5b7009fa170d92c6f57c7d1cc4c12a254335f22a9351d2dd2975f0566248cfe4

Sharing

Copy URL

Twitter E-mail

General

Target

5b7009fa170d92c6f57c7d1cc4c12a254335f22a9351d2dd2975f0566248cfe4
Size

1.8MB
MD5

28c06d15761e65c1f21d2acda0f495e8
SHA1

b7a32cc89e9c58baafd8ec742eed3647f5630624
SHA256

5b7009fa170d92c6f57c7d1cc4c12a254335f22a9351d2dd2975f0566248cfe4
SHA512

d42c2dc9b9c268c3ebf2ae42969b3bae20c4209e92787634f47ba343ab9a8f9f2b47efaa367fca7878a8498c177c231aa6492ee3e04249674c0180be0fc54128
SSDEEP

24576:hUdYmrAVu0upklpG2ZECAjWecP7Js708sd4JHA:mdFrAQ0upklpHPABi7Jsc4Jg

Score

1^/10

Malware Config

Signatures

Files

5b7009fa170d92c6f57c7d1cc4c12a254335f22a9351d2dd2975f0566248cfe4
.exe windows x64

7db7122e073dbd0d54ca88b27c1caa4e

Code Sign

3e:04:e3:8a:28:96:56:48:b8:f0:28:12:dd:f0:16:0f
Certificate

Issuer

CN=topolo-Z Self Signed CA

Not Before

01-01-2018 00:00

Not After

31-12-2039 23:59

Subject

CN=topolo-Z

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3e:04:e3:8a:28:96:56:48:b8:f0:28:12:dd:f0:16:0f
Certificate

Issuer

CN=topolo-Z Self Signed CA

Not Before

01-01-2018 00:00

Not After

31-12-2039 23:59

Subject

CN=topolo-Z

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e4:b5:c4:a2:cf:30:b1:c1:2b:2c:44:97:a4:70:64:53:8b:67:d0:52:4d:1e:1d:dc:d5:0c:bc:0a:f9:d9:23:8c
Signer

Actual PE Digest

e4:b5:c4:a2:cf:30:b1:c1:2b:2c:44:97:a4:70:64:53:8b:67:d0:52:4d:1e:1d:dc:d5:0c:bc:0a:f9:d9:23:8c

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=topolo-Z

22-03-2023 11:20
Valid: false

8a:a3:13:9e:08:c9:dd:3e:c1:13:89:53:a1:2a:92:95:bc:d8:ec:43
Signer

Actual PE Digest

8a:a3:13:9e:08:c9:dd:3e:c1:13:89:53:a1:2a:92:95:bc:d8:ec:43

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=topolo-Z

22-03-2023 11:20
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

comctl32

ImageList_GetImageCount
ImageList_Remove
ImageList_Destroy
InitCommonControlsEx
ord381
ImageList_ReplaceIcon
PropertySheetW
CreatePropertySheetPageW
ImageList_GetIconSize
ord412
ImageList_Draw
ord410
ImageList_Create
ord413

uxtheme

SetWindowTheme
DrawThemeParentBackground
IsThemeBackgroundPartiallyTransparent
CloseThemeData
DrawThemeBackground
OpenThemeData
DrawThemeTextEx
GetCurrentThemeName

dwmapi

DwmSetWindowAttribute
DwmGetColorizationColor
DwmExtendFrameIntoClientArea
DwmIsCompositionEnabled
DwmGetWindowAttribute

shlwapi

ord12
SHAutoComplete
PathRemoveBackslashW
PathUnquoteSpacesW
PathFileExistsW
PathRemoveBlanksW
PathStripPathW
PathIsRelativeW
PathRemoveArgsW
PathRemoveFileSpecW
PathQuoteSpacesW
UrlGetPartW
AssocQueryStringW
PathIsURLW
PathFindFileNameW
PathFindExtensionW
PathIsDirectoryW
PathAddBackslashW

