EmailPasswordRecoveryPro[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

EmailPasswordRecoveryPro.exe
Size

5.0MB
MD5

14821952e543111c091678b0bb24ff8d
SHA1

de65500d2d285b59f81f374d8da2dc230ba035d3
SHA256

daee3c68cb81c83f2ffff7d894124ada7c71fd471899885ca6170d34985dad4d
SHA512

84a6939a3c2fbae79ff9c2826dbde1aced344d3cae16efc7bb7402f4b9ddb809c0b32b786283164810ef020e333d32abfa70ae1a9d8db9ca33469407f86c9acf
SSDEEP

98304:67SMKvxAOvz8/Mk7wyvmMeRKTVsGgmqngJvDWOqCc2rpLDY23le:jvxvz5kfEKBTvDWOq4P3Q

Score

1^/10

Malware Config

Signatures

Files

EmailPasswordRecoveryPro.exe
.exe windows x86

2ef440274a0ae919eee65192ca38d80d

Code Sign

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/03/2019, 00:00

Not After

31/12/2028, 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2d:88:e7:0f:c2:35:00:ba:74:a8:06:a9:58:8f:3c:6b
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/01/2021, 00:00

Not After

12/01/2024, 23:59

Subject

CN=Xenarmor Global Security Solutions Private Limited,O=Xenarmor Global Security Solutions Private Limited,POSTALCODE=560087,STREET=Balagere Road+STREET=No 201 A Block Vaishno Silverbells Apartment,L=Varthur,ST=Karnataka,C=IN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a4:31:7e:84:62:fd:7a:40:c7:62:b8:a0:5a:fa:6e:46:1f:ab:7f:ff:6e:ab:94:9f:fc:23:26:a8:f3:01:ca:47
Signer

Actual PE Digest

a4:31:7e:84:62:fd:7a:40:c7:62:b8:a0:5a:fa:6e:46:1f:ab:7f:ff:6e:ab:94:9f:fc:23:26:a8:f3:01:ca:47

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

IsValidCodePage
FindFirstFileExA
GetTimeZoneInformation
LCMapStringW
CompareStringW
ReadConsoleW
SetFilePointerEx
GetStringTypeW
GetConsoleMode
FreeEnvironmentStringsW
GetStdHandle
SetStdHandle
HeapQueryInformation
GetCommandLineW
VirtualQuery
VirtualAlloc
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
InterlockedPushEntrySList
RtlUnwind
QueryPerformanceFrequency
GetEnvironmentStringsW
SetEnvironmentVariableA
WriteConsoleW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateEventW
ResetEvent
GetTempFileNameA
GetProfileIntA
SearchPathA
SystemTimeToTzSpecificLocalTime
GetFileTime
GetFileSizeEx
SetErrorMode
FindResourceExW
VerifyVersionInfoA
VerSetConditionMask
lstrcpyA
GetACP
GetVolumeInformationA
lstrcmpiA
GetThreadLocale
FileTimeToSystemTime
GetCPInfo
GetOEMCP
VirtualProtect
GlobalFlags
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
LocalReAlloc
LocalAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
lstrcmpA
ResumeThread
SuspendThread
SetThreadPriority
CreateEventA
SetEvent
MulDiv
GlobalFree
GlobalSize
CompareStringA
GlobalGetAtomNameA
GlobalFindAtomA
GlobalAddAtomA
lstrcmpW
GlobalDeleteAtom
LoadLibraryExW
GetModuleHandleW
GetModuleFileNameW
FreeResource
GetSystemDirectoryW
SetLastError
EncodePointer
DosDateTimeToFileTime
CreateDirectoryA
GetFileType
DuplicateHandle
GetCurrentDirectoryA
SetFileTime
FlushFileBuffers
QueryPerformanceCounter
CreateFileMappingW
FormatMessageA
GetSystemTimeAsFileTime
GetCurrentProcessId
LockFileEx
UnlockFile
HeapCompact
LoadLibraryW
GetSystemInfo
DeleteFileW
WaitForSingleObjectEx
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetDiskFreeSpaceA
FormatMessageW
HeapValidate
GetVersionExW
GetCurrentThreadId
GetFileAttributesW
CreateFileW
CreateMutexW
GetTempPathW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
InitializeCriticalSection
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
InterlockedCompareExchange
WriteFile
GetFullPathNameW
HeapCreate
TryEnterCriticalSection
ReadFile
AreFileApisANSI
SetDllDirectoryA
GetSystemTime
SystemTimeToFileTime
FileTimeToLocalFileTime
GetFileAttributesExA
GetTickCount
MapViewOfFile
WideCharToMultiByte
ExitProcess
GetFileSize
LocalFree
CreateFileMappingA
GetLocalTime
FindResourceW
DeleteFileA
CreateFileA
CopyFileA
GetTempPathA
Sleep
GetCommandLineA
UnmapViewOfFile
WaitForSingleObject
FindClose
FindNextFileA
FindFirstFileA
SizeofResource
GetModuleFileNameA
FreeLibrary
lstrcpynA
LoadLibraryA
MultiByteToWideChar
GlobalUnlock
CreateProcessA
GlobalLock
GetProcAddress
LoadResource
GetWindowsDirectoryA
CloseHandle
GlobalAlloc
LockResource
GetVersionExA
GetCurrentThread
GetFileAttributesA
GetSystemWindowsDirectoryA
GetModuleHandleA
FindResourceA
ExpandEnvironmentStringsA
GetDriveTypeA
GetCurrentProcess
GetLogicalDrives
GetProcessHeap
DeleteCriticalSection
HeapDestroy
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
GetLastError
HeapSize
LeaveCriticalSection
HeapFree
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
GetConsoleCP

