4d2b8abe7b2d79eb3cd44171a73a645d2d2370d64e51734208b7ef261b8e21ce

Sharing

Copy URL

Twitter E-mail

General

Target

4d2b8abe7b2d79eb3cd44171a73a645d2d2370d64e51734208b7ef261b8e21ce
Size

1.1MB
MD5

d7b1976d623015332b2ff468f385ea69
SHA1

d6155dacc2b2dbee8770bd911a83063e3a1c1a48
SHA256

4d2b8abe7b2d79eb3cd44171a73a645d2d2370d64e51734208b7ef261b8e21ce
SHA512

ff44c8ce54a84c3f641593588f8d8f677074fb47d89a5b1656ff15ce59813cdbdb337345a10e609fe295750359d349e15cb245dbfc5b8f74b3bde9a15231a251
SSDEEP

24576:rCT4VtojtARSW7cu5Tu3BziUev1/9n0Aa:rCT4VaCC4CliD112

Score

N/A

Malware Config

Signatures

Files

4d2b8abe7b2d79eb3cd44171a73a645d2d2370d64e51734208b7ef261b8e21ce
.exe windows x86

cfd14fccbf7307f7e931c02af089ba95

Code Sign

29:b0:e1:bd:63:e8:8a:46:b4:c7:b9:3d:f2:2b:64:7f
Certificate

Issuer

CN=MRRIVQZO

Not Before

04/03/2019, 11:42 UTC

Not After

31/12/2039, 23:59 UTC

Subject

CN=MRRIVQZO

Extended Key Usages

ExtKeyUsageCodeSigning

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00 UTC

Not After

09/07/2019, 18:40 UTC

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

83:ef:4c:28:6c:95:28:e6:27:32:7e:de:a9:52:33:c2:ac:7e:d3:72:ea:a6:f1:c3:48:52:ec:e4:da:73:b1:2e
Signer

Actual PE Digest

83:ef:4c:28:6c:95:28:e6:27:32:7e:de:a9:52:33:c2:ac:7e:d3:72:ea:a6:f1:c3:48:52:ec:e4:da:73:b1:2e

