BackuperInstall[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

BackuperInstall.exe
Size

5.4MB
MD5

78706fc40b12687cc6c579787ce478a4
SHA1

98a0376b842b29efd6424d64b4e1ec405ba5e358
SHA256

7302b95178eaf2d55f30b14494733f74ba9f76b6212252ab6515f963905cce1c
SHA512

fc46150b1639dadad0fcc78a2811698adc019db5eac873cc88279a2047b91c9bda8d075719ac7b5f01e69f1285c025d8cd6961cbe9eafcd062197d3e8f619dd5
SSDEEP

98304:9pCGq7mZycy+pRS54MU3Xxf3blE1ATD8FH+lVxPspSqblPwyLX:9JJTy+zvLV3pRn8Z+NP0hblPrL

Score

1^/10

Malware Config

Signatures

Files

BackuperInstall.exe
.exe windows x64

77aaf6606f33f801e46e0648f527ec0a

Code Sign

2d:5e:f4:5e:6f:7a:02:c5:93:72:b4:9e:1e:94:c0:ae:c4:95:86:40
Certificate

Issuer

CN=Adman.com,O=Adman Ltd,L=Moscow,ST=Moscow,C=RU,1.2.840.113549.1.9.1=#0c11737570706f72744061646d616e2e636f6d

Not Before

13/02/2023, 06:08

Not After

10/02/2033, 06:08

Subject

CN=Adman.com,O=Adman Ltd,L=Moscow,ST=Moscow,C=RU,1.2.840.113549.1.9.1=#0c11737570706f72744061646d616e2e636f6d

54:ee:2c:b3:76:1e:aa:6c:6b:22:eb:5c:70:c7:d2:2a:33:d3:82:04
Certificate

Issuer

CN=Adman.com,O=Adman Ltd,L=Moscow,ST=Moscow,C=RU,1.2.840.113549.1.9.1=#0c11737570706f72744061646d616e2e636f6d

Not Before

13/02/2023, 06:34

Not After

12/02/2025, 06:34

Subject

CN=Adman Backuper,O=Adman,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11/05/2022, 00:00

Not After

10/08/2033, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

34:fc:21:79:f8:7d:bb:3b:6f:79:79:ef:57:f0:bc:c4:8f:c7:d9:aa
Signer

Actual PE Digest

34:fc:21:79:f8:7d:bb:3b:6f:79:79:ef:57:f0:bc:c4:8f:c7:d9:aa

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Adman Backuper,O=Adman,L=Moscow,ST=Moscow,C=RU

16/03/2023, 15:37
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegOpenKeyExA
RegQueryValueA
RegQueryValueExA
RegSetValueExA

comctl32

InitCommonControlsEx

comdlg32

GetOpenFileNameA
GetSaveFileNameA

crypt32

CertAddCertificateContextToStore
CertCloseStore
CertCreateCertificateContext
CertOpenStore

dwmapi

DwmExtendFrameIntoClientArea

gdi32

BitBlt
CreateBrushIndirect
CreateCompatibleBitmap
CreateCompatibleDC
CreateFontA
CreateRoundRectRgn
CreateSolidBrush
DeleteDC
DeleteObject
GetDeviceCaps
SelectObject
SetBkColor
SetStretchBltMode
SetTextColor
TextOutA

gdiplus

GdipAddPathArc
GdipAddPathArcI
GdipAlloc
GdipBitmapSetResolution
GdipCloneBrush
GdipCloneImage
GdipClosePathFigure
GdipCreateBitmapFromFile
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipCreateFont
GdipCreateFontFamilyFromName
GdipCreateFromHDC
GdipCreateHBITMAPFromBitmap
GdipCreatePath
GdipCreatePen1
GdipCreateSolidFill
GdipCreateStringFormat
GdipDeleteBrush
GdipDeleteFont
GdipDeleteFontFamily
GdipDeleteGraphics
GdipDeletePath
GdipDeletePen
GdipDeleteStringFormat
GdipDisposeImage
GdipDrawEllipse
GdipDrawImageRectI
GdipDrawLine
GdipDrawPath
GdipDrawString
GdipFillEllipse
GdipFillPath
GdipFree
GdipLoadImageFromFile
GdipLoadImageFromFileICM
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipMeasureString
GdipResetWorldTransform
GdipSetSmoothingMode
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetStringFormatTrimming
GdipSetTextRenderingHint
GdipTranslateWorldTransform
GdiplusShutdown
GdiplusStartup

