SecuriteInfo[.]com[.]Heur[.]16736[.]17236

Sharing

Copy URL

Twitter E-mail

General

Target

SecuriteInfo.com.Heur.16736.17236
Size

634KB
MD5

6155dc020d4768ad174ddbf1e6ce6c05
SHA1

36f2ee50d53dd1425cd0cb27acd9425ddc998cb8
SHA256

599db1d69e887cac94bab182ea44b7b799d80aa5f5ec918fe01969ff75377b76
SHA512

969e796f1abfd01048e91e1aecf343cbd83ad9187d2501a297096eee6aa172579464852258c600d469eac42cf89d3c06dae35d644985cde618f39b57db2d56db
SSDEEP

12288:Z+0I/RzLxI6mmci9wq+ZNgdC+iSoq1j5qAAhQCJX0+rgo9CXzf:Q0I/RzLxSmci9wq+ZNgZiO1jQAoJX0+U

Score

1^/10

Malware Config

Signatures

Files

SecuriteInfo.com.Heur.16736.17236
.exe windows:4 windows x64 arch:x64

fd0b52649b4fd60da22a41db93ab1cd6

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:28:cf:12:7e:b4:52:6b:3f:c8:df:87
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

27/07/2023, 09:33

Not After

27/07/2024, 09:33

Subject

SERIALNUMBER=15.06.2017,CN=Nenad Hrg,O=Nenad Hrg,STREET=Edelweissstrasse 104,L=Taufkirchen,ST=Bayern,C=DE,1.2.840.113549.1.9.1=#0c16737570706f727440736f6674776172656f6b2e636f6d,1.3.6.1.4.1.311.60.2.1.1=#130b546175666b69726368656e,1.3.6.1.4.1.311.60.2.1.2=#130642617965726e,1.3.6.1.4.1.311.60.2.1.3=#13024445,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6a
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:45

Not After

08/05/2033, 07:45

Subject

CN=Globalsign TSA for CodeSign1 - R6,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2f:89:1b:26:4b:6c:22:1f:fa:c2:ed:b0:53:ca:34:fd:b9:41:7f:6f:d7:83:8e:ab:a8:d1:94:0d:d4:ff:73:0b
Signer

Actual PE Digest

2f:89:1b:26:4b:6c:22:1f:fa:c2:ed:b0:53:ca:34:fd:b9:41:7f:6f:d7:83:8e:ab:a8:d1:94:0d:d4:ff:73:0b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetDriveTypeA
IsBadCodePtr
RtlPcToFileHeader
SetStdHandle
GetLocaleInfoA
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
GetCPInfo
GetOEMCP
GetACP
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetCurrentDirectoryW
VirtualQuery
VirtualProtect
GetTimeFormatA
GetDateFormatA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
SetFilePointer
HeapSize
HeapSetInformation
TlsGetValue
TlsSetValue
TlsFree
TlsAlloc
GetStartupInfoW
GetProcessHeap
RtlUnwindEx
HeapReAlloc
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
InterlockedPushEntrySList
SetEndOfFile
CompareStringA
SetEnvironmentVariableA
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetExitCodeThread
HeapCreate
HeapAlloc
HeapFree
GetLocaleInfoW
GetNumberFormatW
GetFullPathNameW
GetSystemInfo
GetProfileStringW
lstrcpynA
FlushFileBuffers
FindFirstFileW
FindClose
FindNextFileW
GetWindowsDirectoryW
CreateProcessW
GetVersionExA
RemoveDirectoryW
SetFileAttributesW
LoadLibraryA
GetTickCount
MulDiv
GetUserDefaultLCID
EnumDateFormatsW
EnumTimeFormatsW
GetDateFormatW
GetTimeFormatW
CreateDirectoryW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetFileAttributesW
GlobalHandle
FreeResource
DeleteFileW
GetTimeZoneInformation
GetFileSize
ReadFile
WriteFile
CopyFileW
WideCharToMultiByte
FormatMessageW
LocalFree
GetLogicalDriveStringsW
GetDriveTypeW
SizeofResource
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
CreateFileW
OutputDebugStringW
GetLocalTime
CreateMutexW
GetUserDefaultLangID
lstrcmpW
HeapDestroy
InitializeCriticalSection
DeleteCriticalSection
GetLastError
TerminateThread
CloseHandle
QueryPerformanceCounter
__C_specific_handler
GetModuleHandleA
lstrcmpiW
lstrcpyW
SetLastError
lstrcpynW
GetFileAttributesA
GetTempPathW
lstrcatW
GetModuleHandleW
CompareStringW
GetCurrentProcessId
FreeLibrary
FindResourceW
LoadResource
LockResource
GetVersionExW
OutputDebugStringA
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
RaiseException
FlushInstructionCache
GetModuleFileNameW
CreateThread
ExitProcess
LoadLibraryW
GetProcAddress
GetCurrentProcess
lstrlenA
lstrlenW
MultiByteToWideChar
Sleep
GetModuleFileNameA