winmm

joyGetPosEx
PlaySoundW
mmioStringToFOURCCW
mmioDescend
mmioAscend
mmioClose
mmioRead
mmioOpenW
mciSendStringW
joyGetNumDevs

powrprof

ReadGlobalPwrPolicy
SetSuspendState

oleacc

AccessibleObjectFromWindow
AccessibleChildren

sas

SendSAS

xmllite

CreateXmlReader

gdiplus

GdipDrawImageRectI
GdipSetCompositingQuality
GdipGetImageWidth
GdipAlloc
GdipCreateFromHDC
GdipFree
GdipSetInterpolationMode
GdipSetSmoothingMode
GdipDeleteGraphics
GdipDisposeImage
GdipGetImageHeight
GdiplusStartup
GdipCloneImage
GdiplusShutdown
GdipLoadImageFromFile

wtsapi32

WTSUnRegisterSessionNotification
WTSRegisterSessionNotification

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

setupapi

SetupDiGetClassDevsW
SetupDiOpenDevRegKey
SetupDiGetDevicePropertyW
SetupDiSetClassInstallParamsW
SetupDiChangeState
SetupDiEnumDeviceInfo
SetupDiGetDeviceInstanceIdW
SetupDiGetClassDevsExW
SetupDiDestroyDeviceInfoList

imm32

ImmGetDefaultIMEWnd

kernel32

FlsFree
FlsSetValue
FlsAlloc
LeaveCriticalSection
EnterCriticalSection
FlsGetValue
CreateFileW
QueryPerformanceFrequency
QueryPerformanceCounter
GetCurrentProcess
CloseHandle
LocalFree
GetLastError
VerSetConditionMask
VerifyVersionInfoW
GetTickCount64
OpenProcess
Sleep
VirtualProtect
GetThreadUILanguage
GetModuleHandleW
CreateDirectoryW
WritePrivateProfileStringW
HeapFree
OpenFileMappingW
UnmapViewOfFile
GetPrivateProfileStringW
HeapAlloc
GetProcessHeap
CreateFileMappingW
MapViewOfFile
SetThreadPriority
WaitForSingleObject
CreateEventW
SetEvent
GetCurrentThread
ResetEvent
QueryFullProcessImageNameW
ExpandEnvironmentStringsW
GetPrivateProfileSectionNamesW
GetModuleFileNameW
GetLongPathNameW
FreeLibrary
SetDllDirectoryW
LoadLibraryExW
GetSystemPowerStatus
FindFirstFileW
FindNextFileW
FindClose
GetCurrentProcessId
GetWindowsDirectoryW
GetCurrentDirectoryW
GetProcAddress
GetCommandLineW
GetLocaleInfoEx
CreateMutexW
GetCurrentThreadId
FormatMessageW
GetUserDefaultLCID
OpenMutexW
RegisterApplicationRestart
DeleteFileW
WaitForMultipleObjects
SetLastError
SetThreadUILanguage
GetUserDefaultUILanguage
InitializeCriticalSectionEx
GetVersionExW
LoadLibraryW
DeleteCriticalSection
SetWaitableTimer
CreateWaitableTimerW
TerminateProcess
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
WriteConsoleW
TryAcquireSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
GetExitCodeThread
WaitForSingleObjectEx
InitializeSListHead
GetSystemTimeAsFileTime
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
LoadLibraryExA
VirtualQuery
GetSystemInfo
RaiseException
SetEndOfFile
ReadConsoleW
FlushFileBuffers
GetConsoleMode
GetConsoleOutputCP
HeapReAlloc
HeapSize
GetStringTypeW
OutputDebugStringW
RtlUnwindEx
RtlPcToFileHeader
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
SetStdHandle
SetEnvironmentVariableW
TlsGetValue
TlsSetValue
TlsFree
RtlUnwind
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
GetTimeZoneInformation
ExitProcess
GetStdHandle
WriteFile
GetFileSizeEx
SetFilePointerEx
GetFileType
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesW
WideCharToMultiByte
MultiByteToWideChar
ReadFile
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetPrivateProfileIntW

user32

CallWindowProcW
GetScrollInfo
MapVirtualKeyW
CheckRadioButton
GetIconInfo
SetDlgItemTextW
GetDlgItemTextW
ExitWindowsEx
GetIconInfoExW
SetSystemCursor
UnregisterHotKey
EndDialog
RegisterHotKey
LoadIconW
CheckDlgButton
SendDlgItemMessageW
GetDC
PrivateExtractIconsW
CreateIconIndirect
DrawIconEx
ReleaseDC
PostMessageW
FindWindowExW
GetWindowLongW
ShowWindowAsync
GetFocus
IsWindowVisible
EnumChildWindows
FillRect
DrawIcon
ShowWindow
GetDlgCtrlID
InternalGetWindowText
LoadBitmapW
PtInRect
BeginPaint
EndPaint
GetWindowThreadProcessId
GetWindow
MonitorFromWindow
GetSystemMetrics
RealGetWindowClassW
CloseDesktop
GetCursorInfo
GetForegroundWindow
OpenInputDesktop
SystemParametersInfoW
GetWindowTextW
SetWindowPos
SetWindowLongPtrW
MessageBeep
MonitorFromPoint
WindowFromPhysicalPoint
DrawStateW
GetSysColor
SetFocus
LoadCursorW
SetCapture
SetCursor
GetClientRect
DrawTextW
DialogBoxParamW
ReleaseCapture
FindWindowW
GetPhysicalCursorPos
GetMenuItemInfoW
LoadMenuW
GetMenuItemID
InsertMenuItemW
DestroyWindow
GetMenuItemCount
GetRawInputDeviceInfoW
GetMonitorInfoW
GetLayeredWindowAttributes
GetRawInputData
SetMenuInfo
SetLayeredWindowAttributes
RegisterRawInputDevices
CheckMenuItem
SetRect
GetSysColorBrush
EnableMenuItem
CheckMenuRadioItem
RegisterWindowMessageW
DrawFrameControl
LoadImageW
MsgWaitForMultipleObjects
GetKeyState
GetKeyboardState
DeleteMenu
SetWindowTextW
GetWindowLongPtrW
TrackPopupMenu
GetSubMenu
DestroyIcon
SetMenuItemInfoW
MapWindowPoints
SendInput
TrackMouseEvent
SetMenuDefaultItem
IsWindowEnabled
DestroyMenu
GetDlgItem
GetParent
UpdateWindow
SetForegroundWindow
InvalidateRect
GetAncestor
EnableWindow
GetMessageW
DefWindowProcW
CreateWindowExW
SendMessageW
RegisterClassExW
LoadStringW
DispatchMessageW
SetTimer
TranslateMessage
KillTimer
PostQuitMessage
GetWindowRect
GetDesktopWindow
MapVirtualKeyExW
ToUnicodeEx
GetGUIThreadInfo
GetTopWindow
IsIconic
ModifyMenuW
GetTitleBarInfo
FlashWindowEx
GetAsyncKeyState
SetPhysicalCursorPos
mouse_event
IsChild
GetSystemMenu
MessageBoxExW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
keybd_event
GetKeyboardLayout
GetKeyNameTextW
LockWorkStation
CreateDialogParamW
InflateRect
SetClassLongPtrW
GetCapture
GetClassLongPtrW

gdi32

GetTextMetricsW
GetDeviceCaps
AngleArc
GetTextFaceW
StretchBlt
SetBrushOrgEx
ExtCreatePen
ExcludeClipRect
EnumFontFamiliesExW
PlgBlt
SetBkColor
ExtTextOutW
RectVisible
TranslateCharsetInfo
Rectangle
GetDIBits
SetDIBits
BitBlt
CreateCompatibleBitmap
SaveDC
CreateCompatibleDC
GetStockObject
GetClipBox
CreateRectRgnIndirect
DeleteDC
GetTextExtentPoint32W
LineTo
CreatePen
SelectClipRgn
GetObjectW
MoveToEx
RestoreDC
DeleteObject
CreateSolidBrush
SelectObject
SetTextColor
CreateFontW
SetBkMode
RoundRect
SetStretchBltMode

