342ff25c05649fb9ba1b103aca9e4bcc14bcc0be3406aa64e26e9a7557988197

Sharing

Copy URL

Twitter E-mail

General

Target

342ff25c05649fb9ba1b103aca9e4bcc14bcc0be3406aa64e26e9a7557988197
Size

9.8MB
MD5

d5181b938aba1dd59f7a52597a69a490
SHA1

ef75310b339c5475390ce10a4c5a6bd4a70578a9
SHA256

342ff25c05649fb9ba1b103aca9e4bcc14bcc0be3406aa64e26e9a7557988197
SHA512

834502d38247bd15f56f11826a7f9971e1ce900bd382c985c6e60658dcc7575085a2c35256a12ab9108c792e6801559a43d172def482282e60a3da82d8394ea0
SSDEEP

196608:a8oIF/chXSyr4Rj+SEu03EnVxlXcC3YparCYxFvIt9:zyXprq+faPXpJvY9

Score

1^/10

Malware Config

Signatures

Files

342ff25c05649fb9ba1b103aca9e4bcc14bcc0be3406aa64e26e9a7557988197
.exe windows:5 windows x64

c0e4a83350c8f067d01e25812e73f0aa

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:dd:61:1a:43:4f:b3:cd:30:6f:f4:db:94:f5:9a:0f
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

16-03-2022 00:00

Not After

15-03-2025 23:59

Subject

CN=Nlitesoft d.o.o.,O=Nlitesoft d.o.o.,L=Velika Gorica,C=HR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03-05-2023 00:00

Not After

02-08-2034 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

mpr

WNetGetUserW
WNetAddConnection3W
WNetCancelConnection2W
WNetGetUniversalNameW
WNetCloseEnum
WNetEnumResourceW
WNetOpenEnumW
WNetGetConnectionW

ws2_32

WSACleanup
WSAStringToAddressW
WSAAddressToStringW
WSAStartup
socket
setsockopt
sendto
inet_ntoa
closesocket
htons
inet_addr
getnameinfo

kernel32

GetFileAttributesExW
GetFileTime
lstrcmpA
EnterCriticalSection
LeaveCriticalSection
EncodePointer
GlobalDeleteAtom
lstrcmpW
CompareStringW
InitializeCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalReAlloc
GlobalHandle
LocalReAlloc
SetThreadPriority
GlobalFlags
VirtualProtect
ResetEvent
WaitForSingleObjectEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
GetFullPathNameW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetEnvironmentStringsW
FindFirstFileExW
GetConsoleCP
ReadConsoleW
GetConsoleMode
GetTimeZoneInformation
GetOEMCP
IsValidCodePage
EnumSystemLocalesW
IsValidLocale
GetCommandLineA
HeapQueryInformation
FreeLibraryAndExitThread
ExitThread
GetFileType
SetStdHandle
InterlockedFlushSList
InterlockedPushEntrySList
RtlPcToFileHeader
RtlUnwindEx
LCMapStringW
GetCPInfo
TryEnterCriticalSection
GetExitCodeThread
SwitchToThread
GetStringTypeW
OutputDebugStringW
GetFileSize
GlobalUnlock
FileTimeToLocalFileTime
UnlockFile
SetEndOfFile
LockFile
IsProcessorFeaturePresent
GlobalLock
QueryActCtxW
FindActCtxSectionStringW
DeactivateActCtx
ActivateActCtx
CreateActCtxW
GetModuleHandleExW
LoadLibraryExW
SystemTimeToFileTime
CreateEventW
SetEvent
OpenEventW
SetUnhandledExceptionFilter
ExitProcess
FindResourceExW
SetFilePointer
SetNamedPipeHandleState
WaitNamedPipeW
TransactNamedPipe
GetCurrentThreadId
TerminateProcess
GetStdHandle
DuplicateHandle
ExpandEnvironmentStringsW
VirtualFree
VirtualAlloc
OutputDebugStringA
CreateSemaphoreW
WaitForMultipleObjects
ReleaseSemaphore
GetTempFileNameW
GlobalFindAtomW
GlobalAddAtomW
MoveFileExW
GetSystemTime
GetLocalTime
GetACP
GetSystemDefaultLCID
GetLocaleInfoA
GetTempPathW
DeleteVolumeMountPointW
SetVolumeMountPointW
FindVolumeMountPointClose
FindNextVolumeMountPointW
FindFirstVolumeMountPointW
CopyFileW
DeleteFileW
CompareFileTime
WriteFile
TerminateThread
CreateThread
OpenProcess
GetProcessTimes
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetUserDefaultLCID
GetUserDefaultUILanguage
SetThreadLocale
GetThreadLocale
EnumDateFormatsExW
GetDateFormatW
GetTimeFormatW
GetLocaleInfoW
WideCharToMultiByte
MultiByteToWideChar
GetVolumePathNamesForVolumeNameW
GetVolumeNameForVolumeMountPointW
FindVolumeClose
FindNextVolumeW
FindFirstVolumeW
GetVersionExW
DnsHostnameToComputerNameW
GetComputerNameExW
SetPriorityClass
GetVolumeInformationW
MoveFileW
FindNextFileW
FindFirstFileW
GetFileAttributesW
SetFileAttributesW
QueryDosDeviceW
RemoveDirectoryW
CreateDirectoryW
GetDiskFreeSpaceExW
GetWindowsDirectoryW
GetDriveTypeW
GetModuleHandleW
LoadLibraryW
CreateMutexW
FormatMessageW
GetTickCount
FindClose
SetFilePointerEx
DeviceIoControl
FlushFileBuffers
ReadFile
GetFileSizeEx
Sleep
SetThreadExecutionState
GetCurrentThread
LocalAlloc
GlobalFree
GlobalAlloc
GetProcAddress
FreeLibrary
lstrlenW
CreateFileW
GetSystemDirectoryW
GetProcessHeap
DeleteCriticalSection
HeapDestroy
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
HeapSize
InitializeCriticalSectionAndSpinCount
HeapFree
FreeConsole
AttachConsole
VerSetConditionMask
VerifyVersionInfoW
GetVersion
GetModuleFileNameW
GetCommandLineW
GetExitCodeProcess
WaitForSingleObject
ResumeThread
CreateProcessW
GetCurrentProcessId
ProcessIdToSessionId
SetLastError
CloseHandle
GetCurrentProcess
FindResourceW
LoadResource
LockResource
SizeofResource
LocalFree
GetLastError
FreeEnvironmentStringsW
SetEnvironmentVariableA
WriteConsoleW
CreateTimerQueue
SignalObjectAndWait
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
GetModuleHandleA
InterlockedPopEntrySList
QueryDepthSList
UnregisterWaitEx
UnhandledExceptionFilter

