patcher_cf[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

patcher_cf.exe
Size

3.1MB
MD5

0a10125734ba1e723e227c8f33969477
SHA1

584d8aeb6ccdcd700ed7ffee365d70dd1e169851
SHA256

67d7348ef63b3a2a891eb896c1a9fd2b41bc12c01609f66d147242cf0273f06d
SHA512

0345c8e7fb62d85c944fabc370d7d8235eb649b0955f9216738dc8383ee9f7717a8e3286e9493adad0506fa944d646ff96bd9d0ae2e352b9493355459127b037
SSDEEP

12288:CBZB3R+UuMG6l5tX4qpMvsfYu/HkEb9y6oP/0UAZNnBWQm+f7UBySHNendP:CBZRR+kIvsfYu/HkE86lZNXmBRaP

Score

1^/10

Malware Config

Signatures

Files

patcher_cf.exe
.exe windows x86

7d6cc1594d3346c8b457a597b4d9e1ab

Code Sign

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2031, 00:00

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:7b:31:e3:0f:c0:56:ee:1c:8f:0a:ee:bc:24:8f:77
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

14/09/2020, 00:00

Not After

21/09/2022, 12:00

Subject

CN=NSSTUDIO INC.,O=NSSTUDIO INC.,L=Seongnam-si,ST=Gyeonggi-do,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11/05/2022, 00:00

Not After

10/08/2033, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

81:18:d0:31:c1:20:08:32:75:89:ce:6e:2d:17:60:9d:a5:77:d3:88
Signer

Actual PE Digest

81:18:d0:31:c1:20:08:32:75:89:ce:6e:2d:17:60:9d:a5:77:d3:88

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

psapi

GetModuleBaseNameW
EnumProcessModules
EnumProcesses

kernel32

GetLocaleInfoW
lstrcmpA
EnumResourceLanguagesW
ConvertDefaultLocale
GetCurrentThread
WritePrivateProfileStringW
GetThreadLocale
GlobalGetAtomNameW
LocalAlloc
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GlobalFlags
FlushFileBuffers
LockFile
UnlockFile
DuplicateHandle
FindFirstFileW
GetVolumeInformationW
GetFullPathNameW
CreateFileW
SetErrorMode
FileTimeToLocalFileTime
GetFileAttributesW
GetFileTime
GetStartupInfoW
GetSystemTimeAsFileTime
GetCurrentProcessId
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
VirtualProtect
VirtualQuery
GetConsoleCP
GetConsoleMode
ExitProcess
HeapSize
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
QueryPerformanceCounter
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetTimeZoneInformation
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetEnvironmentVariableA
GlobalFree
FormatMessageW
LocalFree
FreeResource
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
LoadLibraryA
GetVersionExA
GetProcessHeap
GetExitCodeProcess
TerminateProcess
OpenProcess
UnmapViewOfFile
CreateFileMappingA
MapViewOfFile
VirtualAlloc
VirtualFree
GetFileAttributesA
CreateThread
SetThreadPriority
SetEvent
WaitForSingleObject
CreateEventA
GetModuleHandleA
GetDiskFreeSpaceA
WriteFile
OutputDebugStringA
GetFileSize
SetFilePointer
SetEndOfFile
CreateFileA
ReadFile
GetModuleFileNameA
MoveFileExA
CopyFileA
FindResourceExA
FindResourceA
lstrcpyA
FindFirstFileA
lstrcatA
SetFileAttributesA
DeleteFileA
FindNextFileA
FindClose
RemoveDirectoryA
CreateDirectoryA
GetTickCount
lstrlenA
CompareStringW
CompareStringA
GetVersion
InterlockedExchange
CreateProcessW
SystemTimeToFileTime
GetLocalTime
InterlockedCompareExchange
IsProcessorFeaturePresent
GetProcAddress
LoadLibraryW
FileTimeToSystemTime
FreeLibrary
GlobalUnlock
GlobalLock
GlobalAlloc
LeaveCriticalSection
DeleteCriticalSection
MulDiv
InterlockedDecrement
InterlockedIncrement
LoadLibraryExW
EnterCriticalSection
GetCurrentProcess
RaiseException
FlushInstructionCache
Sleep
lstrcmpW
lstrlenW
InitializeCriticalSection
GetModuleHandleW
GetLastError
lstrcmpiW
GetCurrentThreadId
SetLastError
OpenEventW
GetPrivateProfileIntA
GetTempPathA
GetPrivateProfileStringA
CloseHandle
GetCurrentDirectoryA
WideCharToMultiByte
GetCommandLineW
CreateEventW
HeapReAlloc
HeapAlloc
HeapCreate
GetSystemInfo
GetModuleFileNameW
GetCurrentDirectoryW
MultiByteToWideChar
HeapFree
FindResourceW
LoadResource
LockResource
SizeofResource
UnhandledExceptionFilter

