c1646fcaf6af27f4c8574990fd1c2d1d916cf1839a32ab217f989963ed6e4d68

Sharing

Copy URL Twitter E-mail

General

Target

c1646fcaf6af27f4c8574990fd1c2d1d916cf1839a32ab217f989963ed6e4d68
Size

266KB
MD5

22be0b1fb861e0ef5c404795824e7e0d
SHA1

7934da14c24fd46d0d53748f1c08832425df5b92
SHA256

c1646fcaf6af27f4c8574990fd1c2d1d916cf1839a32ab217f989963ed6e4d68
SHA512

fb6f31242c9e06c0b6f879f0c21cfb51dd760bfe0d17541d96fa3b4c6af26189f1c6ec808ce4d23df0091ee1725dba328547c5814546bdb573711aeb6ebbee56
SSDEEP

3072:rr61wZafOjv/jcB+1s6ndvoTMzc/JHxEgx5ozPfnM+ix5JqYycHOSYRLA4IgXEm/:qqZaWj4Gs6hM6cJzOSYqZm7Z

Score

1^/10

Malware Config

Signatures

Files

c1646fcaf6af27f4c8574990fd1c2d1d916cf1839a32ab217f989963ed6e4d68
.exe windows:5 windows x86 arch:x86

41a6b4bb1c829e88ddf120cd387b55c5

Code Sign

77:1c:e8:4f:3e:d1:9c:b1:49:e7:4d:e9:7d:d8:37:ea
Certificate

Issuer

CN=Caphyon,O=Caphyon,C=US

Not Before

30/05/2023, 19:46

Not After

30/05/2024, 20:06

Subject

CN=Caphyon,O=Caphyon,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

29:6a:fb:8a:80:99:c1:d5:0c:5e:40:5d:2d:53:db:24:26:f7:b7:16
Signer

Actual PE Digest

29:6a:fb:8a:80:99:c1:d5:0c:5e:40:5d:2d:53:db:24:26:f7:b7:16

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mfc90

ord4409
ord5659
ord4981
ord6001
ord2447
ord4952
ord6783
ord4159
ord6781
ord4733
ord2251
ord2206
ord6018
ord4165
ord1046
ord5533
ord6721
ord5813
ord4199
ord6811
ord3414
ord6810
ord3413
ord6462
ord589
ord3659
ord615
ord320
ord2087
ord3209
ord5657
ord4333
ord5663
ord5646
ord6646
ord1265
ord1255
ord3796
ord1938
ord4640
ord2103
ord1604
ord4496
ord2277
ord1670
ord3487
ord6166
ord2141
ord4337
ord3987
ord5167
ord4617
ord5152
ord374
ord3506
ord4801
ord6740
ord4502
ord6257
ord2904
ord2899
ord6504
ord6774
ord5578
ord5594
ord5635
ord2137
ord4306
ord5785
ord2078
ord2289
ord2297
ord2288
ord2269
ord2265
ord2227
ord1436
ord4023
ord2622
ord4602
ord5414
ord5388
ord1429
ord1435
ord787
ord3150
ord1787
ord1724
ord585
ord3928
ord2356
ord3390
ord664
ord405
ord3351
ord4117
ord4392
ord1607
ord942
ord2672
ord899
ord1937
ord2372
ord1387
ord1936
ord2209
ord6787
ord6401
ord6177
ord2700
ord6178
ord4437
ord1102
ord3175
ord3764
ord793
ord4529
ord1177
ord945
ord4026
ord790
ord6329
ord3141
ord3153
ord3654
ord2590
ord4498
ord2282
ord1361
ord2130
ord3568
ord3489
ord2698
ord316
ord300
ord310
ord601
ord941
ord1611
ord305
ord3213
ord1252
ord3730
ord4513
ord4516
ord595
ord2592
ord5633
ord1728
ord1791
ord1792
ord2139
ord5608
ord1446
ord2896
ord6559
ord4116
ord3218
ord6356
ord6557
ord1536
ord6048
ord6584
ord5389
ord4384
ord2360
ord6291
ord3671
ord6782
ord4160
ord6784
ord1644
ord2368
ord3135
ord2375
ord2625
ord2607
ord2605
ord2623
ord2635
ord2612
ord2628
ord2633
ord2616
ord2618
ord2620
ord2614
ord2630
ord2610
ord969
ord965
ord967
ord963
ord958
ord5666
ord5668
ord6446
ord1729
ord4688
ord5139
ord5372
ord3732
ord5647
ord4589
ord6780
ord5497
ord2069
ord2074
ord5585
ord4650
ord796
ord1497
ord4331
ord4895
ord1752
ord1755
ord6391
ord3346
ord4030
ord3277
ord1108
ord3473
ord1666
ord1769
ord607
ord337
ord613
ord3479
ord333
ord3534
ord2588
ord1358
ord2106
ord4029
ord4434
ord654
ord4890
ord3110
ord4444
ord6710
ord2480
ord2481
ord4506
ord4507
ord5307
ord5327
ord463
ord6492
ord6151
ord5874
ord711
ord6084
ord6527
ord1222
ord2327
ord3920
ord1720
ord2283
ord777
ord4646
ord4264
ord4037
ord6760
ord817
ord820
ord4431
ord5750
ord6791
ord5761
ord6802
ord2966
ord4042
ord4760
ord2591
ord262
ord1213
ord1144
ord1709
ord2566
ord3579
ord3052
ord2267
ord524
ord744
ord1247
ord586
ord1045
ord2123
ord789
ord1220
ord1116
ord798
ord6616
ord6726
ord411
ord2813
ord340
ord2207
ord1678
ord1809
ord1810
ord2208
ord4993
ord5309
ord639
ord5636
ord4668
ord1496
ord6388
ord3344
ord5615
ord2243
ord1254
ord3477
ord3528
ord1137
ord266
ord2587
ord1357
ord367
ord6079
ord6077
ord6078
ord6081
ord6170
ord2470
ord2263
ord636
ord6074
ord5622
ord3611
ord1183
ord1087
ord3757
ord1668
ord611
ord4638
ord265
ord436
ord1691
ord2100
ord686
ord4667
ord4334
ord2886
ord4057
ord4067
ord5151
ord4616
ord3228
ord3663
ord1145
ord2691
ord4066
ord2759
ord2888
ord5835
ord2769
ord2961
ord4714
ord3107
ord2978
ord2766
ord2539
ord1061
ord590
ord1276
ord794
ord4382
ord800