user32

GetKeyState
keybd_event
GetMenuItemCount
CharUpperW
GetFocus
SetCursor
UpdateWindow
SetRectEmpty
OpenClipboard
GetClipboardData
CloseClipboard
SetClipboardData
GetIconInfo
TranslateMessage
EnumWindows
SendMessageTimeoutW
LoadIconW
CharLowerW
MessageBoxW
CreateWindowExW
UnhookWindowsHookEx
SendMessageW
PostMessageW
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
GetClassInfoExW
SetScrollInfo
SetScrollPos
GetScrollPos
TrackPopupMenu
SetWindowsHookExW
CallNextHookEx
FillRect
GetWindowDC
RegisterClassExW
GetMessageW
DispatchMessageW
PeekMessageW
GetCapture
EndPaint
BeginPaint
LoadStringA
SetDlgItemTextW
EnumChildWindows
FindWindowExW
IsChild
SetParent
InvalidateRgn
RedrawWindow
GetDesktopWindow
CreateAcceleratorTableW
CreateDialogIndirectParamW
EnableWindow
ClientToScreen
GetMessagePos
DeleteMenu
EmptyClipboard
GetWindowPlacement
SetRect
GetWindowLongW
SetWindowPos
GetWindowRect
GetClientRect
ScreenToClient
ShowWindow
IsWindowVisible
SetTimer
KillTimer
SetFocus
GetParent
GetDlgItem
IsDialogMessageW
IsWindow
MapWindowPoints
IsZoomed
SetMenuItemInfoW
SetMenuDefaultItem
ScrollWindowEx
GetScrollInfo
SetForegroundWindow
GetKeyboardState
DestroyIcon
RegisterWindowMessageW
InflateRect
PtInRect
CopyRect
GetDlgCtrlID
SetCapture
InvalidateRect
MoveWindow
DrawEdge
DrawFocusRect
FrameRect
ReleaseCapture
GetWindowLongPtrW
CallWindowProcW
DefWindowProcW
EndDialog
SystemParametersInfoW
GetWindow
SetWindowLongW
LoadStringW
CharNextW
PostQuitMessage
CheckMenuItem
GetDC
CreatePopupMenu
DestroyWindow
DrawTextW
DestroyMenu
SetWindowLongPtrW
LoadImageW
GetSystemMetrics
InsertMenuW
AppendMenuW
GetMenuItemInfoW
GetActiveWindow
ReleaseDC
CreateDialogParamW
EnableMenuItem
GetSystemMenu
DialogBoxIndirectParamW
TrackPopupMenuEx
GetSysColorBrush
GetSysColor
GetCursorPos
GetSubMenu
DialogBoxParamW
OffsetRect
wsprintfW
LoadCursorW
GetClassNameW
SetClassLongW

gdi32

DPtoLP
LPtoDP
EnumFontFamiliesExW
PatBlt
CreatePatternBrush
CreateBitmap
CreateFontW
AddFontResourceW
GetCurrentObject
SetWindowOrgEx
ExcludeClipRect
RemoveFontResourceW
RemoveFontResourceExW
AddFontResourceExW
SaveDC
RestoreDC
SetMapMode
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
LineTo
SetViewportExtEx
SetWindowExtEx
DeleteEnhMetaFile
GetEnhMetaFileHeader
ResetDCW
SelectClipRgn
StartPage
EndPage
EndDoc
AbortDoc
StartDocW
SetPixel
SetStretchBltMode
SetDIBitsToDevice
MoveToEx
OffsetViewportOrgEx
CreateCompatibleBitmap
BitBlt
CreateCompatibleDC
CreateDIBSection
CreateEnhMetaFileW
CloseEnhMetaFile
GetDIBits
OffsetWindowOrgEx
CreateDCW
SetViewportOrgEx
GetClipBox
GetBkColor
CreatePen
GetStockObject
CreateSolidBrush
DeleteObject
GetObjectW
SelectObject
DeleteDC
SetTextColor
SetBkColor
CreateFontIndirectW
SetBkMode
Rectangle
ExtTextOutW
GetDeviceCaps
GetTextExtentPoint32W

