28ac6e8b50565110d1851dd66c081107c93fa3dd6fc585eec37f98bf607126dd

Sharing

Copy URL

Twitter E-mail

General

Target

28ac6e8b50565110d1851dd66c081107c93fa3dd6fc585eec37f98bf607126dd
Size

2.0MB
MD5

d63fba2eaf3f78ee64fcc469a2b81a78
SHA1

297530231946cfa62518d192c01d7cda4ae6d6c7
SHA256

28ac6e8b50565110d1851dd66c081107c93fa3dd6fc585eec37f98bf607126dd
SHA512

5b0a6f0c5f6e25d2413e6829a92b1c8238eb5f3e1579ae1f39637c16cdea290d0ff20e5586441266be6bd37d41e5c15242e95e690f275bef7a96b15ba106976e
SSDEEP

24576:kGsotJwufEq1qDjRY4JzHFr7y+EUKRz08ds4Jjtwt:fsotJR+zHFr7BEUKRC4Jat

Score

1^/10

Malware Config

Signatures

Files

28ac6e8b50565110d1851dd66c081107c93fa3dd6fc585eec37f98bf607126dd
.exe windows:6 windows x86 arch:x86

5924b05d9c7cb8125c4acd34ada3cec3

Code Sign

3e:04:e3:8a:28:96:56:48:b8:f0:28:12:dd:f0:16:0f
Certificate

Issuer

CN=topolo-Z Self Signed CA

Not Before

01/01/2018, 00:00

Not After

31/12/2039, 23:59

Subject

CN=topolo-Z

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3e:04:e3:8a:28:96:56:48:b8:f0:28:12:dd:f0:16:0f
Certificate

Issuer

CN=topolo-Z Self Signed CA

Not Before

01/01/2018, 00:00

Not After

31/12/2039, 23:59

Subject

CN=topolo-Z

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

31:79:bc:a6:4f:4b:2c:a5:95:68:ce:8c:29:6d:a5:86:01:a2:52:b4:6e:69:99:fd:85:aa:57:44:98:3c:99:e3
Signer

Actual PE Digest

31:79:bc:a6:4f:4b:2c:a5:95:68:ce:8c:29:6d:a5:86:01:a2:52:b4:6e:69:99:fd:85:aa:57:44:98:3c:99:e3

Digest Algorithm

sha256

PE Digest Matches

true

d1:6f:2a:28:3e:0b:e1:9c:7c:ed:ad:49:d8:75:a0:95:79:e3:24:e8
Signer

Actual PE Digest

d1:6f:2a:28:3e:0b:e1:9c:7c:ed:ad:49:d8:75:a0:95:79:e3:24:e8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

quicklink2

QLCalibration_GetStatus
QLCalibration_Load
QLDevice_Start
QLDevice_GetFrame
QLCalibration_Calibrate
QLSettings_Create
QLAPI_ImportSettings
QLDevice_Enumerate
QLCalibration_Create
QLSettings_SetValueInt
QLCalibration_GetTargets
QLCalibration_Finalize
QLCalibration_Save
QLDevice_ApplyCalibration
QLCalibration_Cancel
QLDevice_Stop
QLCalibration_Initialize
QLDevice_ImportSettings

comctl32

ImageList_GetImageCount
InitCommonControlsEx
ord381
ImageList_ReplaceIcon
ImageList_Remove
ImageList_Destroy
ord413
ord410
ImageList_Draw
ord412
ImageList_GetIconSize
CreatePropertySheetPageW
PropertySheetW
ImageList_Create

uxtheme

DrawThemeParentBackground
IsThemeBackgroundPartiallyTransparent
CloseThemeData
GetCurrentThemeName
SetWindowTheme
DrawThemeTextEx
DrawThemeBackground
OpenThemeData

dwmapi

DwmGetWindowAttribute
DwmIsCompositionEnabled
DwmSetWindowAttribute
DwmGetColorizationColor
DwmExtendFrameIntoClientArea

shlwapi

PathRemoveBackslashW
SHAutoComplete
PathUnquoteSpacesW
PathRemoveBlanksW
StrCmpLogicalW
PathFindFileNameW
PathIsDirectoryW
PathIsURLW
AssocQueryStringW
UrlGetPartW
PathQuoteSpacesW
PathCombineW
ord214
PathRemoveExtensionW
PathRemoveArgsW
StrTrimW
PathIsRelativeW
PathFindExtensionW
ord12
PathFileExistsW
PathRemoveFileSpecW
PathStripPathW
PathAddBackslashW

