17feda467e263f218588ecb09d9b555066b217c4c47d5f7efa8453e15d2dafd5

Sharing

Copy URL Twitter E-mail

General

Target

17feda467e263f218588ecb09d9b555066b217c4c47d5f7efa8453e15d2dafd5
Size

6.8MB
MD5

04eaeaf80f291e9de8bb10ab76ada419
SHA1

5ea4d954c9d701f54cca62b40b6b92b2bc91ef03
SHA256

17feda467e263f218588ecb09d9b555066b217c4c47d5f7efa8453e15d2dafd5
SHA512

32236b6f0e947b03da48a77cfef3eadbf609e6133f1fc041519695122aa20b4a8b44ee0a52dc92b0feecc0d7c1f81c8f7030396b42f78e471a8242dcc3392c7b
SSDEEP

196608:6+4v7nQP1MSybcvzS/ysSeqA+4ksAKZfi:6+4vDI1M10OUeV+Kw

Score

10^/10

upx

Malware Config

Signatures

Nirsoft 6 IoCs

resource	yara_rule
static1/unpack002/out.upx	Nirsoft
static1/unpack001/2_AltTab.exe	Nirsoft
static1/unpack001/7.Последние папки.exe	Nirsoft
static1/unpack001/last activity view/LastActivityView.exe	Nirsoft
static1/unpack001/проверка USB/USBDeview/USBDeview.exe	Nirsoft
static1/unpack001/проверка USB/USBDeview/USBDeview_x64.exe	Nirsoft

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/1) Инжекты DLL.exe	upx
static1/unpack001/RustChecker.exe	upx

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/1) Инжекты DLL.exe
unpack002/out.upx
unpack001/7.Последние папки.exe
unpack001/RustChecker.exe

Files

17feda467e263f218588ecb09d9b555066b217c4c47d5f7efa8453e15d2dafd5
.rar
1) Инжекты DLL.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 26KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
2_AltTab.cfg
2_AltTab.exe
.exe windows x86

d0faef4f30a486dd1300a7acd0c85b75

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1a:f0:66:0e:83:7a:35:a2:cd:92:ec:61:3f:c1:5d:b8
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/09/2014, 00:00

Not After

12/09/2019, 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

bd:1b:1e:45:0b:bd:d5:df:88:67:8e:7d:da:22:3d:17
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

30/03/2016, 00:00

Not After

30/06/2019, 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

2c:74:00:47:85:71:32:fd:9e:ae:4c:83:8f:76:fa:2e:82:8b:31:16:a5:3d:04:66:db:d1:63:42:11:69:aa:c0
Signer

Actual PE Digest

2c:74:00:47:85:71:32:fd:9e:ae:4c:83:8f:76:fa:2e:82:8b:31:16:a5:3d:04:66:db:d1:63:42:11:69:aa:c0

Digest Algorithm

sha256

PE Digest Matches

true

8e:c6:6f:fc:4a:a1:e5:fe:44:cc:2e:f8:cf:c3:7a:51:fe:7e:cd:4f
Signer

Actual PE Digest

8e:c6:6f:fc:4a:a1:e5:fe:44:cc:2e:f8:cf:c3:7a:51:fe:7e:cd:4f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
_cexit
_XcptFilter
__p__fmode
_c_exit
_onexit
__dllonexit
strlen
qsort
_wcslwr
_itow
wcstoul
wcsrchr
malloc
__set_app_type
_controlfp
_except_handler3
_exit
_wcsicmp
wcscmp
wcschr
free
modf
_memicmp
memcmp
??2@YAPAXI@Z
??3@YAXPAX@Z
memcpy
wcslen
_wtoi
_purecall
wcscpy
memset
wcscat
_snwprintf
wcsncat

comctl32

ImageList_Add
ImageList_Create
ord17
ImageList_AddMasked
ImageList_SetImageCount
CreateStatusWindowW
CreateToolbarEx

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

kernel32

ReadProcessMemory
GetCurrentProcess
ExitProcess
GetCurrentProcessId
OpenProcess
EnumResourceTypesW
GetTickCount
GetModuleHandleA
GetStartupInfoW
LoadResource
SetErrorMode
DeleteFileW
GetStdHandle
GetPrivateProfileStringW
FileTimeToSystemTime
SystemTimeToFileTime
CompareFileTime
LoadLibraryW
GetProcAddress
FreeLibrary
GetModuleHandleW
MultiByteToWideChar
lstrlenW
lstrcpyW
GlobalAlloc
SystemTimeToTzSpecificLocalTime
GlobalUnlock
LoadLibraryExW
WideCharToMultiByte
GetTempPathW
GetLastError
GetLocaleInfoW
FindNextFileW
SizeofResource
GlobalLock
GetDateFormatW
GetTempFileNameW
FormatMessageW
FindClose
GetVersionExW
GetFileSize
FindFirstFileW
GetTimeFormatW
CloseHandle
GetFileAttributesW
GetWindowsDirectoryW
FileTimeToLocalFileTime
ReadFile
WriteFile
GetModuleFileNameW
GetNumberFormatW
CreateFileW
LockResource
LocalFree
FindResourceW
WritePrivateProfileStringW
GetPrivateProfileIntW
EnumResourceNamesW

user32

GetMessageW
PostQuitMessage
TrackPopupMenu
RegisterWindowMessageW
KillTimer
DispatchMessageW
SetCursor
LoadCursorW
GetSysColorBrush
ShowWindow
DrawTextExW
DeferWindowPos
GetClientRect
CreateWindowExW
SendDlgItemMessageW
EndDialog
GetWindow
SetWindowLongW
GetDlgItem
GetWindowRect
DrawFrameControl
GetDlgItemInt
SetWindowTextW
InvalidateRect
UpdateWindow
SendMessageW
SetWindowPlacement
SetDlgItemTextW
GetDlgItemTextW
EndPaint
GetWindowPlacement
SetDlgItemInt
GetSystemMetrics
BeginPaint
SetMenu
LoadAcceleratorsW
PostMessageW
DefWindowProcW
TranslateAcceleratorW
RegisterClassW
MessageBoxW
LoadImageW
GetWindowLongW
GetSysColor
EndDeferWindowPos
BeginDeferWindowPos
SetFocus
GetSubMenu
GetDC
EmptyClipboard
EnableMenuItem
ReleaseDC
GetClassNameW
OpenClipboard
MoveWindow
GetMenuStringW
GetMenuItemCount
CheckMenuItem
CloseClipboard
GetCursorPos
GetParent
SetClipboardData
EnableWindow
MapWindowPoints
GetMenu
LoadMenuW
ModifyMenuW
GetMenuItemInfoW
GetDlgCtrlID
DestroyMenu
DialogBoxParamW
CreateDialogParamW
EnumChildWindows
LoadStringW
DestroyWindow
SetWindowPos
GetDesktopWindow
GetWindowTextW
LoadIconW
DestroyIcon
SetTimer
IsDialogMessageW
TranslateMessage
ChildWindowFromPoint

