77326b81d37717b387d14b87c02dfedf6e6903c43c1e1b2061f7723e01a9452f

Sharing

Copy URL

Twitter E-mail

General

Target

77326b81d37717b387d14b87c02dfedf6e6903c43c1e1b2061f7723e01a9452f
Size

1.4MB
MD5

f8c9f38512e2f68a81ea4ae88828e70f
SHA1

7ca68cbd2eaf56f52cb293e49502b33d84651aeb
SHA256

77326b81d37717b387d14b87c02dfedf6e6903c43c1e1b2061f7723e01a9452f
SHA512

c85d3bd2295e7175937cdf8003af01b87e92987747779ecd287d7e32519e96397ed90e95593ea037870bd308506fce6e0fb3ee1ffcd251965caf8d7d97e7b6c7
SSDEEP

24576:w3IpPeRM4fkcxdvdnjqtei/y1RNSA4QGF4ivjik:dP6fkUdFnjqkj1vSA5Lid

Score

N/A

Malware Config

Signatures

Files

77326b81d37717b387d14b87c02dfedf6e6903c43c1e1b2061f7723e01a9452f
.exe windows x86

ab70829b33ec9f70ac3db44d57b161d0

Code Sign

1b:95:2d:63:4d:3f:e4:76:bc:bf:bf:d3:0c:49:ae:60
Certificate

Issuer

CN=TRWKDEDCHIQLRULBSO

Not Before

22-08-2019 19:34

Not After

31-12-2039 23:59

Subject

CN=TRWKDEDCHIQLRULBSO

Extended Key Usages

ExtKeyUsageCodeSigning

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07-06-2005 08:09

Not After

30-05-2020 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

27-04-2011 00:00

Not After

30-05-2020 10:48

Subject

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

Issuer

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02-05-2019 00:00

Not After

30-05-2020 10:48

Subject

CN=Sectigo SHA-1 Time Stamping Signer,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

86:d1:e8:ea:5e:16:fe:1c:ce:5e:51:67:ab:f7:e4:92:ad:f9:73:bc
Signer

Actual PE Digest

86:d1:e8:ea:5e:16:fe:1c:ce:5e:51:67:ab:f7:e4:92:ad:f9:73:bc

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=TRWKDEDCHIQLRULBSO

23-08-2019 06:47
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetFileAttributesA
GetFileType
GetLastError
GetLocaleInfoA
GetLocaleInfoW
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetPrivateProfileIntW
GetPrivateProfileStringW
GetProcAddress
GetProcessShutdownParameters
GetProfileSectionW
GetStartupInfoA
GetStartupInfoW
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemDirectoryA
GetSystemInfo
GetSystemTimeAsFileTime
GetThreadPriority
GetTickCount
GetUserDefaultLCID
GetVersionExA
GlobalAddAtomW
GlobalHandle
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
InitializeCriticalSection
InterlockedDecrement
InterlockedExchange
IsDBCSLeadByteEx
IsValidCodePage
IsValidLocale
LCMapStringA
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
LoadLibraryW
LoadModule
LoadResource
LocalFree
LocalSize
LocalUnlock
LockResource
MulDiv
MultiByteToWideChar
OutputDebugStringA
GetDiskFreeSpaceA
QueryPerformanceCounter
ReadConsoleOutputCharacterW
RtlUnwind
RtlZeroMemory
ScrollConsoleScreenBufferW
SetConsoleCP
SetFileApisToANSI
SetFilePointer
SetHandleCount
SetLastError
SetStdHandle
SetTapeParameters
SetThreadLocale
SetThreadUILanguage
SetTimerQueueTimer
SetUnhandledExceptionFilter
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryEnterCriticalSection
UnhandledExceptionFilter
UnlockFile
VirtualAlloc
VirtualAllocEx
VirtualFree
VirtualProtect
VirtualQuery
WideCharToMultiByte
WriteFile
WritePrivateProfileSectionA
WritePrivateProfileStructA
lstrcatA
lstrcpyA
lstrcpyW
lstrcpynA
lstrcpynW
lstrlenA
lstrlenW
GetModuleHandleW
HeapSize
InitializeCriticalSectionAndSpinCount
IsDebuggerPresent
InterlockedIncrement
Sleep
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
GetCommandLineA
GetCPInfo
GetACP
FreeLibrary
FreeEnvironmentStringsW
FreeEnvironmentStringsA
FormatMessageA
FlushFileBuffers
FindResourceW
FindNextFileA
FindAtomW
ExitProcess
EnumSystemLocalesA
EnumDateFormatsW
EnterCriticalSection
DeviceIoControl
DeleteCriticalSection
CreateSemaphoreW
CreateSemaphoreA
CreateHardLinkA
CreateFileW
CreateDirectoryA
CopyFileW
CloseHandle
CallNamedPipeA
PeekNamedPipe
AreFileApisANSI

