9150015915[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

9150015915.zip
Size

5.1MB
MD5

d95b8aa840ac2c885dc3a43814e794bf
SHA1

33e0890a1d2d968733515dafa93c9874f0123ef9
SHA256

3fbb95b30227250f27631b53ae490ed04b5d4a5fae892bfbb6884780fa277378
SHA512

9c0835c03841737f0106e4a8cb92f1ed90b9dc01f8b513cc89f70500b453eed6f537c16eafa23e7f81db22ce0f15e1e841407c5b9b31ef9dffb54ef78c136b62
SSDEEP

98304:K7mHQqKI4G+3ewoQCkxw9kbFeLnUCbcu+YWKDOGEgPTlp/vSGTlug:KyQG92o6wakUsR+YREgPTlp9

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/5f082f042e0d49fb9feae2b51f516fdb554bd0804767d771f7c0191c3ca53101	upx

Files

9150015915.zip
.zip

Password: infected
1a680a04d946487169bea653ab6ce625a68cf0c769363dff019bb2dcc6c9c235
.exe windows

019468c31bae9d83815ecd24a702dac4

Code Sign

69:9a:7c:44:ee:99:5d:0b:28:74:fa:25:4b:00:f7:de
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11-09-2017 00:00

Not After

11-09-2018 23:59

Subject

CN=RITA\, TOV,O=RITA\, TOV,POSTALCODE=61145,STREET=Bud. 11\, Kimnata 129\, vul. Kosmichna,L=Misto Kharkiv,ST=Kharkiv,C=UA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19-01-2010 00:00

Not After

18-01-2038 23:59

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09-05-2013 00:00

Not After

08-05-2028 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

72:8a:a0:e2:98:54:d2:a7:50:f4:c4:87:e4:b7:fe:29:34:ee:76:28
Signer

Actual PE Digest

72:8a:a0:e2:98:54:d2:a7:50:f4:c4:87:e4:b7:fe:29:34:ee:76:28

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=RITA\, TOV,O=RITA\, TOV,POSTALCODE=61145,STREET=Bud. 11\, Kimnata 129\, vul. Kosmichna,L=Misto Kharkiv,ST=Kharkiv,C=UA

07-02-2023 20:47
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdiplus

GdipCreateFontFromDC
GdipFree
GdipLoadImageFromStream
GdipCloneImage
GdipDisposeImage
GdipGetImageWidth
GdipGetImageHeight
GdiplusShutdown
GdiplusStartup
GdipSetStringFormatTrimming
GdipCreateFontFromLogfontA
GdipAlloc
GdipDrawString
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDeleteFont
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipGetGenericFontFamilySansSerif
GdipCreateFont
GdipDrawLines
GdipFillPolygon
GdipDrawImageRectI
GdipDrawLineI
GdipDeletePen
GdipCreatePen1
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipDeleteGraphics
GdipCreateFromHDC