kernel32

AddAtomA
AddVectoredExceptionHandler
CloseHandle
CopyFileW
CreateEventA
CreateFileA
CreateFileW
CreateHardLinkW
CreateMutexA
CreateProcessW
CreateSemaphoreA
CreateToolhelp32Snapshot
DeleteAtom
DeleteCriticalSection
DeleteFileW
DeviceIoControl
DuplicateHandle
EnterCriticalSection
FileTimeToSystemTime
FindAtomA
FindFirstVolumeW
FindNextVolumeW
FindResourceA
FindVolumeClose
FormatMessageA
FreeLibrary
GetAtomNameA
GetCommandLineA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDiskFreeSpaceExA
GetDiskFreeSpaceExW
GetDriveTypeA
GetFileAttributesA
GetFileAttributesW
GetFileInformationByHandle
GetFileSizeEx
GetFileType
GetFullPathNameW
GetHandleInformation
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetProcessAffinityMask
GetProcessTimes
GetStartupInfoA
GetStdHandle
GetSystemTimeAdjustment
GetSystemTimeAsFileTime
GetTempPathW
GetThreadContext
GetThreadPriority
GetThreadTimes
GetTickCount
GetVolumeInformationW
GlobalAlloc
GlobalFree
GlobalLock
InitializeCriticalSection
IsDBCSLeadByteEx
IsDebuggerPresent
LeaveCriticalSection
LoadLibraryW
LoadResource
LocalFree
LockResource
MoveFileExW
MulDiv
MultiByteToWideChar
OpenProcess
OutputDebugStringA
Process32First
Process32Next
QueryDosDeviceA
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReleaseMutex
ReleaseSemaphore
RemoveDirectoryW
RemoveVectoredExceptionHandler
ResetEvent
ResumeThread
RtlCaptureContext
RtlLookupFunctionEntry
RtlUnwindEx
RtlVirtualUnwind
SetConsoleCP
SetConsoleOutputCP
SetConsoleTextAttribute
SetEndOfFile
SetEvent
SetFilePointer
SetLastError
SetProcessAffinityMask
SetSystemTime
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
SizeofResource
Sleep
SuspendThread
TlsAlloc
TlsGetValue
TlsSetValue
TryEnterCriticalSection
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
__C_specific_handler

msvcrt

___lc_codepage_func
___mb_cur_max_func
__getmainargs
__initenv
__iob_func
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_beginthreadex
_cexit
_close
_close
_commode
_endthreadex
_errno
_fdopen
_filelengthi64
_fileno
_findclose
_fileno
_fmode
_fstat64
_get_osfhandle
_initterm
_localtime64
_lock
_lseeki64
_memccpy
_onexit
_read
_setjmp
_strdup
_strnicmp
_telli64
_time64
_ultoa
_unlock
_vscprintf
_vsnprintf
_wchdir
_wchmod
_wfindfirst64
_wfindnext64
_wfopen
_wfullpath
_wgetcwd
_wgetenv_s
_wmkdir
_wopen
_write
_wstat64
_wutime64
abort
atoi
calloc
exit
fclose
feof
fflush
fgetc
fgetpos
fopen
fprintf
fputc
fputs
fread
free
fseek
fsetpos
ftell
fwrite
getc
getwc
isspace
iswctype
localeconv
longjmp
malloc
mbstowcs
memchr
memcmp
memcpy
memmove
memset
printf
putc
putwc
realloc
rewind
setlocale
setvbuf
signal
strcmp
strcoll
strcpy
strerror
strftime
strlen
strncmp
strxfrm
tolower
towlower
towupper
ungetc
ungetwc
vfprintf
wcscat
wcscmp
wcscoll
wcscpy
wcsftime
wcslen
wcsxfrm

