fac2c9026a0841857944fe8dca174679

Sharing

Copy URL Twitter E-mail

General

Target

fac2c9026a0841857944fe8dca174679
Size

1.3MB
MD5

fac2c9026a0841857944fe8dca174679
SHA1

d494560f2373083da7fd119f6ea22625122f0820
SHA256

42702ac47cc6dba219573117a6f429102208fbffa769d9d89d60c00ec910e5b3
SHA512

72d869175e46c3b010ba04b511e2af577bc3aebfa5087d8a865f38026352adc3e8e75068aef2f8380c7c5f44c0938027893a82c4e1fdad9020e9a038dc614b40
SSDEEP

24576:CeXAXaqtdxEQ6EeTwULZ2PKNdcTtpS4RXwxIS:epjUECVLZ4TtpS4RXwxIS

Score

1^/10

Malware Config

Signatures

Files

fac2c9026a0841857944fe8dca174679
.exe windows

728061292467789a18166ffe9473f519

Code Sign

b3:12:fd:1b:7f:10:cf:48:c4:80:80:b2:40:91:fb:8e
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

20/10/2014, 00:00

Not After

20/10/2015, 23:59

Subject

CN=Winston Project,O=Winston Project,POSTALCODE=2025,STREET=Dasoupoli Strovolos+STREET=Athinodorou 3,L=Nicosia,ST=Cyprus,C=CY

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4c:d9:27:a9:2f:f2:20:ad:86:30:00:dd:af:82:f7:ce:13:59:4c:b7
Signer

Actual PE Digest

4c:d9:27:a9:2f:f2:20:ad:86:30:00:dd:af:82:f7:ce:13:59:4c:b7

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Winston Project,O=Winston Project,POSTALCODE=2025,STREET=Dasoupoli Strovolos+STREET=Athinodorou 3,L=Nicosia,ST=Cyprus,C=CY

02/02/2023, 17:57
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

psapi

GetModuleFileNameExW
GetProcessImageFileNameW

wininet

InternetSetOptionW
HttpSendRequestW
InternetConnectW
InternetReadFile
InternetCloseHandle
HttpOpenRequestW
InternetOpenW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

kernel32

RaiseException
GetLastError
SetLastError
EnterCriticalSection
OpenThread
FindNextFileW
DeleteCriticalSection
GetCurrentThreadId
PeekNamedPipe
GetModuleHandleW
OpenProcess
Sleep
GetTempPathW
GetDiskFreeSpaceW
CloseHandle
GetProcAddress
CreateMutexW
WaitForSingleObject
OpenMutexW
GetFileSize
SetFilePointer
SetEndOfFile
WriteFile
LoadLibraryW
ReadFile
FlushFileBuffers
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
HeapAlloc
HeapFree
GetProcessHeap
GetModuleHandleA
GetCurrentProcessId
FindFirstFileW
GetSystemTimeAsFileTime
GetFileSizeEx
FindClose
LocalFree
LocalAlloc
FreeLibrary
TerminateProcess
LoadLibraryA
GetVersion
FlushInstructionCache
CreateRemoteThread
VirtualFreeEx
ReadProcessMemory
GetExitCodeProcess
ReleaseSemaphore
VirtualAllocEx
GlobalFree
CreateSemaphoreW
GlobalHandle
DuplicateHandle
WriteProcessMemory
CreateThread
LoadLibraryExW
lstrcmpiW
GetStdHandle
QueryPerformanceCounter
GlobalMemoryStatus
GetVersionExA
FlushConsoleInputBuffer
GetConsoleCP
GetOEMCP
GetACP
IsValidCodePage
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
RtlUnwind
SetConsoleMode
ReadConsoleInputA
GetConsoleMode
SetConsoleCtrlHandler
AreFileApisANSI
GetModuleHandleExW
GetCommandLineA
MoveFileExW
IsDebuggerPresent
GetStringTypeW
EncodePointer
DecodePointer
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
GlobalUnlock
InterlockedCompareExchange
HeapSize
HeapReAlloc
HeapDestroy
lstrcmpW
CreateFileW
GetModuleFileNameW
GetMailslotInfo
MulDiv
LeaveCriticalSection
GlobalAlloc
GlobalLock
GetCurrentProcess
GetFileType
MultiByteToWideChar
WideCharToMultiByte
LockResource
GetTimeZoneInformation
SizeofResource
GetTickCount
InterlockedDecrement
InterlockedIncrement
LoadResource
FindResourceW
FindResourceExW
InitializeCriticalSectionAndSpinCount
GetModuleFileNameA
GetEnvironmentStringsW
FreeEnvironmentStringsW
ReadConsoleW
SetStdHandle
SetFilePointerEx
OutputDebugStringW
WriteConsoleW
SetEnvironmentVariableA
ExitProcess