gdi32

GetStockObject
GetTextExtentPoint32W
SetBkColor
GetDeviceCaps
GetObjectW
GetPixel
DeleteDC
SetPixel
SelectObject
CreateCompatibleDC
SetTextColor
CreateFontIndirectW
SetBkMode
DeleteObject

comdlg32

FindTextW
GetSaveFileNameW

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey

shell32

SHGetMalloc
SHBrowseForFolderW
SHGetFileInfoW
ShellExecuteW
SHGetPathFromIDListW

ole32

CoUninitialize
CoInitialize
StgOpenStorageEx

Sections

.text
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
6. Последние запушенные файлы.cfg
7.Последние папки.cfg
7.Последние папки.exe
.exe windows x86

d0faef4f30a486dd1300a7acd0c85b75

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
_cexit
_XcptFilter
__p__fmode
_c_exit
_onexit
__dllonexit
strlen
qsort
_wcslwr
_itow
wcstoul
wcsrchr
malloc
__set_app_type
_controlfp
_except_handler3
_exit
_wcsicmp
wcscmp
wcschr
free
modf
_memicmp
memcmp
??2@YAPAXI@Z
??3@YAXPAX@Z
memcpy
wcslen
_wtoi
_purecall
wcscpy
memset
wcscat
_snwprintf
wcsncat

comctl32

ImageList_Add
ImageList_Create
ord17
ImageList_AddMasked
ImageList_SetImageCount
CreateStatusWindowW
CreateToolbarEx

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

kernel32

ReadProcessMemory
GetCurrentProcess
ExitProcess
GetCurrentProcessId
OpenProcess
EnumResourceTypesW
GetTickCount
GetModuleHandleA
GetStartupInfoW
LoadResource
SetErrorMode
DeleteFileW
GetStdHandle
GetPrivateProfileStringW
FileTimeToSystemTime
SystemTimeToFileTime
CompareFileTime
LoadLibraryW
GetProcAddress
FreeLibrary
GetModuleHandleW
MultiByteToWideChar
lstrlenW
lstrcpyW
GlobalAlloc
SystemTimeToTzSpecificLocalTime
GlobalUnlock
LoadLibraryExW
WideCharToMultiByte
GetTempPathW
GetLastError
GetLocaleInfoW
FindNextFileW
SizeofResource
GlobalLock
GetDateFormatW
GetTempFileNameW
FormatMessageW
FindClose
GetVersionExW
GetFileSize
FindFirstFileW
GetTimeFormatW
CloseHandle
GetFileAttributesW
GetWindowsDirectoryW
FileTimeToLocalFileTime
ReadFile
WriteFile
GetModuleFileNameW
GetNumberFormatW
CreateFileW
LockResource
LocalFree
FindResourceW
WritePrivateProfileStringW
GetPrivateProfileIntW
EnumResourceNamesW

user32

GetMessageW
PostQuitMessage
TrackPopupMenu
RegisterWindowMessageW
KillTimer
DispatchMessageW
SetCursor
LoadCursorW
GetSysColorBrush
ShowWindow
DrawTextExW
DeferWindowPos
GetClientRect
CreateWindowExW
SendDlgItemMessageW
EndDialog
GetWindow
SetWindowLongW
GetDlgItem
GetWindowRect
DrawFrameControl
GetDlgItemInt
SetWindowTextW
InvalidateRect
UpdateWindow
SendMessageW
SetWindowPlacement
SetDlgItemTextW
GetDlgItemTextW
EndPaint
GetWindowPlacement
SetDlgItemInt
GetSystemMetrics
BeginPaint
SetMenu
LoadAcceleratorsW
PostMessageW
DefWindowProcW
TranslateAcceleratorW
RegisterClassW
MessageBoxW
LoadImageW
GetWindowLongW
GetSysColor
EndDeferWindowPos
BeginDeferWindowPos
SetFocus
GetSubMenu
GetDC
EmptyClipboard
EnableMenuItem
ReleaseDC
GetClassNameW
OpenClipboard
MoveWindow
GetMenuStringW
GetMenuItemCount
CheckMenuItem
CloseClipboard
GetCursorPos
GetParent
SetClipboardData
EnableWindow
MapWindowPoints
GetMenu
LoadMenuW
ModifyMenuW
GetMenuItemInfoW
GetDlgCtrlID
DestroyMenu
DialogBoxParamW
CreateDialogParamW
EnumChildWindows
LoadStringW
DestroyWindow
SetWindowPos
GetDesktopWindow
GetWindowTextW
LoadIconW
DestroyIcon
SetTimer
IsDialogMessageW
TranslateMessage
ChildWindowFromPoint

gdi32

GetStockObject
GetTextExtentPoint32W
SetBkColor
GetDeviceCaps
GetObjectW
GetPixel
DeleteDC
SetPixel
SelectObject
CreateCompatibleDC
SetTextColor
CreateFontIndirectW
SetBkMode
DeleteObject

comdlg32

FindTextW
GetSaveFileNameW

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey

shell32

SHGetMalloc
SHBrowseForFolderW
SHGetFileInfoW
ShellExecuteW
SHGetPathFromIDListW

ole32

CoUninitialize
CoInitialize
StgOpenStorageEx

Sections

.text
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 149KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
CHECKING_FOR_CHEATS_by_BOOM.cmd
Process Hacker 2.lnk
.lnk
RustChecker.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 4.5MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 111KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
everything/Everything-1.4.1.1015.x86-Setup.exe
.exe windows x86

