ab636afce7424bcbdc93485835088b2594011df6a55346cde38fb6d3423eb820

Sharing

Copy URL

Twitter E-mail

General

Target

ab636afce7424bcbdc93485835088b2594011df6a55346cde38fb6d3423eb820
Size

9.7MB
MD5

58d28558b5e2ffbb0238ed852b0fccf4
SHA1

88ce8d1c7a152d5b1095d0ace8815c597111454e
SHA256

ab636afce7424bcbdc93485835088b2594011df6a55346cde38fb6d3423eb820
SHA512

4607a9b40e0878bc06e5bc3c925e434b31ff3d70fa3257555b3a44b51bb011cd6e6aef9eae61cc472c33b3593a54f784c999ef8df71e452ae666b85d3e57b72b
SSDEEP

196608:or04S46+BHT0Bwl7GGlCfYB+w+Ug1LzKlH8lHwqa:JjMTywlCGUYB+w+z6lua

Score

1^/10

Malware Config

Signatures

Files

ab636afce7424bcbdc93485835088b2594011df6a55346cde38fb6d3423eb820
.exe windows:5 windows x86 arch:x86

0542d0089ad33ee09d1fa893d5c462ce

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2021 00:00

Not After

31-12-2028 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

57:7c:e5:9e:d9:bb:9a:4a:5c:69:36:13:2f:67:45:8f
Certificate

Issuer

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Not Before

11-09-2023 00:00

Not After

10-09-2026 23:59

Subject

SERIALNUMBER=HRB 24085,CN=ASCOMP Software GmbH,O=ASCOMP Software GmbH,ST=Baden-Württemberg,C=DE,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024445

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03-05-2023 00:00

Not After

02-08-2034 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2021 00:00

Not After

31-12-2028 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

57:7c:e5:9e:d9:bb:9a:4a:5c:69:36:13:2f:67:45:8f
Certificate

Issuer

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Not Before

11-09-2023 00:00

Not After

10-09-2026 23:59

Subject

SERIALNUMBER=HRB 24085,CN=ASCOMP Software GmbH,O=ASCOMP Software GmbH,ST=Baden-Württemberg,C=DE,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024445

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23-12-2017 00:00

Not After

22-03-2029 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

21:83:6b:5d:59:e5:47:5a:21:d5:95:66:82:0e:02:83:66:73:c1:45:0c:87:23:fb:72:7a:a1:00:70:60:1e:63
Signer

Actual PE Digest

21:83:6b:5d:59:e5:47:5a:21:d5:95:66:82:0e:02:83:66:73:c1:45:0c:87:23:fb:72:7a:a1:00:70:60:1e:63

Digest Algorithm

sha256

PE Digest Matches

false

1d:16:9d:f7:e2:c4:38:ec:ef:49:00:eb:22:51:3f:13:81:8c:9f:95
Signer

Actual PE Digest

1d:16:9d:f7:e2:c4:38:ec:ef:49:00:eb:22:51:3f:13:81:8c:9f:95

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameW
TlsAlloc
InterlockedDecrement
TlsFree
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
WriteConsoleW
FlushFileBuffers
SetFilePointerEx
GetConsoleMode
GetConsoleCP
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
SetEnvironmentVariableW
SetEnvironmentVariableA
GetFileType
HeapSize
GetACP
GetStdHandle
HeapReAlloc
GetModuleHandleExW
ExitProcess
RtlUnwind
QueryPerformanceCounter
GetStartupInfoW
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
ResetEvent
SetEvent
GetCPInfo
GetLocaleInfoW
LCMapStringW
CompareStringW
GetSystemTimeAsFileTime
CreateEventW
GetStringTypeW
IsDebuggerPresent
LoadLibraryExA
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
GetProcessHeap
HeapFree
HeapAlloc
EncodePointer
lstrcpynW
lstrcpyW
DeleteFiber
SwitchToFiber
CreateFiber
TlsSetValue
ConvertThreadToFiber
TlsGetValue
OutputDebugStringW
WriteFile
SetEndOfFile
ReadFile
SetFilePointer
GetCurrentProcess
DuplicateHandle
GetFileSize
InitializeCriticalSection
GetVersionExW
lstrlenW
LockResource
LoadResource
FindResourceW
FreeLibrary
GetProcAddress
GetModuleHandleW
lstrcmpiW
RaiseException
GetLastError
MultiByteToWideChar
SizeofResource
LoadLibraryExW
InterlockedIncrement
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LocalAlloc
FormatMessageW
LocalFree
CreateThread
GetModuleFileNameA
DecodePointer
SetLastError
MulDiv
LoadLibraryW
SetFileAttributesW
SetFileTime
CreateFileW
DeleteFileW
WideCharToMultiByte
GetFileAttributesW
WaitForSingleObject
FindFirstChangeNotificationW
CloseHandle
GetCurrentProcessId
lstrcmpW

