c937e24670a87c8262c968e538217175d37b1f6c80c4a0c83452ee481dd2ef8b

Sharing

Copy URL Twitter E-mail

General

Target

c937e24670a87c8262c968e538217175d37b1f6c80c4a0c83452ee481dd2ef8b
Size

2.2MB
MD5

18b31a1eed054de66875995301dd8b52
SHA1

ef6037adfd9efd4435050d4bdb9a16b1a3c3cab5
SHA256

c937e24670a87c8262c968e538217175d37b1f6c80c4a0c83452ee481dd2ef8b
SHA512

bdc671f95f908180aa0c9f0d8ee4d60fa1a16755fa5b795c74efddf97a33994a7a36ff3b89f081599c7d77abfe364176dd75f878df669b8fc23b4e6834a86ee9
SSDEEP

49152:FSl8+HnSZbK0sxCX+M7ELRBaynwzpF9mUCUwbnAFPmG+3e:F5+Hn6e0sxCX+M7ELRBaynwzpFGDnEmG

Score

1^/10

Malware Config

Signatures

Files

c937e24670a87c8262c968e538217175d37b1f6c80c4a0c83452ee481dd2ef8b
.exe windows:5 windows x86

0b5ac1f9f6a8fa2502314c30718e2218

Code Sign

0d:65:50:75:ec:c1:01:71:b5:42:cd:05:db:d2:c7:be
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

26/04/2021, 00:00

Not After

01/05/2024, 23:59

Subject

CN=LLC 1C-Soft,OU=LLC 1C-Soft,O=LLC 1C-Soft,L=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2031, 00:00

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11/05/2022, 00:00

Not After

10/08/2033, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

65:82:58:e0:4a:48:c0:60:69:15:0d:68:e9:a4:33:96:f4:dd:ae:e5:d1:e9:c8:65:80:16:74:3b:f5:e5:65:bb
Signer

Actual PE Digest

65:82:58:e0:4a:48:c0:60:69:15:0d:68:e9:a4:33:96:f4:dd:ae:e5:d1:e9:c8:65:80:16:74:3b:f5:e5:65:bb

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

ole32

DoDragDrop
CoDisconnectObject
CoCreateGuid
ReleaseStgMedium
OleDuplicateData
CreateStreamOnHGlobal
CoTaskMemAlloc
OleLockRunning
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
OleGetClipboard
CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
CoTaskMemFree
CoCreateInstance
CoInitializeSecurity
CoUninitialize
CoInitialize
CoInitializeEx
OleInitialize

kernel32

CreateProcessW
LoadLibraryW
GetExitCodeProcess
GetVersionExW
WaitForSingleObject
FreeLibrary
GetCommandLineW
FormatMessageW
VerifyVersionInfoW
VerSetConditionMask
FindResourceExW
LoadResource
LockResource
SizeofResource
TerminateProcess
GlobalFree
GlobalAlloc
CloseHandle
GetCurrentProcess
GetUserGeoID
LocalFree
LocalAlloc
GetLocaleInfoW
GetSystemDefaultLangID
GetUserDefaultLangID
DeleteFileW
CreateFileW
CreateDirectoryW
GetTempFileNameW
GetTempPathW
FindNextFileW
FindFirstFileW
FindClose
GetProcAddress
GetModuleHandleW
MultiByteToWideChar
WideCharToMultiByte
GetModuleFileNameW
GetProcessHeap
DeleteCriticalSection
DecodePointer
HeapAlloc
WriteConsoleW
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
HeapFree
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
HeapSize
GetLastError
HeapReAlloc
GetOEMCP
IsValidCodePage
FindFirstFileExW
RaiseException
GetConsoleCP
OutputDebugStringA
SetLastError
FreeResource
GetModuleHandleA
FindResourceW
GlobalLock
GlobalUnlock
EncodePointer
GetCurrentThreadId
GetSystemDirectoryW
LoadLibraryExW
LoadLibraryA
GlobalDeleteAtom
lstrcmpW
GlobalAddAtomW
GlobalFindAtomW
CompareStringW
MulDiv
GetCurrentProcessId
GlobalSize
CopyFileW
GetCurrentThread
lstrcmpA
SetThreadPriority
ResumeThread
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
GlobalFlags
InitializeCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalReAlloc
GlobalHandle
LocalReAlloc
GlobalGetAtomNameW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
VirtualProtect
lstrcpyW
FileTimeToSystemTime
GetCurrentDirectoryW
FlushFileBuffers
GetFileSize
GetFullPathNameW
GetVolumeInformationW
LockFile
ReadFile
SetEndOfFile
SetFilePointer
UnlockFile
WriteFile
DuplicateHandle
lstrcmpiW
GetWindowsDirectoryW
SearchPathW
GetTickCount
GetProfileIntW
GetFileAttributesW
Sleep
SetErrorMode
FileTimeToLocalFileTime
GetFileAttributesExW
GetFileSizeEx
GetFileTime
SystemTimeToTzSpecificLocalTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
OutputDebugStringW
RtlUnwind
GetCommandLineA
CreateThread
ExitThread
GetTimeZoneInformation
GetModuleHandleExW
HeapQueryInformation
QueryPerformanceFrequency
GetSystemInfo
VirtualAlloc
VirtualQuery
SetStdHandle
GetFileType
GetStdHandle
ExitProcess
GetACP
GetStringTypeW
SetFilePointerEx
GetConsoleMode
ReadConsoleW
LCMapStringW
FreeLibraryAndExitThread

