e9e2118234ace6b35e0f5e26819c9a8601a245686f0aff888534afa2c1ddc84a

Sharing

Copy URL Twitter E-mail

General

Target

e9e2118234ace6b35e0f5e26819c9a8601a245686f0aff888534afa2c1ddc84a
Size

5.9MB
MD5

4f750e569b5db884149031dc9289c327
SHA1

2d9fe1f8848af0ae4a1bd3a8fb802f164337c504
SHA256

e9e2118234ace6b35e0f5e26819c9a8601a245686f0aff888534afa2c1ddc84a
SHA512

db7724720a612e378876555419552d5ad5cc3b1796308616b4d53a97c3625974256b8aba4d83b090169536bc41357ebfb84de98490c3a69239eba6670d085ddc
SSDEEP

24576:adJQGmmFg5j8LGQxBTlGAEIhknaLInHib157ueiIHSka0li2f3myAJEjlJuSXLzi:Svm81WnHU+e1HSkHi2f3myAJaZX3TO

Score

1^/10

Malware Config

Signatures

Files

e9e2118234ace6b35e0f5e26819c9a8601a245686f0aff888534afa2c1ddc84a
.exe windows:4 windows x86

13e7a1571f3d553ac48e5483a23b0aab

Code Sign

33:00:00:02:52:8b:33:aa:f8:95:f3:39:db:00:00:00:00:02:52
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:32

Not After

01/09/2022, 18:32

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d3:ef:67:db:9a:d1:56:b7:f6:2b:35:2e:77:47:0e:de:10:82:10:08:1e:7c:10:a6:1b:8c:93:b2:7b:e8:b4:5d
Signer

Actual PE Digest

d3:ef:67:db:9a:d1:56:b7:f6:2b:35:2e:77:47:0e:de:10:82:10:08:1e:7c:10:a6:1b:8c:93:b2:7b:e8:b4:5d

Digest Algorithm

sha256

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
VerQueryValueW

winmm

timeGetTime
timeEndPeriod
timeBeginPeriod
timeKillEvent
timeSetEvent

wininet

InternetCreateUrlW
InternetCrackUrlW

comctl32

ImageList_Create
_TrackMouseEvent
ImageList_Draw
InitCommonControlsEx
ImageList_AddMasked

shell32

SHGetSettings
SHParseDisplayName
SHGetFolderPathW
ord74
DragQueryFileW
SHBrowseForFolderW
SHCreateDirectoryExW
ShellExecuteW
SHChangeNotify
SHGetSpecialFolderPathW
SHGetMalloc
SHGetPathFromIDListW
ShellExecuteA
CommandLineToArgvW

ole32

CreateStreamOnHGlobal
OleLockRunning
CoCreateInstance
StringFromGUID2
CoUninitialize
CoInitialize
CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc
CoRegisterClassObject
CoRevokeClassObject
CLSIDFromProgID
CLSIDFromString
OleInitialize
OleUninitialize
OleDuplicateData
DoDragDrop
StringFromCLSID
ReleaseStgMedium
OleRun
CoGetInterfaceAndReleaseStream
CoMarshalInterThreadInterfaceInStream
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
CoFreeUnusedLibraries
CoGetClassObject

oleaut32

OleCreateFontIndirect
VariantClear
SysAllocStringLen
SysAllocString
SysFreeString
SysStringLen
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr
LoadRegTypeLi
VarBstrCmp
SafeArrayCreateVector
SafeArrayAccessData
SafeArrayUnaccessData
SysAllocStringByteLen
SafeArrayCreate
SafeArrayGetElement
SafeArrayDestroy
DispCallFunc
VariantChangeType
VariantInit
SysStringByteLen

gdiplus

GdipResetPath
GdipSetPenColor
GdipSetPenWidth
GdipCreateLineBrushFromRectI
GdipCreateTexture
GdipGetImageBounds
GdipCombineRegionPath
GdipSetEmpty
GdipClosePathFigure
GdipFlush
GdipDeletePath
GdipCreatePath
GdipDeletePen
GdipCreatePen1
GdipTranslateLineTransform
GdipSetLineBlend
GdipSetSolidFillColor
GdipAddPathLine
GdipAddPathArc
GdipAddPathBezier
GdipGetImageGraphicsContext
GdipGetDC
GdipReleaseDC
GdipGetPathWorldBoundsI
GdipSetSmoothingMode
GdipGetImageThumbnail
GdipSaveImageToFile
GdipCreateFont
GdipCreateRegion
GdipRestoreGraphics
GdipSaveGraphics
GdipSetClipRegion
GdipCreateBitmapFromStream
GdipMeasureString
GdipFillRectangle
GdipSetPixelOffsetMode
GdipGetGenericFontFamilySansSerif
GdipCloneImage
GdipCloneBrush
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipDrawImageRectRectI
GdipDrawString
GdipCreateFromHDC
GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipCloneStringFormat
GdipCreateSolidFill
GdipSetImageAttributesWrapMode
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipDeleteFont
GdipStringFormatGetGenericDefault
GdipDeleteStringFormat
GdipDeleteBrush
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipAlloc
GdipFree
GdipCreateRegionRectI
GdipCreateFromHWND
GdipBitmapGetPixel
GdipGetImageHeight
GdipGetImageWidth
GdipGetRegionHRgn
GdipCombineRegionRectI
GdipDeleteRegion
GdipDeleteGraphics
GdiplusStartup
GdiplusShutdown
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromScan0
GdipSetCompositingMode
GdipSetInterpolationMode
GdipGraphicsClear
GdipDrawImageRectI
GdipCloneBitmapAreaI
GdipDrawPath
GdipFillPath
GdipFillRegion
GdipGetImageType
GdipSetStringFormatMeasurableCharacterRanges
GdipGetImagePixelFormat
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipMeasureCharacterRanges

