6b7d4dda063c93710d3350944fc95156ed938c6a889b0a4418fb43a71d650d41

Sharing

Copy URL

Twitter E-mail

General

Target

6b7d4dda063c93710d3350944fc95156ed938c6a889b0a4418fb43a71d650d41
Size

2.1MB
MD5

4c3021987d039f59a3aa6fcd423143f5
SHA1

508960918d960e7fb1df7d5ddefe26e82ef1b167
SHA256

6b7d4dda063c93710d3350944fc95156ed938c6a889b0a4418fb43a71d650d41
SHA512

879823c8d3410b81678ab5f5abc0ef9da5daaaa662583717c20c45f8bd2c8771435a630acb565383eb41cef031e9bef3d3431f3d263c4bcb82fb4de7a60f4c45
SSDEEP

49152:EXsGREfMYgHug4kAjZ1/y8HQzz2xrvrdQeCVUrJnCWVbj1gXjR16lc:EXorx6tun1gj66

Score

1^/10

Malware Config

Signatures

Files

6b7d4dda063c93710d3350944fc95156ed938c6a889b0a4418fb43a71d650d41
.exe windows:5 windows x86

ec12d3219c6550199aea68d98124bde3

Code Sign

bb:f0:cc:b5:b7:b8:31:fd:21:ae:32:77:8a:e4:0c:89
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19-05-2021 05:32

Not After

18-05-2036 05:32

Subject

CN=Certum Extended Validation Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:aa:67:49:8c:3a:5d:81:33:f2:8f:ef:e9:cc:c2:0e
Certificate

Issuer

CN=Certum Extended Validation Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

21-09-2023 10:26

Not After

20-09-2024 10:26

Subject

SERIALNUMBER=16807868,CN=Rimsara Development OU,O=Rimsara Development OU,POSTALCODE=21005,L=Narva,ST=Ida-Viru maakond,C=EE,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#13055461727475,1.3.6.1.4.1.311.60.2.1.2=#13055461727475,1.3.6.1.4.1.311.60.2.1.3=#13024545

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03-05-2023 00:00

Not After

02-08-2034 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9d:af:d8:59:3e:ca:6b:6d:68:46:c3:17:ef:0b:5a:a0:ae:ba:09:cc:ed:da:f8:7e:4b:89:d8:3f:6c:2b:7d:3f
Signer

Actual PE Digest

9d:af:d8:59:3e:ca:6b:6d:68:46:c3:17:ef:0b:5a:a0:ae:ba:09:cc:ed:da:f8:7e:4b:89:d8:3f:6c:2b:7d:3f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateProcessW
WaitForSingleObject
GetTickCount
WideCharToMultiByte
MultiByteToWideChar
CreateFileW
WriteFile
LocalAlloc
CreateDirectoryW
GetLastError
LocalFree
FindFirstFileW
FindNextFileW
FindClose
GetFileSize
GetLocaleInfoW
GetDateFormatW
GetTimeFormatW
GetTimeZoneInformation
SystemTimeToFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
lstrcatW
GetFileAttributesW
GetCurrentDirectoryW
SetCurrentDirectoryW
GetFileType
GetFileInformationByHandle
GetSystemTime
GetLocalTime
SetFilePointer
ReadFile
FileTimeToDosDateTime
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
DosDateTimeToFileTime
SetFileTime
WriteConsoleW
SetStdHandle
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
GetProcessHeap
FlushFileBuffers
GetConsoleCP
ReadConsoleW
GetConsoleMode
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetACP
GetStdHandle
GetModuleFileNameA
GetModuleHandleExW
ExitProcess
HeapFree
HeapReAlloc
HeapAlloc
QueryPerformanceFrequency
LoadLibraryExW
RtlUnwind
RaiseException
FormatMessageA
AreFileApisANSI
MoveFileExW
CopyFileW
GetModuleHandleA
DeviceIoControl
SetFilePointerEx
SetEndOfFile
RemoveDirectoryW
GetFileAttributesExW
DeleteFileW
InitializeSListHead
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
WaitForSingleObjectEx
ResetEvent
SetEvent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
LCMapStringW
CompareStringW
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
CreateEventW
InitializeCriticalSectionAndSpinCount
SetLastError
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
DecodePointer
EncodePointer
GetStringTypeW
GetSystemDirectoryW
lstrcpyW
HeapSize
LoadLibraryW
GetModuleHandleW
FreeLibrary
TerminateProcess
GetCurrentProcess
CreateThread
CloseHandle
Beep
Sleep
MulDiv
VerSetConditionMask
VerifyVersionInfoW
GetProcAddress
_lread
lstrlenW
lstrcpynW
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalReAlloc
IsWow64Process
GetModuleFileNameW
GetStartupInfoW