user32

ScreenToClient
AdjustWindowRectEx
GetWindowRect
RemovePropW
GetPropW
SetPropW
RedrawWindow
ValidateRect
EndPaint
BeginPaint
SetForegroundWindow
GetForegroundWindow
SetMenu
GetMenu
EnableWindow
GetCapture
GetKeyState
GetFocus
MapWindowPoints
GetDlgItem
IsIconic
EndDeferWindowPos
DeferWindowPos
WinHelpW
MonitorFromWindow
GetMonitorInfoW
LoadCursorW
GetSysColorBrush
ReleaseDC
GetSysColor
BeginDeferWindowPos
SetWindowPos
DestroyWindow
CopyRect
PtInRect
SetWindowLongW
GetWindowLongPtrW
SetWindowLongPtrW
GetClassLongPtrW
GetClassNameW
GetTopWindow
GetLastActivePopup
SetWindowsHookExW
CallNextHookEx
LoadIconW
GetDC
GetDlgCtrlID
GetWindowThreadProcessId
DrawTextW
DrawTextExW
GetMessageTime
GetMessagePos
RegisterWindowMessageW
GetWindow
GrayStringW
TabbedTextOutW
ClientToScreen
RealChildWindowFromPoint
DestroyMenu
TranslateMessage
DispatchMessageW
PeekMessageW
SendMessageTimeoutW
GetActiveWindow
MsgWaitForMultipleObjectsEx
LoadStringW
SystemParametersInfoW
GetMenuItemCount
GetMenuItemInfoW
SetMenuItemInfoW
MessageBoxW
GetWindowLongW
GetClientRect
CheckMenuItem
EnableMenuItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
PostQuitMessage
GetWindowTextW
GetScrollPos
IsMenu
IsWindow
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
CallWindowProcW
DefWindowProcW
PostMessageW
SetRectEmpty
OffsetRect
GetParent
GetSubMenu
IsWindowEnabled
GetMenuItemID
UnhookWindowsHookEx
CharUpperW
SetWindowTextW
GetSystemMetrics
SendMessageW

gdi32

ScaleWindowExtEx
ScaleViewportExtEx
OffsetViewportOrgEx
SetWindowExtEx
SetViewportOrgEx
SetViewportExtEx
ExtTextOutW
TextOutW
SetMapMode
SelectObject
SaveDC
RestoreDC
RectVisible
PtVisible
GetDeviceCaps
SetBkColor
SetTextColor
DeleteDC
DeleteObject
Escape
GetClipBox
CreateBitmap
GetStockObject

