84d90ef4c7ef4c2bca788dbf8c756154173977c8f7ead1f7e4c44d0017d4dc3b

Sharing

Copy URL

Twitter E-mail

General

Target

84d90ef4c7ef4c2bca788dbf8c756154173977c8f7ead1f7e4c44d0017d4dc3b
Size

768KB
MD5

e1fde815b4dbbc48c517fe7e53a2c53e
SHA1

2323006ddd655f188c6e073e0c78acf32d3e3062
SHA256

84d90ef4c7ef4c2bca788dbf8c756154173977c8f7ead1f7e4c44d0017d4dc3b
SHA512

40c9436dc3dde7a1d9ca57d43a5b31ca875978d02e6b0b8fd880a0d4c72546079d30e09d824de7b960d4ffafdda26de56988f66d96429fb02de42b65aa643f69
SSDEEP

12288:9UZy93y/u81hwyayMUx9XZ0rajhHCYdzyU1WjTA1Ax9CtnG:9UZKyuwLayTor+NyRjk1MeG

Score

1^/10

Malware Config

Signatures

Files

84d90ef4c7ef4c2bca788dbf8c756154173977c8f7ead1f7e4c44d0017d4dc3b
.exe windows:5 windows x86 arch:x86

3cdbd323b5afb0e05c8e80099e3b150a

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:5a:6b:ec:4d:7f:54:9f:e5:25:c8:52:df:67:0e:13
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

16/01/2023, 00:00

Not After

15/01/2026, 23:59

Subject

CN=Avast Software s.r.o.,O=Avast Software s.r.o.,L=Praha,C=CZ

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

35:27:29:06:fa:49:e3:7d:2d:58:38:a7:f1:16:54:79:12:b1:21:08:59:22:b1:07:d0:83:a2:f9:db:0a:2c:a5
Signer

Actual PE Digest

35:27:29:06:fa:49:e3:7d:2d:58:38:a7:f1:16:54:79:12:b1:21:08:59:22:b1:07:d0:83:a2:f9:db:0a:2c:a5

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

psapi

GetProcessMemoryInfo
QueryWorkingSet
GetModuleInformation
GetModuleFileNameExW

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

kernel32

FindNextFileW
FindFirstFileW
ReadProcessMemory
VirtualQueryEx
OpenThread
GetLocalTime
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GlobalMemoryStatus
Sleep
WideCharToMultiByte
ExpandEnvironmentStringsW
InterlockedExchange
GetPrivateProfileSectionNamesW
GetPrivateProfileSectionW
WritePrivateProfileStringW
GetTempPathW
GetTempFileNameW
CreateDirectoryW
ReadFile
MoveFileExW
GetFileSize
GetVolumeInformationW
GetDiskFreeSpaceExW
RemoveDirectoryW
SetFilePointer
GetLogicalDrives
GetDriveTypeW
DeviceIoControl
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
GetCurrentProcessId
CreateMutexW
InterlockedCompareExchange
SystemTimeToFileTime
GetPrivateProfileStringW
GetFileSizeEx
WTSGetActiveConsoleSessionId
ProcessIdToSessionId
GetPrivateProfileIntW
InitializeCriticalSectionAndSpinCount
Module32NextW
VirtualProtect
Module32FirstW
HeapCreate
HeapAlloc
CreateEventW
AddVectoredExceptionHandler
SetUnhandledExceptionFilter
RemoveVectoredExceptionHandler
LeaveCriticalSection
SetEndOfFile
CreateFileA
GetTimeZoneInformation
WriteFile
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetStringTypeW
EnterCriticalSection
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
SetConsoleCtrlHandler
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlushFileBuffers
GetStartupInfoA
GetFileType
SetHandleCount
GetConsoleMode
GetConsoleCP
GetModuleHandleA
GetModuleFileNameA
GetStdHandle
ExitProcess
FatalAppExitA
IsValidCodePage
GetOEMCP
GetACP
GetCurrentThread
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetCPInfo
LCMapStringW
LCMapStringA
GetFileAttributesW
GetSystemTimeAsFileTime
GetStartupInfoW
CreateThread
ExitThread
IsDebuggerPresent
UnhandledExceptionFilter
RtlUnwind
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapDestroy
lstrlenA
CreateFileW
SetEvent
GetLastError
DeleteFileW
CreateProcessW
GetCommandLineW
LocalFree
GetNativeSystemInfo
IsWow64Process
lstrcmpiW
LoadLibraryExW
InitializeCriticalSection
GetModuleFileNameW
InterlockedDecrement
InterlockedIncrement
GetCurrentProcess
GetLocaleInfoW
RaiseException
DeleteCriticalSection
OpenProcess
LoadLibraryW
WaitForSingleObject
CloseHandle
FreeLibrary
GetCurrentThreadId
GetProcAddress
FindResourceExW
GetVersionExW
MultiByteToWideChar
lstrlenW
GetModuleHandleW
FindResourceW
SizeofResource
LoadResource
LockResource
CompareStringA
CompareStringW
SetEnvironmentVariableA
FlushInstructionCache
TerminateProcess
GetStringTypeA

