0a57000801b76f3bd0210f1150946fa68717c78b64854bfe5ff0f3495f0ca991[.]scr

Sharing

Copy URL Twitter E-mail

General

Target

0a57000801b76f3bd0210f1150946fa68717c78b64854bfe5ff0f3495f0ca991.scr
Size

2.7MB
MD5

40d6435859eb816e5f0706f116a920db
SHA1

c8219bd61b1866a7399edb043ce9479d156e6bf6
SHA256

0a57000801b76f3bd0210f1150946fa68717c78b64854bfe5ff0f3495f0ca991
SHA512

26e81e2b9960eacc5e2e6bca1f2ee7a0813fe22d3128df6125a98e9d71f07f25a65623376f61dbc360c9036aac664f6e671becaddaf89fde79f17552f0419fa2
SSDEEP

24576:Qj1Qy+wax0vNX8kl6cdtD1qBQycEpTQUgv5pXsFSMa/Mtu4B7M5eyukud9qC8Voc:wax68u6wD1FycqTq5psaQuZG3q/o1Y

Score

1^/10

Malware Config

Signatures

Files

0a57000801b76f3bd0210f1150946fa68717c78b64854bfe5ff0f3495f0ca991.scr
.exe windows x86

0cbab3aefc3726ca8fdadefcb1e4c310

Code Sign

a5:7d:18:67:77:7e:03:5f:85:4f:8b:d1:ad:93:92:c6
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

05/02/2019, 00:00

Not After

05/02/2023, 23:59

Subject

CN=Roman Trachta,O=Roman Trachta,POSTALCODE=10000,STREET=1855/27 Secska,L=Praha 10 - Strasnice,ST=Prague,C=CZ

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/03/2019, 00:00

Not After

31/12/2028, 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a5:7d:18:67:77:7e:03:5f:85:4f:8b:d1:ad:93:92:c6
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

05/02/2019, 00:00

Not After

05/02/2023, 23:59

Subject

CN=Roman Trachta,O=Roman Trachta,POSTALCODE=10000,STREET=1855/27 Secska,L=Praha 10 - Strasnice,ST=Prague,C=CZ

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/03/2019, 00:00

Not After

31/12/2028, 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4c:c6:df:2f:30:a9:c0:a9:85:43:cb:0d:30:f4:2f:b9:a6:3a:40:68:cc:e6:1a:38:0a:5f:10:36:a0:9f:36:88
Signer

Actual PE Digest

4c:c6:df:2f:30:a9:c0:a9:85:43:cb:0d:30:f4:2f:b9:a6:3a:40:68:cc:e6:1a:38:0a:5f:10:36:a0:9f:36:88

Digest Algorithm

sha256

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Roman Trachta,O=Roman Trachta,POSTALCODE=10000,STREET=1855/27 Secska,L=Praha 10 - Strasnice,ST=Prague,C=CZ

09/03/2023, 18:59
Valid: false

a0:b3:1e:98:18:5e:dc:b8:e4:e5:c0:7e:c3:2c:04:29:31:9b:7e:90
Signer

Actual PE Digest

a0:b3:1e:98:18:5e:dc:b8:e4:e5:c0:7e:c3:2c:04:29:31:9b:7e:90

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Roman Trachta,O=Roman Trachta,POSTALCODE=10000,STREET=1855/27 Secska,L=Praha 10 - Strasnice,ST=Prague,C=CZ

11/01/2022, 11:55
Valid: true

Chain 1

CN=Roman Trachta,O=Roman Trachta,POSTALCODE=10000,STREET=1855/27 Secska,L=Praha 10 - Strasnice,ST=Prague,C=CZ

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Chain 2

CN=Roman Trachta,O=Roman Trachta,POSTALCODE=10000,STREET=1855/27 Secska,L=Praha 10 - Strasnice,ST=Prague,C=CZ