winmm

mmioOpenW
joyGetNumDevs
timeGetTime
mciSendStringW
mmioRead
mmioClose
mmioAscend
mmioDescend
mmioStringToFOURCCW
PlaySoundW
joyGetPosEx

powrprof

ReadGlobalPwrPolicy
SetSuspendState

oleacc

AccessibleChildren
AccessibleObjectFromWindow

sas

SendSAS

xmllite

CreateXmlReader

gdiplus

GdipSetCompositingQuality
GdipGetImageHeight
GdipDisposeImage
GdipSetSmoothingMode
GdipDrawImageRectI
GdipAlloc
GdipCloneImage
GdipSetInterpolationMode
GdipFree
GdipCreateFromHDC
GdipDeleteGraphics
GdipGetImageWidth
GdiplusShutdown
GdiplusStartup
GdipLoadImageFromFile

wtsapi32

WTSQuerySessionInformationW
WTSRegisterSessionNotification
WTSFreeMemory
WTSUnRegisterSessionNotification

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

setupapi

SetupDiEnumDeviceInfo
SetupDiGetDevicePropertyW
SetupDiGetClassDevsExW
SetupDiOpenDevRegKey
SetupDiDestroyDeviceInfoList
SetupDiChangeState
SetupDiSetClassInstallParamsW
SetupDiGetDeviceInstanceIdW
SetupDiGetClassDevsW

imm32

ImmGetDefaultIMEWnd

wininet

HttpQueryInfoW
InternetOpenW
InternetCloseHandle
InternetReadFile
InternetOpenUrlW

ws2_32

htons
WSACleanup
htonl
recvfrom
ntohs
socket
WSAEventSelect
closesocket
ioctlsocket
bind
ntohl
WSAStartup
setsockopt

kernel32

RtlUnwind
InitOnceBeginInitialize
EncodePointer
TryAcquireSRWLockExclusive
GetModuleHandleExW
CloseThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolWork
FreeLibraryWhenCallbackReturns
WriteConsoleW
SetEndOfFile
ReadConsoleW
GetExitCodeThread
WaitForSingleObjectEx
LeaveCriticalSection
EnterCriticalSection
OutputDebugStringW
InitializeSListHead
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
InitOnceComplete
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
LoadLibraryExA
VirtualQuery
GetSystemInfo
RaiseException
FlushFileBuffers
GetConsoleMode
GetConsoleOutputCP
HeapReAlloc
HeapSize
GetStringTypeW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCPInfo
GetOEMCP
TlsGetValue
CreateFileW
QueryPerformanceFrequency
QueryPerformanceCounter
GetCurrentProcess
InitializeCriticalSectionEx
GetLastError
CloseHandle
DecodePointer
LocalFree
DeleteCriticalSection
VerSetConditionMask
VerifyVersionInfoW
IsWow64Process
GetTickCount64
GetCommandLineW
OpenProcess
Sleep
VirtualProtect
GetThreadUILanguage
GetModuleHandleW
CreateDirectoryW
WritePrivateProfileStringW
HeapFree
OpenFileMappingW
UnmapViewOfFile
GetPrivateProfileStringW
HeapAlloc
GetProcessHeap
CreateFileMappingW
MapViewOfFile
SetThreadPriority
WaitForSingleObject
CreateEventW
SetEvent
GetCurrentThread
ResetEvent
QueryFullProcessImageNameW
TerminateThread
GetProcAddress
FreeLibrary
SetDllDirectoryW
LoadLibraryExW
ExpandEnvironmentStringsW
GetPrivateProfileIntW
GetPrivateProfileSectionNamesW
CompareFileTime
FindFirstFileW
FindNextFileW
FindClose
GetFileTime
GetLongPathNameW
WaitForMultipleObjects
CompareStringW
DeleteFileW
CopyFileW
GetSystemPowerStatus
GetCurrentProcessId
GetWindowsDirectoryW
Wow64DisableWow64FsRedirection
GetModuleFileNameW
Wow64RevertWow64FsRedirection
GetCurrentDirectoryW
GetLocaleInfoEx
CreateMutexW
GetCurrentThreadId
FormatMessageW
GetUserDefaultLCID
OpenMutexW
RegisterApplicationRestart
SetLastError
SetThreadUILanguage
GetUserDefaultUILanguage
GetVersionExW
LoadLibraryW
WriteFile
RemoveDirectoryW
SetFileTime
GetTempPathW
SetFileInformationByHandle
GetTempFileNameW
SetWaitableTimer
CreateWaitableTimerW
TerminateProcess
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
GetACP
TlsSetValue
TlsFree
CreateThread
ExitThread
FreeLibraryAndExitThread
GetTimeZoneInformation
GetDriveTypeW
GetFileInformationByHandle
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
ExitProcess
GetStdHandle
LCMapStringW
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesW
GetFileSizeEx
SetFilePointerEx
WideCharToMultiByte
MultiByteToWideChar
TlsAlloc
ReadFile
GetFullPathNameW
SetStdHandle
FindFirstFileExW
IsValidCodePage