kernel32

IsProcessorFeaturePresent
GetVersionExA
OutputDebugStringA
GetModuleHandleA
LoadLibraryA
FreeResource
GetCommandLineA
GetStartupInfoA
GetFileAttributesW
FileTimeToLocalFileTime
FileTimeToSystemTime
IsBadReadPtr
HeapReAlloc
RtlUnwind
ExitProcess
GetSystemInfo
SetEnvironmentVariableA
ReadFile
CreateFileA
WriteFile
FormatMessageW
LocalAlloc
SetErrorMode
FindFirstFileW
FindNextFileW
SetFilePointer
VirtualFree
VirtualAlloc
GetModuleFileNameA
CreateMutexA
GetSystemDirectoryA
GetFileAttributesA
TerminateProcess
GetSystemTimeAsFileTime
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
HeapDestroy
HeapCreate
IsBadWritePtr
VirtualQuery
HeapSize
SetHandleCount
GetStdHandle
GetFileType
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
ResetEvent
DuplicateHandle
WaitForMultipleObjects
CreateSemaphoreW
ReleaseSemaphore
SetThreadPriority
GetThreadPriority
GetCurrentThread
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
IsBadCodePtr
GetOEMCP
GetTimeZoneInformation
SetStdHandle
FlushFileBuffers
VirtualProtect
SetEndOfFile
CompareStringA
CompareStringW
LocalFree
QueryPerformanceCounter
GetTimeFormatW
GetDateFormatW
GetEnvironmentVariableW
CloseHandle
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
CreateFileW
GetProcAddress
GetLastError
LoadLibraryW
GetModuleHandleW
SetUnhandledExceptionFilter
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExW
lstrlenW
lstrcpyW
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
HeapFree
GetProcessHeap
lstrcmpiW
GetModuleFileNameW
WaitForSingleObject
CreateMutexW
ReleaseMutex
FreeLibrary
Sleep
lstrcpynW
lstrcatW
CreateThread
CreateEventW
InterlockedIncrement
InterlockedDecrement
SetEvent
MulDiv
FlushInstructionCache
HeapAlloc
GlobalUnlock
GlobalLock
GlobalAlloc
lstrcmpW
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetCommandLineW
DeleteFileW
GetDiskFreeSpaceExW
GetTickCount
TryEnterCriticalSection
OutputDebugStringW
GlobalFree
GetTempPathW
GetLongPathNameW
GlobalSize
WideCharToMultiByte
LockResource
FindClose