61259b55b8912888e90f516ca08dc514

Code Sign

0e:ae:3b:a4:9c:f8:c1:7c:12:57:cd:df:59:7d:a8:47
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

16/11/2020, 00:00

Not After

17/03/2022, 23:59

Subject

CN=voidtools,O=voidtools,L=Wilmington,ST=South Australia,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

55:09:ec:10:ce:be:26:7e:da:0f:58:6a:e2:94:de:d9:d9:36:84:eb:8e:73:fb:ab:b4:05:37:94:f7:2f:83:71
Signer

Actual PE Digest

55:09:ec:10:ce:be:26:7e:da:0f:58:6a:e2:94:de:d9:d9:36:84:eb:8e:73:fb:ab:b4:05:37:94:f7:2f:83:71

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExW
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetFileSecurityW
RegOpenKeyExW
RegEnumValueW

shell32

SHGetSpecialFolderLocation
SHFileOperationW
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteExW
SHGetFileInfoW

ole32

OleInitialize
OleUninitialize
CoCreateInstance
IIDFromString
CoTaskMemFree

comctl32

ord17
ImageList_Create
ImageList_Destroy
ImageList_AddMasked

user32

GetClientRect
EndPaint
DrawTextW
IsWindowEnabled
DispatchMessageW
wsprintfA
CharNextA
CharPrevW
MessageBoxIndirectW
GetDlgItemTextW
SetDlgItemTextW
GetSystemMetrics
FillRect
AppendMenuW
TrackPopupMenu
OpenClipboard
SetClipboardData
CloseClipboard
IsWindowVisible
CallWindowProcW
GetMessagePos
CheckDlgButton
LoadCursorW
SetCursor
GetSysColor
SetWindowPos
GetWindowLongW
PeekMessageW
SetClassLongW
GetSystemMenu
EnableMenuItem
GetWindowRect
ScreenToClient
EndDialog
RegisterClassW
SystemParametersInfoW
CreateWindowExW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
FindWindowExW
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
EmptyClipboard
CreatePopupMenu

gdi32

SetBkMode
SetBkColor
GetDeviceCaps
CreateFontIndirectW
CreateBrushIndirect
DeleteObject
SetTextColor
SelectObject

kernel32

GetExitCodeProcess
WaitForSingleObject
GetModuleHandleA
GetProcAddress
GetSystemDirectoryW
lstrcatW
Sleep
lstrcpyA
WriteFile
GetTempFileNameW
lstrcmpiA
RemoveDirectoryW
CreateProcessW
CreateDirectoryW
GetLastError
CreateThread
GlobalLock
GlobalUnlock
GetDiskFreeSpaceW
WideCharToMultiByte
lstrcpynW
lstrlenW
SetErrorMode
GetVersionExW
GetCommandLineW
GetTempPathW
GetWindowsDirectoryW
SetEnvironmentVariableW
CopyFileW
ExitProcess
GetCurrentProcess
GetModuleFileNameW
GetFileSize
CreateFileW
GetTickCount
MulDiv
SetFileAttributesW
GetFileAttributesW
SetCurrentDirectoryW
MoveFileW
GetFullPathNameW
GetShortPathNameW
SearchPathW
CompareFileTime
SetFileTime
CloseHandle
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalFree
GlobalAlloc
GetModuleHandleW
LoadLibraryExW
MoveFileExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrlenA
MultiByteToWideChar
ReadFile
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 136KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
installer.log
last activity view/LastActivityView.cfg
last activity view/LastActivityView.chm
.chm
last activity view/LastActivityView.exe
.exe windows x86

28d54068583ea348b007c0eb72f71f9c

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

27/04/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

Issuer

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

30/05/2020, 10:48

Subject

CN=Sectigo SHA-1 Time Stamping Signer,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

1a:f0:66:0e:83:7a:35:a2:cd:92:ec:61:3f:c1:5d:b8
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/09/2014, 00:00

Not After

12/09/2019, 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:ed:51:36:7d:e2:1c:df:1f:c6:58:22:a8:7d:53:17:ef:07:89:ba
Signer

Actual PE Digest

04:ed:51:36:7d:e2:1c:df:1f:c6:58:22:a8:7d:53:17:ef:07:89:ba

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
__p__fmode
exit
_cexit
_XcptFilter
_exit
_c_exit
_onexit
__dllonexit
calloc
__set_app_type
_controlfp
_except_handler3
_wcmdln
realloc
_msize
_wcslwr
strlen
_purecall
_itow
_wcsnicmp
qsort
free
modf
_memicmp
_wtoi
memcmp
wcstoul
wcsrchr
swscanf
malloc
_ultow
wcscmp
??3@YAXPAX@Z
??2@YAPAXI@Z
memcpy
wcslen
wcscpy
memset
_wcsicmp
wcschr
_snwprintf
wcscat
wcsncat

comctl32

CreateStatusWindowW
CreateToolbarEx
ImageList_SetImageCount
ImageList_Create
ord17
ImageList_Add
ImageList_AddMasked

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

kernel32

GetCurrentProcessId
ExitProcess
GetLogicalDrives
GetLongPathNameW
QueryDosDeviceW
GetVolumeInformationW
OpenProcess
EnumResourceTypesW
GetModuleHandleA
GetStartupInfoW
FreeLibrary
ReadProcessMemory
DeleteFileW
SetErrorMode
CloseHandle
GetFileSize
SystemTimeToFileTime
FileTimeToSystemTime
GetSystemTimeAsFileTime
GetDriveTypeW
CompareFileTime
GetModuleHandleW
LoadLibraryW
GetProcAddress
GetTickCount
GetWindowsDirectoryW
ExpandEnvironmentStringsW
GetLastError
GetCurrentProcess
GetDateFormatW
FindNextFileW
SizeofResource
GetTempFileNameW
GlobalLock
FormatMessageW
FindFirstFileW
GetVersionExW
FindClose
GetTimeFormatW
GetFileAttributesW
FileTimeToLocalFileTime
ReadFile
FindResourceW
WriteFile
GetModuleFileNameW
LocalFree
LoadResource
CreateFileW
TzSpecificLocalTimeToSystemTime
LockResource
SystemTimeToTzSpecificLocalTime
lstrcpyW
MultiByteToWideChar
lstrlenW
LocalFileTimeToFileTime
LoadLibraryExW
GlobalAlloc
GetSystemDirectoryW
GlobalUnlock
WideCharToMultiByte
GetTempPathW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
EnumResourceNamesW
GetStdHandle

