3890e0ab03d0099d1cd0714cfe005926b71ceaf2c9d93c127f5a3a4998a0b6ae

Sharing

Copy URL

Twitter E-mail

General

Target

3890e0ab03d0099d1cd0714cfe005926b71ceaf2c9d93c127f5a3a4998a0b6ae
Size

1.5MB
MD5

3f3b191181ecf2cedd70314e0b81e2f6
SHA1

1c0496e131405e1ffd117ab6e2e5a6dda95dd47e
SHA256

3890e0ab03d0099d1cd0714cfe005926b71ceaf2c9d93c127f5a3a4998a0b6ae
SHA512

188cf3003ae8112e8351ff2b3d88737840223d3a5257ec705e314f15fc0684ee7be2aea2dee77f9562dad83ce3eee9f84788e1297e1e32424e3b39bd8a68da12
SSDEEP

24576:RXassrmKxZjcsENaE8SOmuv7tj4P6osXve3f0Ta1/8RbpbXdTDZuMrezVdJrEH7H:RqrVrONarguv7tj4P5smqa1MbpbXdT1n

Score

1^/10

Malware Config

Signatures

Files

3890e0ab03d0099d1cd0714cfe005926b71ceaf2c9d93c127f5a3a4998a0b6ae
.dll windows:5 windows x86

96b15dedf8dab78343a74472ca301ee2

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:02:b3:6b:32:51:c3:28:08:3f:77:7c:a0:84:28:ff
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

16-09-2022 00:00

Not After

17-09-2025 23:59

Subject

CN=Avast Software s.r.o.,O=Avast Software s.r.o.,L=Praha,C=CZ

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

40:67:f0:eb:ff:93:ab:86:c5:5f:2f:bb:37:a4:22:0a:c4:2b:3b:68:84:fa:ed:e6:66:23:fb:9f:a8:59:7a:9b
Signer

Actual PE Digest

40:67:f0:eb:ff:93:ab:86:c5:5f:2f:bb:37:a4:22:0a:c4:2b:3b:68:84:fa:ed:e6:66:23:fb:9f:a8:59:7a:9b