kernel32

SwitchToThread
SignalObjectAndWait
WaitForSingleObjectEx
CreateTimerQueue
CreateMutexW
MapViewOfFile
UnmapViewOfFile
InterlockedIncrement
SetFilePointerEx
WaitForSingleObject
InterlockedCompareExchange
SetEvent
GetModuleHandleW
LocalFlags
WriteFile
OpenProcess
Sleep
FormatMessageW
GetFileAttributesW
CreateFileW
MultiByteToWideChar
FlushFileBuffers
GetTempPathW
GetFileSizeEx
GetLastError
SetLastError
RegisterWaitForSingleObject
LocalAlloc
CreateFileMappingW
CreateEventW
WaitForMultipleObjects
lstrcmpiW
GetCurrentThreadId
DuplicateHandle
ReleaseMutex
CloseHandle
DeleteFileW
GetCurrentProcessId
UnregisterWaitEx
LocalFree
MulDiv
GetComputerNameW
GetSystemDirectoryW
GetVolumeInformationW
ResetEvent
FindResourceExW
LoadResource
LockResource
SizeofResource
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
VerSetConditionMask
VerifyVersionInfoW
GetModuleFileNameW
GetExitCodeProcess
ReadFile
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
InterlockedPushEntrySList
CreateThread
GetCommandLineW
InitializeCriticalSectionAndSpinCount
RaiseException
DecodePointer
GetOEMCP
GetACP
IsValidCodePage
CreateSemaphoreW
GetTickCount
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentThread
GetStringTypeW
HeapSize
GetStdHandle
WideCharToMultiByte
GetProcAddress
GetModuleHandleExW
ExitProcess
GetProcessHeap
RtlUnwind
GetSystemTimeAsFileTime
CreateDirectoryW
IsProcessorFeaturePresent
IsDebuggerPresent
GetCPInfo
GetFileType
EncodePointer
HeapAlloc
HeapFree
GetConsoleCP
GetConsoleMode
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
ReadConsoleW
FreeLibrary
LoadLibraryExW
OutputDebugStringW
HeapReAlloc
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetStdHandle
WriteConsoleW
SetEndOfFile
InterlockedFlushSList
QueryDepthSList
GetThreadTimes
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
UnregisterWait
ExitThread
GetVersionExW
InterlockedPopEntrySList
FreeLibraryAndExitThread
GetModuleHandleA
VirtualAlloc
VirtualFree
VirtualProtect
ReleaseSemaphore
InitializeSListHead
LoadLibraryW
GetTimeZoneInformation
LeaveCriticalSection
SetEnvironmentVariableA

user32

IsDlgButtonChecked
CheckDlgButton
GetWindowTextW
EnableWindow
PostQuitMessage
InvalidateRgn
ReleaseCapture
InvalidateRect
SetCapture
SetCursor
LoadCursorW
GetDlgCtrlID
PostMessageW
PtInRect
ScreenToClient
OffsetRect
FillRect
UpdateWindow
GetWindowLongA
GetWindow
GetWindowRect
MoveWindow
GetMessageW
IsDialogMessageW
GetDlgItem
SendMessageW
SetWindowTextW
SetWindowPos
AdjustWindowRect
SetRect
DefWindowProcA
CallWindowProcA
IsWindowUnicode
DrawTextW
RegisterClassW
GetWindowLongW
EndPaint
BeginPaint
GetDC
ReleaseDC
GetSystemMetrics
DestroyWindow
RemovePropW
RegisterWindowMessageW
TranslateMessage
ShowWindow
SendMessageTimeoutW
IsWindow
CreateWindowExW
IsWindowVisible
CallWindowProcW
DefWindowProcW
DispatchMessageW
SetWindowLongW

gdi32

SetBkColor
GetObjectA
CreateFontW
CreateSolidBrush
SetTextAlign
SetTextColor
SetBkMode
SelectObject
RestoreDC
SaveDC
GetDeviceCaps
DeleteObject

advapi32

CryptHashData
ConvertSidToStringSidW
CryptDestroyHash
CryptCreateHash
LookupAccountNameW
CryptReleaseContext
CryptAcquireContextW
CryptGetHashParam

shell32

SHGetFolderPathW
SHGetPathFromIDListW
SHGetMalloc
ShellExecuteW
SHBrowseForFolderW
ShellExecuteExW

ole32

CoInitializeEx
CoCreateInstance
CreateStreamOnHGlobal
CoTaskMemFree
CoUninitialize

oleaut32

VarUI8FromStr
VarI4FromStr
VariantInit

winhttp

WinHttpQueryDataAvailable
WinHttpReceiveResponse
WinHttpWriteData
WinHttpSetTimeouts
WinHttpReadData
WinHttpCrackUrl
WinHttpOpenRequest
WinHttpOpen
WinHttpQueryOption
WinHttpSetStatusCallback
WinHttpQueryHeaders
WinHttpCloseHandle
WinHttpConnect
WinHttpSendRequest
WinHttpSetOption

urlmon

ObtainUserAgentString

shlwapi

StrCmpNW
StrCmpNA

Sections

.text
Size: 443KB - Virtual size: 442KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 993KB - Virtual size: 993KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
20a43421beed9c1da1505f7754cb8045e30c737981ddea300fb2131933012f51
.exe windows

