21c4e6f18bac47exeexeexeex[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

21c4e6f18bac47exeexeexeex.exe
Size

4.1MB
MD5

21c4e6f18bac47f12717d187f1ffc0a8
SHA1

7db8f9d584fef2d119fb70b6c04e19412895d285
SHA256

991b65bcac425eeb7e64aa45fcdc2f9facb6ab1c74c34ef150a9ed928bd6bf59
SHA512

6d3cf2a649b12a387405a4fe6a45cabce4970346bf9666f5608723066b6dea60f2636389138d90a83e8836f6eea7616ed199610cd442d4582051e1403b45b28b
SSDEEP

98304:ssyVkBs4MEeWtFHfpX14UpB3mzif6hNFLOAkGkzdnEVomFHKnPq:u74MIQzif6/FLOyomFHKnPq

Score

1^/10

Malware Config

Signatures

Files

21c4e6f18bac47exeexeexeex.exe
.exe windows x86

0d285905c2ced7ff159ff78df68d405c

Code Sign

69:37:56:d7:92:3d:cc:dc:b4:17:fb:ec:3e:b6:be:e9
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

09/04/2018, 00:00

Not After

21/04/2019, 23:59

Subject

CN=Canon Inc.,OU=Inkjet System Development Center,O=Canon Inc.,L=Kawasaki-shi,ST=Kanagawa,C=JP

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

b9:f3:76:00:61:fd:a8:fc:22:7a:0a:20:d0:e7:14:a7:0b:0a:c5:fd:10:38:09:70:13:d7:00:8e:c2:af:7c:f6
Signer

Actual PE Digest

b9:f3:76:00:61:fd:a8:fc:22:7a:0a:20:d0:e7:14:a7:0b:0a:c5:fd:10:38:09:70:13:d7:00:8e:c2:af:7c:f6

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

sucmlib

ord68
ord84
ord69
ord41
ord83
_DELETE_ISM_MAKEPDF_PAGE_PARAM@4
_NEW_ISM_MAKEPDF_PARAM@4
_NEW_ISM_MAKEPDF_PAGE_PARAM@4
_DELETE_ISM_MAKEPDF_PARAM@4
_NEW_EncryptPassword@4
_DELETE_EncryptPassword@4

kernel32

HeapQueryInformation
SetStdHandle
GetFileType
GetStdHandle
GetStartupInfoW
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
CreateSemaphoreW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetStringTypeW
WaitForSingleObjectEx
SignalObjectAndWait
SwitchToThread
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
CreateTimerQueue
VirtualFree
OutputDebugStringW
GetThreadTimes
FreeLibraryAndExitThread
ReleaseSemaphore
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
GetTimeZoneInformation
GetDateFormatW
VirtualQuery
LCMapStringW
IsValidLocale
EnumSystemLocalesW
GetConsoleCP
GetConsoleMode
ReadConsoleW
SetFilePointerEx
WriteConsoleW
SetEnvironmentVariableA
HeapReAlloc
HeapAlloc
HeapFree
GetProcessHeap
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
RaiseException
GetLastError
HeapSize
EnterCriticalSection
DecodePointer
DeleteCriticalSection
FindResourceW
LoadResource
CreateDirectoryW
SizeofResource
GetModuleHandleExW
GetModuleFileNameW
CreateFileW
LockResource
CloseHandle
GetFileSize
CopyFileW
DeleteFileW
SetFileAttributesW
GlobalSize
GlobalLock
GlobalUnlock
FreeLibrary
LoadLibraryW
GetProcAddress
WaitForSingleObject
InterlockedIncrement
InterlockedDecrement
Sleep
ExpandEnvironmentStringsW
CreateMutexW
GetTempPathW
ReleaseMutex
CreateProcessW
GetLongPathNameW
MoveFileW
GetExitCodeThread
GetCommandLineW
ExitProcess
ExitThread
CreateThread
VirtualAlloc
GetSystemInfo
SetErrorMode
FindResourceExW
GetWindowsDirectoryW
LocalFileTimeToFileTime
GetFileSizeEx
GetFileAttributesExW
FileTimeToLocalFileTime
GetStringTypeExW
lstrcmpiW
GetCurrentProcess
DuplicateHandle
WriteFile
UnlockFile
SetEndOfFile
ReadFile
LockFile
GetVolumeInformationW
GetShortPathNameW
FlushFileBuffers
VirtualProtect
SetFilePointer
SearchPathW
GetProfileIntW
GetTickCount
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
CompareStringW
GlobalFlags
LocalReAlloc
LocalAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSection
GetThreadLocale
FileTimeToSystemTime
GetUserDefaultLCID
SystemTimeToFileTime
ReplaceFileW
SetFileTime
GetFullPathNameW
GetFileTime
GetDiskFreeSpaceW
RtlUnwind
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
GetFileAttributesW
IsDebuggerPresent
MultiByteToWideChar
GetCurrentDirectoryW
SetCurrentDirectoryW
GetPrivateProfileStringW
CompareStringA
lstrcmpA
GetCurrentThread
VerifyVersionInfoW
VerSetConditionMask
lstrcpyW
ResumeThread
SuspendThread
SetThreadPriority
CreateEventW
SetEvent
GlobalGetAtomNameW
GetCurrentProcessId
GlobalFindAtomW
GlobalAddAtomW
LoadLibraryA
lstrcmpW
GlobalDeleteAtom
LoadLibraryExW
GetModuleHandleW
GetModuleHandleA
FreeResource
GetSystemDirectoryW
GetCurrentThreadId
EncodePointer
OutputDebugStringA
FormatMessageW
GlobalFree
GlobalAlloc
MulDiv
SetLastError
WideCharToMultiByte
LocalFree
GetDiskFreeSpaceExW
FindNextFileW
FindClose
InterlockedExchange
GetPrivateProfileIntW
WritePrivateProfileStringW
GetVersionExW
QueryPerformanceCounter
FindFirstFileW
GetTempFileNameW
GetTimeFormatW

