DETERMINEDlearningsystem[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

DETERMINEDlearningsystem.exe
Size

9.4MB
MD5

db8aadac3b3b3cd3a0aed73381564795
SHA1

e5f0b8c7f44eabc2b6909897585939035acdb05d
SHA256

70d91cfcabb6a72fe8bef22398984a9afeca66f300bcb632bbc43e076b811a5c
SHA512

8ebffd6037d621cf2cf3c05f5b3ea3fd885289cde133af21e82230f24cff56830f0179450a1db4a05ad3e2d837e308c33332d99c6067bd0f305b3d13fcc149c2
SSDEEP

196608:ulAlMmSaMxIpkvhv8Y7ThBGGJsv6tWKFdu9Cc/5:ZqNvImvP4GJsv6tWKFdu9CM

Score

1^/10

Malware Config

Signatures

Files

DETERMINEDlearningsystem.exe
.exe windows x86

d7556972964a11c700bbe7a4b17757c9

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:9d:ee:da:91:5c:89:a8:3d:71:d4:69:1d:fd:b1:03
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

01/12/2021, 00:00

Not After

23/11/2022, 23:59

Subject

SERIALNUMBER=51752093,CN=Data Protection Services s. r. o.,O=Data Protection Services s. r. o.,L=Bratislava,C=SK,1.3.6.1.4.1.311.60.2.1.3=#1302534b,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f1:cf:fb:49:ef:41:a1:0e:f7:7e:9d:56:8b:44:a3:56:f6:19:46:b3:d1:99:43:ba:1d:11:5a:19:ee:b0:77:22
Signer

Actual PE Digest

f1:cf:fb:49:ef:41:a1:0e:f7:7e:9d:56:8b:44:a3:56:f6:19:46:b3:d1:99:43:ba:1d:11:5a:19:ee:b0:77:22

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

uxtheme

SetWindowTheme
IsAppThemed
GetThemeEnumValue
IsThemeBackgroundPartiallyTransparent
GetThemeBool
GetThemePartSize
GetThemeTransitionDuration
GetThemeBackgroundRegion
OpenThemeData
ord47
GetCurrentThemeName
CloseThemeData
IsThemeActive
GetThemeInt
GetThemePropertyOrigin
GetThemeColor
GetThemeMargins

dwmapi

DwmEnableBlurBehindWindow
DwmIsCompositionEnabled

gdi32

DeleteDC
CreateCompatibleBitmap
AddFontMemResourceEx
GetDIBits
SetTextAlign
GetOutlineTextMetricsW
GetStockObject
SetGraphicsMode
GetObjectW
GetDeviceCaps
BitBlt
RemoveFontMemResourceEx
DeleteObject
OffsetRgn
GetBitmapBits
SetWorldTransform
GetCharABCWidthsI
CreateDIBSection
SetTextColor
EnumFontFamiliesExW
SelectObject
CreateBitmap
GetCharABCWidthsW
CreateRectRgn
SetBkMode
GdiFlush
CombineRgn
ExtTextOutW
CreateCompatibleDC
CreateFontIndirectW
GetFontData
CreateDCW
GetRegionData
GetTextExtentPoint32W
RemoveFontResourceExW
GetTextMetricsW
GetGlyphOutlineW
AddFontResourceExW
SelectClipRgn
GetTextFaceW
GetCharABCWidthsFloatW

oleaut32

SysAllocString
SafeArrayCreateVector
SafeArrayPutElement

imm32

ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow
ImmGetCompositionStringW
ImmNotifyIME
ImmSetCandidateWindow
ImmAssociateContext
ImmGetVirtualKey
ImmGetDefaultIMEWnd
ImmAssociateContextEx
ImmGetOpenStatus

netapi32

NetApiBufferFree
NetShareEnum

userenv

GetUserProfileDirectoryW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

ws2_32

ioctlsocket
sendto
recvfrom
WSACloseEvent
WSAIoctl
listen
htonl
accept
select
__WSAFDIsSet
freeaddrinfo
WSASetLastError
socket
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
bind
recv
WSAGetLastError
closesocket
WSAWaitForMultipleEvents
WSACreateEvent
getaddrinfo
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
send
gethostname
WSAStartup
WSACleanup
WSAAsyncSelect