user32

SetProcessWindowStation
SetRect
SetTimer
SetUserObjectInformationA
ShowWindow
SystemParametersInfoW
TranslateAcceleratorW
TranslateMessage
UnhookWindowsHookEx
UnregisterClassW
UpdateLayeredWindow
UpdateWindow
WinHelpW
wsprintfW
LockWindowUpdate
LoadStringW
LoadMenuW
LoadIconW
LoadCursorW
LoadAcceleratorsW
SetMenu
IsDialogMessage
IsCharLowerA
InvalidateRect
IntersectRect
IMPSetIMEW
IMPSetIMEA
GetSystemMetrics
GetMessageW
GetMessageTime
GetMenuItemRect
GetDlgItemTextW
GetDlgItemInt
GetDlgItem
GetDesktopWindow
GetDC
GetClassNameA
GetAltTabInfoW
EnumPropsW
EndPaint
EndDialog
DrawTextA
SetDlgItemTextW
SetDlgItemInt
SetCapture
SetActiveWindow
SendMessageW
ScreenToClient
ReleaseDC
ReleaseCapture
RegisterClassW
RealGetWindowClassA
PtInRect
PostQuitMessage
PostMessageW
PeekMessageW
OpenWindowStationW
MoveWindow
MonitorFromRect
ModifyMenuA
MessageBoxW
KillTimer
MapWindowPoints
DrawMenuBar
DrawFocusRect
DlgDirListComboBoxW
DispatchMessageW
DialogBoxParamW
DialogBoxIndirectParamA
DestroyIcon
CreateWindowExW
CreateAcceleratorTableA
CopyAcceleratorTableW
CheckMenuItem
CharUpperBuffW
CharNextW
ChangeDisplaySettingsA
BeginPaint
DefWindowProcW

gdi32

GetStockObject
LineTo
MoveToEx
SelectObject
SetDIBitsToDevice
GetMetaRgn
SetLayoutWidth
SetPixel
SetROP2
PathToRegion
GetLayout
GetDeviceCaps
GdiFixUpHandle
DeleteObject
DeleteDC
CreatePen
CreateCompatibleDC
SetLayout
BitBlt
CreateCompatibleBitmap

advapi32

RegSetValueExW
RegQueryValueExW
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExW
RegCloseKey

shell32

SHGetDiskFreeSpaceA
ShellExecuteW
ShellAboutW
CommandLineToArgvW
DragQueryFile
SHBindToParent
SHBrowseForFolderW
SHCreateDirectoryExW
SHGetDesktopFolder
WOWShellExecute
SHGetFolderPathW
SHGetMalloc
SHGetPathFromIDListA
SHGetSpecialFolderPathA
SHInvokePrinterCommandA
SHPathPrepareForWriteA

shlwapi

StrRChrIA
StrChrW
StrStrA

comctl32

InitCommonControlsEx

Sections

.text
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 728KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ab70829b33ec9f70ac3db44d57b161d0

Code Sign

1b:95:2d:63:4d:3f:e4:76:bc:bf:bf:d3:0c:49:ae:60Certificate

Extended Key Usages

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19Certificate

Extended Key Usages

Key Usages

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49Certificate

Extended Key Usages

Key Usages

86:d1:e8:ea:5e:16:fe:1c:ce:5e:51:67:ab:f7:e4:92:ad:f9:73:bcSigner

Signature Validations

Verification

23-08-2019 06:47 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

shlwapi

comctl32

Sections

.text Size: 47KB - Virtual size: 47KB

.rdata Size: 1.3MB - Virtual size: 1.3MB

.data Size: 4KB - Virtual size: 7KB

.rsrc Size: 48KB - Virtual size: 728KB

1b:95:2d:63:4d:3f:e4:76:bc:bf:bf:d3:0c:49:ae:60
Certificate

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

86:d1:e8:ea:5e:16:fe:1c:ce:5e:51:67:ab:f7:e4:92:ad:f9:73:bc
Signer

23-08-2019 06:47
Valid: false

.text
Size: 47KB - Virtual size: 47KB

.rdata
Size: 1.3MB - Virtual size: 1.3MB

.data
Size: 4KB - Virtual size: 7KB

.rsrc
Size: 48KB - Virtual size: 728KB