comdlg32

ChooseColorW
CommDlgExtendedError
GetOpenFileNameW

advapi32

RegDeleteKeyValueW
RegCloseKey
GetTokenInformation
CheckTokenMembership
FreeSid
OpenProcessToken
GetNamedSecurityInfoW
SetNamedSecurityInfoW
SetEntriesInAclW
AllocateAndInitializeSid
RegGetValueW
RegOpenKeyExW
RegSetValueExW
OpenServiceW
StartServiceW
OpenSCManagerW
CloseServiceHandle
RegEnumKeyExW
RegCreateKeyExW
LookupPrivilegeValueW
AdjustTokenPrivileges
RegQueryValueExW
RegNotifyChangeKeyValue
RegSetKeyValueW
QueryServiceStatus

shell32

ShellExecuteW
ExtractAssociatedIconW
SHCreateItemFromParsingName
CommandLineToArgvW
SHGetFileInfoW
SHAppBarMessage
Shell_NotifyIconW
SHQueryUserNotificationState
SHGetFolderPathW

ole32

CoTaskMemFree
CoSetProxyBlanket
CoUninitialize
CoInitializeEx
CoCreateInstance
PropVariantClear
CoTaskMemAlloc

oleaut32

SysFreeString
SafeArrayGetElement
SysAllocString
VariantClear
SafeArrayDestroy
SafeArrayCopyData
SafeArrayCopy
VariantInit

Sections

.text
Size: 501KB - Virtual size: 500KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 109KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7db7122e073dbd0d54ca88b27c1caa4e

Code Sign

3e:04:e3:8a:28:96:56:48:b8:f0:28:12:dd:f0:16:0fCertificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

3e:04:e3:8a:28:96:56:48:b8:f0:28:12:dd:f0:16:0fCertificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

e4:b5:c4:a2:cf:30:b1:c1:2b:2c:44:97:a4:70:64:53:8b:67:d0:52:4d:1e:1d:dc:d5:0c:bc:0a:f9:d9:23:8cSigner

Signature Validations

Verification

22-03-2023 11:20 Valid: false

8a:a3:13:9e:08:c9:dd:3e:c1:13:89:53:a1:2a:92:95:bc:d8:ec:43Signer

Signature Validations

Verification

22-03-2023 11:20 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

uxtheme

dwmapi

shlwapi

winmm

powrprof

oleacc

sas

xmllite

gdiplus

wtsapi32

version

setupapi

imm32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 501KB - Virtual size: 500KB

.rdata Size: 109KB - Virtual size: 108KB

.data Size: 5KB - Virtual size: 73KB

.pdata Size: 16KB - Virtual size: 16KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 1.1MB - Virtual size: 1.1MB

.reloc Size: 2KB - Virtual size: 2KB

3e:04:e3:8a:28:96:56:48:b8:f0:28:12:dd:f0:16:0f
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

3e:04:e3:8a:28:96:56:48:b8:f0:28:12:dd:f0:16:0f
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

e4:b5:c4:a2:cf:30:b1:c1:2b:2c:44:97:a4:70:64:53:8b:67:d0:52:4d:1e:1d:dc:d5:0c:bc:0a:f9:d9:23:8c
Signer

22-03-2023 11:20
Valid: false

8a:a3:13:9e:08:c9:dd:3e:c1:13:89:53:a1:2a:92:95:bc:d8:ec:43
Signer

22-03-2023 11:20
Valid: false

.text
Size: 501KB - Virtual size: 500KB

.rdata
Size: 109KB - Virtual size: 108KB

.data
Size: 5KB - Virtual size: 73KB

.pdata
Size: 16KB - Virtual size: 16KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

.reloc
Size: 2KB - Virtual size: 2KB