user32

ChildWindowFromPoint
LoadCursorW
SetCursor
GetSysColorBrush
ShowWindow
GetDlgItemInt
SetDlgItemInt
DeferWindowPos
CreateWindowExW
BeginPaint
EndPaint
GetWindow
GetClientRect
SendDlgItemMessageW
DrawFrameControl
EndDialog
SetWindowLongW
GetDlgItem
SetWindowTextW
UpdateWindow
SendMessageW
SetDlgItemTextW
InvalidateRect
GetDlgItemTextW
GetWindowRect
GetSystemMetrics
RegisterClassW
PostMessageW
MessageBoxW
TranslateAcceleratorW
SetMenu
SetWindowPos
GetWindowPlacement
LoadAcceleratorsW
DefWindowProcW
LoadImageW
GetSysColor
GetWindowLongW
EndDeferWindowPos
BeginDeferWindowPos
SetFocus
KillTimer
SetTimer
GetParent
MoveWindow
OpenClipboard
CheckMenuItem
GetMenuStringW
GetMenuItemCount
CloseClipboard
CheckMenuRadioItem
SetClipboardData
EnableWindow
GetCursorPos
MapWindowPoints
GetMenu
GetSubMenu
GetDC
EmptyClipboard
EnableMenuItem
ReleaseDC
GetClassNameW
DialogBoxParamW
CreateDialogParamW
EnumChildWindows
DestroyWindow
LoadStringW
GetDesktopWindow
GetWindowTextW
LoadMenuW
ModifyMenuW
GetMenuItemInfoW
GetDlgCtrlID
DestroyMenu
DestroyIcon
LoadIconW
DrawTextExW
GetKeyState
RegisterWindowMessageW
TrackPopupMenu
PostQuitMessage
GetMessageW
DispatchMessageW
IsDialogMessageW
TranslateMessage
CreatePopupMenu
CallWindowProcW

gdi32

CreateFontIndirectW
SetTextColor
DeleteObject
DeleteDC
GetObjectW
SetBkMode
GetStockObject
GetTextExtentPoint32W
SetBkColor
GetDeviceCaps
GetPixel
SetPixel
SelectObject
CreateCompatibleDC

comdlg32

FindTextW
GetSaveFileNameW

advapi32

RegEnumValueW
RegConnectRegistryW
RegOpenKeyExW
RegEnumKeyExW
RegQueryValueExW
RegQueryInfoKeyW
OpenServiceW
OpenSCManagerW
ControlService
StartServiceW
QueryServiceStatus
CloseServiceHandle
RegCloseKey

shell32

SHGetFileInfoW
ShellExecuteW
SHGetPathFromIDListW
SHBindToParent
SHGetDesktopFolder
SHGetMalloc

ole32

CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

VariantTimeToSystemTime
SysFreeString
SysAllocString

Sections

.text
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
processhacker/processhacker-2.39-setup.exe
.exe windows x86

Code Sign

0f:f1:ef:66:bd:62:1c:65:b7:4b:4d:e4:14:25:71:7f
Certificate

Issuer

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2013, 00:00

Not After

04/01/2017, 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2f
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2013, 00:00

Not After

04/01/2017, 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/12/2015, 00:00

Not After

07/01/2025, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

83:33:12:d6:73:40:58:da:f9:36:91:31:58:17:af:f2:3f:e7:11:0a:e3:31:bd:85:7b:43:70:47:90:53:db:12
Signer

Actual PE Digest

83:33:12:d6:73:40:58:da:f9:36:91:31:58:17:af:f2:3f:e7:11:0a:e3:31:bd:85:7b:43:70:47:90:53:db:12

Digest Algorithm

sha256

PE Digest Matches

true

b1:cd:ff:77:4a:7c:de:e6:76:24:73:fd:3c:9a:c6:c7:05:79:d7:d3
Signer

Actual PE Digest

b1:cd:ff:77:4a:7c:de:e6:76:24:73:fd:3c:9a:c6:c7:05:79:d7:d3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 592B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Нужные папки.cmd
Проверка скаченных файлов.cfg
Проверка скаченных файлов.exe
.exe windows x64

a908c85373c8281815c159ab2b1f1b85

Code Sign

f7:a0:a7:30:c8:7d:94:cd:83:02:e3:ea:7f:66:1b:b7
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/09/2019, 00:00

Not After

09/09/2023, 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=7135117,STREET=Dakar 21\, Unit 82,L=Lod,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11/05/2022, 00:00

Not After

10/08/2033, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:03:ab:d6:95:c1:a8:ce:46:ef:15:c1:a5:77:43:2b:29:1b:22:5c:31:85:55:7a:7e:78:0f:37:d2:35:5e:2c
Signer

Actual PE Digest

01:03:ab:d6:95:c1:a8:ce:46:ef:15:c1:a5:77:43:2b:29:1b:22:5c:31:85:55:7a:7e:78:0f:37:d2:35:5e:2c

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

exit
_wcmdln
_beginthreadex
_endthreadex
strftime
_gmtime64
strcmp
_msize
calloc
realloc
_wcslwr
strlen
qsort
_wcsnicmp
memmove
modf
wcschr
memcmp
wcstoul
wcsrchr
wcscmp
_cexit
_exit
_c_exit
_XcptFilter
__C_specific_handler
_onexit
malloc
swscanf
_memicmp
free
_wcsicmp
??2@YAPEAX_K@Z
??3@YAXPEAX@Z
memcpy
_itow
_wtoi
_purecall
wcslen
wcscpy
memset
wcscat
_snwprintf
wcsncat
__wgetmainargs
_initterm
__setusermatherr
_commode
_fmode
__set_app_type
__dllonexit
sprintf
_stricmp
_wcsupr

comctl32

ImageList_Create
ord17
ImageList_Add
ImageList_AddMasked
ImageList_SetImageCount
CreateToolbarEx
CreateStatusWindowW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