user32

LockWorkStation
GetKeyboardLayout
FlashWindowEx
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
MessageBoxExW
IsChild
mouse_event
SetPhysicalCursorPos
keybd_event
GetTitleBarInfo
ModifyMenuW
GetGUIThreadInfo
ToUnicodeEx
MapVirtualKeyExW
GetKeyboardState
GetKeyState
PeekMessageW
MsgWaitForMultipleObjects
LoadImageW
DrawFrameControl
RegisterWindowMessageW
SetRect
IsZoomed
CheckMenuItem
RegisterRawInputDevices
SetLayeredWindowAttributes
SetMenuInfo
GetRawInputData
GetLayeredWindowAttributes
GetMonitorInfoW
GetRawInputDeviceInfoW
GetWindowPlacement
MonitorFromPoint
FindWindowExW
PtInRect
BeginPaint
EndPaint
GetWindowThreadProcessId
GetSystemMenu
GetWindow
MonitorFromWindow
RealGetWindowClassW
CloseDesktop
GetCursorInfo
GetForegroundWindow
EnableMenuItem
GetWindowTextW
PostMessageW
SetWindowPos
GetSystemMetrics
GetKeyNameTextW
GetCapture
WindowFromPhysicalPoint
GetSysColor
SetFocus
LoadCursorW
SetCapture
SetCursor
SetWindowLongW
GetClientRect
SystemParametersInfoW
DialogBoxParamW
ReleaseCapture
FindWindowW
GetWindowLongW
GetPhysicalCursorPos
GetMenuItemInfoW
LoadMenuW
GetMenuItemID
InsertMenuItemW
DestroyWindow
GetMenuItemCount
DeleteMenu
SetWindowTextW
TrackPopupMenu
GetSubMenu
DestroyIcon
SetMenuItemInfoW
MapWindowPoints
TrackMouseEvent
SetMenuDefaultItem
IsWindowEnabled
DestroyMenu
GetDlgItem
GetParent
UpdateWindow
SetForegroundWindow
InvalidateRect
GetAncestor
EnableWindow
GetMessageW
DefWindowProcW
CreateWindowExW
SendMessageW
RegisterClassExW
LoadStringW
DispatchMessageW
SetTimer
TranslateMessage
KillTimer
PostQuitMessage
GetWindowRect
GetDesktopWindow
IsIconic
SendInput
InflateRect
SetClassLongW
GetClassLongW
CallWindowProcW
DrawStateW
SetScrollInfo
ShowScrollBar
MapVirtualKeyW
HideCaret
GetIconInfo
GetScrollInfo
SetDlgItemTextW
ScrollWindowEx
GetScrollBarInfo
ShowCaret
ExitWindowsEx
GetIconInfoExW
SetSystemCursor
UnregisterHotKey
RegisterHotKey
CheckRadioButton
CheckDlgButton
CheckMenuRadioItem
GetDlgItemTextW
PrivateExtractIconsW
CreateIconIndirect
DrawIconEx
GetDC
EndDialog
SendDlgItemMessageW
LoadIconW
ReleaseDC
CreateDialogParamW
GetTopWindow
ShowWindowAsync
GetSysColorBrush
GetFocus
IsWindowVisible
EnumChildWindows
FillRect
DrawIcon
ShowWindow
GetAsyncKeyState
GetDlgCtrlID
InternalGetWindowText
LoadBitmapW
MessageBeep
DrawTextW
OpenInputDesktop