Digest Algorithm

sha256

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=MRRIVQZO

05/03/2019, 10:12 UTC
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileAttributesW
GetFileSize
GetFileType
GetFullPathNameW
GetLastError
GetLocalTime
GetLocaleInfoA
GetLocaleInfoW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetOEMCP
GetPrivateProfileStringW
GetProcAddress
GetProcessHeap
GetProcessHeaps
GetShortPathNameW
GetStartupInfoA
GetStartupInfoW
GetStdHandle
GetStringTypeA
GetStringTypeExW
GetStringTypeW
GetSystemDefaultLCID
GetSystemDefaultLangID
GetSystemDirectoryA
GetSystemInfo
GetSystemTime
GetSystemTimeAsFileTime
GetTempFileNameW
GetTempPathW
GetThreadLocale
GetThreadPriority
GetTickCount
GetTimeZoneInformation
GetUserDefaultLCID
GetUserDefaultUILanguage
GetVersion
GetVersionExA
GetVersionExW
GetWindowsDirectoryW
GlobalAddAtomW
GlobalAlloc
GlobalDeleteAtom
GlobalFindAtomW
GlobalFlags
GlobalFree
GlobalHandle
GlobalLock
GlobalReAlloc
GlobalUnlock
Heap32ListNext
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
HeapValidate
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InterlockedCompareExchange
InterlockedDecrement
InterlockedExchange
InterlockedExchangeAdd
InterlockedIncrement
IsBadReadPtr
IsBadWritePtr
IsDBCSLeadByte
IsDebuggerPresent
IsValidCodePage
IsValidLocale
LCMapStringA
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
LoadLibraryExW
LoadLibraryW
LoadResource
LocalAlloc
LocalFree
LocalLock
GetFileAttributesA
LocalSize
LocalUnlock
LockResource
MapViewOfFile
MoveFileExA
MoveFileExW
MulDiv
MultiByteToWideChar
OpenEventW
OpenMutexW
OpenProcess
OpenSemaphoreA
OpenThread
OutputDebugStringA
OutputDebugStringW
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadConsoleW
ReadFile
ReadProcessMemory
ReleaseMutex
ReplaceFileA
ResetEvent
ResumeThread
RtlUnwind
SetComputerNameExA
SetConsoleCtrlHandler
SetConsoleMode
SetConsoleOutputCP
SetConsoleTextAttribute
SetCurrentDirectoryA
SetEndOfFile
SetErrorMode
SetEvent
SetFileApisToOEM
SetFileAttributesW
SetFilePointer
SetHandleCount
SetLastError
SetStdHandle
SetThreadLocale
SetUnhandledExceptionFilter
SetVolumeMountPointW
SignalObjectAndWait
SizeofResource
Sleep
SwitchToThread
SystemTimeToFileTime
TerminateProcess
TerminateThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
UnmapViewOfFile
VerLanguageNameA
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
VirtualQueryEx
WaitForMultipleObjects
WaitForMultipleObjectsEx
WaitForSingleObject
WideCharToMultiByte
WinExec
WriteConsoleA
WriteConsoleW
WriteFile
WritePrivateProfileStringW
WriteProcessMemory
_lwrite
lstrcatA
lstrcatW
lstrcmpA
lstrcmpW
lstrcmpiW
lstrcpyW
lstrcpynW
lstrlenA
lstrlenW
GetExitCodeThread
GetEnvironmentVariableW
GetEnvironmentStringsW
GetDiskFreeSpaceW
GetDateFormatW
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetCurrentDirectoryA
GetConsoleScreenBufferInfo
GetConsoleOutputCP
GetConsoleMode
GetConsoleFontSize
GetConsoleCP
GetComputerNameW
GetCommandLineW
GetCPInfo
GetACP
FreeResource
FreeLibrary
FreeEnvironmentStringsW
FormatMessageW
FormatMessageA
FlushInstructionCache
FlushFileBuffers
FindResourceW
FindNextFileW
FindNextFileA
FindFirstFileW
FindFirstFileA
FindClose
FileTimeToLocalFileTime
FileTimeToDosDateTime
ExpandEnvironmentStringsW
ExitThread
ExitProcess
EnumResourceLanguagesW
EnumCalendarInfoA
EnterCriticalSection
DeleteCriticalSection
CreateThread
CreateProcessW
CreateMutexW
CreateMutexA
CreateFileW
CreateFileMappingW
CreateFileMappingA
CreateFileA
CreateEventW
CreateDirectoryW
CopyFileW
ConvertDefaultLocale
CompareStringW
CompareStringA
LocalReAlloc
CloseHandle

user32

GetWindowThreadProcessId
GrayStringW
IsIconic
IsWindow
IsWindowEnabled
IsWindowVisible
LoadBitmapW
LoadCursorW
LoadIconW
LoadMenuW
MapWindowPoints
MessageBoxA
MessageBoxW
ModifyMenuW
MsgWaitForMultipleObjectsEx
NotifyWinEvent
PeekMessageW
PostMessageW
PostQuitMessage
PostThreadMessageA
PtInRect
RegisterClassW
RegisterWindowMessageW
ReleaseDC
RemovePropW
SendMessageA
SendMessageW
SetCursor
SetForegroundWindow
SetMenu
SetMenuItemBitmaps
SetMessageQueue
SetPropW
SetWindowLongW
SetWindowPos
SetWindowTextW
SetWindowsHookExW
ShowWindow
SystemParametersInfoA
TabbedTextOutW
TranslateMessage
UnhookWinEvent
UnhookWindowsHookEx
UnregisterClassW
UnregisterDeviceNotification
ValidateRect
WinHelpW
WindowFromDC
LoadCursorFromFileA
GetClipboardData
InSendMessage
IsMenu
DestroyIcon
CharLowerW
GetMenuContextHelpId
VkKeyScanA
CountClipboardFormats
IsCharAlphaA
IsCharAlphaNumericA
GetProcessWindowStation
IsWindowUnicode
GetKeyboardLayout
VkKeyScanW
GetKBCodePage
GetClipboardOwner
GetAsyncKeyState
DestroyCursor
CloseClipboard
PaintDesktop
GetInputState
GetCursor
CharNextW
CloseDesktop
ReleaseCapture
EnumClipboardFormats
GetWindowContextHelpId
GetWindowTextLengthA
GetClipboardViewer
GetThreadDesktop
IsCharAlphaW
AnyPopup
CharUpperW
IsCharLowerW
IsClipboardFormatAvailable
GetQueueStatus
CloseWindow
GetDialogBaseUnits
OemKeyScan
LoadIconA
CharNextA
GetWindowRect
GetWindowPlacement
GetWindowLongW
GetWindow
GetTopWindow
GetSystemMetrics
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollPos
GetPropW
GetParent
GetMessageW
GetMessageTime
GetMessagePos
GetMessageExtraInfo
GetMenuState
GetMenuItemID
GetMenuItemCount
GetMenuCheckMarkDimensions
GetMenu
GetLastActivePopup
GetKeyState
GetForegroundWindow
GetFocus
GetDlgItem
GetDlgCtrlID
GetDC
GetCursorPos
GetClientRect
GetClassNameW
GetClassLongW
GetClassInfoW
GetClassInfoExW
GetCapture
GetActiveWindow
EnableWindow
EnableMenuItem
EmptyClipboard
DrawTextW
DrawTextExW
DispatchMessageW
DestroyWindow
DestroyMenu
DefWindowProcW
DefWindowProcA
DdeQueryConvInfo
CreateWindowExW
CreateDialogParamW
CopyRect
ClientToScreen
CheckMenuItem
CharLowerA
CallWindowProcW
CallNextHookEx
AdjustWindowRectEx
GetWindowTextW