user32

TrackPopupMenu
UpdateWindow
GetForegroundWindow
SetForegroundWindow
BeginPaint
EndPaint
ValidateRect
RedrawWindow
ScrollWindow
SetScrollPos
GetScrollPos
SetScrollRange
GetScrollRange
ShowScrollBar
SetPropW
GetPropW
RemovePropW
GetWindowRect
AdjustWindowRectEx
ScreenToClient
MapWindowPoints
GetSysColor
CopyRect
EqualRect
PtInRect
GetClassLongW
GetClassNameW
GetTopWindow
GetLastActivePopup
SetWindowsHookExW
CallNextHookEx
SetScrollInfo
GetScrollInfo
WinHelpW
MonitorFromWindow
GetMonitorInfoW
DrawTextW
DrawTextExW
GrayStringW
TabbedTextOutW
GetDC
GetWindowDC
ReleaseDC
ClientToScreen
FillRect
DrawStateW
InvalidateRect
LoadBitmapW
GetWindowThreadProcessId
GetMenuStringW
GetMenuState
InsertMenuW
AppendMenuW
RemoveMenu
GetCursorPos
CheckMenuItem
EnableMenuItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
SetMenuItemInfoW
PostQuitMessage
GetMessageW
TranslateMessage
ShowOwnedPopups
SetCursor
SendDlgItemMessageA
SetRectEmpty
OffsetRect
RealChildWindowFromPoint
DestroyMenu
GetMenuItemInfoW
InflateRect
SystemParametersInfoW
CopyImage
GetSysColorBrush
LoadCursorW
GetAsyncKeyState
MapDialogRect
IntersectRect
SetLayeredWindowAttributes
EnumDisplayMonitors
TrackMouseEvent
IsZoomed
CharUpperW
SetCapture
ReleaseCapture
SetTimer
KillTimer
LoadMenuW
GetSystemMenu
DeleteMenu
SetWindowRgn
MessageBeep
WindowFromPoint
NotifyWinEvent
CreatePopupMenu
GetMenuDefaultItem
SetMenuDefaultItem
IsRectEmpty
UpdateLayeredWindow
EnableScrollBar
UnionRect
MonitorFromPoint
WaitMessage
DestroyIcon
LoadImageW
DrawEdge
DrawFrameControl
DrawFocusRect
DrawIconEx
ToUnicodeEx
GetKeyboardLayout
GetMenuItemCount
MapVirtualKeyW
LoadAcceleratorsW
CreateAcceleratorTableW
DestroyAcceleratorTable
CopyAcceleratorTableW
SetCursorPos
SetRect
SetParent
BringWindowToTop
LockWindowUpdate
SetClassLongW
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClipboardFormatW
CharUpperBuffW
ModifyMenuW
TranslateAcceleratorW
InsertMenuItemW
UnpackDDElParam
ReuseDDElParam
CopyIcon
FrameRect
PostThreadMessageW
GetNextDlgGroupItem
GetIconInfo
HideCaret
InvertRect
GetKeyNameTextW
GetDoubleClickTime
IsCharLowerW
MapVirtualKeyExW
DrawMenuBar
DefFrameProcW
DefMDIChildProcW
TranslateMDISysAccel
IsClipboardFormatAvailable
GetUpdateRect
SubtractRect
CreateMenu
DestroyCursor
GetComboBoxInfo
GetWindowRgn
DeferWindowPos
BeginDeferWindowPos
GetWindowTextW
GetWindowTextLengthW
SetWindowTextW
wsprintfW
ExitWindowsEx
MessageBoxW
GetKeyboardLayoutList
EnableWindow
DrawIcon
GetClientRect
GetSystemMetrics
IsIconic
SendMessageW
LoadIconW
UnregisterClassW
SetWindowPlacement
GetWindowPlacement
IsMenu
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
CallWindowProcW
DefWindowProcW
PostMessageW
GetMessageTime
GetMessagePos
PeekMessageW
DispatchMessageW
RegisterWindowMessageW
IsDialogMessageW
GetWindow
SetWindowLongW
GetFocus
SetFocus
GetDlgCtrlID
CheckDlgButton
SetWindowPos
MoveWindow
ShowWindow
UnhookWindowsHookEx
GetParent
GetDesktopWindow
GetWindowLongW
SetActiveWindow
IsWindowEnabled
GetActiveWindow
GetNextDlgTabItem
GetDlgItem
EndDialog
CreateDialogIndirectParamW
DestroyWindow
IsWindow
GetMenuItemID
GetSubMenu
SetMenu
GetMenu
GetCapture
GetKeyState
IsWindowVisible
GetKeyboardState
EndDeferWindowPos
IsChild