019468c31bae9d83815ecd24a702dac4

Code Sign

69:9a:7c:44:ee:99:5d:0b:28:74:fa:25:4b:00:f7:de
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11-09-2017 00:00

Not After

11-09-2018 23:59

Subject

CN=RITA\, TOV,O=RITA\, TOV,POSTALCODE=61145,STREET=Bud. 11\, Kimnata 129\, vul. Kosmichna,L=Misto Kharkiv,ST=Kharkiv,C=UA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19-01-2010 00:00

Not After

18-01-2038 23:59

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09-05-2013 00:00

Not After

08-05-2028 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c4:46:40:97:8d:b4:52:11:13:f6:a4:6d:4a:ff:93:67:6e:53:23:5d
Signer

Actual PE Digest

c4:46:40:97:8d:b4:52:11:13:f6:a4:6d:4a:ff:93:67:6e:53:23:5d

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=RITA\, TOV,O=RITA\, TOV,POSTALCODE=61145,STREET=Bud. 11\, Kimnata 129\, vul. Kosmichna,L=Misto Kharkiv,ST=Kharkiv,C=UA

07-02-2023 20:47
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdiplus

GdipCreateFontFromDC
GdipFree
GdipLoadImageFromStream
GdipCloneImage
GdipDisposeImage
GdipGetImageWidth
GdipGetImageHeight
GdiplusShutdown
GdiplusStartup
GdipSetStringFormatTrimming
GdipCreateFontFromLogfontA
GdipAlloc
GdipDrawString
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDeleteFont
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipGetGenericFontFamilySansSerif
GdipCreateFont
GdipDrawLines
GdipFillPolygon
GdipDrawImageRectI
GdipDrawLineI
GdipDeletePen
GdipCreatePen1
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipDeleteGraphics
GdipCreateFromHDC

kernel32

SwitchToThread
SignalObjectAndWait
WaitForSingleObjectEx
CreateTimerQueue
CreateMutexW
MapViewOfFile
UnmapViewOfFile
InterlockedIncrement
SetFilePointerEx
WaitForSingleObject
InterlockedCompareExchange
SetEvent
GetModuleHandleW
LocalFlags
WriteFile
OpenProcess
Sleep
FormatMessageW
GetFileAttributesW
CreateFileW
MultiByteToWideChar
FlushFileBuffers
GetTempPathW
GetFileSizeEx
GetLastError
SetLastError
RegisterWaitForSingleObject
LocalAlloc
CreateFileMappingW
CreateEventW
WaitForMultipleObjects
lstrcmpiW
GetCurrentThreadId
DuplicateHandle
ReleaseMutex
CloseHandle
DeleteFileW
GetCurrentProcessId
UnregisterWaitEx
LocalFree
MulDiv
GetComputerNameW
GetSystemDirectoryW
GetVolumeInformationW
ResetEvent
FindResourceExW
LoadResource
LockResource
SizeofResource
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
VerSetConditionMask
VerifyVersionInfoW
GetModuleFileNameW
GetExitCodeProcess
ReadFile
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
InterlockedPushEntrySList
CreateThread
GetCommandLineW
InitializeCriticalSectionAndSpinCount
RaiseException
DecodePointer
GetOEMCP
GetACP
IsValidCodePage
CreateSemaphoreW
GetTickCount
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentThread
GetStringTypeW
HeapSize
GetStdHandle
WideCharToMultiByte
GetProcAddress
GetModuleHandleExW
ExitProcess
GetProcessHeap
RtlUnwind
GetSystemTimeAsFileTime
CreateDirectoryW
IsProcessorFeaturePresent
IsDebuggerPresent
GetCPInfo
GetFileType
EncodePointer
HeapAlloc
HeapFree
GetConsoleCP
GetConsoleMode
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
ReadConsoleW
FreeLibrary
LoadLibraryExW
OutputDebugStringW
HeapReAlloc
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetStdHandle
WriteConsoleW
SetEndOfFile
InterlockedFlushSList
QueryDepthSList
GetThreadTimes
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
UnregisterWait
ExitThread
GetVersionExW
InterlockedPopEntrySList
FreeLibraryAndExitThread
GetModuleHandleA
VirtualAlloc
VirtualFree
VirtualProtect
ReleaseSemaphore
InitializeSListHead
LoadLibraryW
GetTimeZoneInformation
LeaveCriticalSection
SetEnvironmentVariableA