user32

GetSysColorBrush
CopyImage
IntersectRect
SystemParametersInfoA
GetMenuItemInfoA
DestroyMenu
GetSystemMetrics
MapDialogRect
SetWindowContextHelpId
GetDesktopWindow
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamA
GetWindowThreadProcessId
ShowOwnedPopups
PostQuitMessage
TranslateMessage
GetMessageA
SetMenuItemInfoA
GetMenuCheckMarkDimensions
EnableMenuItem
CheckMenuItem
FillRect
GetWindowDC
TabbedTextOutA
GrayStringA
DrawTextExA
DrawTextA
RemoveMenu
InsertMenuA
GetMenuState
GetMenuStringA
MapVirtualKeyA
GetKeyNameTextA
IsDialogMessageA
SetWindowTextA
IsWindowEnabled
SendDlgItemMessageA
CheckDlgButton
MoveWindow
ShowWindow
GetMonitorInfoA
MonitorFromWindow
WinHelpA
GetScrollInfo
SetScrollInfo
CallNextHookEx
SetWindowsHookExA
GetWindow
GetLastActivePopup
GetTopWindow
GetClassNameA
GetClassLongA
EqualRect
CopyRect
MapWindowPoints
ScreenToClient
MessageBoxA
AdjustWindowRectEx
GetWindowTextLengthA
GetWindowTextA
RemovePropA
GetPropA
SetPropA
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
ValidateRect
EndPaint
BeginPaint
SetForegroundWindow
GetForegroundWindow
SetActiveWindow
GetAsyncKeyState
DeleteMenu
SetTimer
GetDoubleClickTime
IsClipboardFormatAvailable
GetUpdateRect
DrawMenuBar
UnregisterClassA
TrackPopupMenu
GetMenuItemCount
GetMenuItemID
SetMenu
GetMenu
GetKeyState
GetFocus
SetFocus
GetDlgCtrlID
GetDlgItem
IsIconic
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
SetWindowPos
DestroyWindow
IsChild
IsMenu
IsWindow
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
CallWindowProcA
DefWindowProcA
GetMessageTime
GetMessagePos
PeekMessageA
DispatchMessageA
RegisterWindowMessageA
UnhookWindowsHookEx
InflateRect
PostMessageA
KillTimer
WaitMessage
LoadCursorW
CharUpperA
CharNextA
CopyAcceleratorTableA
InvalidateRgn
SetRect
IsRectEmpty
MessageBeep
TrackMouseEvent
LoadImageW
SetLayeredWindowAttributes
EnumDisplayMonitors
IsZoomed
SetWindowRgn
GetIconInfo
WindowFromPoint
OffsetRect
GetCapture
DestroyIcon
NotifyWinEvent
CreatePopupMenu
GetMenuDefaultItem
SetMenuDefaultItem
UpdateLayeredWindow
EnableScrollBar
UnionRect
RealChildWindowFromPoint
SetClipboardData
GetSysColor
EmptyClipboard
CloseClipboard
OpenClipboard
EnableWindow
SendMessageA
LoadImageA
GetCursorPos
ReleaseDC
InvalidateRect
UpdateWindow
GetClientRect
AppendMenuA
LoadIconA
LoadIconW
LoadBitmapW
RegisterHotKey
GetActiveWindow
GetSubMenu
SetMenuItemBitmaps
IsWindowVisible
GetDC
GetWindowRect
LoadMenuW
UnregisterHotKey
GetSystemMenu
ReleaseCapture
PtInRect
GetParent
SetCursor
SetCapture
MapVirtualKeyExA
SetWindowLongA
RedrawWindow
LoadCursorA
DrawStateA
DrawEdge
GetNextDlgGroupItem
SetRectEmpty
DefFrameProcA
DefMDIChildProcA
TranslateMDISysAccel
SubtractRect
GetWindowLongA
ClientToScreen
CreateMenu
DestroyCursor
GetWindowRgn
IsCharLowerA
GetComboBoxInfo
PostThreadMessageA
ModifyMenuA
CharUpperBuffA
LockWindowUpdate
DestroyAcceleratorTable
CreateAcceleratorTableA
LoadAcceleratorsW
ToAsciiEx
GetKeyboardState
GetKeyboardLayout
DrawIcon
FrameRect
CopyIcon
SetCursorPos
DrawFrameControl
SetParent
SetClassLongA
InvertRect
HideCaret
DrawIconEx
DrawFocusRect
RegisterClipboardFormatA
ReuseDDElParam
UnpackDDElParam
InsertMenuItemA
LoadMenuA
TranslateAcceleratorA
LoadAcceleratorsA
BringWindowToTop
MonitorFromPoint

