CS Changer 6[.]0[.]3[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

CS Changer 6.0.3.exe
Size

11.3MB
MD5

8d854f74499235e21bedafce38031f73
SHA1

11e6cdb7bfa749666f81546a328825380f7464fb
SHA256

29b45d2f2165b58bc5bb043cffcda0a23fc7931d964402bcc5309a34b81250a4
SHA512

16d221a3e13aa5a9644cc39b442e865f2429d599d17f16b7290966aaac61f1f708b07281c7b7b20a5cd8e02f7881b908c3db5fb07d4de1071a1a7e5b202cb112
SSDEEP

196608:CDME6BZuwpa4WXB+Fhv/bSehHqfYBJWp5y+Hiq59dwiaZe3N1LxdOuMUr:N/uwp9WIFhnPHqfYHU5y+Hiq9PjxPMU

Score

N/A

Malware Config

Signatures

Files

CS Changer 6.0.3.exe
.exe windows x64

1760a6de39645e364a1f861889aa991c

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

67:a5:76:fe:2f:bf:52:51:26:55:af:80:2f:e8:ee:9a
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

27/01/2022, 00:00

Not After

27/01/2023, 23:59

Subject

CN=LANKO IRINA VASILYEVNA,O=LANKO IRINA VASILYEVNA,ST=Moskovskaya oblast,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a0:f7:e4:0f:08:b8:b7:b4:95:0d:59:d6:28:d2:81:92:65:8b:7f:2d:ef:6a:a6:f6:5f:20:d8:4d:f5:8e:1a:88
Signer

Actual PE Digest

a0:f7:e4:0f:08:b8:b7:b4:95:0d:59:d6:28:d2:81:92:65:8b:7f:2d:ef:6a:a6:f6:5f:20:d8:4d:f5:8e:1a:88

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=LANKO IRINA VASILYEVNA,O=LANKO IRINA VASILYEVNA,ST=Moskovskaya oblast,C=RU

10/12/2022, 12:15
Valid: true

Chain 1

CN=LANKO IRINA VASILYEVNA,O=LANKO IRINA VASILYEVNA,ST=Moskovskaya oblast,C=RU

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

MultiByteToWideChar
GetVersion
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

OpenClipboard
CharUpperBuffW

shell32

ShellExecuteA

ole32

CoCreateInstance

oleaut32

VariantClear

d3dx9_43

D3DXCreateTextureFromFileInMemory

d3d9

Direct3DCreate9

ws2_32

__WSAFDIsSet

xinput1_3

ord2

imm32

ImmSetCompositionWindow

winhttp

WinHttpCloseHandle

shlwapi

SHDeleteKeyW

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW

Sections

.text
Size: - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 4.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.W:%
Size: - Virtual size: 4.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.e9p
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.\"|
Size: 11.3MB - Virtual size: 11.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 220B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1760a6de39645e364a1f861889aa991c

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

67:a5:76:fe:2f:bf:52:51:26:55:af:80:2f:e8:ee:9aCertificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

a0:f7:e4:0f:08:b8:b7:b4:95:0d:59:d6:28:d2:81:92:65:8b:7f:2d:ef:6a:a6:f6:5f:20:d8:4d:f5:8e:1a:88Signer

Signature Validations

Verification

10/12/2022, 12:15 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

ole32

oleaut32

d3dx9_43

d3d9

ws2_32

xinput1_3

imm32

winhttp

shlwapi

advapi32

Sections

.text Size: - Virtual size: 1.5MB

.rdata Size: - Virtual size: 4.5MB

.data Size: - Virtual size: 87KB

.pdata Size: - Virtual size: 66KB

_RDATA Size: - Virtual size: 8KB

.W:% Size: - Virtual size: 4.0MB

.e9p Size: 4KB - Virtual size: 4KB

.\"| Size: 11.3MB - Virtual size: 11.3MB

.reloc Size: 512B - Virtual size: 220B

.rsrc Size: 13KB - Virtual size: 13KB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

67:a5:76:fe:2f:bf:52:51:26:55:af:80:2f:e8:ee:9a
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

a0:f7:e4:0f:08:b8:b7:b4:95:0d:59:d6:28:d2:81:92:65:8b:7f:2d:ef:6a:a6:f6:5f:20:d8:4d:f5:8e:1a:88
Signer

10/12/2022, 12:15
Valid: true

.text
Size: - Virtual size: 1.5MB

.rdata
Size: - Virtual size: 4.5MB

.data
Size: - Virtual size: 87KB

.pdata
Size: - Virtual size: 66KB

_RDATA
Size: - Virtual size: 8KB

.W:%
Size: - Virtual size: 4.0MB

.e9p
Size: 4KB - Virtual size: 4KB

.\"|
Size: 11.3MB - Virtual size: 11.3MB

.reloc
Size: 512B - Virtual size: 220B

.rsrc
Size: 13KB - Virtual size: 13KB