116550eae04a40281af0412f47e0a20c

Sharing

Copy URL Twitter E-mail

General

Target

116550eae04a40281af0412f47e0a20c
Size

5.8MB
MD5

116550eae04a40281af0412f47e0a20c
SHA1

55471b8dfaf76dc2be7d00069621e461e83b85e3
SHA256

e3932756ce8dcd9ac445d2aef6c64ab21c88205a835ed1f4fac2fa4c70af4519
SHA512

78d36f6dd6696c5f0764f73c2982ee19751938aceb931ca76a4ea62fd092b29a9c49faec088f48babe6b5491e9f16e1e64c0633809cc63b6c39b24f00458cc45
SSDEEP

98304:tJNOxYGidjt8DMBbylpMFjIkBosSkInvZ:tJNOxYGidB8DM8MFjIk62InvZ

Score

1^/10

Malware Config

Signatures

Files

116550eae04a40281af0412f47e0a20c
.exe windows:6 windows x86 arch:x86

e7770f6241b83da9b291b396c6303bf9

Code Sign

7d:c6:d6:02:ca:d0:c2:b3:ae:3c:38:77:de:24:7e:9d
Certificate

Issuer

CN=COMODO RSA Extended Validation Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

29/01/2020, 00:00

Not After

28/01/2023, 23:59

Subject

SERIALNUMBER=05761381,CN=RH Software Ltd,O=RH Software Ltd,POSTALCODE=GU12 5HP,STREET=34 Oaklea\, Ash Vale,L=Aldershot,ST=Hampshire,C=GB,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024742

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6d:d4:72:eb:02:ae:04:06:e3:dd:84:3f:5f:e1:45:e1
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/12/2014, 00:00

Not After

02/12/2029, 23:59

Subject

CN=COMODO RSA Extended Validation Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:18:54:86:00:00:00:00:00:24
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11/04/2011, 22:06

Not After

11/04/2021, 22:16

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

90:f3:f2:31:61:33:94:c2:d8:dc:51:23:f2:fb:b9:43:dc:7b:b8:ad:82:3e:48:cb:1c:c6:22:93:a4:b2:6d:9e
Signer

Actual PE Digest

90:f3:f2:31:61:33:94:c2:d8:dc:51:23:f2:fb:b9:43:dc:7b:b8:ad:82:3e:48:cb:1c:c6:22:93:a4:b2:6d:9e

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegDeleteKeyW
GetUserNameW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegOpenKeyExW
RegQueryValueExW
StartServiceW
ChangeServiceConfigW
QueryServiceConfigW
CreateServiceW
CloseServiceHandle
QueryServiceStatus
OpenServiceW
OpenSCManagerW
DeleteService
ControlService
RegEnumKeyExW
RegEnumValueW
EnumServicesStatusW
RegOpenKeyW
RegQueryInfoKeyW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl
FreeSid
AllocateAndInitializeSid
RegEnumKeyW
SetThreadToken
LookupAccountSidW
GetTokenInformation
LookupPrivilegeDisplayNameW
LookupPrivilegeNameW
RegConnectRegistryW
LookupAccountNameW