gdi32

SelectClipRgn
ExtSelectClipRgn
SelectPalette
SetBkMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetTextAlign
MoveToEx
TextOutA
ExtTextOutA
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
GetTextExtentPoint32A
CombineRgn
GetMapMode
SetRectRgn
DPtoLP
GetTextMetricsA
GetBkColor
GetTextColor
GetRgnBox
CreateDIBitmap
SaveDC
GetTextCharsetInfo
CreateRoundRectRgn
CreateDIBSection
EnumFontFamiliesExA
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
RealizePalette
SetPixel
SetDIBColorTable
CreateEllipticRgn
Ellipse
CreatePolygonRgn
Polygon
Polyline
LPtoDP
OffsetRgn
Rectangle
RoundRect
ExtFloodFill
SetPaletteEntries
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
GetWindowOrgEx
GetViewportOrgEx
SetPixelV
GetTextFaceA
RestoreDC
RectVisible
PtVisible
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetPixel
GetObjectType
GetClipBox
ExcludeClipRect
Escape
CreateSolidBrush
CreateRectRgn
CreatePatternBrush
CreatePen
CreateHatchBrush
CreateBitmap
GetDeviceCaps
CreateDCA
CopyMetaFileA
PatBlt
CreateRectRgnIndirect
SetTextColor
SetBkColor
SelectObject
SetDIBitsToDevice
SetStretchBltMode
CreateFontIndirectA
BitBlt
CreateCompatibleBitmap
CreateFontA
CreateCompatibleDC
StretchBlt
GetObjectA
DeleteObject
EnumFontFamiliesA
GetStockObject
DeleteDC

msimg32

AlphaBlend
TransparentBlt

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

CryptReleaseContext
OpenThreadToken
CryptGetHashParam
CryptImportKey
CryptSetKeyParam
RegOpenKeyExA
OpenProcessToken
RegQueryValueA
RegEnumKeyA
RegSetValueExA
RegDeleteKeyA
RegCreateKeyExA
CredEnumerateA
CredFree
RegEnumValueA
RegDeleteValueA
RegEnumKeyExA
CryptDestroyKey
AdjustTokenPrivileges
CryptAcquireContextA
RegCloseKey
RegQueryValueExA
CryptEncrypt
LookupPrivilegeValueA
CryptDecrypt
CryptCreateHash
CryptHashData
LookupAccountSidA
CryptDestroyHash
GetTokenInformation