user32

TranslateMessage
GetUserObjectInformationW
PeekMessageW
DispatchMessageW
GetProcessWindowStation
MessageBoxA
CreateDialogIndirectParamW
GetMessageW
UnregisterClassW
MoveWindow
GetWindow
DefWindowProcW
CallWindowProcW
GetMonitorInfoW
SetWindowTextW
MapWindowPoints
SendMessageW
ReleaseCapture
CreateWindowExW
IsWindow
SetWindowPos
GetSysColor
GetDesktopWindow
SendDlgItemMessageW
MessageBoxW
EndPaint
ClientToScreen
DestroyWindow
GetWindowTextLengthW
DestroyAcceleratorTable
ScreenToClient
GetWindowRect
CharNextW
RegisterWindowMessageW
FillRect
IsChild
SetCapture
GetFocus
GetParent
InvalidateRgn
LoadCursorW
GetClientRect
CreateAcceleratorTableW
SetFocus
BeginPaint
GetClassInfoExW
GetDC
SetWindowContextHelpId
IsDialogMessageW
RegisterClassExW
InvalidateRect
GetWindowLongW
GetWindowTextW
GetClassNameW
ReleaseDC
MonitorFromWindow
GetDlgItem
SetWindowLongW
EndDialog
RedrawWindow
MapDialogRect

gdi32

DeleteDC
CreateSolidBrush
GetObjectW
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
DeleteObject
GetStockObject
BitBlt
GetDeviceCaps

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueW
GetSidSubAuthorityCount
GetSidSubAuthority
RegSetValueExW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegEnumValueW
RegDeleteKeyW
RegQueryValueExW
RegDeleteValueW
RegEnumKeyExA
RegOpenKeyExA
GetTokenInformation
RegEnumValueA
RegQueryInfoKeyW
DeregisterEventSource
ReportEventA
RegisterEventSourceA
RegCreateKeyExW
OpenProcessToken

shell32

ShellExecuteExW

ole32

CLSIDFromProgID
CLSIDFromString
CreateStreamOnHGlobal
StringFromGUID2
OleInitialize
OleUninitialize
CoTaskMemFree
CoGetClassObject
CoTaskMemAlloc
CoInitialize
CoCreateInstance
CoTaskMemRealloc
OleLockRunning

oleaut32

SysAllocString
DispCallFunc
VariantClear
LoadTypeLi
VariantInit
SysAllocStringLen
SysStringLen
LoadRegTypeLi
VarUI4FromStr
OleCreateFontIndirect
SysFreeString

comctl32

InitCommonControlsEx

Sections

.text
Size: 880KB - Virtual size: 880KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 270KB - Virtual size: 269KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 121KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

728061292467789a18166ffe9473f519

Code Sign

b3:12:fd:1b:7f:10:cf:48:c4:80:80:b2:40:91:fb:8eCertificate

Extended Key Usages

Key Usages

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1bCertificate

Extended Key Usages

Key Usages

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate

Extended Key Usages

Key Usages

4c:d9:27:a9:2f:f2:20:ad:86:30:00:dd:af:82:f7:ce:13:59:4c:b7Signer

Signature Validations

Verification

02/02/2023, 17:57 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

psapi

wininet

version

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

Sections

.text Size: 880KB - Virtual size: 880KB

.rdata Size: 270KB - Virtual size: 269KB

.data Size: 32KB - Virtual size: 54KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 121KB - Virtual size: 121KB

b3:12:fd:1b:7f:10:cf:48:c4:80:80:b2:40:91:fb:8e
Certificate

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

4c:d9:27:a9:2f:f2:20:ad:86:30:00:dd:af:82:f7:ce:13:59:4c:b7
Signer

02/02/2023, 17:57
Valid: false

.text
Size: 880KB - Virtual size: 880KB

.rdata
Size: 270KB - Virtual size: 269KB

.data
Size: 32KB - Virtual size: 54KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 121KB - Virtual size: 121KB