kernel32

GetFullPathNameA
LockFile
GetTempPathA
GetFullPathNameW
HeapValidate
UnlockFile
HeapCreate
CreateFileMappingA
GetFileAttributesA
WaitForSingleObject
LeaveCriticalSection
GetSystemTime
WaitForSingleObjectEx
AreFileApisANSI
GetDiskFreeSpaceA
DeleteFileA
CopyFileW
GetStartupInfoW
FlushViewOfFile
HeapDestroy
HeapFree
GetVersionExA
GetDiskFreeSpaceW
FileTimeToSystemTime
SystemTimeToFileTime
GetDriveTypeW
CompareFileTime
GetSystemTimeAsFileTime
GetProcAddress
GetModuleHandleW
LoadLibraryW
GetTickCount
GlobalLock
GlobalAlloc
GlobalUnlock
WideCharToMultiByte
MultiByteToWideChar
GetNumberFormatW
GetDateFormatW
lstrlenW
LockResource
GetTempFileNameW
LocalFree
GetCurrentProcess
lstrcpyW
GetLocaleInfoW
GetFileSize
GetTempPathW
LocalFileTimeToFileTime
SizeofResource
GetLastError
FindFirstFileW
FormatMessageW
SetFilePointer
GetVersionExW
FindNextFileW
GetTimeFormatW
FindClose
GetFileAttributesW
WriteFile
FindResourceW
TzSpecificLocalTimeToSystemTime
ReadFile
LoadResource
GetModuleFileNameW
SystemTimeToTzSpecificLocalTime
CreateFileW
CloseHandle
LoadLibraryExW
GetWindowsDirectoryW
GetSystemDirectoryW
FileTimeToLocalFileTime
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
FreeLibrary
GetPrivateProfileStringW
EnumResourceNamesW
WritePrivateProfileStringW
GetPrivateProfileIntW
GetStdHandle
SetErrorMode
Sleep
CreateProcessW
ResumeThread
CreateThread
ExpandEnvironmentStringsW
GetCurrentDirectoryW
GlobalFree
DeleteFileW
ReadProcessMemory
ExitProcess
GetCurrentProcessId
OpenProcess
EnumResourceTypesW
OutputDebugStringW
HeapReAlloc
CreateFileA
UnlockFileEx
GetSystemInfo
GetProcessHeap
CreateMutexW
FlushFileBuffers
HeapCompact
FormatMessageA
InitializeCriticalSection
GetFileAttributesExW
HeapSize
SetEndOfFile
DeleteCriticalSection
HeapAlloc
GetCurrentThreadId
OutputDebugStringA
LockFileEx
EnterCriticalSection
QueryPerformanceCounter

user32

SetForegroundWindow
CallWindowProcW
GetMonitorInfoW
MonitorFromWindow
GetMessageW
DrawTextExW
GetDC
ReleaseDC
SetCursor
LoadCursorW
GetSysColorBrush
ShowWindow
ChildWindowFromPoint
SetWindowPos
GetWindow
SendDlgItemMessageW
EndDialog
GetDlgItem
DrawFrameControl
SetWindowTextW
UpdateWindow
SendMessageW
InvalidateRect
SetDlgItemTextW
GetWindowRect
GetDlgItemTextW
SetWindowLongPtrW
GetDlgItemInt
GetWindowPlacement
GetSystemMetrics
SetDlgItemInt
EndPaint
DeferWindowPos
BeginPaint
CreateWindowExW
GetClientRect
SetMenu
TranslateAcceleratorW
GetForegroundWindow
LoadAcceleratorsW
DefWindowProcW
RegisterClassW
PostMessageW
MessageBoxW
LoadImageW
DestroyIcon
GetSysColor
SetWindowLongW
GetWindowLongW
EndDeferWindowPos
BeginDeferWindowPos
SetFocus
GetParent
KillTimer
SetTimer
EmptyClipboard
EnableMenuItem
GetClassNameW
OpenClipboard
GetSubMenu
InsertMenuItemW
CheckMenuItem
GetMenuItemCount
SetClipboardData
GetCursorPos
CheckMenuRadioItem
EnableWindow
GetMenuStringW
MapWindowPoints
CloseClipboard
GetMenu
MoveWindow
TranslateMessage
DispatchMessageW
GetMenuItemInfoW
GetDlgCtrlID
DestroyMenu
CreateDialogParamW
DialogBoxParamW
EnumChildWindows
LoadStringW
GetDesktopWindow
DestroyWindow
GetWindowTextW
LoadMenuW
ModifyMenuW
SetMenuItemInfoW
GetKeyState
CreatePopupMenu
LoadIconW
GetFocus
RegisterClipboardFormatW
IsDialogMessageW
InsertMenuW
RemoveMenu
RegisterWindowMessageW
TrackPopupMenu
PostQuitMessage

gdi32

StretchBlt
SetStretchBltMode
CreateCompatibleBitmap
GetObjectW
DeleteDC
GetPixel
SetPixel
SelectObject
CreateCompatibleDC
SetTextColor
CreateFontIndirectW
GetDeviceCaps
SetBkMode
DeleteObject
GetStockObject
SetBkColor
GetTextExtentPoint32W

comdlg32

ChooseFontW
FindTextW
GetSaveFileNameW

advapi32

RegQueryValueExW
RegCloseKey
RegOpenKeyExW
CryptReleaseContext
CryptAcquireContextW
CryptGetHashParam
CryptHashData
CryptDestroyHash
CryptCreateHash

shell32

Shell_NotifyIconW
SHBindToParent
SHGetDesktopFolder
SHGetPathFromIDListW
SHGetMalloc
SHBrowseForFolderW
SHGetFileInfoW
ShellExecuteExW
ShellExecuteW

ole32

OleUninitialize
DoDragDrop
OleInitialize

Sections

.text
Size: 365KB - Virtual size: 364KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Удалённые файлы.exe
.exe windows x86

Code Sign

a3:fb:da:e5:43:2e:e4:4d:42:f2:6c:b2:68:e0:93:19
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

18/11/2020, 00:00

Not After

18/11/2023, 23:59

Subject

CN=Goversoft LLC,O=Goversoft LLC,POSTALCODE=19958,STREET=16192 Coastal Hwy,L=Lewes,ST=Delaware,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/03/2019, 00:00

Not After

31/12/2028, 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

a3:fb:da:e5:43:2e:e4:4d:42:f2:6c:b2:68:e0:93:19
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

