584bfstrategiv[.]exe

Resubmissions

11-12-2023 00:15

231211-ajzxashcg9 10

31-07-2020 08:01

200731-byjjr3wcee 1

Sharing

Copy URL

Twitter E-mail

General

Target

584bfstrategiv.exe
Size

250KB
MD5

e16d08218b8f082b9422db5fe2c68544
SHA1

b9b4827e021df02df1054faf3db483a1078fcb80
SHA256

3c2959c2b584303b92d1bdef931e0cf8d4c418bded5025ef21f35f476aac4a26
SHA512

bacc063264ba1af29579454e976d2e650cd5a308ceb8708d9a9d3070ff6ab7af73a8b037961f0258d9224246d2891f0156ac378e2a904f6c7f26ffaa3158d33f
SSDEEP

3072:IFNthWQl/rSJ7lvt9filcZritkrINAEYsm2:IBhWQ/mJLflrOAp2

Score

1^/10

Malware Config

Signatures

Files

584bfstrategiv.exe
.exe windows:4 windows x86 arch:x86

d97b710a90a979a9ba1fac5e1ea6c332

Code Sign

0a:f9:b5:23:18:0f:34:a2:4f:cf:d1:1b:74:e7:d6:cd
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

22-06-2020 00:00

Not After

22-06-2021 23:59

Subject

CN=ORBIS LTD,O=ORBIS LTD,POSTALCODE=61195,STREET=Gvardiytsiv-Shironintsiv Street\, house 127\, apartment 58,L=Kharkiv,ST=Harkіvska obl.,C=UA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12-03-2019 00:00

Not After

31-12-2028 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-11-2018 00:00

Not After

31-12-2030 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02-05-2019 00:00

Not After

01-08-2030 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

df:5a:2d:56:59:35:1a:cf:cd:28:33:5b:00:bf:41:b1:74:f7:d1:5c
Signer

Actual PE Digest

df:5a:2d:56:59:35:1a:cf:cd:28:33:5b:00:bf:41:b1:74:f7:d1:5c

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateProcessW
OpenMutexW
GetFileAttributesW
CreateDirectoryW
CreateFileW
WaitNamedPipeW
WriteFile
GlobalAddAtomW
GlobalGetAtomNameW
GlobalDeleteAtom
GetUserDefaultUILanguage
FindFirstFileW
FindClose
FindNextFileW
CreateFileMappingW
GetFileSizeEx
MapViewOfFile
UnmapViewOfFile
WideCharToMultiByte
GetNativeSystemInfo
FindCloseChangeNotification
FindNextChangeNotification
OutputDebugStringW
SetLastError
ReleaseMutex
CreateMutexW
ProcessIdToSessionId
SetEnvironmentVariableA
ReadConsoleW
ReadFile
SetEndOfFile
SetStdHandle
SetFilePointerEx
FlushFileBuffers
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetConsoleMode
GetConsoleCP
LocalFree
GetTimeZoneInformation
GetStringTypeW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
UnhandledExceptionFilter
RtlCaptureContext
HeapReAlloc
HeapSize
ExitProcess
GetCommandLineW
ExitThread
GetSystemTimeAsFileTime
WriteConsoleW
GetModuleHandleExW
GetFileType
GetStdHandle
IsProcessorFeaturePresent
IsDebuggerPresent
LCMapStringW
EncodePointer
DecodePointer
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
GetProcessHeap
HeapFree
HeapAlloc
GetModuleFileNameA
CreateProcessA
SetUnhandledExceptionFilter
InitializeCriticalSection
SetCriticalSectionSpinCount
LocalAlloc
InitializeCriticalSectionAndSpinCount
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
WaitForMultipleObjects
SetThreadPriority
CreateThread
CreateEventW
GetCurrentProcessId
VirtualFree
VirtualAlloc
lstrcmpW
DeleteCriticalSection
WaitForSingleObject
GetCurrentThread
SystemTimeToFileTime
GetDateFormatW
GetTimeFormatW
OpenProcess
Sleep
FreeLibrary
LoadLibraryW
GetTickCount
CloseHandle
ResetEvent
SetEvent
OpenEventW
WTSGetActiveConsoleSessionId
GetModuleFileNameW
GetLastError
GetVersionExW
GetWindowsDirectoryW
lstrcpyW
lstrcatW
lstrcpynW
ExpandEnvironmentStringsW
CompareStringW
lstrcmpiW
GetProcAddress
GetModuleHandleW
RaiseException
lstrlenW
MulDiv
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
FlushInstructionCache
GetCurrentProcess
lstrcmpiA
ContinueDebugEvent
GetConsoleAliasW
ReplaceFile
WriteConsoleInputW
FreeEnvironmentStringsA
RequestWakeupLatency
SetThreadLocale
SetTapeParameters
GetExitCodeProcess
GetSystemTimeAdjustment
EnumCalendarInfoExA
GetProfileSectionW
SetConsoleTitleA
GetLogicalDriveStringsW
GetCPInfoExW
OpenFileMappingW
SignalObjectAndWait
EnumResourceLanguagesA
GetSystemPowerStatus
SetTimeZoneInformation
GetWindowsDirectoryA
GetLocalTime
SetPriorityClass
BackupSeek
FindResourceExW
ReadFileEx
ReplaceFileA
ResetWriteWatch
VirtualQuery
GetVolumePathNameA
SetConsoleCursorPosition
SetMessageWaitingIndicator
SetVolumeMountPointA
GetConsoleTitleW
GetStringTypeExW
GetCommMask
EnumDateFormatsExA
VirtualLock
SetConsoleCP
GetDiskFreeSpaceW
LoadLibraryA