user32

IsDlgButtonChecked
CheckDlgButton
GetWindowTextW
EnableWindow
PostQuitMessage
InvalidateRgn
ReleaseCapture
InvalidateRect
SetCapture
SetCursor
LoadCursorW
GetDlgCtrlID
PostMessageW
PtInRect
ScreenToClient
OffsetRect
FillRect
UpdateWindow
GetWindowLongA
GetWindow
GetWindowRect
MoveWindow
GetMessageW
IsDialogMessageW
GetDlgItem
SendMessageW
SetWindowTextW
SetWindowPos
AdjustWindowRect
SetRect
DefWindowProcA
CallWindowProcA
IsWindowUnicode
DrawTextW
RegisterClassW
GetWindowLongW
EndPaint
BeginPaint
GetDC
ReleaseDC
GetSystemMetrics
DestroyWindow
RemovePropW
RegisterWindowMessageW
TranslateMessage
ShowWindow
SendMessageTimeoutW
IsWindow
CreateWindowExW
IsWindowVisible
CallWindowProcW
DefWindowProcW
DispatchMessageW
SetWindowLongW

gdi32

SetBkColor
GetObjectA
CreateFontW
CreateSolidBrush
SetTextAlign
SetTextColor
SetBkMode
SelectObject
RestoreDC
SaveDC
GetDeviceCaps
DeleteObject

advapi32

CryptHashData
ConvertSidToStringSidW
CryptDestroyHash
CryptCreateHash
LookupAccountNameW
CryptReleaseContext
CryptAcquireContextW
CryptGetHashParam

shell32

SHGetFolderPathW
SHGetPathFromIDListW
SHGetMalloc
ShellExecuteW
SHBrowseForFolderW
ShellExecuteExW

ole32

CoInitializeEx
CoCreateInstance
CreateStreamOnHGlobal
CoTaskMemFree
CoUninitialize

oleaut32

VarUI8FromStr
VarI4FromStr
VariantInit

winhttp

WinHttpQueryDataAvailable
WinHttpReceiveResponse
WinHttpWriteData
WinHttpSetTimeouts
WinHttpReadData
WinHttpCrackUrl
WinHttpOpenRequest
WinHttpOpen
WinHttpQueryOption
WinHttpSetStatusCallback
WinHttpQueryHeaders
WinHttpCloseHandle
WinHttpConnect
WinHttpSendRequest
WinHttpSetOption

urlmon

ObtainUserAgentString

shlwapi

StrCmpNW
StrCmpNA

Sections

.text
Size: 443KB - Virtual size: 442KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 993KB - Virtual size: 993KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
4ed86fd2ad7cae5a60614b65293e08660c6b423181649023529222160f4af2c4
.exe windows

af25b1d1d3c13b7b2feefc532e731d06

Code Sign

1e:0f:6a:31:8b:57:60:28:65:65:66:fc:75:38:a1:ed
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

18-05-2017 00:00

Not After

18-05-2018 23:59

Subject

CN=SUNDUS,O=SUNDUS,POSTALCODE=111250,STREET=Krasnokazarmennaya 15 str 7,L=Moscow,ST=RU,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09-05-2013 00:00

Not After

08-05-2028 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19-01-2010 00:00

Not After

18-01-2038 23:59

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

e6:cc:12:34:93:3c:27:90:2d:54:be:1f:30:54:75:00:c4:94:cd:86
Signer

Actual PE Digest

e6:cc:12:34:93:3c:27:90:2d:54:be:1f:30:54:75:00:c4:94:cd:86

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=SUNDUS,O=SUNDUS,POSTALCODE=111250,STREET=Krasnokazarmennaya 15 str 7,L=Moscow,ST=RU,C=RU