winspool.drv

OpenPrinterW
ClosePrinter
DocumentPropertiesW

advapi32

RegisterEventSourceW
GetTokenInformation
OpenProcessToken
CryptAcquireContextW
CryptReleaseContext
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExW
EqualSid
CheckTokenMembership
LogonUserW
ImpersonateAnonymousToken
ImpersonateLoggedOnUser
SetThreadToken
RevertToSelf
ConvertStringSidToSidW
ReportEventW
ConvertSidToStringSidW
DeregisterEventSource
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetNamedSecurityInfoW
SetEntriesInAclW
StartServiceW
QueryServiceStatus
OpenServiceW
OpenSCManagerW
ControlService
CloseServiceHandle
RegUnLoadKeyW
RegLoadKeyW
LookupPrivilegeValueW
LookupAccountSidW
FreeSid
AllocateAndInitializeSid
AdjustTokenPrivileges
OpenThreadToken
RegSetValueExW

shell32

SHGetFolderPathW
SHCreateDirectoryExW
SHFileOperationW
SHChangeNotify
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetMalloc
ShellExecuteExW

comctl32

ord329
ord334
ord332
ord338
ord328

shlwapi

PathFindFileNameW
UrlUnescapeW
PathStripToRootW
PathIsUNCW
PathAppendW
PathMatchSpecW
PathFindExtensionW
PathIsNetworkPathW
PathFileExistsW

ole32

CoCreateInstance
CoUninitialize
CoInitialize
StringFromGUID2
CLSIDFromString

oleaut32

VariantChangeType
VariantClear
VariantInit
SysAllocString
VariantTimeToSystemTime
GetErrorInfo
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SysFreeString

crypt32

CryptMsgClose
CryptMsgGetParam
CertCloseStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptHashCertificate
CertGetNameStringW
CryptQueryObject

wintrust

CryptCATAdminAcquireContext
CryptCATAdminReleaseContext
CryptCATAdminReleaseCatalogContext
CryptCATAdminCalcHashFromFileHandle
CryptCATCatalogInfoFromContext
CryptCATAdminEnumCatalogFromHash

setupapi

CM_Get_Device_IDW
CM_Get_Parent
SetupDiGetClassDevsW
SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList

ntdll

NtCreateFile
RtlInitUnicodeString
NtClose

winhttp

WinHttpGetIEProxyConfigForCurrentUser

dbghelp

MiniDumpWriteDump

wininet

HttpOpenRequestW
HttpAddRequestHeadersW
HttpSendRequestExW
HttpEndRequestW
HttpQueryInfoW
HttpSendRequestW
InternetSetStatusCallbackW
InternetGetLastResponseInfoW
InternetSetOptionW
InternetQueryDataAvailable
InternetWriteFile
InternetSetFilePointer
InternetReadFile
InternetConnectW
InternetCloseHandle
InternetOpenW
InternetCanonicalizeUrlW
InternetCrackUrlW

oleacc

LresultFromObject
CreateStdAccessibleObject

netapi32

NetServerGetInfo
NetShareGetInfo
NetApiBufferFree

iphlpapi

GetBestInterfaceEx
GetAdaptersAddresses
GetIpAddrTable
GetAdaptersInfo
GetTcpTable

dnsapi

DnsQuery_W
DnsFree

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 393KB - Virtual size: 393KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8.1MB - Virtual size: 8.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c0e4a83350c8f067d01e25812e73f0aa

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

07:dd:61:1a:43:4f:b3:cd:30:6f:f4:db:94:f5:9a:0fCertificate

Extended Key Usages

Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

Imports

version

mpr

ws2_32

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

crypt32

wintrust

setupapi

ntdll

winhttp

dbghelp

wininet

oleacc

netapi32

iphlpapi

dnsapi

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 393KB - Virtual size: 393KB

.data Size: 23KB - Virtual size: 65KB

.pdata Size: 85KB - Virtual size: 84KB

.rsrc Size: 8.1MB - Virtual size: 8.1MB

.reloc Size: 8KB - Virtual size: 7KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

07:dd:61:1a:43:4f:b3:cd:30:6f:f4:db:94:f5:9a:0f
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 393KB - Virtual size: 393KB

.data
Size: 23KB - Virtual size: 65KB

.pdata
Size: 85KB - Virtual size: 84KB

.rsrc
Size: 8.1MB - Virtual size: 8.1MB

.reloc
Size: 8KB - Virtual size: 7KB