kernel32

VirtualQuery
RtlUnwind
GetSystemDirectoryW
GetVolumeInformationW
GetLongPathNameW
RemoveDirectoryW
GetProcAddress
LoadLibraryExW
ReleaseMutex
IsDebuggerPresent
CompareStringW
GetUserGeoID
GetFileAttributesExW
InitializeSListHead
HeapAlloc
CreateFileMappingW
SetThreadPriority
GetTickCount64
GetCPInfo
CreateProcessW
GetDriveTypeW
DuplicateHandle
IsProcessorFeaturePresent
SwitchToThread
HeapReAlloc
CloseHandle
EnumSystemLocalesW
GetCurrentProcess
GetExitCodeProcess
GetFileSizeEx
ReadConsoleW
GetSystemTime
ReadFile
GetDateFormatW
CreateMutexW
FreeLibrary
FindFirstFileW
FindFirstFileExA
GetFileType
GetProcessHeap
GetFileInformationByHandleEx
GetModuleHandleW
ResetEvent
InitializeCriticalSectionAndSpinCount
GetOEMCP
FormatMessageW
FreeLibraryAndExitThread
GetTickCount
GetModuleFileNameA
Sleep
GetUserPreferredUILanguages
VerSetConditionMask
VerifyVersionInfoW
GetModuleFileNameW
GetTimeFormatW
TlsSetValue
DeviceIoControl
QueryPerformanceCounter
UnmapViewOfFile
CreateFileW
RegisterWaitForSingleObject
GetModuleHandleA
SetStdHandle
SetEnvironmentVariableW
EncodePointer
InitializeCriticalSectionEx
GetCurrentThread
ResumeThread
FindNextFileA
GetStringTypeW
GetCurrencyFormatW
TlsFree
FindFirstChangeNotificationW
VirtualFree
GetLogicalDrives
RaiseException
SetEnvironmentVariableA
GetEnvironmentVariableA
QueryPerformanceFrequency
WaitForSingleObjectEx
GetTimeZoneInformation
CreateDirectoryW
SetEvent
ExitThread
SetFileAttributesW
WriteFile
GetCurrentDirectoryW
CheckRemoteDebuggerPresent
IsValidLocale
MapViewOfFile
LoadLibraryA
SetFilePointerEx
CreateSemaphoreW
ExitProcess
SetLastError
GetLastError
FindClose
GetCommandLineW
VirtualAlloc
MoveFileW
TlsAlloc
LeaveCriticalSection
GetConsoleMode
GetSystemTimeAsFileTime
GetFileInformationByHandle
CreateEventW
GetUserDefaultLangID
CreateThread
MultiByteToWideChar
GetLocalTime
GetCurrentProcessId
DeleteFileW
SetErrorMode
TlsGetValue
OutputDebugStringW
ReleaseSemaphore
DeleteCriticalSection
GetStartupInfoW
InitializeCriticalSection
GetStdHandle
WTSGetActiveConsoleSessionId
GetConsoleWindow
OpenProcess
FindNextFileW
SystemTimeToTzSpecificLocalTime
DecodePointer
lstrcmpW
FindCloseChangeNotification
LCMapStringW
GetThreadPriority
GetACP
GetSystemInfo
GetFullPathNameW
GetEnvironmentStringsW
MoveFileExW
TerminateProcess
CompareStringEx
TerminateThread
IsValidCodePage
EnterCriticalSection
SleepEx
GetFileSize
GetVolumePathNamesForVolumeNameW
GetLocaleInfoW
FindNextChangeNotification
GetUserDefaultLCID
FileTimeToSystemTime
SetEndOfFile
HeapSize
GetCurrentThreadId
OpenFileMappingW
LocalFree
SetUnhandledExceptionFilter
WideCharToMultiByte
WaitForSingleObject
TzSpecificLocalTimeToSystemTime
WaitForMultipleObjects
PeekNamedPipe
SetFileTime
FreeEnvironmentStringsW
GlobalUnlock
GetTempPathW
SystemTimeToFileTime
GetGeoInfoW
GlobalAlloc
UnregisterWaitEx
GetModuleHandleExW
UnhandledExceptionFilter
WriteConsoleW
FlushFileBuffers
GetConsoleCP
CopyFileW
GlobalLock
LoadLibraryW
HeapFree
GetCommandLineA
FindFirstFileExW
GetFileAttributesW
ExpandEnvironmentStringsW
GlobalSize