shell32

SHGetFileInfoA
ShellExecuteA
SHGetFolderPathA
DragAcceptFiles
SHAppBarMessage
SHGetDesktopFolder
SHGetSpecialFolderLocation
DragQueryFileA
DragFinish
SHGetPathFromIDListA
SHBrowseForFolderA

comctl32

ImageList_ReplaceIcon
_TrackMouseEvent
InitCommonControlsEx
ImageList_Draw

shlwapi

PathFindExtensionA
PathFindFileNameA
PathRemoveExtensionA
PathRemoveFileSpecW
PathIsUNCA
PathStripToRootA
StrFormatKBSizeA

uxtheme

IsAppThemed
DrawThemeText
DrawThemeParentBackground
OpenThemeData
CloseThemeData
DrawThemeBackground
GetThemeColor
GetCurrentThemeName
IsThemeBackgroundPartiallyTransparent
GetThemeSysColor
GetWindowTheme
GetThemePartSize

ole32

OleGetClipboard
CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
OleLockRunning
CoRegisterMessageFilter
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
CoDisconnectObject
OleTranslateAccelerator
IsAccelerator
DoDragDrop
OleIsCurrentClipboard
OleFlushClipboard
CreateStreamOnHGlobal
OleUninitialize
OleInitialize
CoFreeUnusedLibraries
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoGetClassObject
CoInitializeEx
CLSIDFromProgID
CoCreateGuid
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc
CLSIDFromString
CoCreateInstance
CoUninitialize
CoInitialize
CoRevokeClassObject

oleaut32

GetErrorInfo
SysAllocStringLen
SysAllocString
OleCreateFontIndirect
LoadTypeLi
VarBstrFromDate
VariantCopy
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
SysStringLen
SysAllocStringByteLen
SysFreeString
VariantChangeType
VariantClear
VariantInit

oledlg

ord8

gdiplus

GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipDrawImageRectI
GdipCreateFromHDC
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipSetInterpolationMode
GdiplusShutdown
GdipAlloc
GdipFree
GdiplusStartup
GdipCloneImage
GdipDisposeImage
GdipCreateBitmapFromHBITMAP

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

userenv

ExpandEnvironmentStringsForUserA

crypt32

CryptUnprotectData

rpcrt4

UuidFromStringA

oleacc

CreateStdAccessibleObject
AccessibleObjectFromWindow
LresultFromObject

imm32

ImmReleaseContext
ImmGetOpenStatus
ImmGetContext

winmm

PlaySoundA

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 464KB - Virtual size: 464KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 93KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2ef440274a0ae919eee65192ca38d80d

Code Sign

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95Certificate

Key Usages

2d:88:e7:0f:c2:35:00:ba:74:a8:06:a9:58:8f:3c:6bCertificate

Extended Key Usages

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

a4:31:7e:84:62:fd:7a:40:c7:62:b8:a0:5a:fa:6e:46:1f:ab:7f:ff:6e:ab:94:9f:fc:23:26:a8:f3:01:ca:47Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

oledlg

gdiplus

version

userenv

crypt32

rpcrt4

oleacc

imm32

winmm

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.rdata Size: 464KB - Virtual size: 464KB

.data Size: 93KB - Virtual size: 130KB

.rsrc Size: 2.3MB - Virtual size: 2.3MB

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

2d:88:e7:0f:c2:35:00:ba:74:a8:06:a9:58:8f:3c:6b
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

a4:31:7e:84:62:fd:7a:40:c7:62:b8:a0:5a:fa:6e:46:1f:ab:7f:ff:6e:ab:94:9f:fc:23:26:a8:f3:01:ca:47
Signer

.text
Size: 2.2MB - Virtual size: 2.2MB

.rdata
Size: 464KB - Virtual size: 464KB

.data
Size: 93KB - Virtual size: 130KB

.rsrc
Size: 2.3MB - Virtual size: 2.3MB