73515a01ff9263dea31085d0217557f1867de02fa01713293f99fafdaa61e4b1

Sharing

Copy URL Twitter E-mail

General

Target

73515a01ff9263dea31085d0217557f1867de02fa01713293f99fafdaa61e4b1
Size

2.0MB
MD5

dcb7c71e244e30a4cca5b3257b355ad3
SHA1

a3fa6fbdee1e60ea89830bd0d8f4e21933eca2b3
SHA256

73515a01ff9263dea31085d0217557f1867de02fa01713293f99fafdaa61e4b1
SHA512

a55ad586a5188b391dc74399b5f7f986a4aa12aae4ef2c4fca02ccb7125f21d2f60c4d426b22d5c6271b4339227e72bc78b1a6a9b1d783c2ce7b99f32f1b8604
SSDEEP

24576:RHrRXVWpV+aZaBhclvBCKyAaLMQQi6Cv084P4JcDqG/:5RlbYvYKyAaLM5i6Cu4J/G/

Score

1^/10

Malware Config

Signatures

Files

73515a01ff9263dea31085d0217557f1867de02fa01713293f99fafdaa61e4b1
.exe windows:6 windows x86

84d656ea42a7f0442864658c642b199b

Code Sign

3e:04:e3:8a:28:96:56:48:b8:f0:28:12:dd:f0:16:0f
Certificate

Issuer

CN=topolo-Z Self Signed CA

Not Before

01/01/2018, 00:00

Not After

31/12/2039, 23:59

Subject

CN=topolo-Z

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3e:04:e3:8a:28:96:56:48:b8:f0:28:12:dd:f0:16:0f
Certificate

Issuer

CN=topolo-Z Self Signed CA

Not Before

01/01/2018, 00:00

Not After

31/12/2039, 23:59

Subject

CN=topolo-Z

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c6:59:57:40:af:c1:01:19:db:0b:6c:00:82:7e:c0:43:3c:3d:0b:56:ae:2e:a6:9d:46:47:c3:1d:0d:fa:93:a3
Signer

Actual PE Digest

c6:59:57:40:af:c1:01:19:db:0b:6c:00:82:7e:c0:43:3c:3d:0b:56:ae:2e:a6:9d:46:47:c3:1d:0d:fa:93:a3

Digest Algorithm

sha256

PE Digest Matches

true

fa:2d:f0:5c:f6:ac:79:12:1d:8e:b3:c1:4f:6d:4c:04:f6:23:66:90
Signer

Actual PE Digest

fa:2d:f0:5c:f6:ac:79:12:1d:8e:b3:c1:4f:6d:4c:04:f6:23:66:90

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

quicklink2

QLAPI_ImportSettings
QLCalibration_GetStatus
QLCalibration_Load
QLDevice_Start
QLDevice_GetFrame
QLCalibration_Calibrate
QLSettings_Create
QLDevice_Enumerate
QLCalibration_Create
QLSettings_SetValueInt
QLCalibration_GetTargets
QLCalibration_Finalize
QLCalibration_Save
QLDevice_ApplyCalibration
QLCalibration_Cancel
QLDevice_Stop
QLCalibration_Initialize
QLDevice_ImportSettings

comctl32

ImageList_Remove
ImageList_GetImageCount
InitCommonControlsEx
ord381
ImageList_Destroy
ord413
ord410
ImageList_Draw
ord412
ImageList_GetIconSize
CreatePropertySheetPageW
PropertySheetW
ImageList_ReplaceIcon
ImageList_Create

uxtheme

DrawThemeParentBackground
IsThemeBackgroundPartiallyTransparent
CloseThemeData
GetCurrentThemeName
SetWindowTheme
DrawThemeTextEx
OpenThemeData
DrawThemeBackground

dwmapi

DwmGetColorizationColor
DwmExtendFrameIntoClientArea
DwmIsCompositionEnabled
DwmGetWindowAttribute
DwmSetWindowAttribute

shlwapi

PathRemoveBackslashW
PathFindExtensionW
PathUnquoteSpacesW
SHAutoComplete
PathFileExistsW
PathRemoveFileSpecW
PathStripPathW
PathAddBackslashW
PathFindFileNameW
PathIsDirectoryW
PathIsURLW
AssocQueryStringW
UrlGetPartW
PathQuoteSpacesW
PathCombineW
ord214
PathRemoveExtensionW
PathRemoveArgsW
StrTrimW
PathIsRelativeW
PathRemoveBlanksW
ord12