user32

TrackPopupMenuEx
CreateMenu
RegisterClipboardFormatW
ToAscii
GetSysColor
ReleaseDC
RemoveMenu
SetLayeredWindowAttributes
MonitorFromPoint
ToUnicode
SetWindowTextW
FlashWindowEx
SetWindowLongW
AdjustWindowRectEx
SetForegroundWindow
UpdateLayeredWindowIndirect
GetForegroundWindow
EndPaint
GetCaretBlinkTime
SetFocus
GetUpdateRect
MessageBeep
MessageBoxW
DefWindowProcW
GetKeyState
CreatePopupMenu
GetSystemMenu
GetCapture
EnumDisplayDevicesW
SetWindowsHookExW
GetAsyncKeyState
RegisterClassExW
PeekMessageW
DestroyCaret
GetKeyboardLayout
TranslateMessage
GetSysColorBrush
FindWindowA
WindowFromPoint
IsTouchWindow
GetMonitorInfoW
SetParent
ChangeClipboardChain
GetParent
ReleaseCapture
IsZoomed
DestroyWindow
LoadImageW
AttachThreadInput
HideCaret
DestroyIcon
GetWindowTextW
ShowCaret
GetWindowThreadProcessId
DrawIconEx
EnumDisplayMonitors
IsWindow
SetClipboardViewer
ClientToScreen
IsWindowEnabled
ShowWindow
SetCapture
EnableMenuItem
SendMessageA
RegisterWindowMessageW
ScreenToClient
UnhookWindowsHookEx
GetCursor
CallNextHookEx
SystemParametersInfoW
BeginPaint
IsIconic
GetTouchInputInfo
SendMessageW
SetCaretPos
GetMenu
CreateWindowExW
TrackMouseEvent
DestroyMenu
RegisterDeviceNotificationW
PostMessageW
GetClientRect
GetMessageExtraInfo
DrawMenuBar
DispatchMessageW
RegisterClassW
TrackPopupMenu
InvalidateRect
GetWindow
CreateIconIndirect
GetIconInfo
CreateCaret
GetAncestor
LoadIconW
MsgWaitForMultipleObjectsEx
ModifyMenuW
CharNextExA
ChildWindowFromPointEx
SetCursorPos
GetDC
SetWindowPos
SetCursor
GetWindowLongW
GetCursorPos
GetClassInfoW
MapVirtualKeyW
UnregisterTouchWindow
InsertMenuW
RealGetWindowClassW
DestroyCursor
AppendMenuW
GetQueueStatus
GetClipboardFormatNameW
CreateCursor
SetWindowPlacement
GetSystemMetrics
UpdateLayeredWindow
ChangeWindowMessageFilterEx
IsWindowVisible
UnregisterClassW
SetTimer
SetMenu
GetKeyboardLayoutList
SetWindowRgn
CloseTouchInputHandle
GetCursorInfo
UnregisterDeviceNotification
IsChild
GetDesktopWindow
GetWindowPlacement
GetKeyboardState
GetMenuItemInfoW
RegisterTouchWindow
MoveWindow
SetMenuItemInfoW
GetFocus
MonitorFromWindow
KillTimer
IsHungAppWindow
LoadCursorW
GetDoubleClickTime
GetWindowRect
EnumWindows

shell32

SHGetFileInfoW
SHGetKnownFolderIDList
SHBrowseForFolderW
Shell_NotifyIconGetRect
SHGetMalloc
Shell_NotifyIconW
SHGetPathFromIDListW
SHGetKnownFolderPath
ShellExecuteW
SHCreateItemFromParsingName
SHGetStockIconInfo
ord727
SHCreateItemFromIDList
CommandLineToArgvW

