DesktopSnowOK_x64[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

DesktopSnowOK_x64.exe
Size

297KB
MD5

0fd34687ab00bb48bdce6360ba71c691
SHA1

37895cf2307557c3e275772265811074c9e7984e
SHA256

8f4aa74e5dfeabc46a2826eafc0737cc6ac7cbc8b504b6773f9272d2dea4556a
SHA512

d7ec992f926b2a14d08e8a6a911b12bba87f813d4a14563d07e6a328fa79e880efd5b04351b2edf2f134217609e204428e36960168aa119cb9d3583dfc51414d
SSDEEP

6144:lQRLtsNVeBfN25jYSd+fIEWpdo9ez0rrnq4oanLJ/:iu4BfN2DRKQz0rrnq4V

Score

1^/10

Malware Config

Signatures

Files

DesktopSnowOK_x64.exe
.exe windows x64

e93ca9afc7fea99830f5482b34f16325

Code Sign

5c:ed:a3:96:d8:ca:15:4b:0e:23:f0:c8:8d:ec:f9:0f
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

16/06/2019, 00:00

Not After

15/06/2021, 23:59

Subject

CN=Nenad Hrg,O=Nenad Hrg,POSTALCODE=82024,STREET=Edelweißstr. 104,L=Taufkirchen,ST=Bayern,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

01/08/2030, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6d:24:47:11:10:24:13:54:eb:f1:15:81:93:cd:7c:4c:61:8e:94:4f:a1:f0:b0:32:6c:6b:00:f1:99:5c:e8:73
Signer

Actual PE Digest

6d:24:47:11:10:24:13:54:eb:f1:15:81:93:cd:7c:4c:61:8e:94:4f:a1:f0:b0:32:6c:6b:00:f1:99:5c:e8:73

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Nenad Hrg,O=Nenad Hrg,POSTALCODE=82024,STREET=Edelweißstr. 104,L=Taufkirchen,ST=Bayern,C=DE

15/03/2020, 10:47
Valid: true

Chain 1

CN=Nenad Hrg,O=Nenad Hrg,POSTALCODE=82024,STREET=Edelweißstr. 104,L=Taufkirchen,ST=Bayern,C=DE

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

CreateThread
TerminateThread
GetModuleHandleW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetUserDefaultLangID
GetLastError
CreateMutexW
CreateDirectoryW
CloseHandle
CreateFileW
GetModuleFileNameW
WriteFile
GetTempPathW
lstrcmpW
GetVersionExW
lstrcpynW
GetProcessHeap
SetEndOfFile
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetStdHandle
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
HeapReAlloc
GetCurrentProcessId
GetTickCount
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetConsoleMode
SetThreadPriority
SetFilePointer
GetStartupInfoA
GetFileType
SetHandleCount
InitializeCriticalSectionAndSpinCount
LoadLibraryA
ReadFile
HeapCreate
HeapSetInformation
GetModuleFileNameA
GetStdHandle
HeapSize
FlsAlloc
GetCurrentThreadId
FlsFree
FlsSetValue
FlsGetValue
DecodePointer
EncodePointer
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapFree
GetStartupInfoW
ExitProcess
HeapAlloc
GetSystemTimeAsFileTime
RtlPcToFileHeader
RtlCaptureContext
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
RtlUnwindEx
RtlLookupFunctionEntry
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
QueryPerformanceCounter
FindResourceW
SizeofResource
LoadResource
LockResource
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
Sleep
LoadLibraryW
GetProcAddress
OutputDebugStringW
DebugBreak
lstrlenA
SetLastError
lstrcatW
lstrcpyW
MultiByteToWideChar
WideCharToMultiByte
lstrlenW
GetConsoleCP

