a21772b5d5a38f86eaf8fb04e1a7039c0e47ed4ffb30b92acbdfc3b55947aac2

Sharing

Copy URL Twitter E-mail

General

Target

a21772b5d5a38f86eaf8fb04e1a7039c0e47ed4ffb30b92acbdfc3b55947aac2
Size

1.6MB
MD5

fbf08c1da78a7113a4863f28341f7bd8
SHA1

1f838a3ab085d916313a32458a3e3b1b0bf076e8
SHA256

a21772b5d5a38f86eaf8fb04e1a7039c0e47ed4ffb30b92acbdfc3b55947aac2
SHA512

c235d23fec52fe1b2f7fc5e1176fc3c325f39a2d7715156971220bb4c156685c5234c19bfb34aeb546a55edaca94fa6738eb0caeeb9021708fc95c0797cd772d
SSDEEP

24576:k/fDEcYAs0oULoV2MgCuQa+QlZHEtiHgY0BYXa:k/fDInABzCuuiHgYk6a

Score

1^/10

Malware Config

Signatures

Files

a21772b5d5a38f86eaf8fb04e1a7039c0e47ed4ffb30b92acbdfc3b55947aac2
.exe windows x64

da4d531f58e46bcfc21fe01d85ee3d7a

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

13:22:2a:5d:cc:f7:16:df:5a:f9:c8:70:84:41:2d:d9
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

13/05/2013, 00:00

Not After

11/07/2016, 23:59

Subject

CN=Realtek Semiconductor Corp,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Realtek Semiconductor Corp,L=Hsinchu,ST=Taiwan,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:2d:4e:7a:ec:99:b0:f0:5f:73:00:00:00:00:00:2d
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/01/2016, 19:41

Not After

06/04/2017, 19:41

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/04/2012, 23:48

Not After

18/04/2027, 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

44:3c:7d:f7:79:34:24:48:74:fa:a1:d3:bc:fc:eb:5f:d6:38:e0:1b:be:fc:94:7a:d4:b1:e0:ff:15:45:fb:6a
Signer

Actual PE Digest

44:3c:7d:f7:79:34:24:48:74:fa:a1:d3:bc:fc:eb:5f:d6:38:e0:1b:be:fc:94:7a:d4:b1:e0:ff:15:45:fb:6a

Digest Algorithm

sha256

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows Hardware Compatibility Publisher,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

21/03/2023, 12:34
Valid: false

0a:bb:ff:12:c5:f0:93:59:b9:58:c3:ef:fa:d4:89:d8:aa:cd:7c:c5
Signer

Actual PE Digest

0a:bb:ff:12:c5:f0:93:59:b9:58:c3:ef:fa:d4:89:d8:aa:cd:7c:c5

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Realtek Semiconductor Corp,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Realtek Semiconductor Corp,L=Hsinchu,ST=Taiwan,C=TW

27/05/2016, 06:32
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

wtsapi32

WTSRegisterSessionNotification
WTSUnRegisterSessionNotification

propsys

PropVariantToString
PropVariantCompareEx
PropVariantToUInt32

setupapi

SetupDiGetClassDevsW
SetupDiGetDeviceInstanceIdW
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyW
SetupDiEnumDeviceInfo