gdi32

XLATEOBJ_cGetPalette
GetTextCharset
SwapBuffers
DeleteObject
CreateSolidBrush
SaveDC
FlattenPath
GdiGetBatchLimit
AbortDoc
GetStockObject
GetLayout
GetBkColor
GdiFlush
CreateHalftonePalette
XFORMOBJ_iGetXform
GetObjectType
GetColorSpace
AddFontResourceW
GetPolyFillMode
GetGraphicsMode
AbortPath
DeleteColorSpace
CreateCompatibleDC
UnrealizeObject
GetDCPenColor
UpdateColors
CreatePatternBrush
StrokePath
StartDocW
SetWindowExtEx
SetTextColor
GetTextColor
GetICMProfileW
GetCharABCWidthsA
GdiStartDocEMF
GdiDllInitialize
EngReleaseSemaphore
EngQueryLocalTime
EngLoadModule
DPtoLP
GetSystemPaletteUse
CopyMetaFileW

advapi32

RegSetValueExA
RegQueryValueW
RegQueryValueExW
RegQueryValueExA
RegOpenKeyW
RegOpenKeyExW
RegOpenKeyExA
RegEnumKeyW
RegDeleteKeyW
RegCreateKeyExW
RegCreateKeyExA
RegCloseKey
RegSetValueExW

Sections

.text
Size: 1004KB - Virtual size: 1004KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 760B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cfd14fccbf7307f7e931c02af089ba95

Code Sign

29:b0:e1:bd:63:e8:8a:46:b4:c7:b9:3d:f2:2b:64:7fCertificate

Extended Key Usages

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77Certificate

Extended Key Usages

Key Usages

83:ef:4c:28:6c:95:28:e6:27:32:7e:de:a9:52:33:c2:ac:7e:d3:72:ea:a6:f1:c3:48:52:ec:e4:da:73:b1:2eSigner

Signature Validations

Verification

05/03/2019, 10:12 UTC Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

Sections

.text Size: 1004KB - Virtual size: 1004KB

.rdata Size: 32KB - Virtual size: 32KB

.data Size: 512B - Virtual size: 760B

.rsrc Size: 40KB - Virtual size: 1.0MB

We care about your privacy.

29:b0:e1:bd:63:e8:8a:46:b4:c7:b9:3d:f2:2b:64:7f
Certificate

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

83:ef:4c:28:6c:95:28:e6:27:32:7e:de:a9:52:33:c2:ac:7e:d3:72:ea:a6:f1:c3:48:52:ec:e4:da:73:b1:2e
Signer

05/03/2019, 10:12 UTC
Valid: false

.text
Size: 1004KB - Virtual size: 1004KB

.rdata
Size: 32KB - Virtual size: 32KB

.data
Size: 512B - Virtual size: 760B

.rsrc
Size: 40KB - Virtual size: 1.0MB