user32

InvertRect
HideCaret
GetWindowRgn
MapVirtualKeyExW
IsCharLowerW
GetNextDlgGroupItem
SubtractRect
GetComboBoxInfo
GetUpdateRect
GetDoubleClickTime
CopyAcceleratorTableW
CreateAcceleratorTableW
GetKeyboardState
GetKeyboardLayout
ToUnicodeEx
EmptyClipboard
SetClipboardData
RealChildWindowFromPoint
WaitMessage
PostThreadMessageW
ShowOwnedPopups
PostQuitMessage
CharUpperBuffW
SetMenuDefaultItem
GetMenuDefaultItem
FrameRect
LockWindowUpdate
CopyIcon
GetMenuItemInfoW
DestroyAcceleratorTable
GetIconInfo
CopyImage
MonitorFromPoint
UnionRect
EnableScrollBar
UpdateLayeredWindow
IsMenu
MapVirtualKeyW
GetKeyNameTextW
SendDlgItemMessageA
EndDialog
CreateDialogIndirectParamW
RegisterClipboardFormatW
GetNextDlgTabItem
EnumDisplayMonitors
SetLayeredWindowAttributes
SetClassLongW
DrawFocusRect
GetSysColorBrush
DrawStateW
DrawFrameControl
DrawEdge
NotifyWinEvent
WindowFromPoint
MessageBeep
DeleteMenu
GetSystemMenu
CharUpperW
DrawIcon
KillTimer
SetTimer
TranslateMDISysAccel
DefMDIChildProcW
DefFrameProcW
DrawMenuBar
SetParent
SetWindowRgn
IsZoomed
GetMessageW
DestroyCursor
LoadCursorW
InflateRect
SetCursorPos
ReuseDDElParam
UnpackDDElParam
LoadImageW
DestroyIcon
GetDesktopWindow
SetCursor
InsertMenuItemW
DestroyMenu
CreatePopupMenu
LoadMenuW
TranslateAcceleratorW
LoadAcceleratorsW
GetActiveWindow
BringWindowToTop
LoadBitmapW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
GetMonitorInfoW
MonitorFromWindow
WinHelpW
GetScrollInfo
SetScrollInfo
CallNextHookEx
SetWindowsHookExW
GetLastActivePopup
GetClassLongW
PtInRect
EqualRect
MapWindowPoints
MessageBoxW
AdjustWindowRectEx
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
RedrawWindow
ValidateRect
GetForegroundWindow
SetActiveWindow
TrackPopupMenu
SetMenu
GetMenu
GetCapture
GetKeyState
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
DestroyWindow
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
DefWindowProcW
GetMessageTime
GetMessagePos
RegisterWindowMessageW
IsDialogMessageW
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
SetFocus
GetDlgCtrlID
IsDlgButtonChecked
CheckDlgButton
SetDlgItemTextW
GetDlgItem
SetWindowPos
MoveWindow
RemoveMenu
InsertMenuW
GetMenuItemCount
GetMenuItemID
GetSubMenu
GetMenuState
GetMenuStringW
GetSysColor
EndPaint
BeginPaint
GetWindowDC
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
wsprintfW
ReleaseDC
ScreenToClient
SetCapture
TrackMouseEvent
SetRectEmpty
GetAsyncKeyState
GetCursorPos
ReleaseCapture
CopyRect
IsRectEmpty
ClientToScreen
IsIconic
IsWindowEnabled
EnumWindows
ShowWindow
UpdateWindow
GetTopWindow
SetForegroundWindow
WaitForInputIdle
CreateMenu
ModifyMenuW
TranslateMessage
AppendMenuW
SystemParametersInfoW
GetWindowThreadProcessId
GetWindow
DispatchMessageW
GetDC
PeekMessageW
FillRect
DrawIconEx
LoadIconW
OffsetRect
IsChild
GetFocus
GetParent
CloseClipboard
RemovePropW
IsClipboardFormatAvailable
SetPropW
GetClipboardData
SetWindowLongW
IsWindow
OpenClipboard
EnableWindow
GetPropW
CallWindowProcW
IntersectRect
InvalidateRect
GetSystemMetrics
IsWindowVisible
PostMessageW
GetWindowRect
MapDialogRect
UnregisterClassW
GetClientRect
SetRect
GetWindowLongW
GetClassNameW
EnumChildWindows
SendMessageW
UnhookWindowsHookEx

