cf0ff055ecd21560638881c72391714b

Sharing

Copy URL Twitter E-mail

General

Target

cf0ff055ecd21560638881c72391714b
Size

243KB
MD5

cf0ff055ecd21560638881c72391714b
SHA1

2864c3fea4d55ce88d7458a68b1e22c92f720988
SHA256

5d5afe7ea697e2ad011adc9c82179368e001fb1ecfe9d3ea40566467f67b3d29
SHA512

f8837f28923f2821a61ec8f4d786f830faa13ac00efdb3b6c2e97b043e771c7c5d71a4064ab0e98e62c32e6e704f53e6c60d97e6bb612bbc708d2579184ae496
SSDEEP

3072:HLGWF5q9wejaWu4owXtDG65jkt+YZhTE8+DQoRVOpiYNGzXbIxszK+5oMXXcCf:HLGA5q9EeGbtnhTgbBYNuIyzRXXNf

Score

1^/10

Malware Config

Signatures

Files

cf0ff055ecd21560638881c72391714b
.exe windows:4 windows x86 arch:x86

95ea2e16f5d182a83715fe636fa3f3b4

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

27/04/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

Issuer

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

30/05/2020, 10:48

Subject

CN=Sectigo SHA-1 Time Stamping Signer,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

ed:c3:f2:1b:e3:7e:ca:9f:f1:11:7f:f4:90:da:32:ea
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

18/04/2019, 00:00

Not After

17/04/2020, 23:59

Subject

CN=Pragramatic Limited,O=Pragramatic Limited,POSTALCODE=WA3 4HX,STREET=100a Twiss Green Lane Twiss Green Lane,L=Warrington,ST=Cheshire,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5b:96:a6:a6:4c:1e:07:27:14:4e:b4:16:86:8d:46:3f:c1:f4:43:ff
Signer

Actual PE Digest

5b:96:a6:a6:4c:1e:07:27:14:4e:b4:16:86:8d:46:3f:c1:f4:43:ff

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

setupapi

SetupGetBinaryField
SetupGetFileCompressionInfoW
SetupDecompressOrCopyFileW
SetupGetFileCompressionInfoA

kernel32

DuplicateHandle
GetDateFormatA
GlobalUnlock
GetShortPathNameA
GlobalLock
GetConsoleCP
lstrcmpiA
GetExitCodeProcess
GetFileAttributesA
GetPrivateProfileStringA
FindNextFileA
GlobalAddAtomW
FindClose
FindFirstFileA
GetTimeZoneInformation
SetEndOfFile
SetFilePointer
LoadLibraryA
GetOEMCP
GetACP
GetCPInfo
SetStdHandle
HeapReAlloc
VirtualAlloc
HeapAlloc
WriteFile
RtlUnwind
VirtualFree
HeapCreate
HeapDestroy
FlushFileBuffers
WritePrivateProfileStringA
GetDiskFreeSpaceA
LCMapStringW
GetTempPathA
GetTimeFormatA
GlobalFindAtomW
RemoveDirectoryA
GetVolumeInformationW
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
HeapFree
GetModuleHandleW
GetProcAddress
GetLastError
FreeLibraryAndExitThread
CloseHandle
SetEvent
ConnectNamedPipe
GetVersionExA
LoadLibraryExA
IsBadReadPtr
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
LCMapStringA
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA

user32

SetWindowPos
LoadCursorA
EndDialog
CharPrevA
MessageBoxIndirectA
IsWindowEnabled
GetClientRect
DestroyIcon
EnableMenuItem
CloseClipboard
TrackPopupMenu
LoadBitmapA
SendMessageA

gdi32

GetClipBox
EnumFontsA
GetWindowExtEx
SetBkColor
DeleteDC
SetViewportExtEx
ScaleWindowExtEx
RestoreDC
CreateBitmap
SaveDC
SetWindowExtEx
SetTextColor
Rectangle
Ellipse
GetTextColor

advapi32

RegDeleteValueW
FreeSid
RegQueryValueExW
AllocateAndInitializeSid
RegOpenKeyW
RegCreateKeyExW
RegEnumValueW
RegEnumKeyW
RegQueryValueW
RegOpenKeyExW
RegSetValueExW
RegCloseKey
AllocateLocallyUniqueId

Sections

.text
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 176KB - Virtual size: 175KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

95ea2e16f5d182a83715fe636fa3f3b4

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19Certificate

Extended Key Usages

Key Usages

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49Certificate

Extended Key Usages

Key Usages

ed:c3:f2:1b:e3:7e:ca:9f:f1:11:7f:f4:90:da:32:eaCertificate

Extended Key Usages

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

5b:96:a6:a6:4c:1e:07:27:14:4e:b4:16:86:8d:46:3f:c1:f4:43:ffSigner

Headers

File Characteristics

Imports

setupapi

kernel32

user32

gdi32

advapi32

Sections

.text Size: 43KB - Virtual size: 42KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 11KB - Virtual size: 130KB

.rsrc Size: 176KB - Virtual size: 175KB

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

ed:c3:f2:1b:e3:7e:ca:9f:f1:11:7f:f4:90:da:32:ea
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

5b:96:a6:a6:4c:1e:07:27:14:4e:b4:16:86:8d:46:3f:c1:f4:43:ff
Signer

.text
Size: 43KB - Virtual size: 42KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 11KB - Virtual size: 130KB

.rsrc
Size: 176KB - Virtual size: 175KB