VSoft[.]archITekt[.]21[.]Local[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

VSoft.archITekt.21.Local.exe
Size

1.7MB
MD5

1574d97088916941ee41075061da076d
SHA1

21ce40ae7bfaf937187e43a6c10865a431bd71bb
SHA256

cd901fbd7325f4cbf2498bd2b32bb6e79d2dfdaea486ccfdd35af1166478a38b
SHA512

bd5f8ad3a60a862fcfd949d8e446cb7c6ec8d6e5d6421015a7b1dcc4f6902c6afd10c99ebf1d2eadb772dc0fa5d8b5289b46a79d896cc022f920725d2fec632a
SSDEEP

24576:My9R8jqZ46+vCA4H2XmMKZjTiqyVGChEJgr/XumfrZFV9riwpGzduJue3H:My9WjqZ4Xvo22/qvfZxFGh5GH

Score

1^/10

Malware Config

Signatures

Files

VSoft.archITekt.21.Local.exe
.exe windows:4 windows x86

b2ff2349e5676d5b77bd399ac020bced

Code Sign

bb:f0:cc:b5:b7:b8:31:fd:21:ae:32:77:8a:e4:0c:89
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19-05-2021 05:32

Not After

18-05-2036 05:32

Subject

CN=Certum Extended Validation Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1f:08:23:42:6f:99:f8:c0:8a:2c:21:36:7d:43:0a:82
Certificate

Issuer

CN=Certum Extended Validation Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

17-02-2022 11:06

Not After

16-02-2025 11:06

Subject

SERIALNUMBER=0000167032,CN=VSOFT S.A.,O=VSOFT S.A.,POSTALCODE=30-644,STREET=Puszkarska 7J,L=Kraków,ST=małopolskie,C=PL,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#0c074b72616bc3b377,1.3.6.1.4.1.311.60.2.1.2=#0c0c6d61c5826f706f6c736b6965,1.3.6.1.4.1.311.60.2.1.3=#1302504c

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

17:cf:0d:4f:fe:36:49:92:66:29:49:aa:b9:c1:33:fb:44:db:0e:66
Signer

Actual PE Digest

17:cf:0d:4f:fe:36:49:92:66:29:49:aa:b9:c1:33:fb:44:db:0e:66

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetLastError
InterlockedExchange
GetSystemDirectoryA
GetWindowsDirectoryA
GetModuleFileNameA
GetModuleHandleA
CompareStringA
SetEvent
WaitForSingleObject
ResumeThread
CloseHandle
LoadLibraryA
WriteFile
LockResource
InitializeCriticalSectionAndSpinCount
LocalFree
ReadFile
GetLastError
SizeofResource
GetTempPathA
FindClose
GetSystemInfo
GetSystemDefaultLCID
GetUserDefaultLCID
GetCurrentProcess
Sleep
GetCurrentThreadId
SetFilePointer
SetFileTime
LocalFileTimeToFileTime
GetTickCount
DosDateTimeToFileTime
TlsGetValue
TlsSetValue
GetCommandLineW
GetFileAttributesA
CreateFileA
TlsAlloc
LocalAlloc
RaiseException
GlobalAlloc
GlobalLock
lstrcmpA
EnumResourceLanguagesW
GetVersion
ConvertDefaultLocale
GetCurrentThread
GlobalDeleteAtom
SetThreadPriority
SuspendThread
GetVersionExA
GlobalUnlock
GlobalFree
GlobalFlags
GlobalReAlloc
GlobalHandle
LocalReAlloc
TlsFree
GetThreadLocale
FlushFileBuffers
SetEndOfFile
lstrlenA
SetErrorMode
HeapFree
HeapAlloc
GetProcessHeap
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
GetConsoleCP
GetConsoleMode
ExitProcess
ExitThread
CreateThread
HeapReAlloc
HeapSize
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
VirtualAlloc
GetACP
GetOEMCP
LCMapStringA
GetTimeZoneInformation
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
SetEnvironmentVariableA
InterlockedCompareExchange
LoadResource
InterlockedDecrement
FindResourceA
GetCurrentProcessId
FreeLibrary
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
InterlockedIncrement
GetExitCodeProcess