winmm

mmioOpenW
joyGetNumDevs
timeGetTime
mciSendStringW
mmioRead
mmioClose
mmioAscend
mmioDescend
mmioStringToFOURCCW
PlaySoundW
joyGetPosEx

powrprof

ReadGlobalPwrPolicy
SetSuspendState

oleacc

AccessibleObjectFromWindow
AccessibleChildren

sas

SendSAS

xmllite

CreateXmlReader

gdiplus

GdipDisposeImage
GdipCloneImage
GdipAlloc
GdipSetSmoothingMode
GdipSetInterpolationMode
GdipGetImageHeight
GdipFree
GdipDrawImageRectI
GdipCreateFromHDC
GdipDeleteGraphics
GdipGetImageWidth
GdipSetCompositingQuality
GdipLoadImageFromFile
GdiplusShutdown
GdiplusStartup

wtsapi32

WTSRegisterSessionNotification
WTSUnRegisterSessionNotification

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

setupapi

SetupDiEnumDeviceInfo
SetupDiGetDevicePropertyW
SetupDiGetClassDevsExW
SetupDiOpenDevRegKey
SetupDiDestroyDeviceInfoList
SetupDiChangeState
SetupDiSetClassInstallParamsW
SetupDiGetDeviceInstanceIdW
SetupDiGetClassDevsW

imm32

ImmGetDefaultIMEWnd

wininet

HttpQueryInfoW
InternetOpenW
InternetCloseHandle
InternetReadFile
InternetOpenUrlW

ws2_32

ntohs
WSACleanup
recvfrom
socket
WSAEventSelect
closesocket
bind
htons
ntohl
WSAStartup
htonl
setsockopt
ioctlsocket

kernel32

InitOnceComplete
WakeConditionVariable
InitializeConditionVariable
TryAcquireSRWLockExclusive
GetModuleHandleExW
RtlUnwind
CloseThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolWork
FreeLibraryWhenCallbackReturns
GetExitCodeThread
WaitForSingleObjectEx
LeaveCriticalSection
InitOnceBeginInitialize
EnterCriticalSection
OutputDebugStringW
InitializeSListHead
GetSystemTimeAsFileTime
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
EncodePointer
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
LoadLibraryExA
VirtualQuery
GetSystemInfo
RaiseException
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CreateThread
ExitThread
FreeLibraryAndExitThread
CreateFileW
QueryPerformanceFrequency
QueryPerformanceCounter
GetCurrentProcess
InitializeCriticalSectionEx
GetLastError
CloseHandle
DecodePointer
LocalFree
DeleteCriticalSection
VerSetConditionMask
VerifyVersionInfoW
IsWow64Process
GetTickCount64
GetCommandLineW
OpenProcess
Sleep
VirtualProtect
GetThreadUILanguage
GetModuleHandleW
CreateDirectoryW
WritePrivateProfileStringW
HeapFree
OpenFileMappingW
UnmapViewOfFile
GetPrivateProfileStringW
HeapAlloc
GetProcessHeap
CreateFileMappingW
MapViewOfFile
SetThreadPriority
WaitForSingleObject
CreateEventW
SetEvent
GetCurrentThread
ResetEvent
QueryFullProcessImageNameW
TerminateThread
GetProcAddress
FreeLibrary
SetDllDirectoryW
LoadLibraryExW
ExpandEnvironmentStringsW
GetPrivateProfileIntW
GetPrivateProfileSectionNamesW
CompareFileTime
FindFirstFileW
FindNextFileW
FindClose
GetFileTime
GetLongPathNameW
WaitForMultipleObjects
DeleteFileW
CopyFileW
GetSystemPowerStatus
GetCurrentProcessId
GetWindowsDirectoryW
Wow64DisableWow64FsRedirection
GetModuleFileNameW
Wow64RevertWow64FsRedirection
GetCurrentDirectoryW
GetLocaleInfoEx
CreateMutexW
GetCurrentThreadId
FormatMessageW
GetUserDefaultLCID
OpenMutexW
RegisterApplicationRestart
SetLastError
SetThreadUILanguage
GetUserDefaultUILanguage
GetVersionExW
LoadLibraryW
WriteFile
RemoveDirectoryW
SetFileTime
GetTempPathW
SetFileInformationByHandle
GetTempFileNameW
SetWaitableTimer
CreateWaitableTimerW
TerminateProcess
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
GetTimeZoneInformation
ExitProcess
GetStdHandle
GetFileType
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesW
GetFileSizeEx
SetFilePointerEx
WideCharToMultiByte
MultiByteToWideChar
ReadFile
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetStringTypeW
HeapSize
HeapReAlloc
GetConsoleOutputCP
GetConsoleMode
FlushFileBuffers
ReadConsoleW
SetEndOfFile
WriteConsoleW
SleepConditionVariableSRW