user32

CopyAcceleratorTableW
IsRectEmpty
GetNextDlgGroupItem
MessageBeep
RegisterClipboardFormatW
PostThreadMessageW
CreateDialogIndirectParamW
EndDialog
SetWindowContextHelpId
MapDialogRect
ShowOwnedPopups
GetMessageW
TranslateMessage
ValidateRect
PostQuitMessage
GetWindowThreadProcessId
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
GetWindowDC
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
ShowWindow
IsDialogMessageW
GetCursorPos
IsWindowEnabled
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
SetPropW
GetPropW
RemovePropW
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
DispatchMessageW
BeginDeferWindowPos
EndDeferWindowPos
UnregisterClassW
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
TrackPopupMenu
GetKeyState
SetForegroundWindow
UpdateWindow
GetMenu
GetMenuItemID
GetMenuItemCount
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
DeferWindowPos
GetDlgCtrlID
IntersectRect
SystemParametersInfoA
GetWindowPlacement
PostMessageA
CharUpperW
MessageBoxW
IsWindowVisible
EqualRect
CharNextW
GetDC
EndPaint
BeginPaint
ScreenToClient
CallWindowProcW
GetDlgItem
ReleaseCapture
SetWindowLongW
SetWindowPos
CreateAcceleratorTableW
IsChild
MoveWindow
SetFocus
SetCapture
GetWindow
GetFocus
DestroyAcceleratorTable
GetClassNameW
RedrawWindow
RegisterClassExW
GetDesktopWindow
RegisterWindowMessageW
GetWindowTextLengthW
IsWindow
LoadCursorW
GetWindowTextW
GetClassInfoExW
GetSysColorBrush
SystemParametersInfoW
GetMenuItemInfoW
UnpackDDElParam
ReuseDDElParam
LoadAcceleratorsW
InsertMenuItemW
CreatePopupMenu
SetWindowTextW
InvalidateRgn
DefWindowProcW
BringWindowToTop
SetMenu
TranslateAcceleratorW
SetRectEmpty
GetTopWindow
DestroyWindow
CreateWindowExW
ReleaseDC
wsprintfA
KillTimer
SetTimer
SetRect
LoadBitmapW
LoadIconW
DrawIcon
GetSystemMetrics
IsIconic
SetWindowRgn
GetWindowLongW
FillRect
OffsetRect
PostMessageW
DestroyIcon
LoadMenuW
DrawStateW
GetActiveWindow
SendMessageW
GetSysColor
CopyRect
WindowFromPoint
InflateRect
ClientToScreen
FrameRect
DestroyMenu
DestroyCursor
InvalidateRect
SetCursor
GetParent
GetNextDlgTabItem
GetClientRect
EnableWindow
DrawFocusRect
TrackPopupMenuEx
LoadImageW
GetWindowRect
GetSubMenu
PtInRect
UnregisterClassA