user32

GetTopWindow
GetDlgItem
GetForegroundWindow
GetCapture
ClientToScreen
GetDC
ReleaseDC
BeginPaint
EndPaint
GetSysColorBrush
GetMessageTime
UnregisterClassA
SetTimer
UnhookWindowsHookEx
EndDialog
IsWindow
ExitWindowsEx
GetSystemMetrics
MonitorFromWindow
ShowWindow
GetMessagePos
SetForegroundWindow
GetClientRect
GetMenu
GetSubMenu
GetMenuItemID
GetMenuItemCount
GetSysColor
AdjustWindowRectEx
GetDlgCtrlID
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindow
GetWindowThreadProcessId
GetLastActivePopup
IsWindowEnabled
SetCursor
CallNextHookEx
GetActiveWindow
IsWindowVisible
GetWindowPlacement
GetWindowRect
GetKeyState
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
GetFocus
DestroyWindow
PostQuitMessage
MapWindowPoints
TranslateMessage
UpdateWindow
PtInRect
GetParent
GetMenuState
EnableMenuItem
CheckMenuItem
CopyRect
DestroyMenu
MessageBoxA

comctl32

ord17

shlwapi

PathFindFileNameW
PathFindExtensionW
PathCombineW

ole32

StringFromGUID2
CoCreateGuid
IIDFromString

oleaut32

VariantClear
VariantChangeType
VariantInit

urlmon

URLDownloadToFileW

advapi32

LookupPrivilegeValueW
AdjustTokenPrivileges
FreeSid
GetTokenInformation
DuplicateToken
AllocateAndInitializeSid
RegCloseKey
OpenProcessToken

gdi32

SetBkColor
SaveDC
RestoreDC
CreateCompatibleDC
SetMapMode
SetTextColor
GetClipBox
CreateBitmap
BitBlt
GetDeviceCaps
GetStockObject
DeleteDC
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
RectVisible
PtVisible
DeleteObject

winspool.drv

ClosePrinter

oleacc

CreateStdAccessibleObject
LresultFromObject

msi

ord205
ord45
ord70

Sections

.text
Size: 572KB - Virtual size: 570KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 152KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 988KB - Virtual size: 985KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b2ff2349e5676d5b77bd399ac020bced

Code Sign

bb:f0:cc:b5:b7:b8:31:fd:21:ae:32:77:8a:e4:0c:89Certificate

Extended Key Usages

Key Usages

1f:08:23:42:6f:99:f8:c0:8a:2c:21:36:7d:43:0a:82Certificate

Extended Key Usages

Key Usages

17:cf:0d:4f:fe:36:49:92:66:29:49:aa:b9:c1:33:fb:44:db:0e:66Signer

Headers

File Characteristics

Imports

kernel32

user32

comctl32

shlwapi

ole32

oleaut32

urlmon

advapi32

gdi32

winspool.drv

oleacc

msi

Sections

.text Size: 572KB - Virtual size: 570KB

.rdata Size: 152KB - Virtual size: 148KB

.data Size: 20KB - Virtual size: 33KB

.rsrc Size: 988KB - Virtual size: 985KB

bb:f0:cc:b5:b7:b8:31:fd:21:ae:32:77:8a:e4:0c:89
Certificate

1f:08:23:42:6f:99:f8:c0:8a:2c:21:36:7d:43:0a:82
Certificate

17:cf:0d:4f:fe:36:49:92:66:29:49:aa:b9:c1:33:fb:44:db:0e:66
Signer

.text
Size: 572KB - Virtual size: 570KB

.rdata
Size: 152KB - Virtual size: 148KB

.data
Size: 20KB - Virtual size: 33KB

.rsrc
Size: 988KB - Virtual size: 985KB