3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43

Sharing

Copy URL

Twitter E-mail

General

Target

3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43
Size

1.7MB
MD5

046b4fd749fc319e3cb2fd82ed51c3d3
SHA1

f158a9713af368eb9fe62b147cf41b7ec0e7cc5a
SHA256

3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43
SHA512

677adb1fca386fcd3407d155946051827c1122cc1cec2d5674915bf5f88fbb12a206b476d1461fe8b1113780d1526a4c9af127613918de71ae863d1c9fe390ac
SSDEEP

24576:PaF1H6CedUX5UQFcaoWBM1OnxloV2XnJ0844Jkj:inH6CedUZcDW8O7I2XnK4J0

Score

N/A

Malware Config

Signatures

Files

3995c6b666de009b2c0e7711e4de3cea6f6f40464f9594f95a8655f44b609b43
.exe windows x64

2bd6dfbc033514f1d4c6f6d002ffc41a

Code Sign

3e:04:e3:8a:28:96:56:48:b8:f0:28:12:dd:f0:16:0f
Certificate

Issuer

CN=topolo-Z Self Signed CA

Not Before

01-01-2018 00:00

Not After

31-12-2039 23:59

Subject

CN=topolo-Z

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3e:04:e3:8a:28:96:56:48:b8:f0:28:12:dd:f0:16:0f
Certificate

Issuer

CN=topolo-Z Self Signed CA

Not Before

01-01-2018 00:00

Not After

31-12-2039 23:59

Subject

CN=topolo-Z

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

bf:d6:3e:77:58:98:2a:62:26:1e:62:ab:07:17:19:55:c1:e7:18:59:c6:69:08:4b:2d:62:60:5e:85:c0:96:7d
Signer

Actual PE Digest

bf:d6:3e:77:58:98:2a:62:26:1e:62:ab:07:17:19:55:c1:e7:18:59:c6:69:08:4b:2d:62:60:5e:85:c0:96:7d

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=topolo-Z

29-12-2022 03:43
Valid: false

80:b4:51:8e:db:22:59:6d:90:db:41:48:c7:aa:41:29:2d:15:97:b4
Signer

Actual PE Digest

80:b4:51:8e:db:22:59:6d:90:db:41:48:c7:aa:41:29:2d:15:97:b4

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=topolo-Z

29-12-2022 03:43
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

comctl32

ImageList_GetImageCount
ImageList_Remove
ImageList_Destroy
InitCommonControlsEx
ord381
ImageList_ReplaceIcon
PropertySheetW
CreatePropertySheetPageW
ImageList_GetIconSize
ord412
ImageList_Draw
ord410
ImageList_Create
ord413

uxtheme

SetWindowTheme
DrawThemeParentBackground
IsThemeBackgroundPartiallyTransparent
CloseThemeData
DrawThemeBackground
OpenThemeData
DrawThemeTextEx
GetCurrentThemeName

dwmapi

DwmGetColorizationColor
DwmExtendFrameIntoClientArea
DwmSetWindowAttribute
DwmIsCompositionEnabled
DwmGetWindowAttribute

shlwapi

PathIsRelativeW
PathRemoveBackslashW
PathRemoveArgsW
PathUnquoteSpacesW
PathFileExistsW
PathRemoveBlanksW
PathStripPathW
ord12
PathRemoveFileSpecW
PathQuoteSpacesW
UrlGetPartW
AssocQueryStringW
PathIsURLW
PathFindFileNameW
SHAutoComplete
PathFindExtensionW
PathIsDirectoryW
PathAddBackslashW

winmm

joyGetPosEx
PlaySoundW
mmioStringToFOURCCW
mmioDescend
mmioAscend
mmioClose
mmioRead
mmioOpenW
mciSendStringW
joyGetNumDevs

powrprof

ReadGlobalPwrPolicy
SetSuspendState

oleacc

AccessibleObjectFromWindow
AccessibleChildren

sas

SendSAS

xmllite

CreateXmlReader

gdiplus

GdipDrawImageRectI
GdipCloneImage
GdipGetImageWidth
GdipDeleteGraphics
GdipCreateFromHDC
GdipFree
GdipSetInterpolationMode
GdipAlloc
GdipSetCompositingQuality
GdipDisposeImage
GdipGetImageHeight
GdiplusStartup
GdiplusShutdown
GdipSetSmoothingMode
GdipLoadImageFromFile

wtsapi32

WTSUnRegisterSessionNotification
WTSRegisterSessionNotification

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

setupapi

SetupDiGetClassDevsW
SetupDiGetDevicePropertyW
SetupDiSetClassInstallParamsW
SetupDiChangeState
SetupDiEnumDeviceInfo
SetupDiGetDeviceInstanceIdW
SetupDiGetClassDevsExW
SetupDiOpenDevRegKey
SetupDiDestroyDeviceInfoList

