SecuriteInfo[.]com[.]Heur[.]1201[.]4476

Sharing

Copy URL Twitter E-mail

General

Target

SecuriteInfo.com.Heur.1201.4476
Size

1.3MB
MD5

3e5c90947019a1708e4ca616c4bb8535
SHA1

f23e82b51aabc72e7a6962d5a1fbe3b37e11b851
SHA256

c98df69f561a03ef23e6154a4a99566f79a3e908a188d6b52724ef0c344e1439
SHA512

469d50607784726b78feba3a4c826bb43d8d5020d92525e0197fa34e9ae088c8dd0a6bc7e8fa83949efb99b6da1ae74cbc85053b290245641436c2b176561e5e
SSDEEP

24576:cGyYkOY8lskdCeu/QpDbTHHKsafd9O93X0HF7uUYoadN6I4LOm5Eg:NyYkE3u/Qxbb0PDYZNBkEg

Score

1^/10

Malware Config

Signatures

Files

SecuriteInfo.com.Heur.1201.4476
.exe windows:4 windows x64 arch:x64

e003aa01968a737746f1261d9007dc76

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:28:cf:12:7e:b4:52:6b:3f:c8:df:87
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

27/07/2023, 09:33

Not After

27/07/2024, 09:33

Subject

SERIALNUMBER=15.06.2017,CN=Nenad Hrg,O=Nenad Hrg,STREET=Edelweissstrasse 104,L=Taufkirchen,ST=Bayern,C=DE,1.2.840.113549.1.9.1=#0c16737570706f727440736f6674776172656f6b2e636f6d,1.3.6.1.4.1.311.60.2.1.1=#130b546175666b69726368656e,1.3.6.1.4.1.311.60.2.1.2=#130642617965726e,1.3.6.1.4.1.311.60.2.1.3=#13024445,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6a
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:45

Not After

08/05/2033, 07:45

Subject

CN=Globalsign TSA for CodeSign1 - R6,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:ff:b9:9c:7f:37:de:43:25:6b:c0:38:04:9f:60:1e:b2:6d:1b:d3:48:74:c6:a4:2e:dd:1b:52:6f:93:36:b0
Signer

Actual PE Digest

1b:ff:b9:9c:7f:37:de:43:25:6b:c0:38:04:9f:60:1e:b2:6d:1b:d3:48:74:c6:a4:2e:dd:1b:52:6f:93:36:b0

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

SetEndOfFile
IsBadCodePtr
GetDriveTypeA
FlushFileBuffers
SetStdHandle
GetLocaleInfoA
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
GetCPInfo
GetOEMCP
GetACP
LoadLibraryA
CompareStringA
VirtualQuery
GetSystemInfo
VirtualProtect
HeapCreate
RtlCaptureContext
TlsGetValue
TlsSetValue
TlsFree
TlsAlloc
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
GetStdHandle
HeapSize
GetModuleHandleA
RtlUnwindEx
SetCurrentDirectoryW
GetCurrentDirectoryW
SetEnvironmentVariableW
HeapReAlloc
GetStartupInfoW
GetProcessHeap
HeapAlloc
GetVersionExA
HeapFree
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
InterlockedPushEntrySList
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetTempFileNameW
SetVolumeLabelW
CreateMutexW
HeapDestroy
GetTickCount
GetProfileStringW
GetLocaleInfoW
GetNumberFormatW
GetPrivateProfileIntW
GetPrivateProfileSectionW
WritePrivateProfileSectionW
WritePrivateProfileStringW
FileTimeToSystemTime
SystemTimeToFileTime
FileTimeToLocalFileTime
GetFullPathNameW
GetDiskFreeSpaceW
TerminateProcess
GetSystemDirectoryW
GetUserDefaultLangID
GetUserDefaultLCID
EnumDateFormatsW
EnumTimeFormatsW
GetTimeFormatW
GetDateFormatW
GetShortPathNameW
GetPrivateProfileStringW
SizeofResource
GetLocalTime
GetFileSize
SetFilePointer
CreatePipe
DuplicateHandle
CreateEventW
WaitForMultipleObjects
PeekNamedPipe
ReadFile
GetLastError
SetEvent
WaitForSingleObject
TerminateThread
CreateProcessW
GetCurrentProcessId
MulDiv
GetTimeZoneInformation
lstrcpynA
GetLogicalDrives
DeleteCriticalSection
InitializeCriticalSection
__C_specific_handler
GlobalHandle
FreeResource
CreateThread
ExitProcess
Sleep
RemoveDirectoryW
DeleteFileW
CopyFileW
GetLogicalDriveStringsW
GetDriveTypeW
GetFileAttributesW
SetFileAttributesW
CreateDirectoryW
GetTempPathW
GetModuleFileNameW
CreateFileW
WriteFile
CloseHandle
lstrcpyW
SetLastError
FindFirstFileW
GetVersionExW
CompareStringW
FindClose
FindNextFileW
FindResourceW
LoadResource
LockResource
FreeLibrary
GetCurrentProcess
FlushInstructionCache
WideCharToMultiByte
lstrcmpiW
lstrcmpW
lstrcatW
GetWindowsDirectoryW
GetModuleHandleW
GetCurrentThreadId
OutputDebugStringW
lstrlenA
MultiByteToWideChar
LeaveCriticalSection
EnterCriticalSection
RaiseException
GlobalLock
GlobalAlloc
GlobalUnlock
GlobalFree
lstrcpynW
GetProcAddress
lstrlenW
LoadLibraryW
HeapSetInformation
SetEnvironmentVariableA