kernel32

GetProcAddress
Sleep
OpenProcess
SetErrorMode
DeviceIoControl
ReadFile
MoveFileW
SetEnvironmentVariableW
GlobalUnlock
GlobalLock
EscapeCommFunction
PurgeComm
SetFilePointer
CreateFileW
FlushFileBuffers
GetFileAttributesW
GetLastError
GetFullPathNameW
ResetEvent
CreateEventW
DuplicateHandle
GetCurrentThreadId
GetProcessHeap
GetCurrentProcessId
GetDriveTypeW
GetWindowsDirectoryW
GetVersion
GetACP
GetSystemInfo
LoadLibraryW
GetCommandLineW
SetPriorityClass
GetPriorityClass
GetCurrentProcess
WriteFile
GetThreadPriority
GetFileSize
LocalFree
GetDateFormatW
GetLocaleInfoW
GetUserDefaultLCID
FileTimeToSystemTime
SystemTimeToFileTime
SetLastError
DefineDosDeviceW
QueryDosDeviceW
SetFileAttributesW
GetModuleHandleW
GetFileType
FindClose
FindNextFileW
FindFirstFileW
GetTickCount
GetTimeZoneInformation
HeapAlloc
HeapFree
GetProfileStringW
UnmapViewOfFile
MapViewOfFile
OpenFileMappingW
GetOverlappedResult
SetCommTimeouts
SetCommConfig
GetCommConfig
OpenMutexW
GetComputerNameW
MulDiv
VirtualProtect
GetEnvironmentVariableW
GetLogicalDriveStringsW
GetDiskFreeSpaceW
GetVolumeInformationW
GetLogicalDrives
CompareFileTime
GetFileTime
LeaveCriticalSection
EnterCriticalSection
EnumSystemLocalesW
OpenEventW
RaiseException
CreateFileMappingW
VerLanguageNameW
GetPrivateProfileSectionW
GetPrivateProfileSectionNamesW
ReleaseMutex
ReleaseSemaphore
CreateMutexW
CreateSemaphoreW
FileTimeToLocalFileTime
OpenSemaphoreW
LockResource
LoadResource
SizeofResource
FindResourceW
LoadLibraryExW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetFullPathNameA
DeleteCriticalSection
InitializeCriticalSection
EnumSystemCodePagesW
GlobalMemoryStatus
GlobalFree
SetFileTime
GetVersionExW
GlobalSize
GlobalAlloc
GetPrivateProfileStringW
GetUserDefaultLangID
GetStartupInfoW
GetPrivateProfileIntW
MultiByteToWideChar
WideCharToMultiByte
FormatMessageW
GetComputerNameA
GetStdHandle
OutputDebugStringW
GetSystemPowerStatus
GetExitCodeProcess
CreateProcessW
SetHandleInformation
CreatePipe
EnumResourceNamesW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTime
FreeLibrary
EnumResourceTypesW
GetCommProperties
ClearCommError
SetupComm
GetCommModemStatus
CommConfigDialogW
GetModuleFileNameW
DeleteFileW
GetSystemDirectoryW
GetSystemTimeAsFileTime
QueryPerformanceFrequency
QueryPerformanceCounter
InterlockedIncrement
SetEvent
InterlockedDecrement
GetLocalTime
WaitForMultipleObjects
InterlockedExchange
SetThreadPriority
WaitForSingleObject
TerminateThread
ResumeThread
CreateThread
VirtualAlloc
VirtualFree
GetCurrentThread
SuspendThread
InterlockedCompareExchange
CloseHandle
CopyFileW
TerminateProcess
GetModuleHandleA
SetUnhandledExceptionFilter
RtlUnwind
GetStartupInfoA
UnhandledExceptionFilter

gdi32

GetTextMetricsW
GetDIBits
SetDIBits
SetBkMode
GetTextExtentPoint32W
BitBlt
CreateDIBSection
CreateSolidBrush
PatBlt
CreateCompatibleDC
CreateCompatibleBitmap
SetPixel
DeleteDC
GetStockObject
EnumFontFamiliesExW
GetDeviceCaps
CreateFontIndirectW
SelectObject
SetTextAlign
ExtTextOutW
DeleteObject
SetTextColor
SetBkColor

user32

CheckMenuItem
GetSystemMenu
InvalidateRect
GetWindowLongW
SetDlgItemTextW
GetCursorPos
TrackPopupMenuEx
ExitWindowsEx
MessageBoxW
CloseClipboard
GetDlgItem
OpenClipboard
GetDlgItemTextW
CheckDlgButton
GetClassNameW
GetAsyncKeyState
GetWindow
IsWindowEnabled
EnumChildWindows
GetSysColorBrush
GetSysColor
DestroyWindow
EnableMenuItem
DestroyMenu
AppendMenuW
CreatePopupMenu
GetDlgCtrlID
GetPropW
ClientToScreen
GetWindowThreadProcessId
EnumWindows
EnumDisplaySettingsW
GetMenuItemInfoW
SetMenuItemBitmaps
RegisterHotKey
UnregisterHotKey
GetKeyNameTextW
MapVirtualKeyW
DeleteMenu
CreateWindowExW
EndPaint
BeginPaint
GetSystemMetrics
GetWindowPlacement
SetWindowPos
GetDC
LoadStringW
UnregisterClassW
FindWindowW
RegisterClassW
LoadCursorW
LoadImageW
LoadIconW
MapDialogRect
DrawFocusRect
DrawStateW
DrawFrameControl
DrawTextW
LockWindowUpdate
GetClipboardFormatNameW
EnumClipboardFormats
CountClipboardFormats
GetClientRect
RegisterClipboardFormatW
SetClipboardData
EmptyClipboard
GetDesktopWindow
CreateMenu
RemovePropW
EnumPropsW
RegisterWindowMessageW
SetScrollInfo
GetScrollInfo
EndDialog
SetPropW
DialogBoxIndirectParamW
SetFocus
SetClassLongW
GetSubMenu
GetMenuStringW
wsprintfW
GetForegroundWindow
SetTimer
PostMessageW
IsDlgButtonChecked
KillTimer
SetWindowTextW
GetWindowTextW
GetWindowRect
DefWindowProcW
AdjustWindowRect
UpdateWindow
SetCursor
SendMessageW
IsWindowVisible
SetWindowLongW
EnableWindow
ShowWindow
ReleaseDC
SetForegroundWindow
GetClipboardData

