a9387df8e1daf382d435b9c19de7f810c4c526e2fd502f931b43365afce1bc64

Sharing

Copy URL Twitter E-mail

General

Target

a9387df8e1daf382d435b9c19de7f810c4c526e2fd502f931b43365afce1bc64
Size

1.9MB
MD5

7f53239de7fd7d330f48262adca9d04f
SHA1

e52e03960162d89ee2892577ec28cdabcc1fa086
SHA256

a9387df8e1daf382d435b9c19de7f810c4c526e2fd502f931b43365afce1bc64
SHA512

f2aacce1f6f29559bb2376cf7af525a48df95dbd174a27fad9f95f6992938ee42ebf189b3801acd8354588e06051a0f7af8f8b74c67c1958c3252833f6860f91
SSDEEP

24576:I0/GhwIy4utnvzNJ5A4baaPAeMxjf8InX66sV08g+4J4x:uwIjCv5A4b3PAeMxjf8YX66sN4J2

Score

1^/10

Malware Config

Signatures

Files

a9387df8e1daf382d435b9c19de7f810c4c526e2fd502f931b43365afce1bc64
.exe windows x86

bc64febed000ea62944ef5fa6d78b9e4

Code Sign

3e:04:e3:8a:28:96:56:48:b8:f0:28:12:dd:f0:16:0f
Certificate

Issuer

CN=topolo-Z Self Signed CA

Not Before

01/01/2018, 00:00

Not After

31/12/2039, 23:59

Subject

CN=topolo-Z

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3e:04:e3:8a:28:96:56:48:b8:f0:28:12:dd:f0:16:0f
Certificate

Issuer

CN=topolo-Z Self Signed CA

Not Before

01/01/2018, 00:00

Not After

31/12/2039, 23:59

Subject

CN=topolo-Z

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:32:15:d4:f9:39:0d:f2:c6:c4:de:b1:9c:e7:02:c5:8e:0e:79:32:47:70:50:10:2c:d2:c9:bc:4c:fb:ea:83
Signer

Actual PE Digest

39:32:15:d4:f9:39:0d:f2:c6:c4:de:b1:9c:e7:02:c5:8e:0e:79:32:47:70:50:10:2c:d2:c9:bc:4c:fb:ea:83

Digest Algorithm

sha256

PE Digest Matches

true

bd:30:69:2b:b7:e9:af:91:33:e2:b0:20:d7:d2:f9:05:2c:50:3d:d9
Signer

Actual PE Digest

bd:30:69:2b:b7:e9:af:91:33:e2:b0:20:d7:d2:f9:05:2c:50:3d:d9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

quicklink2

QLCalibration_GetStatus
QLCalibration_Load
QLDevice_Start
QLDevice_GetFrame
QLCalibration_Calibrate
QLDevice_ImportSettings
QLAPI_ImportSettings
QLDevice_Enumerate
QLCalibration_Create
QLSettings_SetValueInt
QLCalibration_GetTargets
QLCalibration_Finalize
QLCalibration_Save
QLDevice_ApplyCalibration
QLCalibration_Cancel
QLDevice_Stop
QLCalibration_Initialize
QLSettings_Create

comctl32

ImageList_Remove
ImageList_GetImageCount
InitCommonControlsEx
ord381
ImageList_Destroy
ord413
ord410
ImageList_Draw
ord412
ImageList_GetIconSize
CreatePropertySheetPageW
PropertySheetW
ImageList_ReplaceIcon
ImageList_Create

uxtheme

SetWindowTheme
GetCurrentThemeName
DrawThemeTextEx
OpenThemeData
DrawThemeBackground
CloseThemeData
IsThemeBackgroundPartiallyTransparent
DrawThemeParentBackground

dwmapi

DwmGetWindowAttribute
DwmGetColorizationColor
DwmIsCompositionEnabled
DwmExtendFrameIntoClientArea
DwmSetWindowAttribute