user32

GetTitleBarInfo
ModifyMenuW
IsIconic
GetTopWindow
GetGUIThreadInfo
ToUnicodeEx
MapVirtualKeyExW
GetKeyboardState
GetKeyState
PeekMessageW
MsgWaitForMultipleObjects
LoadImageW
DrawFrameControl
RegisterWindowMessageW
SetRect
CheckMenuItem
RegisterRawInputDevices
SetLayeredWindowAttributes
SetMenuInfo
GetRawInputData
GetLayeredWindowAttributes
GetMonitorInfoW
GetRawInputDeviceInfoW
MonitorFromPoint
EndDialog
GetDlgCtrlID
InternalGetWindowText
LoadBitmapW
DrawTextW
PtInRect
BeginPaint
EndPaint
GetWindowThreadProcessId
GetSystemMenu
GetWindow
MonitorFromWindow
RealGetWindowClassW
CloseDesktop
GetCursorInfo
GetForegroundWindow
OpenInputDesktop
EnableMenuItem
PostMessageW
SetWindowPos
GetSystemMetrics
MessageBeep
GetCapture
WindowFromPhysicalPoint
LoadIconW
keybd_event
LoadCursorW
SetCapture
SetCursor
SetWindowLongW
GetClientRect
SystemParametersInfoW
DialogBoxParamW
ReleaseCapture
FindWindowW
GetWindowLongW
GetPhysicalCursorPos
GetMenuItemInfoW
LoadMenuW
GetMenuItemID
InsertMenuItemW
DestroyWindow
GetMenuItemCount
DeleteMenu
SetWindowTextW
TrackPopupMenu
GetSubMenu
DestroyIcon
SetMenuItemInfoW
MapWindowPoints
TrackMouseEvent
SetMenuDefaultItem
IsWindowEnabled
DestroyMenu
GetDlgItem
GetParent
UpdateWindow
SetForegroundWindow
InvalidateRect
GetAncestor
EnableWindow
GetMessageW
DefWindowProcW
CreateWindowExW
SendMessageW
RegisterClassExW
LoadStringW
DispatchMessageW
SetTimer
TranslateMessage
KillTimer
PostQuitMessage
GetWindowRect
GetDesktopWindow
SetPhysicalCursorPos
mouse_event
IsChild
MessageBoxExW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
FlashWindowEx
GetKeyboardLayout
LockWorkStation
GetKeyNameTextW
SendInput
InflateRect
SetClassLongW
GetClassLongW
CallWindowProcW
GetScrollInfo
DrawStateW
MapVirtualKeyW
CheckRadioButton
GetIconInfo
SetDlgItemTextW
ExitWindowsEx
GetIconInfoExW
SetSystemCursor
UnregisterHotKey
RegisterHotKey
CheckDlgButton
CheckMenuRadioItem
GetDlgItemTextW
SendDlgItemMessageW
GetDC
PrivateExtractIconsW
CreateIconIndirect
DrawIconEx
SetFocus
ReleaseDC
CreateDialogParamW
GetSysColorBrush
FindWindowExW
ShowWindowAsync
GetFocus
IsWindowVisible
EnumChildWindows
FillRect
DrawIcon
ShowWindow
GetSysColor
GetAsyncKeyState
GetWindowTextW