version

GetFileVersionInfoW
GetFileVersionInfoSizeW

kernel32

CompareStringA
GetLocaleInfoW
EnumResourceLanguagesW
GetVersion
ConvertDefaultLocale
GetCurrentThread
FileTimeToSystemTime
TlsGetValue
TlsAlloc
GlobalReAlloc
GlobalHandle
TlsSetValue
LocalReAlloc
TlsFree
GlobalFlags
SetErrorMode
FileTimeToLocalFileTime
GetFileTime
GetTickCount
HeapAlloc
GetStartupInfoW
HeapReAlloc
VirtualProtect
VirtualAlloc
VirtualQuery
RtlLookupFunctionEntry
RtlUnwindEx
RtlPcToFileHeader
ExitThread
SuspendThread
HeapSize
SetUnhandledExceptionFilter
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
FlsGetValue
FlsSetValue
FlsFree
FlsAlloc
HeapSetInformation
HeapCreate
QueryPerformanceCounter
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
GetTimeZoneInformation
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
CreateFileA
SetEnvironmentVariableA
SetThreadPriority
GetCurrentProcessId
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
FreeResource
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
lstrcmpW
GetModuleHandleW
GetVersionExA
GetModuleFileNameW
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetThreadLocale
lstrcmpA
FormatMessageW
MulDiv
SetLastError
RaiseException
LoadLibraryA
GetProcessHeap
HeapFree
lstrlenA
LocalAlloc
LocalFree
GetFileAttributesW
GetFirmwareEnvironmentVariableA
CreateMutexW
GetExitCodeThread
ResumeThread
DuplicateHandle
Sleep
DeleteCriticalSection
InitializeCriticalSection
MultiByteToWideChar
OutputDebugStringW
FreeLibrary
LoadLibraryW
FindResourceExW
GetSystemInfo
GetUserDefaultUILanguage
GlobalAlloc
GlobalFree
GlobalUnlock
GlobalLock
WaitForMultipleObjects
SetEvent
CreateThread
CreateEventW
QueryFullProcessImageNameW
CreateFileW
GetLastError
lstrlenW
GetVersionExW
CreateProcessW
DeviceIoControl
GetSystemDirectoryW
GetSystemDirectoryA
WideCharToMultiByte
WaitForSingleObject
GetCurrentProcess
OpenProcess
GetModuleHandleA
GetProcAddress
CloseHandle
LeaveCriticalSection
LockResource
GetCurrentThreadId
EnterCriticalSection
SizeofResource
LoadResource
FindResourceW
ExitProcess

user32

IsRectEmpty
InvalidateRgn
SetCapture
ReleaseCapture
GetNextDlgGroupItem
MessageBeep
RegisterClipboardFormatW
PostThreadMessageW
ValidateRect
MoveWindow
SetWindowTextW
IsDialogMessageW
IsWindowEnabled
SendDlgItemMessageA
SendDlgItemMessageW
WinHelpW
IsChild
GetCapture
GetClassNameW
GetClassLongPtrW
SetPropW
GetPropW
UnregisterClassA
GetFocus
IsWindow
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetLastActivePopup
SetActiveWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetWindowLongPtrW
SetWindowLongPtrW
GetMessageTime
GetMessagePos
MapWindowPoints
GetKeyState
CopyAcceleratorTableW
GetMenu
MessageBoxW
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
CreateDialogIndirectParamW
PtInRect
DefWindowProcW
CallWindowProcW
SetWindowLongW
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
ScreenToClient
GrayStringW
DrawTextExW
TabbedTextOutW
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
LoadIconW
IsWindowVisible
DispatchMessageW
PostQuitMessage
SendInput
MapVirtualKeyW
TranslateMessage
PeekMessageW
ChangeWindowMessageFilter
UnregisterDeviceNotification
RegisterDeviceNotificationW
EnumDisplaySettingsW
CallNextHookEx
KillTimer
SetTimer
RegisterWindowMessageW
FindWindowExW
CharUpperW
SetWindowPos
RedrawWindow
GetSysColorBrush
DrawTextW
EnableWindow
SendMessageW
DrawFocusRect
CharNextW
UnregisterClassW
DestroyMenu
InflateRect
SetRect
LoadCursorW
SetWindowContextHelpId
MapDialogRect
SetCursor
CopyRect
GetDesktopWindow
GetWindow
SystemParametersInfoW
GetSysColor
GetClientRect
GetParent
UnregisterPowerSettingNotification
RegisterPowerSettingNotification
GetWindowRect
EnumThreadWindows
InvalidateRect
SetForegroundWindow
UnhookWindowsHookEx
GetForegroundWindow
SetWindowsHookExW
GetWindowThreadProcessId
UpdateWindow
ShowWindow
GetWindowLongW
PostMessageW
GetNextDlgTabItem
EndDialog
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
CheckMenuItem
EnableMenuItem
GetMessageW
GetActiveWindow
EqualRect
GetCursorPos
GetDlgCtrlID
RemovePropW

gdi32

Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
CreateBitmap
ExtTextOutW
RectVisible
CreateRectRgnIndirect
GetBkColor
GetTextColor
GetRgnBox
TextOutW
SaveDC
GetDeviceCaps
GetStockObject
GetViewportExtEx
GetWindowExtEx
GetObjectW
SetDIBColorTable
GetMapMode
CreateCompatibleBitmap
DeleteObject
CreateDIBSection
CreateFontW
BitBlt
CreateCompatibleDC
DeleteDC
SelectObject
GetClipBox
SetMapMode
SetTextColor
SetBkMode
SetBkColor
RestoreDC
PtVisible