shlwapi

PathIsRelativeW
StrTrimW
PathRemoveArgsW
PathRemoveExtensionW
ord214
PathCombineW
PathQuoteSpacesW
UrlGetPartW
AssocQueryStringW
PathIsURLW
PathIsDirectoryW
SHAutoComplete
PathFindFileNameW
PathRemoveBackslashW
PathFindExtensionW
PathUnquoteSpacesW
PathRemoveBlanksW
PathFileExistsW
PathRemoveFileSpecW
PathStripPathW
PathAddBackslashW
ord12

winmm

mmioAscend
mmioClose
mmioRead
mmioOpenW
mmioStringToFOURCCW
joyGetNumDevs
joyGetPosEx
PlaySoundW
mmioDescend
mciSendStringW

powrprof

ReadGlobalPwrPolicy
SetSuspendState

oleacc

AccessibleChildren
AccessibleObjectFromWindow

sas

SendSAS

xmllite

CreateXmlReader

gdiplus

GdipCloneImage
GdipAlloc
GdiplusShutdown
GdipDisposeImage
GdipSetSmoothingMode
GdipSetInterpolationMode
GdipFree
GdipLoadImageFromFile
GdipDeleteGraphics
GdiplusStartup
GdipSetCompositingQuality
GdipGetImageWidth
GdipDrawImageRectI
GdipCreateFromHDC
GdipGetImageHeight

wtsapi32

WTSUnRegisterSessionNotification
WTSRegisterSessionNotification

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

setupapi

SetupDiOpenDevRegKey
SetupDiGetClassDevsExW
SetupDiGetDeviceInstanceIdW
SetupDiEnumDeviceInfo
SetupDiChangeState
SetupDiSetClassInstallParamsW
SetupDiGetDevicePropertyW
SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList

imm32

ImmGetDefaultIMEWnd

wininet

InternetOpenUrlW
InternetOpenW
HttpQueryInfoW
InternetCloseHandle
InternetReadFile

kernel32

InitOnceBeginInitialize
SleepConditionVariableSRW
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
TryAcquireSRWLockExclusive
RtlUnwind
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
GetModuleHandleExW
CloseThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolWork
FreeLibraryWhenCallbackReturns
InitOnceComplete
GetExitCodeThread
OutputDebugStringW
InitializeSListHead
GetSystemTimeAsFileTime
GetStartupInfoW
CreateFileW
QueryPerformanceFrequency
QueryPerformanceCounter
InitializeCriticalSectionEx
GetLastError
CloseHandle
DecodePointer
LocalFree
DeleteCriticalSection
VerSetConditionMask
VerifyVersionInfoW
IsWow64Process
GetTickCount64
GetCommandLineW
OpenProcess
Sleep
VirtualProtect
GetThreadUILanguage
GetModuleHandleW
CreateDirectoryW
WritePrivateProfileStringW
HeapFree
OpenFileMappingW
UnmapViewOfFile
GetPrivateProfileStringW
HeapAlloc
GetProcessHeap
CreateFileMappingW
MapViewOfFile
SetThreadPriority
WaitForSingleObject
CreateEventW
SetEvent
GetCurrentThread
ResetEvent
QueryFullProcessImageNameW
TerminateThread
GetProcAddress
FreeLibrary
SetDllDirectoryW
LoadLibraryExW
ExpandEnvironmentStringsW
GetPrivateProfileIntW
GetPrivateProfileSectionNamesW
CompareFileTime
FindFirstFileW
FindNextFileW
FindClose
GetFileTime
GetLongPathNameW
DeleteFileW
CopyFileW
GetSystemPowerStatus
GetCurrentProcessId
GetWindowsDirectoryW
Wow64DisableWow64FsRedirection
GetModuleFileNameW
Wow64RevertWow64FsRedirection
GetCurrentDirectoryW
GetLocaleInfoEx
CreateMutexW
GetCurrentThreadId
FormatMessageW
GetUserDefaultLCID
OpenMutexW
RegisterApplicationRestart
WaitForMultipleObjects
SetLastError
SetThreadUILanguage
GetUserDefaultUILanguage
GetVersionExW
LoadLibraryW
WriteFile
RemoveDirectoryW
SetFileTime
GetTempPathW
SetFileInformationByHandle
GetTempFileNameW
SetWaitableTimer
CreateWaitableTimerW
TerminateProcess
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
EncodePointer
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
LoadLibraryExA
VirtualQuery
GetSystemInfo
RaiseException
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CreateThread
ExitThread
FreeLibraryAndExitThread
GetTimeZoneInformation
ExitProcess
GetStdHandle
GetFileType
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesW
GetFileSizeEx
SetFilePointerEx
WideCharToMultiByte
MultiByteToWideChar
ReadFile
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetStringTypeW
HeapSize
HeapReAlloc
GetConsoleOutputCP
GetConsoleMode
FlushFileBuffers
ReadConsoleW
SetEndOfFile
WriteConsoleW
GetCurrentProcess