user32

CharUpperW
SetMenuDefaultItem
IntersectRect
IsRectEmpty
SetScrollInfo
SetScrollPos
GetScrollPos
MoveWindow
GetSystemMenu
GetMenuDefaultItem
DrawIconEx
SetRect
LoadBitmapW
PeekMessageW
IsMenu
SetWindowsHookExW
GetSysColorBrush
UnhookWindowsHookEx
CallNextHookEx
WindowFromPoint
GetWindowThreadProcessId
MessageBeep
ModifyMenuW
TrackPopupMenuEx
SendMessageW
wsprintfW
SetWindowTextW
CallWindowProcW
GetWindowLongPtrW
SetWindowLongPtrW
EnumChildWindows
FindWindowExW
EndDialog
GetWindowLongW
SetWindowPos
DrawEdge
DrawFrameControl
SetMenuItemInfoW
InsertMenuW
CheckMenuItem
EnableMenuItem
GetWindowDC
IsDialogMessageW
TranslateAcceleratorW
TrackPopupMenu
GetMessagePos
CreatePopupMenu
AppendMenuW
CopyRect
GetKeyState
SetClassLongW
CreateDialogParamW
PostMessageW
FrameRect
InflateRect
SetParent
SetMenu
BringWindowToTop
SetForegroundWindow
DeleteMenu
TranslateMDISysAccel
LoadIconW
DefMDIChildProcW
LoadAcceleratorsW
LoadStringA
GetMenuStringW
RemoveMenu
DrawMenuBar
DefFrameProcW
GetClassLongW
CheckDlgButton
IsDlgButtonChecked
CreateDialogIndirectParamW
mouse_event
MenuItemFromPoint
SetWindowPlacement
DispatchMessageW
TranslateMessage
GetWindowPlacement
GetClientRect
ShowWindow
SetTimer
GetIconInfo
GetParent
GetDlgItem
MapWindowPoints
SystemParametersInfoW
GetWindowRect
GetWindow
SetWindowLongW
CharNextW
RegisterClipboardFormatW
GetFocus
PostQuitMessage
GetAsyncKeyState
MessageBoxW
LoadImageW
GetSystemMetrics
GetDlgCtrlID
LoadMenuW
GetMenuItemCount
DestroyMenu
CreateWindowExW
GetScrollInfo
DrawIcon
ScrollWindowEx
IsZoomed
SendMessageTimeoutW
GetMessageW
RemovePropW
IsWindowVisible
ClientToScreen
CreateAcceleratorTableW
GetDesktopWindow
IsChild
RedrawWindow
InvalidateRgn
DialogBoxIndirectParamW
RegisterWindowMessageW
GetClassInfoExW
LoadCursorW
RegisterClassExW
GetCapture
ReleaseCapture
EndPaint
BeginPaint
GetSysColor
GetCursorPos
SetCursor
DrawFocusRect
FillRect
PtInRect
SetFocus
ShowCaret
GetWindowTextW
GetWindowTextLengthW
ScreenToClient
SetDlgItemTextW
IsWindow
LoadStringW
CharLowerW
DrawTextW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
EnableWindow
ReleaseDC
GetDC
DialogBoxParamW
GetSubMenu
DefWindowProcW
OffsetRect
GetMenuItemInfoW
DestroyCursor
GetActiveWindow
SetRectEmpty
CreateCursor
GetClassNameW
DestroyWindow
UpdateWindow
InvalidateRect
IsWindowEnabled
SetCapture
EnumWindows
KillTimer

gdi32

SetPixelV
GetBkColor
DPtoLP
LPtoDP
GetBitmapDimensionEx
Rectangle
SetMapMode
OffsetViewportOrgEx
GetViewportExtEx
GetWindowExtEx
SelectClipRgn
SetViewportExtEx
SetWindowExtEx
CreateEnhMetaFileW
ResetDCW
StartPage
EndPage
DeleteEnhMetaFile
EndDoc
AbortDoc
StartDocW
SetStretchBltMode
StretchBlt
GetCurrentObject
GetPixel
SetDIBitsToDevice
CloseEnhMetaFile
SetPixel
CreateDCW
GetDIBits
GetClipBox
GetViewportOrgEx
SetViewportOrgEx
SetBrushOrgEx
CreateBitmap
CreatePatternBrush
PatBlt
GetTextExtentPoint32W
LineTo
MoveToEx
CreatePen
IntersectClipRect
OffsetWindowOrgEx
ExcludeClipRect
SetWindowOrgEx
ExtTextOutW
RestoreDC
SaveDC
CreateCompatibleBitmap
BitBlt
GetDeviceCaps
SetBkMode
CreateFontIndirectW
DeleteDC
CreateDIBSection
CreateCompatibleDC
SelectObject
DeleteObject
GetObjectW
SetBkColor
SetTextColor
GetEnhMetaFileHeader
GetStockObject
CreateSolidBrush