gdi32

OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
SetViewportOrgEx
CreatePen
GetBkColor
GetTextColor
GetRgnBox
MoveToEx
LineTo
Escape
TextOutW
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
CreateBitmap
CreateCompatibleBitmap
GetObjectW
GetStockObject
SetMapMode
SetStretchBltMode
RestoreDC
SaveDC
CreatePatternBrush
GetMapMode
CreateRectRgnIndirect
ExtTextOutW
GetClipBox
CreateBitmapIndirect
CreateDIBitmap
GetBitmapBits
GetPixel
GetTextExtentPoint32W
SetPixel
StretchBlt
GetDeviceCaps
CreateSolidBrush
CreateDIBSection
SetBkMode
CreateFontIndirectW
CreateRectRgn
CombineRgn
ExtCreateRegion
DeleteObject
DeleteDC
SetTextColor
BitBlt
SetBkColor
SelectObject
CreateCompatibleDC

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

advapi32

RegEnumKeyExW
RegSetValueExW
RegQueryValueW
RegEnumKeyW
RegOpenKeyW
RegCreateKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
RegDeleteValueW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

shell32

CommandLineToArgvW
ShellExecuteW
DragFinish
DragQueryFileW
ShellExecuteExW

comctl32

_TrackMouseEvent
InitCommonControlsEx

shlwapi

PathRemoveFileSpecA
PathFindFileNameW
PathFindExtensionW
PathStripToRootW
PathIsDirectoryA
PathIsUNCW

oledlg

OleUIBusyW

ole32

OleUninitialize
CLSIDFromProgID
CoTaskMemRealloc
OleInitialize
CoCreateInstance
CoTaskMemAlloc
CLSIDFromString
CoGetClassObject
OleLockRunning
CoTaskMemFree
CreateStreamOnHGlobal
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoFreeUnusedLibraries
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
StringFromGUID2

oleaut32

SystemTimeToVariantTime
VariantTimeToSystemTime
VariantCopy
SafeArrayGetUBound
VariantChangeType
SafeArrayDestroy
LoadRegTypeLi
VariantInit
LoadTypeLi
SafeArrayUnaccessData
SysFreeString
SafeArrayAccessData
SysStringLen
SysStringByteLen
SysAllocString
SysAllocStringLen
OleCreateFontIndirect
VarUI4FromStr
SafeArrayGetLBound
VariantClear

urlmon

URLDownloadToFileA

wininet

InternetCloseHandle
HttpQueryInfoA
InternetSetOptionA
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetOpenA
InternetReadFile

wsock32

WSAStartup
closesocket
bind
htons
htonl
WSACleanup
connect
send
recv
socket
inet_addr
gethostbyname
ioctlsocket

Sections

.text
Size: 484KB - Virtual size: 482KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7d6cc1594d3346c8b457a597b4d9e1ab

Code Sign

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39Certificate

Key Usages

0f:7b:31:e3:0f:c0:56:ee:1c:8f:0a:ee:bc:24:8f:77Certificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43Certificate

Extended Key Usages

Key Usages

81:18:d0:31:c1:20:08:32:75:89:ce:6e:2d:17:60:9d:a5:77:d3:88Signer

Headers

File Characteristics

Imports

psapi

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

urlmon

wininet

wsock32

Sections

.text Size: 484KB - Virtual size: 482KB

.rdata Size: 108KB - Virtual size: 107KB

.data Size: 28KB - Virtual size: 48KB

.rsrc Size: 2.4MB - Virtual size: 2.4MB

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39
Certificate

0f:7b:31:e3:0f:c0:56:ee:1c:8f:0a:ee:bc:24:8f:77
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

81:18:d0:31:c1:20:08:32:75:89:ce:6e:2d:17:60:9d:a5:77:d3:88
Signer

.text
Size: 484KB - Virtual size: 482KB

.rdata
Size: 108KB - Virtual size: 107KB

.data
Size: 28KB - Virtual size: 48KB

.rsrc
Size: 2.4MB - Virtual size: 2.4MB