user32

TrackMouseEvent
GetFocus
PostMessageW
PostQuitMessage
SetCursor
ScreenToClient
GetCursorPos
LoadCursorW
UnregisterClassA
DispatchMessageW
EnumWindows
GetWindowThreadProcessId
UpdateLayeredWindow
GetWindowDC
GetWindowRect
DrawTextW
DestroyCursor
TranslateAcceleratorW
DefWindowProcW
SetWindowPos
MessageBeep
LoadStringW
SendMessageW
IsWindow
PtInRect
PeekMessageW
EnumChildWindows
GetClassNameW
GetWindowTextW
CharNextW
CreateWindowExW
GetClassInfoExW
LoadImageW
RegisterClassExW
LoadMenuW
LoadAcceleratorsW
DestroyWindow
ShowWindow
GetMessageW
TranslateMessage
SetTimer
CallWindowProcW
SetWindowLongW
LoadStringA
GetParent
GetWindow
MonitorFromWindow
MonitorFromPoint
GetMonitorInfoW
SetFocus
KillTimer
GetMenuItemInfoW
RemoveMenu
GetMenuItemCount
AppendMenuW
TrackPopupMenuEx
DestroyMenu
ReleaseDC
CreatePopupMenu
MapWindowPoints
GetClientRect
SetWindowTextW
GetWindowLongW
InvalidateRect

gdi32

CreateDIBSection
CreateCompatibleDC
SelectObject
SetTextColor
SetBkMode
CreateCompatibleBitmap
SaveDC
GetBitmapBits
SetBitmapBits
RestoreDC
DeleteObject
DeleteDC
CreateFontW

advapi32

LookupPrivilegeValueW
RegQueryValueExW
AdjustTokenPrivileges
RevertToSelf
CreateProcessAsUserW
DuplicateTokenEx
SetTokenInformation
AllocateAndInitializeSid
GetNamedSecurityInfoW
SetEntriesInAclW
SetNamedSecurityInfoW
FreeSid
QueryServiceStatus
DeleteService
ControlService
OpenServiceW
StartServiceW
OpenSCManagerW
CreateServiceW
CloseServiceHandle
RegQueryInfoKeyW
RegSetValueExW
RegEnumKeyExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
OpenProcessToken
RegEnumValueW

shell32

SHFileOperationW
SHGetSpecialFolderPathW

ole32

CoInitializeSecurity
CoUninitialize
CoTaskMemRealloc
CoCreateGuid
CoTaskMemAlloc
CoCreateInstance
CoSetProxyBlanket
CoTaskMemFree
CoInitialize

oleaut32

VariantChangeType
GetErrorInfo
SysAllocStringByteLen
SysAllocString
CreateErrorInfo
SysStringLen
SetErrorInfo
VariantClear
SysFreeString
VariantInit
VarUI4FromStr

shlwapi

SHDeleteKeyW
PathFindFileNameW
PathRemoveExtensionW
PathAppendW
StrStrIW
PathRemoveFileSpecW
PathFileExistsW
PathIsDirectoryW
PathFindExtensionW
PathGetDriveNumberW
PathStripPathW

comctl32

InitCommonControlsEx

msimg32

GradientFill
AlphaBlend

iphlpapi

GetAdaptersAddresses
GetIpForwardTable

wtsapi32

WTSFreeMemory
WTSQueryUserToken
WTSEnumerateSessionsW

winhttp

WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpCloseHandle
WinHttpSendRequest
WinHttpOpenRequest
WinHttpConnect
WinHttpSetOption
WinHttpOpen
WinHttpReadData

Sections

.text
Size: 622KB - Virtual size: 622KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3cdbd323b5afb0e05c8e80099e3b150a

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

01:5a:6b:ec:4d:7f:54:9f:e5:25:c8:52:df:67:0e:13Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

35:27:29:06:fa:49:e3:7d:2d:58:38:a7:f1:16:54:79:12:b1:21:08:59:22:b1:07:d0:83:a2:f9:db:0a:2c:a5Signer

Headers

DLL Characteristics

File Characteristics

Imports

psapi

userenv

version

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

iphlpapi

wtsapi32

winhttp

Sections

.text Size: 622KB - Virtual size: 622KB

.rdata Size: 103KB - Virtual size: 102KB

.data Size: 8KB - Virtual size: 29KB

.rsrc Size: 23KB - Virtual size: 22KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

01:5a:6b:ec:4d:7f:54:9f:e5:25:c8:52:df:67:0e:13
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

35:27:29:06:fa:49:e3:7d:2d:58:38:a7:f1:16:54:79:12:b1:21:08:59:22:b1:07:d0:83:a2:f9:db:0a:2c:a5
Signer

.text
Size: 622KB - Virtual size: 622KB

.rdata
Size: 103KB - Virtual size: 102KB

.data
Size: 8KB - Virtual size: 29KB

.rsrc
Size: 23KB - Virtual size: 22KB