07-02-2023 20:47
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdiplus

GdipDeleteStringFormat
GdipFree
GdipLoadImageFromStream
GdipCloneImage
GdipDisposeImage
GdiplusShutdown
GdiplusStartup
GdipSetStringFormatTrimming
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipDrawString
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipAlloc
GdipCreateStringFormat
GdipDeleteFont
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipGetGenericFontFamilySansSerif
GdipCreateFont
GdipDrawLines
GdipFillPolygon
GdipDrawImageRectI
GdipDrawLineI
GdipDeletePen
GdipCreatePen1
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipDeleteGraphics
GdipCreateFromHDC
GdipGetImageWidth
GdipGetImageHeight

kernel32

IsValidLocale
GetFileType
HeapFree
HeapReAlloc
HeapAlloc
GetACP
GetStdHandle
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
GetFileSizeEx
SetLastError
WriteFile
RegisterWaitForSingleObject
InterlockedCompareExchange
WaitForMultipleObjects
GetTempPathW
CreateMutexW
WaitForSingleObject
LocalAlloc
CreateFileW
GetFileAttributesW
GetCurrentThreadId
ReleaseMutex
UnmapViewOfFile
DuplicateHandle
OpenProcess
CreateEventW
MultiByteToWideChar
Sleep
FormatMessageW
GetLastError
SetEvent
DeleteFileW
CloseHandle
SetFilePointerEx
UnregisterWaitEx
LocalFree
GetCurrentProcessId
GetModuleHandleW
InterlockedIncrement
LocalFlags
CreateFileMappingW
MapViewOfFile
lstrcmpiW
FlushFileBuffers
MulDiv
GetVolumeInformationW
GetSystemDirectoryW
GetComputerNameW
GetUserDefaultLCID
InterlockedDecrement
ResetEvent
WideCharToMultiByte
FindResourceExW
LoadResource
LockResource
SizeofResource
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
VerSetConditionMask
VerifyVersionInfoW
GetModuleFileNameW
MoveFileW
GetExitCodeProcess
ReadFile
CreateDirectoryW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
RaiseException
DecodePointer
UnhandledExceptionFilter
GetProcAddress
WaitForSingleObjectEx
GetCurrentProcess
TerminateProcess
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
GetStringTypeW
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LCMapStringW
GetLocaleInfoW
GetCPInfo
OutputDebugStringW
FreeLibrary
LoadLibraryExW
RtlUnwind
EnumSystemLocalesW
GetConsoleCP
GetConsoleMode
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
SetStdHandle
HeapSize
WriteConsoleW
InterlockedExchange

user32

PtInRect
ScreenToClient
EndPaint
OffsetRect
FillRect
BeginPaint
UpdateWindow
MoveWindow
SetWindowTextW
SetWindowPos
PostMessageW
GetDlgCtrlID
SetCapture
InvalidateRect
ReleaseCapture
LoadCursorW
SetCursor
GetDlgItem
SetWindowLongW
AdjustWindowRect
SetRect
DrawTextW
RegisterClassW
GetWindowLongW
GetWindowTextW
PostQuitMessage
IsDlgButtonChecked
SendMessageW
GetDC
GetSystemMetrics
ReleaseDC
DefWindowProcW
CallWindowProcW
SendMessageTimeoutW
DestroyWindow
IsWindowVisible
CreateWindowExW
RemovePropW
ShowWindow
DispatchMessageW
CheckDlgButton
EnableWindow
GetMessageW
TranslateMessage
RegisterWindowMessageW
IsWindow

gdi32

SetBkColor
GetObjectA
CreateSolidBrush
CreateFontW
SetTextColor
SetBkMode
SelectObject
GetDeviceCaps

advapi32

ConvertSidToStringSidW
CryptAcquireContextW
CryptReleaseContext
LookupAccountNameW
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptCreateHash

shell32

SHGetPathFromIDListW
SHBrowseForFolderW
ShellExecuteExW
SHGetFolderPathW
ShellExecuteW
SHGetMalloc

ole32

CoCreateInstance
CreateStreamOnHGlobal
CoTaskMemFree
CoInitializeEx
CoUninitialize

oleaut32

VarI4FromStr
VarUI8FromStr

winhttp

WinHttpOpenRequest
WinHttpCrackUrl
WinHttpWriteData
WinHttpSetTimeouts
WinHttpReceiveResponse
WinHttpOpen
WinHttpQueryHeaders
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpSetOption
WinHttpCloseHandle
WinHttpSendRequest
WinHttpSetStatusCallback
WinHttpQueryOption
WinHttpConnect

urlmon

ObtainUserAgentString

shlwapi

PathAppendW
StrCmpNA

Sections

.text
Size: 231KB - Virtual size: 230KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 81KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 993KB - Virtual size: 993KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
5f082f042e0d49fb9feae2b51f516fdb554bd0804767d771f7c0191c3ca53101
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

TMethodImplementationIntercept

Sections

UPX0
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 65KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
73c47e305eed2194668ac8e783edbb03abe89438f0f5261a403de7cc5649cf5b
.exe windows x86

908bba5a2b67b6ec807e25393327d4ca

Code Sign

69:9a:7c:44:ee:99:5d:0b:28:74:fa:25:4b:00:f7:de
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11-09-2017 00:00

Not After

11-09-2018 23:59

Subject

CN=RITA\, TOV,O=RITA\, TOV,POSTALCODE=61145,STREET=Bud. 11\, Kimnata 129\, vul. Kosmichna,L=Misto Kharkiv,ST=Kharkiv,C=UA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19-01-2010 00:00

Not After

18-01-2038 23:59

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09-05-2013 00:00

Not After

08-05-2028 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:a1:d3:38:c4:54:22:9c:38:3a:33:5f:78:ad:d7:8d:70:7c:51:74
Signer

Actual PE Digest

8c:a1:d3:38:c4:54:22:9c:38:3a:33:5f:78:ad:d7:8d:70:7c:51:74

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=RITA\, TOV,O=RITA\, TOV,POSTALCODE=61145,STREET=Bud. 11\, Kimnata 129\, vul. Kosmichna,L=Misto Kharkiv,ST=Kharkiv,C=UA

07-02-2023 20:47
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdiplus

GdipDeleteStringFormat
GdipFree
GdipLoadImageFromStream
GdipCloneImage
GdipDisposeImage
GdiplusShutdown
GdiplusStartup
GdipSetStringFormatTrimming
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipDrawString
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipAlloc
GdipCreateStringFormat
GdipDeleteFont
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipGetGenericFontFamilySansSerif
GdipCreateFont
GdipDrawLines
GdipFillPolygon
GdipDrawImageRectI
GdipDrawLineI
GdipDeletePen
GdipCreatePen1
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipDeleteGraphics
GdipCreateFromHDC
GdipGetImageWidth
GdipGetImageHeight