user32

RegisterWindowMessageW
LoadStringW
MessageBoxW
wsprintfW
SetWindowLongW
GetWindowLongW
UnregisterClassW
PostThreadMessageW
DefWindowProcW
GetSysColor
ReleaseDC
GetDesktopWindow
GetDC
ReleaseCapture
SetCapture
FillRect
GetClientRect
InvalidateRect
InvalidateRgn
CallWindowProcW
EndPaint
BeginPaint
GetWindow
IsChild
GetFocus
SetFocus
SendMessageW
GetDlgItem
IsWindow
DestroyAcceleratorTable
RedrawWindow
DestroyWindow
SetWindowPos
GetClassNameW
GetParent
CreateAcceleratorTableW
CreateWindowExW
RegisterClassExW
LoadCursorW
GetClassInfoExW
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
LoadAcceleratorsW
LoadBitmapW
SetTimer
PostMessageW
CopyRect
SetRect
SetWindowRgn
GetWindowRect
ShowWindow
GetKeyState
KillTimer
ScreenToClient
ClientToScreen
MoveWindow
InflateRect
GetSysColorBrush
AdjustWindowRectEx
GetMenuItemInfoW
DeleteMenu
GetSubMenu
GetMenuItemCount
RegisterWindowMessageA
DestroyMenu
GetCursorPos
GetCapture
TrackPopupMenuEx
AppendMenuW
CreatePopupMenu
IsWindowUnicode
GetPropW
SystemParametersInfoW
BringWindowToTop
InsertMenuItemW
GetMenuItemID
InsertMenuW
GetMenuStringW
GetMonitorInfoW
MonitorFromPoint
UpdateWindow
EnableMenuItem
CheckMenuItem
GetWindowThreadProcessId
MonitorFromRect
RemoveMenu
LoadMenuW
LoadIconW
SetPropW
SetForegroundWindow
IsRectEmpty
TranslateAcceleratorW
GetMessagePos
GetMessageTime
GetSystemMetrics
DrawTextW
IsWindowVisible
PeekMessageW
IntersectRect
OffsetRect
ChildWindowFromPoint
UnhookWindowsHookEx
ToUnicode
GetKeyboardState
VkKeyScanW
IsMenu
ModifyMenuW
SetMenuItemInfoW
GetMenuState
GetActiveWindow
SendMessageA
CallNextHookEx
SetWindowsHookExW
EnumChildWindows
CharUpperBuffA
PostQuitMessage
SetCursorPos
IsWindowEnabled
MapVirtualKeyW
GetDoubleClickTime
SetCursor
IsDialogMessageW
GetWindowInfo
DrawFocusRect
SetActiveWindow
EnableWindow
GetDlgCtrlID
EndDialog
DialogBoxParamW
CreateDialogParamW
CheckDlgButton
SetDlgItemTextW
IsDlgButtonChecked
GetDlgItemTextW
CheckRadioButton
SendDlgItemMessageW
MessageBoxIndirectW
CreateDialogIndirectParamW
MapDialogRect
SetRectEmpty
GetDialogBaseUnits
GetWindowPlacement
SetWindowTextA
MessageBeep
ValidateRect
IsZoomed
GetGuiResources
LoadStringA
MsgWaitForMultipleObjects
DdeClientTransaction
DdeUninitialize
DdeFreeStringHandle
DdeAccessData
DdeCmpStringHandles
DdeNameService
DdeConnect
DdeCreateStringHandleW
DdeInitializeW
wsprintfA
DialogBoxParamA
GetQueueStatus
wvsprintfW
RegisterClipboardFormatW
GetMessageW
DispatchMessageW
TranslateMessage
CharUpperW
CharNextW
PtInRect

gdi32

GetDeviceCaps
GetDIBits
SetTextColor
ExtSelectClipRgn
EndDoc
EndPage
StartPage
StartDocW
CreateFontIndirectW
GetObjectW
GetTextMetricsW
GetStockObject
CreatePen
GetObjectA
StretchBlt
CreateDIBitmap
TextOutW
RestoreDC
SelectClipRgn
CreateRectRgnIndirect
SaveDC
CreateDIBSection
SetViewportOrgEx
GetViewportOrgEx
SetROP2
DeleteObject
SelectObject
LPtoDP
GetTextExtentExPointW
MoveToEx
LineTo
OffsetWindowOrgEx
SetWindowOrgEx
CreateRectRgn
CombineRgn
SetBkColor
SetBkMode
GetTextExtentPoint32W
GetTextExtentPoint32A
CreateRoundRectRgn
GetPixel
CreatePolygonRgn
CreateSolidBrush
BitBlt
DeleteDC
SetPixel
CreateCompatibleBitmap
CreateCompatibleDC

comdlg32

GetSaveFileNameW
GetOpenFileNameW
CommDlgExtendedError
PrintDlgW
GetFileTitleW
PageSetupDlgW
ChooseColorW

advapi32

RegEnumValueA
RegCreateKeyExA
RegEnumKeyW
RegOpenKeyExA
RegDeleteValueA
RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumKeyExW
RegQueryValueExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegOpenKeyA

shlwapi

PathFileExistsW
PathStripToRootW
PathIsURLW
PathRemoveExtensionW
PathRemoveFileSpecW
PathStripPathW
PathAddBackslashW
PathAppendW
PathIsDirectoryW
PathFindExtensionW

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 240KB - Virtual size: 238KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4.5MB - Virtual size: 4.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

13e7a1571f3d553ac48e5483a23b0aab

Code Sign

33:00:00:02:52:8b:33:aa:f8:95:f3:39:db:00:00:00:00:02:52Certificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

d3:ef:67:db:9a:d1:56:b7:f6:2b:35:2e:77:47:0e:de:10:82:10:08:1e:7c:10:a6:1b:8c:93:b2:7b:e8:b4:5dSigner

Headers

File Characteristics

Imports

version

winmm

wininet

comctl32

shell32

ole32

oleaut32

gdiplus

kernel32

user32

gdi32

comdlg32

advapi32

shlwapi

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 240KB - Virtual size: 238KB

.data Size: 72KB - Virtual size: 93KB

.rsrc Size: 4.5MB - Virtual size: 4.5MB

33:00:00:02:52:8b:33:aa:f8:95:f3:39:db:00:00:00:00:02:52
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

d3:ef:67:db:9a:d1:56:b7:f6:2b:35:2e:77:47:0e:de:10:82:10:08:1e:7c:10:a6:1b:8c:93:b2:7b:e8:b4:5d
Signer

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 240KB - Virtual size: 238KB

.data
Size: 72KB - Virtual size: 93KB

.rsrc
Size: 4.5MB - Virtual size: 4.5MB