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

CryptAcquireContextA
CryptCreateHash
CryptDestroyHash
CryptGenRandom
CryptGetHashParam
CryptHashData
CryptReleaseContext

kernel32

AcquireSRWLockExclusive
AcquireSRWLockShared
AddVectoredExceptionHandler
CloseHandle
CompareStringOrdinal
CreateFileA
CreateFileMappingA
CreateFileW
CreateMutexA
CreateNamedPipeW
CreateProcessW
CreateThread
CreateToolhelp32Snapshot
DeleteCriticalSection
DuplicateHandle
EnterCriticalSection
FindResourceW
FormatMessageW
FreeEnvironmentStringsW
FreeLibrary
GetCommandLineW
GetConsoleMode
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetEnvironmentStringsW
GetEnvironmentVariableA
GetEnvironmentVariableW
GetFileAttributesW
GetFileInformationByHandle
GetFileInformationByHandleEx
GetFileSizeEx
GetFullPathNameW
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetSystemDirectoryA
GetSystemDirectoryW
GetTempPathW
GetTickCount
GetWindowsDirectoryW
HeapAlloc
HeapFree
HeapReAlloc
InitOnceBeginInitialize
InitOnceComplete
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
LoadResource
LockResource
MapViewOfFile
Module32FirstW
Module32NextW
MoveFileExA
MultiByteToWideChar
QueryPerformanceCounter
QueryPerformanceFrequency
ReadFile
ReadFileEx
ReleaseMutex
ReleaseSRWLockExclusive
ReleaseSRWLockShared
RtlCaptureContext
SetHandleInformation
SetLastError
SetThreadStackGuarantee
SetUnhandledExceptionFilter
SizeofResource
Sleep
SleepEx
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryAcquireSRWLockExclusive
UnmapViewOfFile
VerSetConditionMask
VerifyVersionInfoW
WaitForSingleObject
WaitForSingleObjectEx
WideCharToMultiByte
WriteConsoleW
WriteFileEx
CreateEventA
CreateSemaphoreA
GetCurrentThreadId
GetHandleInformation
GetProcessAffinityMask
GetSystemTimeAsFileTime
GetThreadContext
GetThreadPriority
IsDBCSLeadByteEx
IsDebuggerPresent
OpenProcess
OutputDebugStringA
RaiseException
ReleaseSemaphore
RemoveVectoredExceptionHandler
ResetEvent
ResumeThread
SetEvent
SetProcessAffinityMask
SetThreadContext
SetThreadPriority
SuspendThread
TryEnterCriticalSection
VirtualProtect
VirtualQuery
WaitForMultipleObjects

user32

MessageBoxW

bcrypt

BCryptCloseAlgorithmProvider
BCryptGenRandom
BCryptOpenAlgorithmProvider

oleaut32

GetErrorInfo
SysFreeString
SysStringLen

shell32

ShellExecuteExW

crypt32

CertAddCertificateContextToStore
CertCloseStore
CertCreateCertificateChainEngine
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFindExtension
CertFreeCertificateChain
CertFreeCertificateChainEngine
CertFreeCertificateContext
CertGetCertificateChain
CertGetNameStringA
CertOpenStore
CryptDecodeObjectEx
CryptQueryObject
CryptStringToBinaryA
PFXImportCertStore

msvcrt

__getmainargs
__initenv
__lconv_init
__mb_cur_max
__p__acmdln
__p__commode
__p__fmode
__set_app_type
__setusermatherr
_access
_amsg_exit
_beginthreadex
_cexit
_close
_commode
_endthreadex
_errno
_fdopen
_fmode
_fpreset
_fstati64
_initterm
_iob
_lseeki64
_onexit
_open
_read
_setjmp3
_stati64
_strdup
_sys_errlist
_sys_nerr
_ultoa
_vsnprintf
_unlink
_vsnwprintf
_write
abort
atoi
calloc
exit
fclose
feof
fflush
fgets
fgetwc
fopen
fprintf
fputc
fputs
fread
free
fseek
ftell
fwrite
getc
gmtime
islower
isspace
isupper
isxdigit
localeconv
longjmp
malloc
mbstowcs
memchr
memcmp
memcpy
memmove
memset
printf
qsort
realloc
setlocale
signal
strchr
strcmp
strcpy
strcspn
strerror
strftime
strlen
strncmp
strncpy
strpbrk
strrchr
strspn
strstr
strtol
strtoul
time
tolower
ungetc
vfprintf
wcslen
wcstombs