ole32

CoTaskMemFree
OleGetClipboard
OleIsCurrentClipboard
CoCreateInstance
CoLockObjectExternal
OleFlushClipboard
CoCreateGuid
CoInitializeEx
RevokeDragDrop
DoDragDrop
CoGetMalloc
ReleaseStgMedium
StringFromGUID2
RegisterDragDrop
OleInitialize
CoInitialize
OleUninitialize
OleSetClipboard
CoUninitialize

advapi32

RegEnumValueW
RegCreateKeyExW
CryptAcquireContextW
LookupAccountSidW
RegQueryInfoKeyW
BuildTrusteeWithSidW
CryptDestroyKey
DuplicateToken
GetTokenInformation
SystemFunction036
FreeSid
CryptDestroyHash
CryptReleaseContext
CryptImportKey
RegDeleteKeyW
RegEnumKeyExW
CryptHashData
CryptCreateHash
AllocateAndInitializeSid
GetLengthSid
AccessCheck
RegCloseKey
MapGenericMask
RegOpenKeyExW
OpenProcessToken
GetNamedSecurityInfoW
RegSetValueExW
GetEffectiveRightsFromAclW
CryptEncrypt
RegDeleteValueW
RegFlushKey
CryptGetHashParam
CopySid
RegQueryValueExW
CryptGenRandom

winmm

timeSetEvent
timeKillEvent

crypt32

CertCreateCertificateChainEngine
CryptQueryObject
CryptDecodeObjectEx
CertGetNameStringW
PFXImportCertStore
CertFreeCertificateChainEngine
CertEnumCertificatesInStore
CertFreeCertificateContext
CryptStringToBinaryW
CertFreeCertificateChain
CertAddCertificateContextToStore
CertFindCertificateInStore
CertGetCertificateChain
CertCloseStore
CertOpenStore
CertFindExtension

wldap32

ord133
ord79
ord167
ord127
ord27
ord26
ord117
ord301
ord41
ord208
ord73
ord216
ord14
ord46
ord219
ord145
ord147
ord142

Sections

.text
Size: 6.0MB - Virtual size: 6.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 89KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qtmetad
Size: 1024B - Virtual size: 661B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 191KB - Virtual size: 190KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d7556972964a11c700bbe7a4b17757c9

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

09:9d:ee:da:91:5c:89:a8:3d:71:d4:69:1d:fd:b1:03Certificate

Extended Key Usages

Key Usages

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

f1:cf:fb:49:ef:41:a1:0e:f7:7e:9d:56:8b:44:a3:56:f6:19:46:b3:d1:99:43:ba:1d:11:5a:19:ee:b0:77:22Signer

Headers

DLL Characteristics

File Characteristics

Imports

wtsapi32

uxtheme

dwmapi

gdi32

oleaut32

imm32

netapi32

userenv

version

ws2_32

kernel32

user32

shell32

ole32

advapi32

winmm

crypt32

wldap32

Sections

.text Size: 6.0MB - Virtual size: 6.0MB

.rdata Size: 3.0MB - Virtual size: 3.0MB

.data Size: 89KB - Virtual size: 145KB

.qtmetad Size: 1024B - Virtual size: 661B

.rsrc Size: 68KB - Virtual size: 67KB

.reloc Size: 191KB - Virtual size: 190KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

09:9d:ee:da:91:5c:89:a8:3d:71:d4:69:1d:fd:b1:03
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

f1:cf:fb:49:ef:41:a1:0e:f7:7e:9d:56:8b:44:a3:56:f6:19:46:b3:d1:99:43:ba:1d:11:5a:19:ee:b0:77:22
Signer

.text
Size: 6.0MB - Virtual size: 6.0MB

.rdata
Size: 3.0MB - Virtual size: 3.0MB

.data
Size: 89KB - Virtual size: 145KB

.qtmetad
Size: 1024B - Virtual size: 661B

.rsrc
Size: 68KB - Virtual size: 67KB

.reloc
Size: 191KB - Virtual size: 190KB