winspool.drv

GetPrinterW
OpenPrinterW
ClosePrinter

comdlg32

GetOpenFileNameW
PrintDlgW
GetSaveFileNameW
PageSetupDlgW

advapi32

RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegEnumKeyExW
GetUserNameW
RegOpenKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
CryptDestroyHash
CryptReleaseContext
CryptCreateHash
CryptAcquireContextW
CryptHashData
CryptGetHashParam
GetTokenInformation
RegDeleteKeyW

shell32

ord21
SHBrowseForFolderW
ord88
ExtractIconExW
SHGetSettings
ord25
DragQueryFileW
ord17
ord16
SHGetFileInfoW
DragAcceptFiles
SHFileOperationW
ord155
ord18
SHGetDesktopFolder
ord4
ord2
SHGetSpecialFolderPathW
ShellExecuteExW
ShellExecuteW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ord190
SHGetMalloc

ole32

RegisterDragDrop
OleLockRunning
CoTaskMemAlloc
CLSIDFromString
CLSIDFromProgID
StringFromCLSID
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CoCreateInstance
CoTaskMemFree
ReleaseStgMedium
CoInitialize
OleSetClipboard
RevokeDragDrop
CoSetProxyBlanket
CoUninitialize

oleaut32

VariantTimeToSystemTime
VariantChangeType
OleCreatePictureIndirect
DispCallFunc
SafeArrayDestroy
VariantInit
SafeArrayCreateVector
SafeArrayAccessData
SafeArrayUnaccessData
LoadRegTypeLi
SysStringLen
SysAllocString
VariantClear
SysAllocStringLen
SysFreeString

comctl32

ImageList_LoadImageW
_TrackMouseEvent
ImageList_ReplaceIcon
ImageList_Create
ImageList_GetIconSize
ImageList_GetIcon
InitCommonControlsEx
ImageList_SetBkColor
ImageList_Destroy
ImageList_GetImageCount
ImageList_Draw
ImageList_DrawEx
ord8
ImageList_AddMasked
ImageList_GetImageInfo
CreateStatusWindowW

msimg32

AlphaBlend

gdiplus

GdipSetImageAttributesGamma
GdipSetImageAttributesColorMatrix
GdipCreateHICONFromBitmap
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipCloneImage
GdipDrawImageRectI
GdipSetInterpolationMode
GdipSetCompositingQuality
GdipGetImageGraphicsContext
GdipDrawImageRectRectI
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromScan0
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipDeleteGraphics
GdipFree
GdipAlloc
GdiplusStartup

winmm

timeGetTime

shlwapi

StrCpyW

Sections

.text
Size: 733KB - Virtual size: 732KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Shared
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 25B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 487KB - Virtual size: 486KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e003aa01968a737746f1261d9007dc76

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

07:28:cf:12:7e:b4:52:6b:3f:c8:df:87Certificate

Extended Key Usages

Key Usages

01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6aCertificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51Certificate

Key Usages

1b:ff:b9:9c:7f:37:de:43:25:6b:c0:38:04:9f:60:1e:b2:6d:1b:d3:48:74:c6:a4:2e:dd:1b:52:6f:93:36:b0Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

comdlg32

advapi32

shell32

ole32

oleaut32

comctl32

msimg32

gdiplus

winmm

shlwapi

Sections

.text Size: 733KB - Virtual size: 732KB

.rdata Size: 91KB - Virtual size: 90KB

.data Size: 13KB - Virtual size: 98KB

.pdata Size: 28KB - Virtual size: 28KB

Shared Size: 2KB - Virtual size: 1KB

.tls Size: 512B - Virtual size: 25B

.rsrc Size: 487KB - Virtual size: 486KB

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

07:28:cf:12:7e:b4:52:6b:3f:c8:df:87
Certificate

01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6a
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

1b:ff:b9:9c:7f:37:de:43:25:6b:c0:38:04:9f:60:1e:b2:6d:1b:d3:48:74:c6:a4:2e:dd:1b:52:6f:93:36:b0
Signer

.text
Size: 733KB - Virtual size: 732KB

.rdata
Size: 91KB - Virtual size: 90KB

.data
Size: 13KB - Virtual size: 98KB

.pdata
Size: 28KB - Virtual size: 28KB

Shared
Size: 2KB - Virtual size: 1KB

.tls
Size: 512B - Virtual size: 25B

.rsrc
Size: 487KB - Virtual size: 486KB