18/11/2020, 00:00

Not After

18/11/2023, 23:59

Subject

CN=Goversoft LLC,O=Goversoft LLC,POSTALCODE=19958,STREET=16192 Coastal Hwy,L=Lewes,ST=Delaware,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/03/2019, 00:00

Not After

31/12/2028, 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

fe:19:d7:74:64:01:11:5e:de:91:87:12:ed:d3:18:7f:fa:33:2f:be:bd:2f:ea:bd:87:54:4f:35:f6:f9:7b:5d
Signer

Actual PE Digest

fe:19:d7:74:64:01:11:5e:de:91:87:12:ed:d3:18:7f:fa:33:2f:be:bd:2f:ea:bd:87:54:4f:35:f6:f9:7b:5d

Digest Algorithm

sha256

PE Digest Matches

true

da:cb:dd:fd:85:21:95:53:6d:9e:b5:0d:2a:19:50:80:d9:0f:d1:c4
Signer

Actual PE Digest

da:cb:dd:fd:85:21:95:53:6d:9e:b5:0d:2a:19:50:80:d9:0f:d1:c4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 970KB - Virtual size: 970KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 6KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 36B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 397KB - Virtual size: 397KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
проверка USB/USBDeview/USBDeview.cfg
проверка USB/USBDeview/USBDeview.chm
.chm
проверка USB/USBDeview/USBDeview.exe
.exe windows x86

873299b7b29e6fadb2fb6a515be27b27

Code Sign

f7:a0:a7:30:c8:7d:94:cd:83:02:e3:ea:7f:66:1b:b7
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/09/2019, 00:00

Not After

09/09/2023, 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=7135117,STREET=Dakar 21\, Unit 82,L=Lod,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5b:32:07:2d:75:02:c6:1c:a7:8b:80:a6:65:08:5a:44:26:47:80:19:38:ca:43:0c:81:b6:17:8d:b1:b0:41:4f
Signer

Actual PE Digest

5b:32:07:2d:75:02:c6:1c:a7:8b:80:a6:65:08:5a:44:26:47:80:19:38:ca:43:0c:81:b6:17:8d:b1:b0:41:4f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
__p__commode
__p__fmode
__set_app_type
_controlfp
_except_handler3
_onexit
__dllonexit
atol
_mbsrchr
_mbsicmp
qsort
_strlwr
_mbschr
memmove
_strnicmp
modf
strchr
memcmp
_memicmp
strrchr
strcmp
malloc
_strcmpi
free
strtoul
srand
rand
abs
_strupr
_itoa
??3@YAXPAX@Z
??2@YAPAXI@Z
strlen
memcpy
_purecall
_stricmp
_snprintf
atoi
strcpy
memset
strncat
sprintf
strcat

comctl32

CreateToolbarEx
ord6
ImageList_Create
ImageList_SetImageCount
ImageList_AddMasked
ImageList_Add

ws2_32

send
WSAAsyncSelect
WSAAsyncGetHostByName
connect
inet_addr
htonl
WSAGetLastError
htons
bind
socket
WSASetLastError
closesocket
WSAStartup
WSACleanup

kernel32

Process32Next
OpenProcess
SetEnvironmentVariableA
GetCurrentThreadId
DeviceIoControl
GetStartupInfoA
FreeLibrary
Process32First
CreateToolhelp32Snapshot
ReadProcessMemory
ExitProcess
GetCurrentProcessId
Sleep
SetErrorMode
ExpandEnvironmentStringsA
CreateProcessA
GetStdHandle
GetProcAddress
GetPrivateProfileStringA
WinExec
GetModuleFileNameA
GetComputerNameA
GetLastError
CompareFileTime
FileTimeToSystemTime
LoadLibraryA
GetModuleHandleA
SystemTimeToFileTime
GetLogicalDrives
GetWindowsDirectoryA
GetDriveTypeA
GetDiskFreeSpaceExA
DeleteFileA
CreateThread
CreateFileA
GetTickCount
WriteFile
ReadFile
FlushFileBuffers
CloseHandle
GetCurrentProcess
GetFileSize
GetTempFileNameA
GetSystemDirectoryA
GlobalAlloc
GlobalLock
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetTimeFormatA
GlobalUnlock
FileTimeToLocalFileTime
GetTempPathA
LocalFree
GetFileAttributesA
SystemTimeToTzSpecificLocalTime
FormatMessageA
LoadLibraryExA
GetDateFormatA
EnumResourceNamesA
GetPrivateProfileIntA
WritePrivateProfileStringA

user32

GetWindowThreadProcessId
SetForegroundWindow
AttachThreadInput
EnumWindows
RemoveMenu
SetTimer
GetSysColorBrush
ShowWindow
LoadCursorA
DispatchMessageA
GetDC
ReleaseDC
SetCursor
GetWindow
GetClientRect
SetDlgItemTextA
DrawFrameControl
GetDlgItemTextA
SetWindowTextA
GetSystemMetrics
SendDlgItemMessageA
GetWindowRect
GetDlgItemInt
DeferWindowPos
EndPaint
EndDialog
GetDlgItem
CreateWindowExA
InvalidateRect
SetDlgItemInt
BeginPaint
PostMessageA
SetMenu
LoadAcceleratorsA
SetWindowPos
DefWindowProcA
TranslateAcceleratorA
MessageBoxA
GetWindowPlacement
SendMessageA
RegisterClassA
UpdateWindow
LoadImageA
GetSysColor
GetWindowLongA
SetWindowLongA
EndDeferWindowPos
BeginDeferWindowPos
SetFocus
GetWindowTextA
MoveWindow
InsertMenuItemA
CheckMenuItem
OpenClipboard
GetMenu
EmptyClipboard
EnableMenuItem
GetParent
GetClassNameA
CloseClipboard
GetMenuItemCount
SetClipboardData
EnableWindow
MapWindowPoints
GetSubMenu
GetMenuStringA
GetCursorPos
CheckMenuRadioItem
ModifyMenuA
CreateDialogParamA
DialogBoxParamA
GetDlgCtrlID
DestroyMenu
DestroyWindow
EnumChildWindows
GetMenuItemInfoA
LoadMenuA
LoadStringA
CreatePopupMenu
LoadIconA
SetMenuItemInfoA
GetKeyState
GetMessageA
TranslateMessage
KillTimer
IsDialogMessageA
DrawTextExA
InsertMenuA
TrackPopupMenu
RegisterWindowMessageA
PostQuitMessage
ChildWindowFromPoint