msvcrt

ldiv
_get_osfhandle
ftell
fseek
fclose
strncpy
fgets
fgetc
fopen
atol
feof
isupper
wcsncat
__getmainargs
_cexit
_exit
_XcptFilter
_ismbblead
gmtime
_acmdln
_initterm
_amsg_exit
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_wtoi64
?terminate@@YAXXZ
_controlfp
isdigit
floor
memmove
strpbrk
exit
strstr
ceil
tolower
qsort
memcpy
_wcsnicmp
swscanf
toupper
swprintf
memset
wcsstr
wcschr
wcspbrk
wcsncmp
_wgetcwd
_wcsicmp
_wchdir
_wtol
wcsspn
strchr
iswctype
_wgetdcwd
strspn
islower
frexp
_CIpow
wcsncpy
wcstol
_snwprintf
strncmp
sscanf
_wmkdir
_errno
_wchmod
_wsystem
isalpha
wcscspn
_CIsin
_CIcos
_CIatan
_CIlog
_CIexp
_CIlog10
sprintf
_CIsqrt
wcsrchr

comdlg32

ChooseFontW
CommDlgExtendedError
GetOpenFileNameW
GetSaveFileNameW
ChooseColorW

mpr

WNetGetLastErrorW
WNetGetUserW
WNetCloseEnum
WNetEnumResourceW
WNetOpenEnumW
WNetAddConnection3W

ole32

CoInitialize
CoCreateInstance
CoUninitialize
OleUninitialize
OleInitialize

oleaut32

VariantInit

shell32

ShellExecuteExW
Shell_NotifyIconW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

winmm

joyGetDevCapsW
mixerGetNumDevs
mixerGetDevCapsW
mixerOpen
mixerGetLineInfoW
mixerClose
auxGetNumDevs
auxGetDevCapsW
joyGetNumDevs
waveInGetDevCapsW
waveOutGetNumDevs
waveOutGetDevCapsW
midiInGetNumDevs
midiInGetDevCapsW
midiOutGetNumDevs
midiOutGetDevCapsW
PlaySoundW
timeGetTime
waveInGetNumDevs

winspool.drv

EnumMonitorsW
EnumPortsW

Sections

.text
Size: 5.5MB - Virtual size: 5.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 447KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 281KB - Virtual size: 280KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e7770f6241b83da9b291b396c6303bf9

Code Sign

7d:c6:d6:02:ca:d0:c2:b3:ae:3c:38:77:de:24:7e:9dCertificate

Extended Key Usages

Key Usages

6d:d4:72:eb:02:ae:04:06:e3:dd:84:3f:5f:e1:45:e1Certificate

Extended Key Usages

Key Usages

61:18:54:86:00:00:00:00:00:24Certificate

Key Usages

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6bCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

90:f3:f2:31:61:33:94:c2:d8:dc:51:23:f2:fb:b9:43:dc:7b:b8:ad:82:3e:48:cb:1c:c6:22:93:a4:b2:6d:9eSigner

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

gdi32

user32

msvcrt

comdlg32

mpr

ole32

oleaut32

shell32

version

winmm

winspool.drv

Sections

.text Size: 5.5MB - Virtual size: 5.5MB

.data Size: 17KB - Virtual size: 447KB

.rsrc Size: 49KB - Virtual size: 49KB

.reloc Size: 281KB - Virtual size: 280KB

7d:c6:d6:02:ca:d0:c2:b3:ae:3c:38:77:de:24:7e:9d
Certificate

6d:d4:72:eb:02:ae:04:06:e3:dd:84:3f:5f:e1:45:e1
Certificate

61:18:54:86:00:00:00:00:00:24
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

90:f3:f2:31:61:33:94:c2:d8:dc:51:23:f2:fb:b9:43:dc:7b:b8:ad:82:3e:48:cb:1c:c6:22:93:a4:b2:6d:9e
Signer

.text
Size: 5.5MB - Virtual size: 5.5MB

.data
Size: 17KB - Virtual size: 447KB

.rsrc
Size: 49KB - Virtual size: 49KB

.reloc
Size: 281KB - Virtual size: 280KB