msvcr90

_setmbcp
memset
memcpy
_strupr
_controlfp_s
_invoke_watson
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
?terminate@@YAXXZ
mbstowcs_s
strcpy_s
_mbstok_s
_mbslen
memmove_s
_time64
fclose
srand
rand
fprintf
fopen
fopen_s
vsprintf
sprintf
_mbscmp
strncpy_s
memcpy_s
_mbschr
__CxxFrameHandler3

kernel32

GetProcAddress
SetLastError
GetLastError
LoadLibraryA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoA
InterlockedCompareExchange
Sleep
InterlockedExchange
lstrcpyA
WideCharToMultiByte
GetCurrentDirectoryA
CloseHandle
GetLocalTime
CopyFileA
CreateDirectoryA
OpenFile
GetFileSize
FreeLibrary
GetVersionExA
GetModuleHandleA

user32

CreatePopupMenu
GetMenuItemCount
DestroyMenu
IsWindowEnabled
MessageBeep
GetAsyncKeyState
LoadIconA
DrawIcon
DrawEdge
GetWindowTextA
ShowScrollBar
SetWindowPos
IsIconic
IsChild
LoadStringA
ChildWindowFromPointEx
GetDlgCtrlID
SetWindowLongA
GetMessageA
GetSystemMenu
SetTimer
ScreenToClient
KillTimer
GetLastActivePopup
GetKeyState
WindowFromPoint
SetFocus
RegisterWindowMessageA
LockWindowUpdate
GetForegroundWindow
GetDCEx
GetDesktopWindow
GetClassInfoA
RemoveMenu
DispatchMessageA
SystemParametersInfoA
GetMessagePos
GetDlgItem
ClientToScreen
SetCursor
GetWindowRect
FillRect
SetCapture
GetFocus
GetParent
GetClientRect
SendMessageA
SetRectEmpty
PtInRect
GetDC
GetCapture
DrawFocusRect
InflateRect
DrawStateA
OffsetRect
UnionRect
InvalidateRect
ReleaseDC
RedrawWindow
GetSysColor
GetCursorPos
FrameRect
IsWindow
PostMessageA
EqualRect
ReleaseCapture
GetSystemMetrics
EnableWindow
LoadCursorA
DestroyIcon
DrawFrameControl
CopyRect
IsRectEmpty
GetMenuDefaultItem

gdi32

CreateCompatibleDC
CreatePalette
DeleteObject
SelectObject
CreateCompatibleBitmap
GetCharWidthA
RealizePalette
GetObjectA
GetCurrentObject
Ellipse
Polygon
Rectangle
GetTextMetricsA
CreateSolidBrush
PatBlt
GetTextExtentPoint32A
LPtoDP
DPtoLP
GetDeviceCaps
BitBlt
CreateFontA
CreateFontIndirectA
GetStockObject

advapi32

RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegDeleteValueA
RegCloseKey
RegQueryValueExA

shell32

SHGetFileInfoA
SHGetDesktopFolder
ExtractIconA
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetMalloc

comctl32

ImageList_GetIcon
ImageList_GetImageInfo

msvcp90

??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEABDI@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z

Sections

.text
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

41a6b4bb1c829e88ddf120cd387b55c5

Code Sign

77:1c:e8:4f:3e:d1:9c:b1:49:e7:4d:e9:7d:d8:37:eaCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

29:6a:fb:8a:80:99:c1:d5:0c:5e:40:5d:2d:53:db:24:26:f7:b7:16Signer

Headers

DLL Characteristics

File Characteristics

Imports

mfc90

msvcr90

kernel32

user32

gdi32

advapi32

shell32

comctl32

msvcp90

Sections

.text Size: 99KB - Virtual size: 98KB

.rdata Size: 32KB - Virtual size: 31KB

.data Size: 3KB - Virtual size: 8KB

.rsrc Size: 109KB - Virtual size: 109KB

.reloc Size: 15KB - Virtual size: 15KB

77:1c:e8:4f:3e:d1:9c:b1:49:e7:4d:e9:7d:d8:37:ea
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

29:6a:fb:8a:80:99:c1:d5:0c:5e:40:5d:2d:53:db:24:26:f7:b7:16
Signer

.text
Size: 99KB - Virtual size: 98KB

.rdata
Size: 32KB - Virtual size: 31KB

.data
Size: 3KB - Virtual size: 8KB

.rsrc
Size: 109KB - Virtual size: 109KB

.reloc
Size: 15KB - Virtual size: 15KB