user32

TrackPopupMenu
GetForegroundWindow
DefWindowProcW
CallWindowProcW
SetWindowPos
GetDlgItem
GetClientRect
GetWindow
GetWindowLongW
DialogBoxParamW
GetMenuItemInfoW
LoadIconW
PostQuitMessage
EnableMenuItem
MoveWindow
RegisterWindowMessageW
GetSysColorBrush
DrawFrameControl
DrawStateW
LoadStringW
DrawEdge
DestroyMenu
GetMenuDefaultItem
SetMenuDefaultItem
LoadMenuW
GetSubMenu
MonitorFromPoint
SetMenuItemInfoW
UnregisterClassW
RegisterClassExW
OpenInputDesktop
EnumDesktopWindows
CloseDesktop
IsIconic
GetPropW
GetLastInputInfo
GetMenuItemCount
CreateDialogParamW
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
GetWindowThreadProcessId
EnumWindows
PostThreadMessageW
EqualRect
GetMonitorInfoW
MonitorFromRect
MonitorFromWindow
GetWindowTextW
DrawTextW
GetDC
ShowWindow
EnumDisplayMonitors
SetActiveWindow
SetForegroundWindow
AdjustWindowRectEx
GetMenu
DrawFocusRect
GetFocus
IsWindowEnabled
CharNextW
GetDlgCtrlID
GetWindowTextLengthW
CreateWindowExW
LoadCursorW
SetWindowLongW
GetClassNameW
GetCursorPos
ReleaseCapture
GetCapture
SetCapture
SetCursor
PtInRect
EndPaint
BeginPaint
DestroyWindow
IsWindow
GetSystemMetrics
GetDesktopWindow
GetWindowDC
TranslateAcceleratorW
LoadAcceleratorsW
DestroyAcceleratorTable
SetTimer
KillTimer
EndDialog
DestroyIcon
SetWindowTextW
SetRectEmpty
GetSysColor
LoadBitmapW
DrawIconEx
SetFocus
UpdateWindow
ReleaseDC
SystemParametersInfoW
FindWindowW
GetWindowRect
AdjustWindowRect
SetRect
IsDialogMessageW
PostMessageW
EnableWindow
IsWindowVisible
wsprintfW
ScreenToClient
ClientToScreen
GetParent
OffsetRect
CopyRect
SendMessageW
GetIconInfo
FillRect
LoadImageW
InvalidateRect
GetDoubleClickTime
AnyPopup
GetCaretBlinkTime
CreatePopupMenu
GetKeyState
CloseClipboard
GetInputState
CreateMenu
GetDialogBaseUnits
EndMenu
GetAsyncKeyState
GetCursor
CountClipboardFormats
GetKBCodePage
CharLowerW
GetClipboardSequenceNumber
GetClipboardData
GetActiveWindow
GetListBoxInfo
GetClipboardOwner
CopyIcon
DestroyCursor
GetOpenClipboardWindow
InSendMessage
EnumClipboardFormats
GetMenuContextHelpId
GetProcessWindowStation
GetKeyboardType
GetKeyboardLayout
GetMessageTime
GetLastActivePopup
CharLowerA
GetMessagePos
CharUpperA
CharUpperW