gdi32

GetTextExtentPoint32A
SetBkMode
SetStretchBltMode
StretchBlt
SetBkColor
GetStockObject
GetPixel
GetObjectA
DeleteDC
CreateFontIndirectA
GetDeviceCaps
DeleteObject
SetTextColor
CreateCompatibleDC
SelectObject
SetPixel
CreateCompatibleBitmap

comdlg32

ChooseFontA
FindTextA
GetSaveFileNameA

advapi32

CloseServiceHandle
StartServiceA
OpenServiceA
ChangeServiceConfigA
OpenSCManagerA
ControlService
RegCloseKey
QueryServiceStatus
RegCreateKeyA
RegLoadKeyA
RegUnLoadKeyA
RegConnectRegistryA
RegDeleteValueA
RegQueryInfoKeyA
RegOpenKeyExA
RegEnumKeyExA
RegQueryValueExA
RegSetValueExA
RegDeleteKeyA
CryptCreateHash
CryptAcquireContextA
CryptReleaseContext
CryptHashData
CryptDestroyHash
CryptGetHashParam

shell32

SHGetFileInfoA
ShellExecuteExA
ShellExecuteA
Shell_NotifyIconA

ole32

CoCreateInstance

Sections

.text
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
проверка USB/USBDeview/USBDeview_lng.ini
проверка USB/USBDeview/USBDeview_x64.exe
.exe windows x64

bcd0d5d3d65a26a2b08cbdc2be4243a1

Code Sign

f7:a0:a7:30:c8:7d:94:cd:83:02:e3:ea:7f:66:1b:b7
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/09/2019, 00:00

Not After

09/09/2023, 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=7135117,STREET=Dakar 21\, Unit 82,L=Lod,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2c:8f:ac:63:ff:26:44:22:a0:03:70:d3:32:30:b4:92:43:c0:43:20:e3:bb:a1:99:77:0d:d6:5b:56:1b:6c:75
Signer

Actual PE Digest

2c:8f:ac:63:ff:26:44:22:a0:03:70:d3:32:30:b4:92:43:c0:43:20:e3:bb:a1:99:77:0d:d6:5b:56:1b:6c:75

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

__getmainargs
_acmdln
exit
_cexit
_exit
_c_exit
_XcptFilter
__C_specific_handler
_onexit
_initterm
__setusermatherr
_commode
_fmode
__set_app_type
__dllonexit
_mbsrchr
atol
_mbsicmp
qsort
_strlwr
_mbschr
memmove
_strnicmp
strchr
strcmp
strtoul
malloc
free
_strcmpi
modf
_memicmp
memcmp
strrchr
srand
rand
_strupr
abs
_itoa
??2@YAPEAX_K@Z
??3@YAXPEAX@Z
memcpy
strlen
_purecall
_stricmp
_snprintf
atoi
strcpy
memset
strcat
strncat
sprintf

comctl32

CreateToolbarEx
ord6
ImageList_SetImageCount
ImageList_Create
ImageList_AddMasked
ImageList_Add

ws2_32

send
WSAAsyncSelect
WSAAsyncGetHostByName
connect
inet_addr
htonl
WSAGetLastError
htons
bind
socket
WSASetLastError
closesocket
WSAStartup
WSACleanup

kernel32

CreateToolhelp32Snapshot
Process32Next
OpenProcess
SetEnvironmentVariableA
GetCurrentThreadId
DeviceIoControl
GetStartupInfoA
GetProcAddress
Process32First
ExitProcess
GetCurrentProcessId
ReadProcessMemory
GetCurrentProcess
Sleep
SetErrorMode
ExpandEnvironmentStringsA
FreeLibrary
GetPrivateProfileStringA
WinExec
GetModuleFileNameA
GetComputerNameA
GetLastError
CompareFileTime
SystemTimeToFileTime
GetModuleHandleA
FileTimeToSystemTime
LoadLibraryA
GetDiskFreeSpaceExA
GetLogicalDrives
GetWindowsDirectoryA
GetDriveTypeA
ReadFile
FlushFileBuffers
CloseHandle
DeleteFileA
CreateThread
CreateFileA
GetTickCount
WriteFile
GetVersionExA
FormatMessageA
SystemTimeToTzSpecificLocalTime
FileTimeToLocalFileTime
GetDateFormatA
GetTempPathA
LocalFree
GetSystemDirectoryA
GetTempFileNameA
GetFileSize
LoadLibraryExA
GlobalAlloc
GlobalLock
WideCharToMultiByte
MultiByteToWideChar
GetTimeFormatA
GlobalUnlock
GetFileAttributesA
GetPrivateProfileIntA
WritePrivateProfileStringA
EnumResourceNamesA
GetStdHandle
CreateProcessA

user32

GetWindowThreadProcessId
SetForegroundWindow
AttachThreadInput
EnumWindows
SetTimer
GetSysColorBrush
ShowWindow
LoadCursorA
RemoveMenu
ReleaseDC
GetDC
SetCursor
SetDlgItemInt
BeginPaint
GetWindow
GetClientRect
SetDlgItemTextA
DrawFrameControl
GetDlgItemTextA
SetWindowTextA
GetSystemMetrics
DeferWindowPos
SendDlgItemMessageA
GetWindowRect
GetDlgItemInt
EndDialog
GetDlgItem
CreateWindowExA
EndPaint
InvalidateRect
DefWindowProcA
TranslateAcceleratorA
MessageBoxA
GetWindowPlacement
SendMessageA
RegisterClassA
UpdateWindow
PostMessageA
SetMenu
LoadAcceleratorsA
SetWindowPos
LoadImageA
GetSysColor
GetWindowLongA
SetWindowLongA
EndDeferWindowPos
BeginDeferWindowPos
SetFocus
GetWindowTextA
GetSubMenu
GetCursorPos
GetClassNameA
CloseClipboard
CheckMenuRadioItem
MoveWindow
OpenClipboard
CheckMenuItem
GetMenu
EmptyClipboard
EnableMenuItem
InsertMenuItemA
GetMenuItemCount
GetParent
SetClipboardData
GetMenuStringA
EnableWindow
MapWindowPoints
GetMenuItemInfoA
LoadMenuA
LoadStringA
ModifyMenuA
DialogBoxParamA
GetDlgCtrlID
DestroyMenu
CreateDialogParamA
DestroyWindow
EnumChildWindows
GetKeyState
CreatePopupMenu
LoadIconA
SetMenuItemInfoA
GetMessageA
TranslateMessage
IsDialogMessageA
KillTimer
DrawTextExA
InsertMenuA
RegisterWindowMessageA
TrackPopupMenu
DispatchMessageA
PostQuitMessage
ChildWindowFromPoint