gdi32

MoveToEx
SetTextAlign
SetROP2
SetPolyFillMode
GetLayout
SetLayout
SetMapMode
SetBkMode
SelectPalette
SelectObject
ExtSelectClipRgn
SelectClipRgn
SaveDC
TextOutW
RectVisible
PtVisible
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetStockObject
GetPixel
GetObjectType
GetDeviceCaps
GetClipBox
ExcludeClipRect
Escape
DeleteObject
CreateSolidBrush
CreateRectRgn
CreatePatternBrush
CreatePen
CreateHatchBrush
CreateCompatibleDC
CreateBitmap
BitBlt
GetObjectW
SetTextColor
DeleteDC
SetBkColor
CopyMetaFileW
CreateDCW
CreateFontIndirectW
GetTextExtentPoint32W
GetTextMetricsW
CombineRgn
ExtTextOutW
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
CreateRectRgnIndirect
PatBlt
ScaleWindowExtEx
RestoreDC
SetRectRgn
DPtoLP
CreateCompatibleBitmap
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
CreateRoundRectRgn
CreateDIBSection
EnumFontFamiliesExW
CreateEllipticRgn
Ellipse
GetBkColor
GetTextColor
CreatePolygonRgn
Polygon
Polyline
RealizePalette
SetPixel
StretchBlt
SetDIBColorTable
GetRgnBox
OffsetRgn
Rectangle
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
LPtoDP
RoundRect
ExtFloodFill
SetPaletteEntries
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
GetWindowOrgEx
GetViewportOrgEx
SetPixelV
GetTextFaceW

shell32

DragFinish
SHBrowseForFolderW
SHAppBarMessage
SHGetFileInfoW
SHGetPathFromIDListW
SHGetDesktopFolder
SHGetSpecialFolderLocation
DragQueryFileW
ShellExecuteExW
ShellExecuteW

oleaut32

VarBstrFromDate
VariantCopy
SysFreeString
VariantTimeToSystemTime
SystemTimeToVariantTime
LoadTypeLi
SysStringLen
VariantChangeType
VariantClear
VariantInit
SysAllocStringLen
SysAllocString

advapi32

RegEnumKeyExW
RegEnumValueW
RegQueryValueW
RegEnumKeyW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
GetUserNameW
RegOpenKeyExW
FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
RegCloseKey
RegQueryValueExW

msimg32

AlphaBlend
TransparentBlt

comctl32

InitCommonControlsEx

shlwapi

PathStripToRootW
PathIsUNCW
PathFindFileNameW
PathFindExtensionW
StrFormatKBSizeW
PathRemoveFileSpecW

uxtheme

GetWindowTheme
GetThemeSysColor
IsThemeBackgroundPartiallyTransparent
DrawThemeBackground
IsAppThemed
DrawThemeText
DrawThemeParentBackground
OpenThemeData
CloseThemeData
GetCurrentThemeName
GetThemeColor
GetThemePartSize

gdiplus

GdipAlloc
GdipFree
GdiplusStartup
GdipCloneImage
GdipDisposeImage
GdipCreateBitmapFromHBITMAP
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetInterpolationMode
GdipDrawImageRectI
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePalette
GdipGetImagePaletteSize
GdipCreateBitmapFromStream
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipDrawImageI
GdiplusShutdown

oleacc

LresultFromObject
CreateStdAccessibleObject
AccessibleObjectFromWindow

imm32

ImmReleaseContext
ImmGetOpenStatus
ImmGetContext

winmm

PlaySoundW

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 332KB - Virtual size: 331KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 167KB - Virtual size: 166KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0b5ac1f9f6a8fa2502314c30718e2218

Code Sign

0d:65:50:75:ec:c1:01:71:b5:42:cd:05:db:d2:c7:beCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39Certificate

Key Usages

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

65:82:58:e0:4a:48:c0:60:69:15:0d:68:e9:a4:33:96:f4:dd:ae:e5:d1:e9:c8:65:80:16:74:3b:f5:e5:65:bbSigner

Headers

DLL Characteristics

File Characteristics

Imports

version

ole32

kernel32

user32

gdi32

shell32

oleaut32

advapi32

msimg32

comctl32

shlwapi

uxtheme

gdiplus

oleacc

imm32

winmm

winspool.drv

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 332KB - Virtual size: 331KB

.data Size: 21KB - Virtual size: 38KB

.rsrc Size: 167KB - Virtual size: 166KB

.reloc Size: 136KB - Virtual size: 135KB

0d:65:50:75:ec:c1:01:71:b5:42:cd:05:db:d2:c7:be
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39
Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

65:82:58:e0:4a:48:c0:60:69:15:0d:68:e9:a4:33:96:f4:dd:ae:e5:d1:e9:c8:65:80:16:74:3b:f5:e5:65:bb
Signer

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 332KB - Virtual size: 331KB

.data
Size: 21KB - Virtual size: 38KB

.rsrc
Size: 167KB - Virtual size: 166KB

.reloc
Size: 136KB - Virtual size: 135KB