandle
GetTimeZoneInformation
FileTimeToLocalFileTime
SystemTimeToTzSpecificLocalTime
GetModuleHandleW
FreeLibrary
TryEnterCriticalSection
HeapDestroy
FileTimeToDosDateTime
ReadFile
DosDateTimeToFileTime
CreateProcessW
GetLastError
GetModuleFileNameW
SetLastError
FindResourceW
CreateThread
CompareStringW
CopyFileW
lstrcpyA
MapViewOfFile
LoadLibraryA
GetVolumeInformationW
ResetEvent
MulDiv
FreeResource
GetDriveTypeW
GetVersion
RaiseException
MoveFileW
FormatMessageW
SwitchToThread
GetExitCodeThread
GetCurrentThread
LocalFileTimeToFileTime
GetFileAttributesExW
LoadLibraryExW
LockResource
FileTimeToSystemTime
GetShortPathNameW
GetCurrentThreadId
UnhandledExceptionFilter
VirtualQuery
GlobalFree
VirtualQueryEx
Sleep
EnterCriticalSection
SetFilePointer
LoadResource
SuspendThread
GetTickCount
WritePrivateProfileStringW
GetTempFileNameW
GetFileSize
GetStartupInfoW
GetFileAttributesW
InitializeCriticalSection
GetThreadPriority
GetCurrentProcess
SetThreadPriority
VirtualAlloc
GetTempPathW
GetCommandLineW
GetSystemInfo
LeaveCriticalSection
GetProcAddress
ResumeThread
GetLogicalDriveStringsW
GetVersionExW
VerifyVersionInfoW
HeapCreate
LCMapStringW
GetDiskFreeSpaceW
VerSetConditionMask
FindFirstFileW
GetUserDefaultUILanguage
GetConsoleOutputCP
UnmapViewOfFile
GetConsoleCP
lstrlenW
SetEndOfFile
QueryPerformanceCounter
lstrcpyW
HeapFree
WideCharToMultiByte
FindClose
MultiByteToWideChar
LoadLibraryW
SetEvent
GetLocaleInfoW
CreateFileW
SystemTimeToFileTime
DeleteFileW
IsDBCSLeadByteEx
GetLocalTime
WaitForSingleObject
WriteFile
CreateFileMappingW
ExitThread
DeleteCriticalSection
GetDateFormatW
TlsGetValue
SetErrorMode
TzSpecificLocalTimeToSystemTime
IsValidLocale
TlsSetValue
CreateDirectoryW
GetSystemDefaultUILanguage
EnumCalendarInfoW
LocalAlloc
RemoveDirectoryW
CreateEventW
GetPrivateProfileStringW
GetThreadLocale
SetThreadLocale

shfolder

SHGetFolderPathW

ole32

IsEqualGUID
CoLockObjectExternal
CoRevokeClassObject
CoRegisterClassObject
CoInitialize
CoDisconnectObject
CoCreateInstance
CoUninitialize
CoTaskMemFree
ReleaseStgMedium
StringFromCLSID

gdi32

Arc
Pie
SetBkMode
SelectPalette
CreateCompatibleBitmap
GetEnhMetaFileHeader
MaskBlt
AngleArc
DeleteEnhMetaFile
Chord
SetTextColor
StretchBlt
SetDIBits
RealizePalette
SetDIBColorTable
GetDIBColorTable
RoundRect
GetTextMetricsW
GetWindowOrgEx
CreatePalette
CreateBrushIndirect
PatBlt
SetEnhMetaFileBits
PolyBezierTo
GetStockObject
Polygon
Rectangle
MoveToEx
DeleteDC
PlayEnhMetaFile
BitBlt
Ellipse
GetDeviceCaps
GetBitmapBits
GetTextExtentPoint32W
GetClipBox
Polyline
GetSystemPaletteEntries
GetEnhMetaFileBits
CreateBitmap
SetWinMetaFileBits
CreateDIBitmap
GetStretchBltMode
CreateDIBSection
CreatePenIndirect
SetStretchBltMode
GetEnhMetaFilePaletteEntries
GetDIBits
CreateFontIndirectW
PolyBezier
LineTo
CreateHalftonePalette
DeleteObject
SelectObject
ExtFloodFill
UnrealizeObject
CopyEnhMetaFileW
SetBkColor
CreateCompatibleDC
GetObjectW
GetBrushOrgEx
GetWinMetaFileBits
GetCurrentPositionEx
SetROP2
ExtTextOutW
SetBrushOrgEx
GetEnhMetaFileDescriptionW
GetPixel
ArcTo
GdiFlush
SetPixel
GetPaletteEntries

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 4.4MB - Virtual size: 4.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 515KB - Virtual size: 515KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 506KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 151B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 600B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 109B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 199KB - Virtual size: 199KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.pdata
Size: 253KB - Virtual size: 252KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: infected

f8e17ad5221a31d41b28c69cea9dfa54

Code Sign

3d:e6:e2:a1:09:18:b6:4d:a1:bd:66:75:b2:72:0c:ffCertificate

Extended Key Usages

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6bCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

f5:59:b5:e5:48:c5:c9:ed:d8:33:ab:48:a4:8a:e8:b9:96:f0:89:d1Signer

Signature Validations

Verification

15-12-2022 13:55 Valid: false

Headers

File Characteristics

Imports

shell32

user32

version

oleaut32

advapi32

netapi32

msvcrt

winhttp

duktape64

kernel32

shfolder

ole32

gdi32

Exports

Exports

Sections

.text Size: 4.4MB - Virtual size: 4.4MB

.data Size: 515KB - Virtual size: 515KB

.bss Size: - Virtual size: 506KB

.idata Size: 20KB - Virtual size: 19KB

.didata Size: 2KB - Virtual size: 1KB

.edata Size: 512B - Virtual size: 151B

.tls Size: - Virtual size: 600B

.rdata Size: 512B - Virtual size: 109B

.reloc Size: 199KB - Virtual size: 199KB

.pdata Size: 253KB - Virtual size: 252KB

.rsrc Size: 58KB - Virtual size: 58KB

3d:e6:e2:a1:09:18:b6:4d:a1:bd:66:75:b2:72:0c:ff
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

f5:59:b5:e5:48:c5:c9:ed:d8:33:ab:48:a4:8a:e8:b9:96:f0:89:d1
Signer

15-12-2022 13:55
Valid: false

.text
Size: 4.4MB - Virtual size: 4.4MB

.data
Size: 515KB - Virtual size: 515KB

.bss
Size: - Virtual size: 506KB

.idata
Size: 20KB - Virtual size: 19KB

.didata
Size: 2KB - Virtual size: 1KB

.edata
Size: 512B - Virtual size: 151B

.tls
Size: - Virtual size: 600B

.rdata
Size: 512B - Virtual size: 109B

.reloc
Size: 199KB - Virtual size: 199KB

.pdata
Size: 253KB - Virtual size: 252KB

.rsrc
Size: 58KB - Virtual size: 58KB