kernel32

SetThreadPriority
CreateThread
SwitchToThread
SignalObjectAndWait
WaitForSingleObjectEx
CreateTimerQueue
SetEndOfFile
WriteConsoleW
SetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
CreateMutexW
MapViewOfFile
UnmapViewOfFile
InterlockedIncrement
SetFilePointerEx
WaitForSingleObject
InterlockedCompareExchange
SetEvent
GetModuleHandleW
LocalFlags
WriteFile
OpenProcess
Sleep
FormatMessageW
GetFileAttributesW
CreateFileW
MultiByteToWideChar
FlushFileBuffers
GetTempPathW
GetFileSizeEx
GetLastError
SetLastError
RegisterWaitForSingleObject
LocalAlloc
CreateFileMappingW
CreateEventW
WaitForMultipleObjects
lstrcmpiW
GetCurrentThreadId
DuplicateHandle
ReleaseMutex
CloseHandle
DeleteFileW
GetCurrentProcessId
UnregisterWaitEx
LocalFree
MulDiv
GetComputerNameW
GetSystemDirectoryW
GetVolumeInformationW
ResetEvent
FindResourceExW
LoadResource
LockResource
SizeofResource
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
InterlockedPushEntrySList
VerifyVersionInfoW
GetModuleFileNameW
MoveFileExW
GetThreadPriority
ReadFile
CreateDirectoryW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetVersionExW
GetCommandLineW
MoveFileW
InitializeCriticalSectionAndSpinCount
RaiseException
DecodePointer
TlsAlloc
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentThread
GetStringTypeW
HeapSize
GetStdHandle
WideCharToMultiByte
GetProcAddress
GetModuleHandleExW
ExitProcess
GetProcessHeap
RtlUnwind
GetSystemTimeAsFileTime
TlsGetValue
IsProcessorFeaturePresent
IsDebuggerPresent
GetCPInfo
EncodePointer
HeapAlloc
HeapFree
TlsSetValue
TlsFree
GetStartupInfoW
GetTickCount
CreateSemaphoreW
IsValidCodePage
GetACP
GetOEMCP
GetConsoleCP
GetConsoleMode
GetFileType
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
ReadConsoleW
FreeLibrary
LoadLibraryExW
OutputDebugStringW
HeapReAlloc
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
InterlockedFlushSList
QueryDepthSList
GetThreadTimes
FreeLibraryAndExitThread
GetModuleHandleA
VirtualAlloc
VirtualFree
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
UnregisterWait
ExitThread
GetExitCodeProcess
InterlockedPopEntrySList
VirtualProtect
ReleaseSemaphore
InitializeSListHead
LoadLibraryW
GetTimeZoneInformation
VerSetConditionMask
SetEnvironmentVariableA

user32

GetDlgItem
ReleaseCapture
InvalidateRect
SetCapture
SetCursor
GetWindowTextW
PostQuitMessage
IsDlgButtonChecked
LoadCursorW
GetDlgCtrlID
PostMessageW
PtInRect
ScreenToClient
EndPaint
OffsetRect
FillRect
BeginPaint
UpdateWindow
MoveWindow
SendMessageW
SetWindowTextW
SetWindowPos
SetWindowLongW
AdjustWindowRect
SetRect
DrawTextW
CheckDlgButton
EnableWindow
GetMessageW
IsDialogMessageW
RegisterClassW
GetWindowLongW
GetDC
ReleaseDC
DestroyWindow
RemovePropW
RegisterWindowMessageW
TranslateMessage
ShowWindow
SendMessageTimeoutW
IsWindow
CreateWindowExW
IsWindowVisible
CallWindowProcW
DefWindowProcW
DispatchMessageW
GetSystemMetrics

gdi32

SetBkColor
GetObjectA
CreateFontW
CreateSolidBrush
SetTextColor
SetBkMode
SelectObject
GetDeviceCaps
DeleteObject

advapi32

ConvertSidToStringSidW
CryptDestroyHash
CryptCreateHash
LookupAccountNameW
CryptReleaseContext
CryptAcquireContextW
CryptGetHashParam
CryptHashData

shell32

SHBrowseForFolderW
ShellExecuteW
SHGetMalloc
SHGetPathFromIDListW
ShellExecuteExW
SHGetFolderPathW

ole32

CoCreateInstance
CreateStreamOnHGlobal
CoTaskMemFree
CoInitializeEx
CoUninitialize

oleaut32

VarI4FromStr
VarUI8FromStr

winhttp

WinHttpQueryDataAvailable
WinHttpReceiveResponse
WinHttpWriteData
WinHttpSetTimeouts
WinHttpReadData
WinHttpCrackUrl
WinHttpOpenRequest
WinHttpOpen
WinHttpQueryOption
WinHttpSetStatusCallback
WinHttpQueryHeaders
WinHttpCloseHandle
WinHttpConnect
WinHttpSendRequest
WinHttpSetOption

urlmon

ObtainUserAgentString

shlwapi

PathAppendW
StrCmpNW
StrCmpNA

Sections

.text
Size: 437KB - Virtual size: 436KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 993KB - Virtual size: 993KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