user32

CharNextW
DefWindowProcW
CallWindowProcW
DrawEdge
wvsprintfW
SetWindowPos
ShowWindow
SendMessageW
MapWindowPoints
InvalidateRect
SetFocus
GetWindowLongW
GetMonitorInfoW
GetWindowRect
GetParent
GetClientRect
LoadImageW
GetWindowTextW
GetWindowTextLengthW
TrackPopupMenu
InsertMenuW
LoadBitmapW
GetDC
CreateDialogParamW
DialogBoxParamW
EndDialog
PostThreadMessageW
GetMenuDefaultItem
ClientToScreen
SetMenu
UnregisterClassW
SetWindowLongW
wsprintfW
FillRect
GetSysColor
DrawTextW
GetMenu
DestroyIcon
GetDlgItemTextW
MessageBoxW
SetWindowTextW
GetDlgItem
SetDlgItemTextW
GetWindow
MonitorFromWindow
SetTimer
KillTimer
GetWindowThreadProcessId
GetSubMenu
GetMenuItemID
RegisterWindowMessageW
IsWindowVisible
GetKeyState
CharLowerW
IsWindowEnabled
IsMenu
SetWindowsHookExW
GetClassNameW
CallNextHookEx
UnhookWindowsHookEx
ModifyMenuW
DrawFrameControl
InflateRect
FrameRect
GetSysColorBrush
WindowFromPoint
GetFocus
PostMessageW
CreatePopupMenu
RemoveMenu
ReleaseDC
GetWindowDC
OffsetRect
GetSystemMetrics
AppendMenuW
MonitorFromPoint
TrackPopupMenuEx
GetMenuItemCount
GetActiveWindow
SystemParametersInfoW
SetRect
SetRectEmpty
SetCapture
UpdateWindow
SetCursorPos
GetCursorPos
ReleaseCapture
GetCapture
PtInRect
ScreenToClient
GetMessagePos
EndPaint
BeginPaint
GetClassInfoExW
RegisterClassExW
TranslateAcceleratorW
LoadAcceleratorsW
LoadMenuW
PostQuitMessage
LoadStringA
LoadStringW
DestroyWindow
MessageBeep
MsgWaitForMultipleObjects
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
SetForegroundWindow
IsWindow
DestroyMenu
SetMenuDefaultItem
GetMenuItemInfoW
SetMenuItemInfoW
CheckMenuRadioItem
LoadCursorW
SetCursor
CreateWindowExW

gdi32

GetCurrentObject
CreateDIBSection
CreateCompatibleBitmap
SetBrushOrgEx
CreateCompatibleDC
BitBlt
SetBkColor
LineTo
MoveToEx
CreatePen
PatBlt
CreateBitmap
CreatePatternBrush
CreateFontIndirectW
SetWindowOrgEx
OffsetWindowOrgEx
SelectObject
SetBkMode
SetTextColor
DeleteDC
DeleteObject
GetStockObject
GetObjectW

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

SystemFunction036
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptReleaseContext
CryptDestroyHash
CryptAcquireContextW
RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegDeleteKeyW

shell32

SHGetDesktopFolder
SHGetSpecialFolderLocation
ord23
ord21
SHGetFileInfoW
ShellExecuteW

ole32

CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoInitializeEx
CoUninitialize

oleaut32

VarUI4FromStr

shlwapi

StrChrW
StrRetToBufW
PathFindExtensionW
PathAppendW
PathRemoveFileSpecW
PathRemoveFileSpecA
PathFindFileNameW
PathRemoveExtensionW

comctl32

ImageList_Draw
InitCommonControlsEx
ImageList_Destroy
ImageList_GetImageCount
ImageList_LoadImageW
ImageList_Duplicate
ImageList_GetIconSize
ImageList_ReplaceIcon
ImageList_AddMasked
CreateStatusWindowW
ImageList_Create
ImageList_DrawIndirect

msimg32

GradientFill

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

Sections

.text
Size: 297KB - Virtual size: 296KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8.1MB - Virtual size: 8.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0542d0089ad33ee09d1fa893d5c462ce

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6eCertificate

Extended Key Usages

Key Usages

57:7c:e5:9e:d9:bb:9a:4a:5c:69:36:13:2f:67:45:8fCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6eCertificate

Extended Key Usages

Key Usages

57:7c:e5:9e:d9:bb:9a:4a:5c:69:36:13:2f:67:45:8fCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

21:83:6b:5d:59:e5:47:5a:21:d5:95:66:82:0e:02:83:66:73:c1:45:0c:87:23:fb:72:7a:a1:00:70:60:1e:63Signer

1d:16:9d:f7:e2:c4:38:ec:ef:49:00:eb:22:51:3f:13:81:8c:9f:95Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

version

Sections

.text Size: 297KB - Virtual size: 296KB

.rdata Size: 112KB - Virtual size: 112KB

.data Size: 9KB - Virtual size: 19KB

.gfids Size: 512B - Virtual size: 496B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 8.1MB - Virtual size: 8.1MB

.reloc Size: 20KB - Virtual size: 20KB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

57:7c:e5:9e:d9:bb:9a:4a:5c:69:36:13:2f:67:45:8f
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

57:7c:e5:9e:d9:bb:9a:4a:5c:69:36:13:2f:67:45:8f
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

21:83:6b:5d:59:e5:47:5a:21:d5:95:66:82:0e:02:83:66:73:c1:45:0c:87:23:fb:72:7a:a1:00:70:60:1e:63
Signer

1d:16:9d:f7:e2:c4:38:ec:ef:49:00:eb:22:51:3f:13:81:8c:9f:95
Signer

.text
Size: 297KB - Virtual size: 296KB

.rdata
Size: 112KB - Virtual size: 112KB

.data
Size: 9KB - Virtual size: 19KB

.gfids
Size: 512B - Virtual size: 496B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 8.1MB - Virtual size: 8.1MB

.reloc
Size: 20KB - Virtual size: 20KB