kernel32

FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
LeaveCriticalSection
EnterCriticalSection
CreateFileW
QueryPerformanceFrequency
QueryPerformanceCounter
GetCurrentProcess
CloseHandle
LocalFree
GetLastError
VerSetConditionMask
VerifyVersionInfoW
GetTickCount64
OpenProcess
Sleep
VirtualProtect
GetThreadUILanguage
GetModuleHandleW
CreateDirectoryW
WritePrivateProfileStringW
HeapFree
OpenFileMappingW
UnmapViewOfFile
GetPrivateProfileStringW
HeapAlloc
GetProcessHeap
CreateFileMappingW
MapViewOfFile
SetThreadPriority
WaitForSingleObject
CreateEventW
SetEvent
GetCurrentThread
ResetEvent
QueryFullProcessImageNameW
ExpandEnvironmentStringsW
GetPrivateProfileIntW
GetLongPathNameW
FreeLibrary
SetDllDirectoryW
LoadLibraryExW
GetSystemPowerStatus
FindFirstFileW
FindNextFileW
FindClose
GetCurrentProcessId
GetWindowsDirectoryW
GetModuleFileNameW
GetCurrentDirectoryW
GetProcAddress
GetCommandLineW
GetLocaleInfoEx
CreateMutexW
GetCurrentThreadId
FormatMessageW
GetUserDefaultLCID
OpenMutexW
RegisterApplicationRestart
DeleteFileW
WaitForMultipleObjects
SetLastError
SetThreadUILanguage
GetUserDefaultUILanguage
InitializeCriticalSectionEx
GetVersionExW
LoadLibraryW
DeleteCriticalSection
SetWaitableTimer
CreateWaitableTimerW
TerminateProcess
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
WriteConsoleW
TryAcquireSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
GetExitCodeThread
WaitForSingleObjectEx
InitializeSListHead
GetSystemTimeAsFileTime
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
LoadLibraryExA
VirtualQuery
GetSystemInfo
RaiseException
SetEndOfFile
ReadConsoleW
FlushFileBuffers
GetConsoleMode
GetConsoleOutputCP
HeapReAlloc
HeapSize
GetStringTypeW
OutputDebugStringW
RtlUnwindEx
RtlPcToFileHeader
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
SetStdHandle
SetEnvironmentVariableW
TlsSetValue
TlsFree
RtlUnwind
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
GetTimeZoneInformation
ExitProcess
GetStdHandle
WriteFile
GetFileSizeEx
SetFilePointerEx
GetFileType
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesW
WideCharToMultiByte
MultiByteToWideChar
ReadFile
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetPrivateProfileSectionNamesW

user32

MonitorFromPoint
GetRawInputDeviceInfoW
GetScrollInfo
MapVirtualKeyW
CheckRadioButton
GetIconInfo
SetDlgItemTextW
GetDlgItemTextW
ExitWindowsEx
GetIconInfoExW
SetSystemCursor
UnregisterHotKey
EndDialog
RegisterHotKey
LoadIconW
CheckDlgButton
SendDlgItemMessageW
GetDC
PrivateExtractIconsW
CreateIconIndirect
DrawIconEx
ReleaseDC
PostMessageW
FindWindowExW
GetWindowLongW
ShowWindowAsync
GetFocus
IsWindowVisible
EnumChildWindows
FillRect
DrawIcon
ShowWindow
GetDlgCtrlID
InternalGetWindowText
LoadBitmapW
PtInRect
BeginPaint
EndPaint
GetWindowThreadProcessId
GetWindow
MonitorFromWindow
GetSystemMetrics
RealGetWindowClassW
CloseDesktop
GetCursorInfo
GetForegroundWindow
OpenInputDesktop
SystemParametersInfoW
GetWindowTextW
SetWindowPos
SetWindowLongPtrW
SendInput
GetMonitorInfoW
WindowFromPhysicalPoint
DrawStateW
GetSysColor
SetFocus
LoadCursorW
SetCapture
SetCursor
GetClientRect
DrawTextW
DialogBoxParamW
ReleaseCapture
FindWindowW
GetPhysicalCursorPos
GetMenuItemInfoW
LoadMenuW
GetMenuItemID
InsertMenuItemW
DestroyWindow
GetLayeredWindowAttributes
GetRawInputData
SetMenuInfo
SetLayeredWindowAttributes
RegisterRawInputDevices
CheckMenuItem
SetRect
GetSysColorBrush
EnableMenuItem
RegisterWindowMessageW
DrawFrameControl
CheckMenuRadioItem
LoadImageW
MsgWaitForMultipleObjects
GetKeyState
GetKeyboardState
MapVirtualKeyExW
GetMenuItemCount
DeleteMenu
SetWindowTextW
GetWindowLongPtrW
TrackPopupMenu
GetSubMenu
DestroyIcon
SetMenuItemInfoW
CreateDialogParamW
MapWindowPoints
TrackMouseEvent
SetMenuDefaultItem
IsWindowEnabled
DestroyMenu
GetDlgItem
GetParent
UpdateWindow
SetForegroundWindow
InvalidateRect
GetAncestor
EnableWindow
GetMessageW
DefWindowProcW
CreateWindowExW
SendMessageW
RegisterClassExW
LoadStringW
DispatchMessageW
SetTimer
TranslateMessage
KillTimer
PostQuitMessage
GetWindowRect
GetDesktopWindow
ToUnicodeEx
GetGUIThreadInfo
GetTopWindow
IsIconic
ModifyMenuW
GetTitleBarInfo
FlashWindowEx
GetAsyncKeyState
SetPhysicalCursorPos
mouse_event
IsChild
GetSystemMenu
MessageBoxExW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
keybd_event
GetKeyboardLayout
LockWorkStation
GetCapture
GetKeyNameTextW
InflateRect
SetClassLongPtrW
GetClassLongPtrW
MessageBeep
CallWindowProcW