019468c31bae9d83815ecd24a702dac4

Code Sign

69:9a:7c:44:ee:99:5d:0b:28:74:fa:25:4b:00:f7:deCertificate

Extended Key Usages

Key Usages

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9dCertificate

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

72:8a:a0:e2:98:54:d2:a7:50:f4:c4:87:e4:b7:fe:29:34:ee:76:28Signer

Signature Validations

Verification

07-02-2023 20:47 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

gdiplus

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

winhttp

urlmon

shlwapi

Sections

.text Size: 443KB - Virtual size: 442KB

.rdata Size: 91KB - Virtual size: 90KB

.data Size: 24KB - Virtual size: 50KB

.rsrc Size: 993KB - Virtual size: 993KB

019468c31bae9d83815ecd24a702dac4

Code Sign

69:9a:7c:44:ee:99:5d:0b:28:74:fa:25:4b:00:f7:deCertificate

Extended Key Usages

Key Usages

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9dCertificate

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

c4:46:40:97:8d:b4:52:11:13:f6:a4:6d:4a:ff:93:67:6e:53:23:5dSigner

Signature Validations

Verification

07-02-2023 20:47 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

gdiplus

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

winhttp

urlmon

shlwapi

Sections

.text Size: 443KB - Virtual size: 442KB

.rdata Size: 91KB - Virtual size: 90KB

.data Size: 24KB - Virtual size: 50KB

.rsrc Size: 993KB - Virtual size: 993KB

af25b1d1d3c13b7b2feefc532e731d06

Code Sign

1e:0f:6a:31:8b:57:60:28:65:65:66:fc:75:38:a1:edCertificate

Extended Key Usages

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

69:9a:7c:44:ee:99:5d:0b:28:74:fa:25:4b:00:f7:de
Certificate

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

72:8a:a0:e2:98:54:d2:a7:50:f4:c4:87:e4:b7:fe:29:34:ee:76:28
Signer

07-02-2023 20:47
Valid: false

.text
Size: 443KB - Virtual size: 442KB

.rdata
Size: 91KB - Virtual size: 90KB

.data
Size: 24KB - Virtual size: 50KB

.rsrc
Size: 993KB - Virtual size: 993KB

69:9a:7c:44:ee:99:5d:0b:28:74:fa:25:4b:00:f7:de
Certificate

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

c4:46:40:97:8d:b4:52:11:13:f6:a4:6d:4a:ff:93:67:6e:53:23:5d
Signer

07-02-2023 20:47
Valid: false

.text
Size: 443KB - Virtual size: 442KB

.rdata
Size: 91KB - Virtual size: 90KB

.data
Size: 24KB - Virtual size: 50KB

.rsrc
Size: 993KB - Virtual size: 993KB

1e:0f:6a:31:8b:57:60:28:65:65:66:fc:75:38:a1:ed
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

e6:cc:12:34:93:3c:27:90:2d:54:be:1f:30:54:75:00:c4:94:cd:86
Signer

07-02-2023 20:47
Valid: false

.text
Size: 231KB - Virtual size: 230KB

.rdata
Size: 81KB - Virtual size: 81KB

.data
Size: 12KB - Virtual size: 22KB

.tls
Size: 512B - Virtual size: 9B

.gfids
Size: 1024B - Virtual size: 536B

.rsrc
Size: 993KB - Virtual size: 993KB

UPX0
Size: 3.3MB - Virtual size: 3.3MB

UPX1
Size: 1.6MB - Virtual size: 1.6MB

.rsrc
Size: 65KB - Virtual size: 68KB

.imports
Size: 11KB - Virtual size: 12KB

69:9a:7c:44:ee:99:5d:0b:28:74:fa:25:4b:00:f7:de
Certificate

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

8c:a1:d3:38:c4:54:22:9c:38:3a:33:5f:78:ad:d7:8d:70:7c:51:74
Signer

07-02-2023 20:47
Valid: false