gdi32

SetTextColor
SetTextAlign
MoveToEx
TextOutW
ExtTextOutW
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CopyMetaFileW
CreateDCW
PatBlt
CreateEllipticRgn
Ellipse
DPtoLP
LPtoDP
CreateRoundRectRgn
CombineRgn
CreateRectRgnIndirect
GetBkColor
GetTextColor
GetTextExtentPoint32W
CreatePolygonRgn
Polygon
Polyline
SetStretchBltMode
CreateFontIndirectW
EnumFontFamiliesW
GetTextCharsetInfo
GetTextMetricsW
SetRectRgn
RealizePalette
SetPixel
GetRgnBox
OffsetRgn
Rectangle
CreatePalette
GetPaletteEntries
ExtFloodFill
SetPaletteEntries
GetWindowOrgEx
GetViewportOrgEx
SetLayout
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
RoundRect
GetNearestPaletteIndex
GetSystemPaletteEntries
EnumFontFamiliesExW
GetTextFaceW
SetPixelV
SetROP2
SetPolyFillMode
DeleteDC
CreateCompatibleBitmap
CreateCompatibleDC
SetBrushOrgEx
StretchBlt
BitBlt
SetDIBits
SelectObject
DeleteObject
GetDIBits
GetDeviceCaps
CreateDIBitmap
CreateSolidBrush
SetMapMode
SetBkMode
SetBkColor
SelectPalette
ExtSelectClipRgn
SelectClipRgn
SaveDC
RestoreDC
RectVisible
PtVisible
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetStockObject
GetPixel
GetObjectType
GetClipBox
ExcludeClipRect
Escape
CreateRectRgn
CreatePatternBrush
CreateHatchBrush
CreateDIBSection
SetDIBColorTable
GetObjectW
CreateBitmap
CreateFontW
PlgBlt
CreatePen
GetLayout

msimg32

TransparentBlt
AlphaBlend

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

advapi32

RegEnumKeyExW
SetFileSecurityW
GetFileSecurityW
RegQueryValueW
RegEnumKeyW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegSetValueW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
RegEnumValueW