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateSemaphoreW
RtlCaptureContext
SetNamedPipeHandleState
TransactNamedPipe
WaitNamedPipeW
ReleaseSemaphore
VirtualQueryEx
CreateTimerQueueTimer
LoadLibraryExA
VirtualFree
FlushInstructionCache
InterlockedPopEntrySList
MulDiv
GlobalHandle
CreateTimerQueue
DeleteTimerQueueEx
SizeofResource
SetLastError
lstrlenW
WriteFile
GetPrivateProfileIntW
OutputDebugStringA
SetFilePointer
WaitForSingleObject
CreateFileW
GetCurrentThreadId
ReleaseMutex
GetPrivateProfileStringW
Sleep
OutputDebugStringW
LockResource
CloseHandle
FindResourceExW
LoadResource
FindResourceW
GetLocalTime
GetCurrentProcessId
lstrcmpiW
lstrcmpW
CreateDirectoryW
FindFirstFileW
GetCurrentProcess
RemoveDirectoryW
WaitForMultipleObjects
GetEnvironmentVariableW
FindClose
GetFileAttributesW
DuplicateHandle
MultiByteToWideChar
FormatMessageW
DeleteFileW
LoadLibraryW
GetCurrentDirectoryW
GetProcAddress
LocalFree
FreeLibrary
GetTempFileNameW
OpenMutexW
GetTickCount
GetExitCodeProcess
ReadFile
CompareFileTime
SetEndOfFile
SetFileAttributesW
GetFileAttributesExW
FileTimeToSystemTime
MoveFileExW
GetFileSize
CopyFileW
GetSystemTimeAsFileTime
GetFileTime
FlushFileBuffers
lstrcpynW
ExitProcess
IsDebuggerPresent
GetModuleHandleW
WideCharToMultiByte
GetTimeZoneInformation
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
GetModuleFileNameW
GetTempPathW
GetCurrentThread
GetSystemDefaultLangID
TryEnterCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
CreateMutexW
CreateEventW
SetEvent
ResetEvent
GetLongPathNameW
SetPriorityClass
TerminateProcess
WaitForMultipleObjectsEx
OpenProcess
CreateToolhelp32Snapshot
ProcessIdToSessionId
Process32NextW
WaitForSingleObjectEx
Process32FirstW
ReadProcessMemory
SetHandleInformation
CreatePipe
GetSystemPowerStatus
GlobalMemoryStatusEx
CreateProcessW
SetProcessWorkingSetSize
GetVersionExW
VerSetConditionMask
VerifyVersionInfoW
LocalAlloc
HeapSetInformation
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
GetStdHandle
QueryDosDeviceW
GetLogicalDriveStringsW
GetStringTypeExW
DeviceIoControl
SetEnvironmentVariableW
OpenEventW
IsWow64Process
GetComputerNameExW
GetCommandLineW
DebugBreak
lstrcmpA
GetSystemTime
CreateThread
SetCurrentDirectoryW
OpenThread
LoadLibraryExW
QueryPerformanceCounter
GetThreadLocale
GetStringTypeExA
SetFilePointerEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetStartupInfoW
InitializeSListHead
GetStringTypeW
InitializeCriticalSectionEx
EncodePointer
LCMapStringEx
GetCPInfo
RtlUnwind
InterlockedPushEntrySList
InterlockedFlushSList
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemInfo
VirtualAlloc
VirtualProtect
GetModuleHandleExW
GetFileType
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetFileSizeEx
SetStdHandle
GetConsoleOutputCP
GetConsoleMode
ReadConsoleW
WriteConsoleW
GetUserDefaultLangID
GetProcessId
QueryPerformanceFrequency
UnregisterWaitEx
GetProcessHeap
DeleteCriticalSection
HeapDestroy
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
GetLastError
HeapSize
InitializeCriticalSectionAndSpinCount
RegisterWaitForSingleObject
QueueUserWorkItem
Thread32First
Thread32Next
SetProcessShutdownParameters
GetProcessShutdownParameters
GetPrivateProfileSectionNamesW
DeleteTimerQueueTimer
VirtualQuery
FindNextFileW
HeapFree

oleaut32

SysStringByteLen
SysAllocStringByteLen
SysReAllocStringLen
SysFreeString
SysAllocStringLen
VarBstrCmp
SafeArrayRedim
SafeArrayDestroy
SafeArrayGetUBound
SafeArrayUnlock
SafeArrayGetLBound
SafeArrayCopy
SafeArrayGetVartype
SafeArrayLock
SafeArrayCreate
LoadRegTypeLi
VariantChangeType
OleCreateFontIndirect
VariantClear
VariantInit
SysAllocString
LoadTypeLi
VarUI4FromStr
SysStringLen

user32

GetMonitorInfoW
CharLowerW
CharUpperW
FlashWindow
UnregisterClassW
SetClipboardData
EmptyClipboard
CloseClipboard
OpenClipboard
LoadImageW
EnumWindows
GetSystemMetrics
SendMessageW
GetMenuState
InflateRect
SetActiveWindow
OffsetRect
IsMenu
CopyRect
FrameRect
IsRectEmpty
UpdateWindow
GetCursorPos
EnumChildWindows
EnableMenuItem
EnableWindow
IsDialogMessageW
SendDlgItemMessageW
GetWindowTextLengthW
GetSystemMenu
GetFocus
GetDC
FillRect
ScreenToClient
EndDialog
SetWindowTextW
ShowWindow
InvalidateRgn
RedrawWindow
DestroyIcon
ClientToScreen
DestroyAcceleratorTable
IsChild
GetTopWindow
GetSysColor
MoveWindow
CreateAcceleratorTableW
SetLayeredWindowAttributes
SetFocus
SetWindowContextHelpId
GetClassNameW
MonitorFromWindow
SetCapture
MapDialogRect
SetWindowPos
DestroyWindow
RemoveMenu
GetDlgItem
GetDesktopWindow
GetWindowRect
GetWindow
AllowSetForegroundWindow
GetMessageW
GetWindowLongW
wsprintfW
wvsprintfW
MessageBoxW
CharNextA
CharLowerBuffA
IsWindow
LoadStringW
PostThreadMessageW
CharNextW
CharUpperBuffW
GetWindowThreadProcessId
IsWindowVisible
CreateDialogIndirectParamW
RegisterWindowMessageW
ReleaseCapture
InvalidateRect
ReleaseDC
BeginPaint
EndPaint
GetWindowTextW
CreateWindowExW
DispatchMessageW
CharLowerBuffW
PeekMessageW
MapWindowPoints
TranslateMessage
GetClientRect
PostQuitMessage
GetParent
SetForegroundWindow
PostMessageW
WaitForInputIdle
GetClassInfoExW
KillTimer
SetWindowLongW
LoadCursorW
SetTimer
RegisterClassExW
CallWindowProcW
DefWindowProcW