gdi32

EnumFontFamiliesExW
RoundRect
SetStretchBltMode
AngleArc
GetTextMetricsW
GetDeviceCaps
PlgBlt
GetTextFaceW
StretchBlt
SetBrushOrgEx
RectVisible
GetDCOrgEx
ExtCreatePen
ExtTextOutW
GetGlyphIndicesW
ExcludeClipRect
Rectangle
GetDIBits
SetDIBits
Ellipse
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
GetStockObject
GetClipBox
CreateRectRgnIndirect
DeleteDC
GetTextExtentPoint32W
SetTextColor
SetBkMode
SelectClipRgn
GetObjectW
SetBkColor
RestoreDC
CreateSolidBrush
SelectObject
CreateFontW
LineTo
CreatePen
MoveToEx
SaveDC
DeleteObject
TranslateCharsetInfo

comdlg32

ChooseColorW
GetOpenFileNameW
CommDlgExtendedError

advapi32

LookupPrivilegeValueW
RegCloseKey
GetTokenInformation
RegEnumKeyExW
RegCreateKeyExW
AdjustTokenPrivileges
RegDeleteKeyValueW
RegNotifyChangeKeyValue
RegSetKeyValueW
QueryServiceStatus
CloseServiceHandle
OpenSCManagerW
StartServiceW
OpenServiceW
RegSetValueExW
RegOpenKeyExW
RegGetValueW
AllocateAndInitializeSid
SetEntriesInAclW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
OpenProcessToken
FreeSid
CheckTokenMembership
RegQueryValueExW

shell32

ShellExecuteW
SHGetFolderPathW
ExtractAssociatedIconW
SHGetPropertyStoreForWindow
SHCreateItemFromParsingName
SetCurrentProcessExplicitAppUserModelID
SHGetFileInfoW
SHFileOperationW
SHParseDisplayName
SHAppBarMessage
Shell_NotifyIconW
SHQueryUserNotificationState
CommandLineToArgvW

ole32

CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CoUninitialize
CoInitializeEx
CoSetProxyBlanket
PropVariantClear

oleaut32

VariantClear
SysAllocString
SysFreeString
VariantInit
SafeArrayDestroy
SafeArrayCopyData
SafeArrayCopy
SafeArrayGetElement

Sections

.text
Size: 625KB - Virtual size: 625KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 97KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5924b05d9c7cb8125c4acd34ada3cec3

Code Sign

3e:04:e3:8a:28:96:56:48:b8:f0:28:12:dd:f0:16:0fCertificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

3e:04:e3:8a:28:96:56:48:b8:f0:28:12:dd:f0:16:0fCertificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

31:79:bc:a6:4f:4b:2c:a5:95:68:ce:8c:29:6d:a5:86:01:a2:52:b4:6e:69:99:fd:85:aa:57:44:98:3c:99:e3Signer

d1:6f:2a:28:3e:0b:e1:9c:7c:ed:ad:49:d8:75:a0:95:79:e3:24:e8Signer

Headers

DLL Characteristics

File Characteristics

Imports

quicklink2

comctl32

uxtheme

dwmapi

shlwapi

winmm

powrprof

oleacc

sas

xmllite

gdiplus

wtsapi32

version

setupapi

imm32

wininet

ws2_32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 625KB - Virtual size: 625KB

.rdata Size: 97KB - Virtual size: 97KB

.data Size: 8KB - Virtual size: 75KB

.rsrc Size: 1.2MB - Virtual size: 1.2MB

.reloc Size: 42KB - Virtual size: 42KB

3e:04:e3:8a:28:96:56:48:b8:f0:28:12:dd:f0:16:0f
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

3e:04:e3:8a:28:96:56:48:b8:f0:28:12:dd:f0:16:0f
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

31:79:bc:a6:4f:4b:2c:a5:95:68:ce:8c:29:6d:a5:86:01:a2:52:b4:6e:69:99:fd:85:aa:57:44:98:3c:99:e3
Signer

d1:6f:2a:28:3e:0b:e1:9c:7c:ed:ad:49:d8:75:a0:95:79:e3:24:e8
Signer

.text
Size: 625KB - Virtual size: 625KB

.rdata
Size: 97KB - Virtual size: 97KB

.data
Size: 8KB - Virtual size: 75KB

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

.reloc
Size: 42KB - Virtual size: 42KB