gdi32

StretchBlt
SetBrushOrgEx
PlgBlt
GetDeviceCaps
BitBlt
CreateCompatibleBitmap
SaveDC
GetTextFaceW
GetStockObject
GetClipBox
CreateRectRgnIndirect
DeleteDC
GetTextExtentPoint32W
SetTextColor
SetBkMode
SelectClipRgn
GetObjectW
RestoreDC
CreateSolidBrush
SelectObject
LineTo
CreatePen
MoveToEx
AngleArc
SetStretchBltMode
RoundRect
EnumFontFamiliesExW
SetBkColor
ExtTextOutW
RectVisible
TranslateCharsetInfo
GetDCOrgEx
ExtCreatePen
GetTextMetricsW
CreateCompatibleDC
DeleteObject
Ellipse
SetDIBits
GetDIBits
Rectangle
ExcludeClipRect
GetGlyphIndicesW
CreateFontW

comdlg32

GetOpenFileNameW
ChooseColorW
CommDlgExtendedError

advapi32

RegQueryValueExW
GetTokenInformation
CheckTokenMembership
RegEnumKeyExW
RegCreateKeyExW
LookupPrivilegeValueW
AdjustTokenPrivileges
RegDeleteKeyValueW
RegNotifyChangeKeyValue
RegSetKeyValueW
QueryServiceStatus
CloseServiceHandle
OpenSCManagerW
StartServiceW
OpenServiceW
RegSetValueExW
RegOpenKeyExW
RegGetValueW
AllocateAndInitializeSid
SetEntriesInAclW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
OpenProcessToken
FreeSid
RegCloseKey

shell32

ShellExecuteW
SHGetFolderPathW
ExtractAssociatedIconW
SHGetPropertyStoreForWindow
SHCreateItemFromParsingName
SetCurrentProcessExplicitAppUserModelID
SHGetFileInfoW
SHFileOperationW
SHParseDisplayName
SHAppBarMessage
Shell_NotifyIconW
SHQueryUserNotificationState
CommandLineToArgvW

ole32

CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree
CoSetProxyBlanket
CoUninitialize
CoInitializeEx
PropVariantClear

oleaut32

SafeArrayGetElement
SysAllocString
SafeArrayCopyData
SafeArrayCopy
VariantInit
SysFreeString
VariantClear
SafeArrayDestroy

Sections

.text
Size: 597KB - Virtual size: 596KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

84d656ea42a7f0442864658c642b199b

Code Sign

3e:04:e3:8a:28:96:56:48:b8:f0:28:12:dd:f0:16:0fCertificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

3e:04:e3:8a:28:96:56:48:b8:f0:28:12:dd:f0:16:0fCertificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

c6:59:57:40:af:c1:01:19:db:0b:6c:00:82:7e:c0:43:3c:3d:0b:56:ae:2e:a6:9d:46:47:c3:1d:0d:fa:93:a3Signer

fa:2d:f0:5c:f6:ac:79:12:1d:8e:b3:c1:4f:6d:4c:04:f6:23:66:90Signer

Headers

DLL Characteristics

File Characteristics

Imports

quicklink2

comctl32

uxtheme

dwmapi

shlwapi

winmm

powrprof

oleacc

sas

xmllite

gdiplus

wtsapi32

version

setupapi

imm32

wininet

ws2_32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 597KB - Virtual size: 596KB

.rdata Size: 94KB - Virtual size: 93KB

.data Size: 8KB - Virtual size: 73KB

.rsrc Size: 1.2MB - Virtual size: 1.2MB

.reloc Size: 40KB - Virtual size: 40KB

3e:04:e3:8a:28:96:56:48:b8:f0:28:12:dd:f0:16:0f
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

3e:04:e3:8a:28:96:56:48:b8:f0:28:12:dd:f0:16:0f
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

c6:59:57:40:af:c1:01:19:db:0b:6c:00:82:7e:c0:43:3c:3d:0b:56:ae:2e:a6:9d:46:47:c3:1d:0d:fa:93:a3
Signer

fa:2d:f0:5c:f6:ac:79:12:1d:8e:b3:c1:4f:6d:4c:04:f6:23:66:90
Signer

.text
Size: 597KB - Virtual size: 596KB

.rdata
Size: 94KB - Virtual size: 93KB

.data
Size: 8KB - Virtual size: 73KB

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

.reloc
Size: 40KB - Virtual size: 40KB