gdi32

GetTextExtentPoint32A
CreateCompatibleBitmap
SetTextColor
StretchBlt
GetStockObject
SetBkColor
DeleteDC
SetPixel
DeleteObject
SetBkMode
GetDeviceCaps
CreateFontIndirectA
GetObjectA
GetPixel
CreateCompatibleDC
SetStretchBltMode
SelectObject

comdlg32

ChooseFontA
FindTextA
GetSaveFileNameA

advapi32

QueryServiceStatus
CloseServiceHandle
OpenSCManagerA
ControlService
RegCloseKey
RegCreateKeyA
StartServiceA
ChangeServiceConfigA
OpenServiceA
RegLoadKeyA
RegUnLoadKeyA
RegConnectRegistryA
RegQueryValueExA
RegSetValueExA
RegDeleteValueA
RegQueryInfoKeyA
RegOpenKeyExA
RegEnumKeyExA
RegDeleteKeyA
CryptHashData
CryptDestroyHash
CryptGetHashParam
CryptCreateHash
CryptAcquireContextA
CryptReleaseContext

shell32

SHGetFileInfoA
ShellExecuteExA
ShellExecuteA
Shell_NotifyIconA

ole32

CoCreateInstance

Sections

.text
Size: 125KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
проверка USB/USBDeview/USBDeview_x64_lng.ini
проверка USB/USBDeview/readme.txt

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 48KB

UPX1 Size: 26KB - Virtual size: 28KB

.rsrc Size: 5KB - Virtual size: 8KB

Headers

File Characteristics

Sections

.text Size: 35KB - Virtual size: 34KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 3KB - Virtual size: 6KB

.rsrc Size: 13KB - Virtual size: 13KB

d0faef4f30a486dd1300a7acd0c85b75

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0bCertificate

Extended Key Usages

Key Usages

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate

Extended Key Usages

Key Usages

1a:f0:66:0e:83:7a:35:a2:cd:92:ec:61:3f:c1:5d:b8Certificate

Extended Key Usages

Key Usages

bd:1b:1e:45:0b:bd:d5:df:88:67:8e:7d:da:22:3d:17Certificate

Extended Key Usages

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77Certificate

Extended Key Usages

Key Usages

2c:74:00:47:85:71:32:fd:9e:ae:4c:83:8f:76:fa:2e:82:8b:31:16:a5:3d:04:66:db:d1:63:42:11:69:aa:c0Signer

8e:c6:6f:fc:4a:a1:e5:fe:44:cc:2e:f8:cf:c3:7a:51:fe:7e:cd:4fSigner

Headers

File Characteristics

Imports

msvcrt

comctl32

version

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

Sections

.text Size: 47KB - Virtual size: 46KB

.rdata Size: 11KB - Virtual size: 11KB

.data Size: 1KB - Virtual size: 6KB

.rsrc Size: 20KB - Virtual size: 20KB

d0faef4f30a486dd1300a7acd0c85b75

Headers

File Characteristics

Imports

msvcrt

comctl32

version

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

Sections

.text Size: 47KB - Virtual size: 46KB

.rdata Size: 11KB - Virtual size: 11KB

.data Size: 1KB - Virtual size: 6KB

.rsrc Size: 149KB - Virtual size: 148KB

Headers

UPX0
Size: - Virtual size: 48KB

UPX1
Size: 26KB - Virtual size: 28KB

.rsrc
Size: 5KB - Virtual size: 8KB

.text
Size: 35KB - Virtual size: 34KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 3KB - Virtual size: 6KB

.rsrc
Size: 13KB - Virtual size: 13KB

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

1a:f0:66:0e:83:7a:35:a2:cd:92:ec:61:3f:c1:5d:b8
Certificate

bd:1b:1e:45:0b:bd:d5:df:88:67:8e:7d:da:22:3d:17
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

2c:74:00:47:85:71:32:fd:9e:ae:4c:83:8f:76:fa:2e:82:8b:31:16:a5:3d:04:66:db:d1:63:42:11:69:aa:c0
Signer

8e:c6:6f:fc:4a:a1:e5:fe:44:cc:2e:f8:cf:c3:7a:51:fe:7e:cd:4f
Signer

.text
Size: 47KB - Virtual size: 46KB

.rdata
Size: 11KB - Virtual size: 11KB

.data
Size: 1KB - Virtual size: 6KB

.rsrc
Size: 20KB - Virtual size: 20KB

.text
Size: 47KB - Virtual size: 46KB

.rdata
Size: 11KB - Virtual size: 11KB

.data
Size: 1KB - Virtual size: 6KB

.rsrc
Size: 149KB - Virtual size: 148KB

UPX0
Size: - Virtual size: 4.5MB

UPX1
Size: 1.7MB - Virtual size: 1.7MB

.rsrc
Size: 111KB - Virtual size: 112KB

0e:ae:3b:a4:9c:f8:c1:7c:12:57:cd:df:59:7d:a8:47
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

55:09:ec:10:ce:be:26:7e:da:0f:58:6a:e2:94:de:d9:d9:36:84:eb:8e:73:fb:ab:b4:05:37:94:f7:2f:83:71
Signer

.text
Size: 26KB - Virtual size: 25KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 128KB

.ndata
Size: - Virtual size: 136KB

.rsrc
Size: 43KB - Virtual size: 43KB

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

1a:f0:66:0e:83:7a:35:a2:cd:92:ec:61:3f:c1:5d:b8
Certificate

04:ed:51:36:7d:e2:1c:df:1f:c6:58:22:a8:7d:53:17:ef:07:89:ba
Signer