winspool.drv

OpenPrinterW
GetPrinterW
ClosePrinter

comdlg32

GetSaveFileNameW
GetOpenFileNameW
ChooseColorW
PageSetupDlgW
PrintDlgW

advapi32

RegOpenKeyExW
RegQueryValueExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegSetValueExW
RegDeleteValueW
RegCreateKeyExW
CryptDestroyHash
CryptReleaseContext
CryptCreateHash
CryptAcquireContextW
CryptHashData
CryptGetHashParam
RegDeleteKeyW
RegOpenKeyW
RegCloseKey
RegEnumValueW

shell32

ord190
Shell_NotifyIconW
ord18
ord17
ord16
SHOpenFolderAndSelectItems
ord155
DragQueryFileW
SHGetDesktopFolder
SHGetSpecialFolderPathW
SHGetSpecialFolderLocation
SHGetFileInfoW
ShellExecuteExW
ShellExecuteW
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetMalloc
SHFileOperationW

ole32

CoInitializeEx
CoSetProxyBlanket
CoInitialize
CLSIDFromProgID
CoCreateInstance
OleInitialize
CoTaskMemFree
StringFromCLSID
CLSIDFromString
CoTaskMemAlloc
OleLockRunning
OleUninitialize
CoInitializeSecurity
CreateStreamOnHGlobal

oleaut32

SysAllocString
SysAllocStringLen
VariantClear
VariantInit
SysFreeString
LoadRegTypeLi
SysStringLen
DispCallFunc
SafeArrayDestroy
SafeArrayCreateVector
SafeArrayAccessData
SafeArrayUnaccessData

comctl32

ImageList_ReplaceIcon
ImageList_GetIcon
ImageList_LoadImageW
ImageList_Create
InitCommonControlsEx
ImageList_GetImageCount
ImageList_DrawEx
ImageList_SetImageCount
CreateStatusWindowW
ImageList_Draw
ImageList_GetBkColor
ImageList_Replace

gdiplus

GdipNewPrivateFontCollection
GdipCloneImage
GdipDrawImageRectI
GdipDeletePrivateFontCollection
GdipSetCompositingQuality
GdipGetImageGraphicsContext
GdiplusStartup
GdipCreateHICONFromBitmap
GdipCreateBitmapFromScan0
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipDeleteGraphics
GdipFree
GdipPrivateAddFontFile
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipCloneFontFamily
GdipGetFontCollectionFamilyList
GdipGetFamilyName
GdipSetInterpolationMode
GdipAlloc

winmm

timeGetTime

Sections

.text
Size: 381KB - Virtual size: 381KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 81KB - Virtual size: 442KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fd0b52649b4fd60da22a41db93ab1cd6

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

07:28:cf:12:7e:b4:52:6b:3f:c8:df:87Certificate

Extended Key Usages

Key Usages

01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6aCertificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51Certificate

Key Usages

2f:89:1b:26:4b:6c:22:1f:fa:c2:ed:b0:53:ca:34:fd:b9:41:7f:6f:d7:83:8e:ab:a8:d1:94:0d:d4:ff:73:0bSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

comdlg32

advapi32

shell32

ole32

oleaut32

comctl32

gdiplus

winmm

Sections

.text Size: 381KB - Virtual size: 381KB

.rdata Size: 62KB - Virtual size: 61KB

.data Size: 81KB - Virtual size: 442KB

.pdata Size: 16KB - Virtual size: 16KB

.rsrc Size: 82KB - Virtual size: 82KB

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

07:28:cf:12:7e:b4:52:6b:3f:c8:df:87
Certificate

01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6a
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

2f:89:1b:26:4b:6c:22:1f:fa:c2:ed:b0:53:ca:34:fd:b9:41:7f:6f:d7:83:8e:ab:a8:d1:94:0d:d4:ff:73:0b
Signer

.text
Size: 381KB - Virtual size: 381KB

.rdata
Size: 62KB - Virtual size: 61KB

.data
Size: 81KB - Virtual size: 442KB

.pdata
Size: 16KB - Virtual size: 16KB

.rsrc
Size: 82KB - Virtual size: 82KB