shell32

SHGetSpecialFolderPathW
CommandLineToArgvW
ord190
SHCreateDirectoryExW
SHFileOperationW
SHBrowseForFolderW
SHOpenFolderAndSelectItems
ShellExecuteW
SHGetPathFromIDListW
ord155
DragQueryFileW
DragFinish
SHAppBarMessage
SHGetFileInfoW
SHAddToRecentDocs
ExtractIconW
SHGetMalloc
SHGetSpecialFolderLocation
SHGetDesktopFolder

shlwapi

PathIsDirectoryW
PathFindExtensionW
PathFindFileNameW
PathRemoveFileSpecW
PathFileExistsW
PathAppendW
PathRemoveExtensionW
PathSetDlgItemPathW
PathIsUNCW
AssocQueryStringW
PathGetCharTypeW
PathCombineW
PathRemoveBackslashW
PathStripToRootW
StrFormatKBSizeW

uxtheme

GetCurrentThemeName
GetWindowTheme
GetThemeSysColor
GetThemePartSize
ord47
OpenThemeData
SetWindowTheme
DrawThemeBackground
CloseThemeData
GetThemeColor
IsThemeBackgroundPartiallyTransparent
DrawThemeText
DrawThemeParentBackground
IsAppThemed

ole32

CoDisconnectObject
CoInitialize
CoCreateGuid
ReleaseStgMedium
OleDuplicateData
OleCreateMenuDescriptor
CoTaskMemAlloc
StringFromCLSID
CoTaskMemFree
CoCreateInstance
CoInitializeEx
CoUninitialize
DoDragDrop
CreateStreamOnHGlobal
OleGetClipboard
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
OleLockRunning

oleaut32

LoadTypeLi
VarBstrFromDate
VariantCopy
SysStringLen
SysAllocString
VariantChangeType
VariantClear
VariantInit
SysAllocStringLen
SysFreeString
SystemTimeToVariantTime
VariantTimeToSystemTime

gdiplus

GdipCreateBitmapFromStream
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateBitmapFromHBITMAP
GdipGetImageWidth
GdipCloneImage
GdipBitmapLockBits
GdipGetImagePaletteSize
GdipCreateBitmapFromFile
GdipDisposeImage
GdipDrawImageI
GdipBitmapUnlockBits
GdipGetImageGraphicsContext
GdipCreateBitmapFromScan0
GdipGetImagePixelFormat
GdipGetImagePalette
GdipGetImageHeight
GdiplusStartup
GdipDrawRectangleI
GdipCreatePen1
GdipFillRectangleI
GdipCreateFromHDC
GdipGetDC
GdipAlloc
GdipCreateSolidFill
GdipDeleteGraphics
GdipDeletePen
GdipFree
GdipDeleteBrush
GdiplusShutdown

oleacc

CreateStdAccessibleObject
AccessibleObjectFromWindow
LresultFromObject

imm32

ImmGetConversionStatus
ImmAssociateContext
ImmSetOpenStatus
ImmSetConversionStatus
ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

winmm

PlaySoundW

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 380KB - Virtual size: 380KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0d285905c2ced7ff159ff78df68d405c

Code Sign

69:37:56:d7:92:3d:cc:dc:b4:17:fb:ec:3e:b6:be:e9Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

b9:f3:76:00:61:fd:a8:fc:22:7a:0a:20:d0:e7:14:a7:0b:0a:c5:fd:10:38:09:70:13:d7:00:8e:c2:af:7c:f6Signer

Headers

DLL Characteristics

File Characteristics

Imports

sucmlib

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

shlwapi

uxtheme

ole32

oleaut32

gdiplus

oleacc

imm32

winmm

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 380KB - Virtual size: 380KB

.data Size: 30KB - Virtual size: 70KB

.rsrc Size: 2.0MB - Virtual size: 2.0MB

69:37:56:d7:92:3d:cc:dc:b4:17:fb:ec:3e:b6:be:e9
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

b9:f3:76:00:61:fd:a8:fc:22:7a:0a:20:d0:e7:14:a7:0b:0a:c5:fd:10:38:09:70:13:d7:00:8e:c2:af:7c:f6
Signer

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 380KB - Virtual size: 380KB

.data
Size: 30KB - Virtual size: 70KB

.rsrc
Size: 2.0MB - Virtual size: 2.0MB