crypt32

CryptHashCertificate
CertGetNameStringW
CertCloseStore
CertDuplicateCertificateContext
CryptQueryObject
CertEnumCertificatesInStore
CertFreeCertificateContext
CryptProtectData
CryptUnprotectData

iphlpapi

GetIfTable

msi

ord190
ord141
ord88

netapi32

NetWkstaGetInfo
NetWkstaUserGetInfo
NetApiBufferFree
NetGetJoinInformation

psapi

EnumProcessModules
GetModuleFileNameExW
EnumProcesses

shlwapi

PathCreateFromUrlW
PathAppendA
PathIsRelativeW
PathAppendW
PathCanonicalizeW
UrlUnescapeW
PathFindExtensionW
UrlEscapeW
UrlUnescapeA
PathAddBackslashW
PathRemoveFileSpecW
PathRemoveExtensionW
PathStripPathW
PathCommonPrefixW
PathFindFileNameW
SHQueryValueExW
StrRetToStrW
PathFileExistsW
PathAddExtensionW
UrlCombineW
PathIsDirectoryW
UrlIsW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

userenv

CreateEnvironmentBlock
GetProfileType
DestroyEnvironmentBlock
ExpandEnvironmentStringsForUserW
UnloadUserProfile

wintrust

WinVerifyTrust

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW
WTSEnumerateSessionsW

advapi32

RegQueryInfoKeyW
ControlService
QueryServiceStatus
SystemFunction036
DuplicateToken
GetUserNameW
InitializeSecurityDescriptor
OpenServiceW
RegOpenCurrentUser
IsTextUnicode
DeregisterEventSource
CreateServiceW
SetServiceStatus
ChangeServiceConfig2W
DeleteService
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW
QueryServiceConfigW
ChangeServiceConfigW
QueryServiceConfig2W
RegisterEventSourceW
ReportEventW
RegOverridePredefKey
ImpersonateLoggedOnUser
TraceEvent
GetTraceLoggerHandle
GetTraceEnableFlags
GetSecurityInfo
GetTraceEnableLevel
RegisterTraceGuidsW
UnregisterTraceGuids
GetSidSubAuthorityCount
GetSidIdentifierAuthority
RevertToSelf
AllocateAndInitializeSid
ImpersonateSelf
FreeSid
CheckTokenMembership
RegNotifyChangeKeyValue
RegCloseKey
StartServiceW
RegDeleteKeyW
RegCreateKeyExW
RegEnumKeyExW
RegSetValueExW
RegDeleteValueW
RegEnumValueW
LookupPrivilegeValueW
AdjustTokenPrivileges
CreateProcessAsUserW
ConvertSidToStringSidW
DuplicateTokenEx
OpenThreadToken
SetSecurityDescriptorDacl
GetAclInformation
SetSecurityDescriptorOwner
GetAce
EqualSid
CloseServiceHandle
OpenSCManagerW
ConvertSecurityDescriptorToStringSecurityDescriptorW
GetNamedSecurityInfoW
ConvertStringSidToSidW
OpenProcessToken
MakeSelfRelativeSD
RegQueryValueExW
GetSecurityDescriptorLength
GetLengthSid
RegOpenKeyExW
InitializeAcl
AddAce
IsValidSid
GetSecurityDescriptorOwner
InitializeSid
CopySid
GetSecurityDescriptorControl
SetNamedSecurityInfoW
GetSidLengthRequired
GetSidSubAuthority
GetSecurityDescriptorGroup
GetSecurityDescriptorDacl
GetSecurityDescriptorSacl
GetTokenInformation
SetSecurityDescriptorGroup
MakeAbsoluteSD