ws2_32

WSACleanup
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAGetLastError
WSAIoctl
WSAResetEvent
WSASetEvent
WSASetLastError
WSASocketW
WSAStartup
WSAWaitForMultipleEvents
__WSAFDIsSet
accept
bind
closesocket
connect
freeaddrinfo
getaddrinfo
getpeername
getsockname
getsockopt
htonl
htons
ioctlsocket
listen
ntohs
recv
select
send
setsockopt
socket

Sections

.text
Size: 638KB - Virtual size: 638KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 660B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 85KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vm_sec
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vlizer
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0cbab3aefc3726ca8fdadefcb1e4c310

Code Sign

a5:7d:18:67:77:7e:03:5f:85:4f:8b:d1:ad:93:92:c6Certificate

Extended Key Usages

Key Usages

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95Certificate

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

a5:7d:18:67:77:7e:03:5f:85:4f:8b:d1:ad:93:92:c6Certificate

Extended Key Usages

Key Usages

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95Certificate

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6bCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

4c:c6:df:2f:30:a9:c0:a9:85:43:cb:0d:30:f4:2f:b9:a6:3a:40:68:cc:e6:1a:38:0a:5f:10:36:a0:9f:36:88Signer

Signature Validations

Verification

09/03/2023, 18:59 Valid: false

a0:b3:1e:98:18:5e:dc:b8:e4:e5:c0:7e:c3:2c:04:29:31:9b:7e:90Signer

Signature Validations

Verification

11/01/2022, 11:55 Valid: true

Chain 1

Chain 2

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

user32

bcrypt

oleaut32

shell32

crypt32

msvcrt

ws2_32

Sections

.text Size: 638KB - Virtual size: 638KB

.data Size: 1024B - Virtual size: 660B

.rdata Size: 85KB - Virtual size: 85KB

.eh_fram Size: 80KB - Virtual size: 80KB

.bss Size: - Virtual size: 3KB

.idata Size: 8KB - Virtual size: 8KB

.CRT Size: 512B - Virtual size: 68B

.tls Size: 512B - Virtual size: 8B

.reloc Size: - Virtual size: 21KB

.rsrc Size: 95KB - Virtual size: 95KB

.vm_sec Size: 16KB - Virtual size: 16KB

.vlizer Size: 1.8MB - Virtual size: 1.8MB

a5:7d:18:67:77:7e:03:5f:85:4f:8b:d1:ad:93:92:c6
Certificate

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

a5:7d:18:67:77:7e:03:5f:85:4f:8b:d1:ad:93:92:c6
Certificate

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

4c:c6:df:2f:30:a9:c0:a9:85:43:cb:0d:30:f4:2f:b9:a6:3a:40:68:cc:e6:1a:38:0a:5f:10:36:a0:9f:36:88
Signer

09/03/2023, 18:59
Valid: false

a0:b3:1e:98:18:5e:dc:b8:e4:e5:c0:7e:c3:2c:04:29:31:9b:7e:90
Signer

11/01/2022, 11:55
Valid: true

.text
Size: 638KB - Virtual size: 638KB

.data
Size: 1024B - Virtual size: 660B

.rdata
Size: 85KB - Virtual size: 85KB

.eh_fram
Size: 80KB - Virtual size: 80KB

.bss
Size: - Virtual size: 3KB

.idata
Size: 8KB - Virtual size: 8KB

.CRT
Size: 512B - Virtual size: 68B

.tls
Size: 512B - Virtual size: 8B

.reloc
Size: - Virtual size: 21KB

.rsrc
Size: 95KB - Virtual size: 95KB

.vm_sec
Size: 16KB - Virtual size: 16KB

.vlizer
Size: 1.8MB - Virtual size: 1.8MB