user32

ActivateKeyboardLayout
CreateIconIndirect
GetIconInfo
SetRect
SetScrollInfo
GetScrollInfo
GetScrollPos
TrackPopupMenuEx
InsertMenuW
GetMenuState
GetSubMenu
GetMenuItemRect
GetMenuItemInfoW
GetMenuItemCount
EnableMenuItem
ModifyMenuW
GetKeyboardLayoutList
LoadKeyboardLayoutW
UnloadKeyboardLayout
GetKeyboardLayout
LoadIconW
ScreenToClient
PtInRect
DestroyIcon
InflateRect
GetAsyncKeyState
CallWindowProcW
SetWindowLongW
LoadCursorW
SetCursor
KillTimer
FindWindowW
ShowWindow
SetFocus
GetMessageW
GetParent
TranslateMessage
DispatchMessageW
PostMessageW
MessageBoxW
GetDlgItem
EnableWindow
GetClientRect
InvalidateRect
SetScrollPos
SendMessageW
GetFocus
GetMessagePos
SendInput
VkKeyScanW
GetKeyboardState
ToUnicodeEx
MapVirtualKeyExW
ClientToScreen
GetKeyboardLayoutNameW
SetTimer
PostQuitMessage
RegisterClassExW
CreateWindowExW
DialogBoxParamW
EndDialog
IsWindowEnabled
SetCapture
ReleaseCapture
OffsetRect
EqualRect
SetWindowRgn
RedrawWindow
UnionRect
IntersectRect
ShowScrollBar
LoadImageW
DrawIconEx
DefWindowProcW
DestroyWindow
MoveWindow
MapWindowPoints
GetClassLongW
SetClassLongW
GetCursor
BeginPaint
EndPaint
IsWindowVisible
SetWindowTextW
GetWindowTextW
GetClassNameW
GetNextDlgTabItem
GetNextDlgGroupItem
CreateAcceleratorTableW
DestroyAcceleratorTable
TranslateAcceleratorW
GetWindowTextLengthW
GetComboBoxInfo
InsertMenuItemW
CreatePopupMenu
GetCursorPos
GetSysColorBrush
FillRect
SetWindowPos
CharNextW
ReleaseDC
TrackPopupMenu
GetDC
SetForegroundWindow
GetSysColor
GetWindowRect
SetMenuDefaultItem
CreateMenu
DestroyMenu
GetCapture
GetWindowLongW
SystemParametersInfoW
GetKeyState

gdi32

RemoveFontResourceExW
CreateBitmap
GetObjectW
SetLayout
ExtCreateRegion
GetPixel
AddFontResourceExW
GetFontData
GetOutlineTextMetricsW
ModifyWorldTransform
SetGraphicsMode
SetWindowOrgEx
SetPixel
SetViewportOrgEx
BitBlt
CreateCompatibleBitmap
CreateSolidBrush
RestoreDC
StretchBlt
SetStretchBltMode
SaveDC
CreateDIBSection
SelectClipRgn
DeleteDC
GetTextExtentPoint32W
CreateCompatibleDC
TextOutW
GetObjectA
CreateRectRgnIndirect
OffsetRgn
CombineRgn
CreateRectRgn
SetBkColor
SetTextColor
GetDeviceCaps
GetGlyphOutlineW
GetTextMetricsW
GetKerningPairsW
SelectObject
CreateFontIndirectW
DeleteObject

comdlg32

GetOpenFileNameW
ChooseColorW
GetSaveFileNameW

advapi32

SystemFunction036
GetUserNameW
AllocateAndInitializeSid
SetEntriesInAclW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
FreeSid
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
AccessCheck
MapGenericMask
DuplicateToken
OpenProcessToken
GetFileSecurityW