ole32

CoImpersonateClient
CoGetCallContext
CoRevertToSelf
CoTaskMemFree
CoAddRefServerProcess
CoReleaseServerProcess
CoTaskMemAlloc
CoUninitialize
CoInitializeSecurity
CoResumeClassObjects
CoSuspendClassObjects
CoTaskMemRealloc
CoInitializeEx
CoRevokeClassObject
CoRegisterPSClsid
CoSetProxyBlanket
OleSaveToStream
CoCreateInstance
ReadClassStm
WriteClassStm
CLSIDFromString
CreateStreamOnHGlobal
CoGetClassObject
CoGetObject
StringFromGUID2
CoCreateGuid
CoRegisterClassObject
OleUninitialize
CLSIDFromProgID
OleInitialize
IIDFromString
OleLockRunning

shell32

ord680
ShellExecuteExW
CommandLineToArgvW
SHGetFolderPathW
SHGetFolderLocation
SHGetDesktopFolder

comctl32

InitCommonControlsEx
_TrackMouseEvent

msimg32

GradientFill

uxtheme

SetWindowTheme

wininet

InternetReadFile
InternetQueryDataAvailable
HttpAddRequestHeadersW
InternetConnectW
InternetCloseHandle
HttpSendRequestW
InternetCrackUrlW
HttpQueryInfoW
HttpOpenRequestW
InternetOpenW

gdi32

GetTextMetricsW
OffsetRgn
CreateRectRgn
SetTextColor
GetRegionData
DPtoLP
CreateFontIndirectW
CreateSolidBrush
DeleteObject
GetObjectW
DeleteDC
GetDeviceCaps
GetStockObject
SetViewportOrgEx
SetBkColor
CombineRgn
FillRgn
ExtTextOutW
BitBlt
CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
CreateRectRgnIndirect

Exports

Exports

DllEntry

Sections

.text
Size: 959KB - Virtual size: 959KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 306KB - Virtual size: 306KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

96b15dedf8dab78343a74472ca301ee2

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

09:02:b3:6b:32:51:c3:28:08:3f:77:7c:a0:84:28:ffCertificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

40:67:f0:eb:ff:93:ab:86:c5:5f:2f:bb:37:a4:22:0a:c4:2b:3b:68:84:fa:ed:e6:66:23:fb:9f:a8:59:7a:9bSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

oleaut32

user32

crypt32

iphlpapi

msi

netapi32

psapi

shlwapi

version

userenv

wintrust

wtsapi32

advapi32

ole32

shell32

comctl32

msimg32

uxtheme

wininet

gdi32

Exports

Exports

Sections

.text Size: 959KB - Virtual size: 959KB

.rdata Size: 306KB - Virtual size: 306KB

.data Size: 8KB - Virtual size: 22KB

.rsrc Size: 75KB - Virtual size: 75KB

.reloc Size: 51KB - Virtual size: 50KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

09:02:b3:6b:32:51:c3:28:08:3f:77:7c:a0:84:28:ff
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

40:67:f0:eb:ff:93:ab:86:c5:5f:2f:bb:37:a4:22:0a:c4:2b:3b:68:84:fa:ed:e6:66:23:fb:9f:a8:59:7a:9b
Signer

.text
Size: 959KB - Virtual size: 959KB

.rdata
Size: 306KB - Virtual size: 306KB

.data
Size: 8KB - Virtual size: 22KB

.rsrc
Size: 75KB - Virtual size: 75KB

.reloc
Size: 51KB - Virtual size: 50KB