gdi32

DeleteDC
RestoreDC
CreateRectRgn
CombineRgn
CreatePen
SaveDC
GetCurrentObject
ExcludeClipRect
Rectangle
GetRegionData
GetDeviceCaps
GetCurrentPositionEx
GetTextColor
CreateFontIndirectW
SetViewportOrgEx
CreateFontW
ExtTextOutW
SetBkColor
SetTextColor
SetBkMode
GetBkMode
CreateSolidBrush
DeleteObject
GetStockObject
GetObjectW
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
StretchBlt
GetTextExtentPoint32W
SelectClipRgn
STROBJ_dwGetCodePage
Polygon
ExtFloodFill
Pie
GetFontAssocStatus
GdiIsPlayMetafileDC
GdiValidateHandle
EngStrokePath
FloodFill
GdiEntry9
GetKerningPairsA
CreateDCA
GetTextFaceW
GdiConvertPalette
GdiEntry12
EndPage
CreateMetaFileW
CreatePolygonRgn
GetLogColorSpaceW
STROBJ_vEnumStart
CreateBitmap
GetBoundsRect
FrameRgn
GetMapMode
EngCreateSemaphore
GdiProcessSetup
GetRgnBox
SetICMProfileW
SetPixelFormat
GetTextFaceA
GdiIsMetaPrintDC
ColorMatchToTarget
SwapBuffers
GetMetaFileA
EngAcquireSemaphore
GdiGradientFill
SetDCPenColor
GdiDescribePixelFormat
GetAspectRatioFilterEx
GetHFONT
WidenPath
UpdateColors
StrokePath
SetMetaRgn
GetEnhMetaFileA

advapi32

RegQueryInfoKeyW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegEnumValueW
RegDeleteValueW
RegSetValueExW
RegDeleteKeyW
RegCreateKeyExW
RegEnumKeyExW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegNotifyChangeKeyValue
RegOpenKeyA

shell32

SHGetFileInfoW
ShellExecuteW
SHAppBarMessage
Shell_NotifyIconW
SHGetFolderPathW
CommandLineToArgvW
ExtractIconExW
SHGetFolderPathA
SHGetSettings
DragQueryFileA
SHFormatDrive
SHGetInstanceExplorer
SHAddToRecentDocs
SHBrowseForFolder
SHGetPathFromIDList
SHGetPathFromIDListA
SHGetFileInfo
SHPathPrepareForWriteA
ShellAboutW
WOWShellExecute
ExtractIconA
SHLoadInProc

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoInitializeEx
CoCreateFreeThreadedMarshaler
CoUninitialize
CoCreateInstance
CoInitialize
CoTaskMemFree

shlwapi

PathAppendW
PathRemoveFileSpecW
PathAddBackslashW
PathFileExistsW
PathSearchAndQualifyW
PathFindOnPathW
PathIsRelativeW
PathFindExtensionW
PathRemoveArgsW
PathGetArgsW
StrRStrIA
StrRChrIA
StrRChrIW
StrStrIA

comctl32

ImageList_Destroy
ImageList_Create
ImageList_GetIcon
ImageList_Merge
ImageList_ReplaceIcon
ImageList_Draw
ImageList_GetImageCount
ImageList_Remove
InitCommonControlsEx
ImageList_GetIconSize
_TrackMouseEvent

Sections

.text
Size: 221KB - Virtual size: 221KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 497B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

d97b710a90a979a9ba1fac5e1ea6c332

Code Sign

0a:f9:b5:23:18:0f:34:a2:4f:cf:d1:1b:74:e7:d6:cdCertificate

Extended Key Usages

Key Usages

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95Certificate

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08Certificate

Extended Key Usages

Key Usages

df:5a:2d:56:59:35:1a:cf:cd:28:33:5b:00:bf:41:b1:74:f7:d1:5cSigner

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

shlwapi

comctl32

Sections

.text Size: 221KB - Virtual size: 221KB

.rdata Size: 512B - Virtual size: 497B

.data Size: 16KB - Virtual size: 15KB

.rsrc Size: 2KB - Virtual size: 1KB

0a:f9:b5:23:18:0f:34:a2:4f:cf:d1:1b:74:e7:d6:cd
Certificate

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

df:5a:2d:56:59:35:1a:cf:cd:28:33:5b:00:bf:41:b1:74:f7:d1:5c
Signer

.text
Size: 221KB - Virtual size: 221KB

.rdata
Size: 512B - Virtual size: 497B

.data
Size: 16KB - Virtual size: 15KB

.rsrc
Size: 2KB - Virtual size: 1KB