ole32

CoCreateInstance
CoInitialize
CoUninitialize
CreateStreamOnHGlobal

shell32

DragFinish
DragQueryFileA
SHBrowseForFolderA
SHGetPathFromIDListA
Shell_NotifyIconA

user32

AppendMenuA
BeginPaint
CallWindowProcA
CreatePopupMenu
CreateWindowExA
DefWindowProcA
DestroyMenu
DestroyWindow
DispatchMessageA
EndPaint
FillRect
GetClassInfoA
GetClassInfoExA
GetClientRect
GetCursorPos
GetDC
GetDlgItem
GetForegroundWindow
GetKeyState
GetMenuItemID
GetMessageA
GetPropA
GetSystemMetrics
GetWindowRect
GetWindowTextA
GetWindowTextW
InvalidateRect
IsWindow
LoadCursorA
LoadIconA
MessageBoxA
OffsetRect
PeekMessageA
PostMessageA
PostQuitMessage
RegisterClassA
RegisterClassExA
ReleaseCapture
ReleaseDC
RemovePropA
SendMessageA
SetCapture
SetCursor
SetFocus
SetForegroundWindow
SetMenuInfo
SetMenuItemBitmaps
SetPropA
SetTimer
SetWindowLongA
SetWindowLongPtrA
SetWindowPos
SetWindowRgn
SetWindowTextA
ShowWindow
TrackMouseEvent
TrackPopupMenu
TranslateMessage
UnregisterClassA
WindowFromPoint

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 129KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

77aaf6606f33f801e46e0648f527ec0a

Code Sign

2d:5e:f4:5e:6f:7a:02:c5:93:72:b4:9e:1e:94:c0:ae:c4:95:86:40Certificate

54:ee:2c:b3:76:1e:aa:6c:6b:22:eb:5c:70:c7:d2:2a:33:d3:82:04Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43Certificate

Extended Key Usages

Key Usages

34:fc:21:79:f8:7d:bb:3b:6f:79:79:ef:57:f0:bc:c4:8f:c7:d9:aaSigner

Signature Validations

Verification

16/03/2023, 15:37 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

comctl32

comdlg32

crypt32

dwmapi

gdi32

gdiplus

kernel32

msvcrt

ole32

shell32

user32

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.data Size: 12KB - Virtual size: 11KB

.rdata Size: 129KB - Virtual size: 129KB

.pdata Size: 75KB - Virtual size: 74KB

.xdata Size: 103KB - Virtual size: 103KB

.bss Size: - Virtual size: 4KB

.idata Size: 14KB - Virtual size: 14KB

.CRT Size: 512B - Virtual size: 112B

.tls Size: 512B - Virtual size: 16B

.rsrc Size: 3.9MB - Virtual size: 3.9MB

.reloc Size: 7KB - Virtual size: 6KB

2d:5e:f4:5e:6f:7a:02:c5:93:72:b4:9e:1e:94:c0:ae:c4:95:86:40
Certificate

54:ee:2c:b3:76:1e:aa:6c:6b:22:eb:5c:70:c7:d2:2a:33:d3:82:04
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

34:fc:21:79:f8:7d:bb:3b:6f:79:79:ef:57:f0:bc:c4:8f:c7:d9:aa
Signer

16/03/2023, 15:37
Valid: false

.text
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 12KB - Virtual size: 11KB

.rdata
Size: 129KB - Virtual size: 129KB

.pdata
Size: 75KB - Virtual size: 74KB

.xdata
Size: 103KB - Virtual size: 103KB

.bss
Size: - Virtual size: 4KB

.idata
Size: 14KB - Virtual size: 14KB

.CRT
Size: 512B - Virtual size: 112B

.tls
Size: 512B - Virtual size: 16B

.rsrc
Size: 3.9MB - Virtual size: 3.9MB

.reloc
Size: 7KB - Virtual size: 6KB