user32

TrackPopupMenu
CharNextW
LoadStringW
wsprintfW
wvsprintfW
SetWindowPos
SetWindowLongW
GetWindowLongW
SetRect
GetSystemMetrics
FindWindowExW
GetClassNameW
GetForegroundWindow
ShowWindow
IsWindowVisible
ScreenToClient
GetCursorPos
EqualRect
ReleaseDC
GetDC
CreateDialogParamW
SendMessageW
SendMessageTimeoutW
CopyIcon
GetIconInfo
CreateIconIndirect
DrawAnimatedRects
SystemParametersInfoW
DestroyIcon
EndDialog
GetMenu
LoadBitmapW
GetSysColorBrush
KillTimer
SetWinEventHook
SetActiveWindow
CheckMenuItem
SetTimer
UpdateWindow
SetDlgItemTextW
GetAsyncKeyState
CreatePopupMenu
AppendMenuW
ClientToScreen
CheckDlgButton
GetClientRect
GetWindowRect
RegisterWindowMessageW
GetActiveWindow
MessageBoxW
LoadAcceleratorsW
GetMessageW
IsDialogMessageW
TranslateMessage
DispatchMessageW
LoadIconW
LoadCursorW
RegisterClassExW
GetDlgItem
SetWindowTextW
SetForegroundWindow
DefWindowProcW
LoadImageW
PostMessageW
EnumWindows
PostQuitMessage
CreateWindowExW

gdi32

GetPixel
SetPixel
CreateBitmap
GetObjectW
CreateFontIndirectW
GetTextExtentPointW
CreateCompatibleDC
SelectObject
DeleteDC
CreateDIBSection
DeleteObject
GetStockObject
CreatePatternBrush

comdlg32

GetOpenFileNameW

advapi32

RegSetValueExW
RegQueryValueExW
RegDeleteValueW
RegOpenKeyW
RegCloseKey

shell32

SHAppBarMessage
SHGetSpecialFolderPathW
ShellExecuteW
Shell_NotifyIconW
DragQueryFileW
DragFinish

ole32

CreateStreamOnHGlobal
OleInitialize

oleaut32

SysAllocStringLen

comctl32

InitCommonControlsEx
ord17

gdiplus

GdipSetImageAttributesColorMatrix
GdipGetImageType
GdiplusStartup
GdipCloneImage
GdipDrawImageRectRectI
GdipDrawImageRect
GdipRotateWorldTransform
GdipTranslateWorldTransform
GdipResetWorldTransform
GdipGetImageGraphicsContext
GdipCreateFromHDC
GdipAlloc
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipCreateBitmapFromFile
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipDeleteGraphics
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipFree

Sections

.text
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 618KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 85KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e93ca9afc7fea99830f5482b34f16325

Code Sign

5c:ed:a3:96:d8:ca:15:4b:0e:23:f0:c8:8d:ec:f9:0fCertificate

Extended Key Usages

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

6d:24:47:11:10:24:13:54:eb:f1:15:81:93:cd:7c:4c:61:8e:94:4f:a1:f0:b0:32:6c:6b:00:f1:99:5c:e8:73Signer

Signature Validations

Verification

15/03/2020, 10:47 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

comctl32

gdiplus

Sections

.text Size: 136KB - Virtual size: 136KB

.rdata Size: 32KB - Virtual size: 32KB

.data Size: 26KB - Virtual size: 618KB

.pdata Size: 7KB - Virtual size: 7KB

.rsrc Size: 85KB - Virtual size: 85KB

5c:ed:a3:96:d8:ca:15:4b:0e:23:f0:c8:8d:ec:f9:0f
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

6d:24:47:11:10:24:13:54:eb:f1:15:81:93:cd:7c:4c:61:8e:94:4f:a1:f0:b0:32:6c:6b:00:f1:99:5c:e8:73
Signer

15/03/2020, 10:47
Valid: true

.text
Size: 136KB - Virtual size: 136KB

.rdata
Size: 32KB - Virtual size: 32KB

.data
Size: 26KB - Virtual size: 618KB

.pdata
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 85KB - Virtual size: 85KB