msimg32

AlphaBlend

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

AdjustTokenPrivileges
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegDeleteValueW
RegOpenKeyW
RegCloseKey
LookupPrivilegeValueW
OpenProcessToken
RegNotifyChangeKeyValue
RegSetValueExW
RegQueryValueExW
RegCreateKeyExW
RegOpenKeyExW

shell32

SHGetKnownFolderPath
SHGetFolderPathW

comctl32

InitCommonControlsEx

shlwapi

PathIsUNCW
PathFindExtensionW
PathStripToRootW
PathFindFileNameW

oledlg

OleUIBusyW

ole32

CoInitializeSecurity
CoUninitialize
CoTaskMemAlloc
StringFromGUID2
CoSetProxyBlanket
CoTaskMemFree
CLSIDFromString
CoCreateInstance
PropVariantClear
CreateStreamOnHGlobal
CoInitialize
CoFreeUnusedLibrariesEx
FreePropVariantArray
PropVariantCopy
CLSIDFromProgID
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
OleInitialize
CoInitializeEx
CoFreeUnusedLibraries

oleaut32

VariantInit
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
SysStringLen
OleCreateFontIndirect
VariantChangeType
GetErrorInfo
VariantCopy
SysFreeString
SysAllocString
SysAllocStringLen
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayPutElement
SafeArrayCreateVector
VariantClear

gdiplus

GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipCloneImage
GdipDrawImageI
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdiplusStartup
GdipFree
GdiplusShutdown
GdipAlloc
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipGetImageWidth
GdipDisposeImage
GdipGetImageHeight

Sections

.text
Size: 703KB - Virtual size: 702KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 221KB - Virtual size: 220KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 25KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 408KB - Virtual size: 408KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Snow
Size: 238KB - Virtual size: 240KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

da4d531f58e46bcfc21fe01d85ee3d7a

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

13:22:2a:5d:cc:f7:16:df:5a:f9:c8:70:84:41:2d:d9Certificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

33:00:00:00:2d:4e:7a:ec:99:b0:f0:5f:73:00:00:00:00:00:2dCertificate

Extended Key Usages

61:0b:aa:c1:00:00:00:00:00:09Certificate

Key Usages

44:3c:7d:f7:79:34:24:48:74:fa:a1:d3:bc:fc:eb:5f:d6:38:e0:1b:be:fc:94:7a:d4:b1:e0:ff:15:45:fb:6aSigner

Signature Validations

Verification

21/03/2023, 12:34 Valid: false

0a:bb:ff:12:c5:f0:93:59:b9:58:c3:ef:fa:d4:89:d8:aa:cd:7c:c5Signer

Signature Validations

Verification

27/05/2016, 06:32 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

wtsapi32

propsys

setupapi

version

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

gdiplus

Sections

.text Size: 703KB - Virtual size: 702KB

.rdata Size: 221KB - Virtual size: 220KB

.data Size: 25KB - Virtual size: 54KB

.pdata Size: 45KB - Virtual size: 45KB

.rsrc Size: 408KB - Virtual size: 408KB

.Snow Size: 238KB - Virtual size: 240KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

13:22:2a:5d:cc:f7:16:df:5a:f9:c8:70:84:41:2d:d9
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

33:00:00:00:2d:4e:7a:ec:99:b0:f0:5f:73:00:00:00:00:00:2d
Certificate

61:0b:aa:c1:00:00:00:00:00:09
Certificate

44:3c:7d:f7:79:34:24:48:74:fa:a1:d3:bc:fc:eb:5f:d6:38:e0:1b:be:fc:94:7a:d4:b1:e0:ff:15:45:fb:6a
Signer

21/03/2023, 12:34
Valid: false

0a:bb:ff:12:c5:f0:93:59:b9:58:c3:ef:fa:d4:89:d8:aa:cd:7c:c5
Signer

27/05/2016, 06:32
Valid: false

.text
Size: 703KB - Virtual size: 702KB

.rdata
Size: 221KB - Virtual size: 220KB

.data
Size: 25KB - Virtual size: 54KB

.pdata
Size: 45KB - Virtual size: 45KB

.rsrc
Size: 408KB - Virtual size: 408KB

.Snow
Size: 238KB - Virtual size: 240KB