user32

GetMonitorInfoW
GetRawInputDeviceInfoW
MonitorFromPoint
mouse_event
LoadIconW
CheckDlgButton
CheckMenuRadioItem
SendDlgItemMessageW
GetDC
PrivateExtractIconsW
CreateIconIndirect
DrawIconEx
ReleaseDC
CreateDialogParamW
GetAsyncKeyState
GetSysColorBrush
FindWindowExW
ShowWindowAsync
GetFocus
IsWindowVisible
EnumChildWindows
FillRect
DrawIcon
ShowWindow
GetDlgCtrlID
InternalGetWindowText
LoadBitmapW
PtInRect
BeginPaint
EndPaint
GetWindowThreadProcessId
GetWindow
MonitorFromWindow
RealGetWindowClassW
CloseDesktop
GetCursorInfo
GetForegroundWindow
OpenInputDesktop
EnableMenuItem
GetWindowTextW
PostMessageW
SetWindowPos
GetSystemMetrics
MessageBeep
GetCapture
WindowFromPhysicalPoint
DrawStateW
GetSysColor
SetFocus
IsChild
SetCapture
SetCursor
SetWindowLongW
GetClientRect
DrawTextW
SystemParametersInfoW
DialogBoxParamW
ReleaseCapture
FindWindowW
GetWindowLongW
GetLayeredWindowAttributes
GetMenuItemInfoW
LoadMenuW
GetMenuItemID
InsertMenuItemW
DestroyWindow
GetMenuItemCount
DeleteMenu
SetWindowTextW
TrackPopupMenu
GetSubMenu
DestroyIcon
SetMenuItemInfoW
MapWindowPoints
TrackMouseEvent
SetMenuDefaultItem
IsWindowEnabled
DestroyMenu
MessageBoxExW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetKeyboardLayout
RegisterHotKey
LockWorkStation
GetKeyNameTextW
SendInput
InflateRect
SetClassLongW
GetClassLongW
CallWindowProcW
GetRawInputData
SetMenuInfo
SetLayeredWindowAttributes
RegisterRawInputDevices
CheckMenuItem
SetRect
RegisterWindowMessageW
DrawFrameControl
LoadImageW
GetDlgItem
GetParent
UpdateWindow
SetForegroundWindow
InvalidateRect
GetAncestor
EnableWindow
GetMessageW
DefWindowProcW
CreateWindowExW
SendMessageW
RegisterClassExW
LoadStringW
DispatchMessageW
SetTimer
TranslateMessage
KillTimer
PostQuitMessage
GetWindowRect
GetDesktopWindow
MsgWaitForMultipleObjects
PeekMessageW
GetKeyState
GetKeyboardState
MapVirtualKeyExW
ToUnicodeEx
GetScrollInfo
MapVirtualKeyW
CheckRadioButton
GetIconInfo
SetDlgItemTextW
GetDlgItemTextW
ExitWindowsEx
GetIconInfoExW
SetSystemCursor
UnregisterHotKey
GetGUIThreadInfo
GetTopWindow
IsIconic
ModifyMenuW
GetTitleBarInfo
FlashWindowEx
keybd_event
GetPhysicalCursorPos
SetPhysicalCursorPos
EndDialog
LoadCursorW
GetSystemMenu