gdi32

GetTextMetricsW
GetDeviceCaps
AngleArc
GetTextFaceW
StretchBlt
SetBrushOrgEx
ExtCreatePen
ExcludeClipRect
SetBkColor
PlgBlt
ExtTextOutW
RectVisible
TranslateCharsetInfo
Rectangle
GetDIBits
SetDIBits
BitBlt
CreateCompatibleBitmap
SaveDC
CreateCompatibleDC
GetStockObject
GetClipBox
CreateRectRgnIndirect
DeleteDC
GetTextExtentPoint32W
LineTo
CreatePen
SelectClipRgn
GetObjectW
MoveToEx
RestoreDC
DeleteObject
CreateSolidBrush
SelectObject
SetTextColor
CreateFontW
SetBkMode
RoundRect
SetStretchBltMode

comdlg32

ChooseColorW
CommDlgExtendedError
GetOpenFileNameW

advapi32

AdjustTokenPrivileges
RegCloseKey
GetTokenInformation
CheckTokenMembership
FreeSid
OpenProcessToken
GetNamedSecurityInfoW
SetNamedSecurityInfoW
SetEntriesInAclW
AllocateAndInitializeSid
RegGetValueW
RegOpenKeyExW
RegSetValueExW
OpenServiceW
StartServiceW
OpenSCManagerW
CloseServiceHandle
RegEnumKeyExW
RegCreateKeyExW
LookupPrivilegeValueW
RegQueryValueExW
RegNotifyChangeKeyValue
RegSetKeyValueW
QueryServiceStatus

shell32

ExtractAssociatedIconW
SHCreateItemFromParsingName
CommandLineToArgvW
SHGetFileInfoW
SHAppBarMessage
Shell_NotifyIconW
SHQueryUserNotificationState
SHGetFolderPathW
ShellExecuteW

ole32

CoUninitialize
CoInitializeEx
CoTaskMemAlloc
CoTaskMemFree
CoSetProxyBlanket
CoCreateInstance

oleaut32

SysFreeString
SafeArrayGetElement
SysAllocString
VariantClear
SafeArrayDestroy
SafeArrayCopyData
SafeArrayCopy
VariantInit

Sections

.text
Size: 489KB - Virtual size: 488KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2bd6dfbc033514f1d4c6f6d002ffc41a

Code Sign

3e:04:e3:8a:28:96:56:48:b8:f0:28:12:dd:f0:16:0fCertificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

3e:04:e3:8a:28:96:56:48:b8:f0:28:12:dd:f0:16:0fCertificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

bf:d6:3e:77:58:98:2a:62:26:1e:62:ab:07:17:19:55:c1:e7:18:59:c6:69:08:4b:2d:62:60:5e:85:c0:96:7dSigner

Signature Validations

Verification

29-12-2022 03:43 Valid: false

80:b4:51:8e:db:22:59:6d:90:db:41:48:c7:aa:41:29:2d:15:97:b4Signer

Signature Validations

Verification

29-12-2022 03:43 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

uxtheme

dwmapi

shlwapi

winmm

powrprof

oleacc

sas

xmllite

gdiplus

wtsapi32

version

setupapi

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 489KB - Virtual size: 488KB

.rdata Size: 107KB - Virtual size: 107KB

.data Size: 5KB - Virtual size: 73KB

.pdata Size: 16KB - Virtual size: 16KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 1.1MB - Virtual size: 1.1MB

.reloc Size: 2KB - Virtual size: 2KB

3e:04:e3:8a:28:96:56:48:b8:f0:28:12:dd:f0:16:0f
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

3e:04:e3:8a:28:96:56:48:b8:f0:28:12:dd:f0:16:0f
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

bf:d6:3e:77:58:98:2a:62:26:1e:62:ab:07:17:19:55:c1:e7:18:59:c6:69:08:4b:2d:62:60:5e:85:c0:96:7d
Signer

29-12-2022 03:43
Valid: false

80:b4:51:8e:db:22:59:6d:90:db:41:48:c7:aa:41:29:2d:15:97:b4
Signer

29-12-2022 03:43
Valid: false

.text
Size: 489KB - Virtual size: 488KB

.rdata
Size: 107KB - Virtual size: 107KB

.data
Size: 5KB - Virtual size: 73KB

.pdata
Size: 16KB - Virtual size: 16KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

.reloc
Size: 2KB - Virtual size: 2KB