shell32

SHBrowseForFolderW
SHGetSpecialFolderPathW
SHGetPathFromIDListW
ShellExecuteExW
Shell_NotifyIconW
SHGetMalloc

gdiplus

GdipSetClipRect
ord1
GdipDrawPath
GdipDrawEllipse
GdipDrawLineI
GdipSetPenStartCap
GdipDrawRectangleI
GdipGetImageHeight
GdipGetImageWidth
GdipImageRotateFlip
GdipDrawImagePointsRectI
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipCreateBitmapFromHBITMAP
GdipSaveImageToFile
GdipDrawImageI
GdipSetLinePresetBlend
GdipDisposeImage
GdipCloneImage
GdipCreateBitmapFromGraphics
GdipDrawRectangle
GdipSetSmoothingMode
GdipGetSolidFillColor
GdipSetWorldTransform
GdipScaleMatrix
GdipRotateMatrix
GdipTranslateMatrix
GdipDeleteMatrix
GdipGraphicsClear
GdipCreateLineBrushFromRect
GdipFillRectangle
GdipFillEllipse
GdipDrawLines
GdipFillPolygon
GdipDrawLine
GdipCreateLineBrush
GdipCreatePen1
GdipCreateSolidFill
GdipSetTextRenderingHint
GdipDeletePen
GdipCloneBrush
GdipDeleteBrush
GdipFillPath
GdipDeleteFont
GdipDeletePrivateFontCollection
GdipMeasureDriverString
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDrawString
GdipDrawDriverString
GdipGetFontStyle
GdipCreateFontFamilyFromName
GdipGetGenericFontFamilySansSerif
GdipCreateFont
GdipGetFamilyName
GdipGetFontCollectionFamilyList
GdipCloneFontFamily
GdipPrivateAddFontFile
GdipNewPrivateFontCollection
GdipFree
GdipAlloc
GdipDeleteFontFamily
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipClosePathFigure
GdipAddPathBezier
GdipAddPathLine
GdipDeletePath
GdipCreatePath
GdipSetPathFillMode
GdipDeleteGraphics
GdipCreateFromHDC
GdiplusShutdown
GdiplusStartup
GdipSetPenDashStyle
GdipScaleWorldTransform
GdipResetWorldTransform
GdipFillRectangleI
GdipMeasureString
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromFileICM
GdipDrawImagePointRectI
GdipTranslateWorldTransform
GdipGetImageGraphicsContext
GdipCreateMatrix

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 323KB - Virtual size: 322KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Erot
Size: 213KB - Virtual size: 213KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.dorotea
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ec12d3219c6550199aea68d98124bde3

Code Sign

bb:f0:cc:b5:b7:b8:31:fd:21:ae:32:77:8a:e4:0c:89Certificate

Extended Key Usages

Key Usages

6d:aa:67:49:8c:3a:5d:81:33:f2:8f:ef:e9:cc:c2:0eCertificate

Extended Key Usages

Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

9d:af:d8:59:3e:ca:6b:6d:68:46:c3:17:ef:0b:5a:a0:ae:ba:09:cc:ed:da:f8:7e:4b:89:d8:3f:6c:2b:7d:3fSigner

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

gdiplus

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 323KB - Virtual size: 322KB

.data Size: 27KB - Virtual size: 37KB

.gfids Size: 2KB - Virtual size: 1KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 4KB - Virtual size: 4KB

Erot Size: 213KB - Virtual size: 213KB

.dorotea Size: 512B - Virtual size: 512B

bb:f0:cc:b5:b7:b8:31:fd:21:ae:32:77:8a:e4:0c:89
Certificate

6d:aa:67:49:8c:3a:5d:81:33:f2:8f:ef:e9:cc:c2:0e
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

9d:af:d8:59:3e:ca:6b:6d:68:46:c3:17:ef:0b:5a:a0:ae:ba:09:cc:ed:da:f8:7e:4b:89:d8:3f:6c:2b:7d:3f
Signer

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 323KB - Virtual size: 322KB

.data
Size: 27KB - Virtual size: 37KB

.gfids
Size: 2KB - Virtual size: 1KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 4KB - Virtual size: 4KB

Erot
Size: 213KB - Virtual size: 213KB

.dorotea
Size: 512B - Virtual size: 512B