gdi32

StretchBlt
SetBrushOrgEx
PlgBlt
GetDeviceCaps
CreateCompatibleBitmap
SaveDC
CreateCompatibleDC
GetTextFaceW
GetClipBox
CreateRectRgnIndirect
DeleteDC
GetTextExtentPoint32W
SelectClipRgn
GetObjectW
RestoreDC
CreateSolidBrush
SelectObject
SetTextColor
SetBkMode
LineTo
CreatePen
GetGlyphIndicesW
MoveToEx
AngleArc
SetStretchBltMode
RoundRect
EnumFontFamiliesExW
SetBkColor
ExtTextOutW
RectVisible
TranslateCharsetInfo
GetDCOrgEx
ExtCreatePen
GetTextMetricsW
GetStockObject
BitBlt
Ellipse
SetDIBits
GetDIBits
Rectangle
ExcludeClipRect
DeleteObject
CreateFontW

comdlg32

GetOpenFileNameW
ChooseColorW
CommDlgExtendedError

advapi32

RegQueryValueExW
GetTokenInformation
CheckTokenMembership
RegEnumKeyExW
RegCreateKeyExW
LookupPrivilegeValueW
AdjustTokenPrivileges
RegDeleteKeyValueW
RegNotifyChangeKeyValue
RegSetKeyValueW
QueryServiceStatus
CloseServiceHandle
OpenSCManagerW
StartServiceW
OpenServiceW
RegSetValueExW
RegOpenKeyExW
RegGetValueW
AllocateAndInitializeSid
SetEntriesInAclW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
OpenProcessToken
FreeSid
RegCloseKey

shell32

SHQueryUserNotificationState
SHAppBarMessage
SHParseDisplayName
SHFileOperationW
SHGetFileInfoW
SetCurrentProcessExplicitAppUserModelID
SHGetPropertyStoreForWindow
ExtractAssociatedIconW
SHGetFolderPathW
CommandLineToArgvW
ShellExecuteW
SHCreateItemFromParsingName
Shell_NotifyIconW

ole32

CoTaskMemFree
CoSetProxyBlanket
CoUninitialize
CoInitializeEx
CoTaskMemAlloc
PropVariantClear
CoCreateInstance

oleaut32

SafeArrayGetElement
SafeArrayDestroy
SysFreeString
SafeArrayCopy
SysAllocString
VariantInit
SafeArrayCopyData
VariantClear

Sections

.text
Size: 554KB - Virtual size: 554KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bc64febed000ea62944ef5fa6d78b9e4

Code Sign

3e:04:e3:8a:28:96:56:48:b8:f0:28:12:dd:f0:16:0fCertificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

3e:04:e3:8a:28:96:56:48:b8:f0:28:12:dd:f0:16:0fCertificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

39:32:15:d4:f9:39:0d:f2:c6:c4:de:b1:9c:e7:02:c5:8e:0e:79:32:47:70:50:10:2c:d2:c9:bc:4c:fb:ea:83Signer

bd:30:69:2b:b7:e9:af:91:33:e2:b0:20:d7:d2:f9:05:2c:50:3d:d9Signer

Headers

DLL Characteristics

File Characteristics

Imports

quicklink2

comctl32

uxtheme

dwmapi

shlwapi

winmm

powrprof

oleacc

sas

xmllite

gdiplus

wtsapi32

version

setupapi

imm32

wininet

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 554KB - Virtual size: 554KB

.rdata Size: 84KB - Virtual size: 84KB

.data Size: 7KB - Virtual size: 72KB

.rsrc Size: 1.2MB - Virtual size: 1.2MB

.reloc Size: 37KB - Virtual size: 37KB

3e:04:e3:8a:28:96:56:48:b8:f0:28:12:dd:f0:16:0f
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

3e:04:e3:8a:28:96:56:48:b8:f0:28:12:dd:f0:16:0f
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

39:32:15:d4:f9:39:0d:f2:c6:c4:de:b1:9c:e7:02:c5:8e:0e:79:32:47:70:50:10:2c:d2:c9:bc:4c:fb:ea:83
Signer

bd:30:69:2b:b7:e9:af:91:33:e2:b0:20:d7:d2:f9:05:2c:50:3d:d9
Signer

.text
Size: 554KB - Virtual size: 554KB

.rdata
Size: 84KB - Virtual size: 84KB

.data
Size: 7KB - Virtual size: 72KB

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

.reloc
Size: 37KB - Virtual size: 37KB