88ac552b6ae079e79e8286a37244b7fc6eec482b92d4d1ed0475c7aa0c05b1b1

Sharing

Copy URL

Twitter E-mail

General

Target

88ac552b6ae079e79e8286a37244b7fc6eec482b92d4d1ed0475c7aa0c05b1b1
Size

632KB
MD5

caa465093c1d1042a2949e333ccbabae
SHA1

32267c76d31650575e452508262d61fccd316a77
SHA256

88ac552b6ae079e79e8286a37244b7fc6eec482b92d4d1ed0475c7aa0c05b1b1
SHA512

13eef57fb9c84daddda3570a07a22ac7485cd4cd6eed1f3b7945964af7e397be4f1bcdedaedf73b6f3386bbd4fff6ab486ddfbd9cc887b12273492807f2bd877
SSDEEP

12288:n2ojwpSrNlxw8NjvPyA0Y9b4U54hZx+QohBjvrEH70U0:n2gwpSrtwmjtF9bB4hPXo/rEH70p

Score

1^/10

Malware Config

Signatures

Files

88ac552b6ae079e79e8286a37244b7fc6eec482b92d4d1ed0475c7aa0c05b1b1
.dll windows:6 windows x86 arch:x86

53f225f8dc0cecbc0bb103079473d845

Code Sign

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

29-10-2015 11:30

Not After

09-06-2027 11:30

Subject

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:c3:e6:c6:7b:8c:e5:4f:c3:dc:14:a5:ef:a1:fa:04
Certificate

Issuer

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

07-02-2020 09:11

Not After

06-02-2023 09:11

Subject

CN=Stanislav Zinukhov,O=Stanislav Zinukhov,L=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftKernelCodeSigning

Key Usages

KeyUsageDigitalSignature

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23-10-2020 00:00

Not After

22-01-2032 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a3:98:b5:2e:f1:60:1d:67:70:fc:53:9f:81:5b:5e:36:a8:37:4b:29:a7:36:1c:d0:33:36:4a:ff:cd:f0:16:55
Signer

Actual PE Digest

a3:98:b5:2e:f1:60:1d:67:70:fc:53:9f:81:5b:5e:36:a8:37:4b:29:a7:36:1c:d0:33:36:4a:ff:cd:f0:16:55

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\DEVEL\StartIsBackPlusPlus\Release\StartIsBack32.pdb

Imports

shlwapi

PathParseIconLocationW
PathAddBackslashW
StrStrIW
UrlIsW
PathCreateFromUrlW
PathFindExtensionW
StrCmpNW
SHOpenRegStream2W
PathRemoveBlanksW
SHGetValueW
StrCmpW
SHCreateStreamOnFileW
PathFindFileNameW
PathFileExistsW
PathRemoveBackslashW
StrToIntW
ord16
PathRemoveFileSpecW
PathAppendW
SHRegGetValueW
StrNCatW
StrStrW
PathIsRelativeW
ord172
PathIsDirectoryW
PathIsUNCW
ord174
ord256
PathIsFileSpecW
PathStripToRootW
PathIsRootW
ord168
StrCmpIW
PathIsNetworkPathW
ord388
ord215
ord158
ord12
StrStrIA
StrCSpnA
SHSetValueW
StrCmpNIW
ord487
StrCpyNW
SHStrDupW

dwmapi

DwmEnableBlurBehindWindow
DwmGetWindowAttribute
DwmSetWindowAttribute
DwmExtendFrameIntoClientArea

uxtheme

SetWindowTheme
BeginBufferedPaint
EndBufferedPaint
OpenThemeData
GetThemeInt
DrawThemeTextEx
CloseThemeData
GetThemeColor
DrawThemeBackground
DrawThemeParentBackground
BufferedPaintSetAlpha
GetThemeBackgroundContentRect
ord47
GetThemePartSize
GetBufferedPaintTargetDC
GetThemeEnumValue
GetThemeFont
GetThemeBool
GetThemeRect
GetThemeTextExtent
GetThemeMargins
GetCurrentThemeName
IsThemeBackgroundPartiallyTransparent
GetThemeBackgroundRegion
GetThemePropertyOrigin
IsThemePartDefined
GetWindowTheme
GetThemeMetric
GetThemeBackgroundExtent

api-ms-win-shcore-scaling-l1-1-1

GetDpiForMonitor

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoGetActivationFactory

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsGetStringRawBuffer
WindowsDuplicateString
WindowsDeleteString

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError

msvcrt

wcscpy_s
wcscat_s
malloc
free
_vsnwprintf
isspace
_wcsnicmp
isprint
wcstok_s
wcsstr
vswprintf_s
_wcsicmp
??3@YAXPAX@Z
atoi
_unlock
__dllonexit
_lock
_onexit
__CxxFrameHandler3
??1type_info@@UAE@XZ
_XcptFilter
_initterm
_amsg_exit
memmove
_except_handler4_common
wcsncmp
vsprintf_s
??2@YAPAXI@Z
tolower
wcschr
memcpy
memcmp
memset

kernel32

ExitThread
SleepEx
TerminateProcess
IsBadReadPtr
GlobalLock
FindResourceW
GetPrivateProfileIntW
GetPrivateProfileStringW
MapViewOfFile
UnmapViewOfFile
lstrcatW
lstrcpynW
GetApplicationUserModelId
OpenProcess
GetWindowsDirectoryW
LoadLibraryW
DeleteFileW
MoveFileExW
LocalAlloc
LocalFree
TlsAlloc
TlsGetValue
TlsSetValue
QueueUserWorkItem
CompareStringOrdinal
CompareFileTime
GetTempPathW
SetFileAttributesW
GetFileAttributesW
CreateDirectoryW
RemoveDirectoryW
lstrcmpiA
SetUnhandledExceptionFilter
GetCurrentProcessId
ProcessIdToSessionId
FindPackagesByPackageFamily
PackageFamilyNameFromFullName
GlobalUnlock
DisableThreadLibraryCalls
GetModuleHandleExW
GlobalAddAtomW
RtlCaptureContext
GetComputerNameExW
OpenEventW
LoadResource
SizeofResource
DebugBreak
lstrcpynA
InterlockedExchange
InterlockedCompareExchange
QueryPerformanceCounter
UnhandledExceptionFilter
GetLastError
LoadLibraryA
GetUserDefaultLangID
GetUserDefaultUILanguage
OutputDebugStringA
GetSystemWindowsDirectoryW
GetVolumeNameForVolumeMountPointW
lstrlenW
CreateFileW
DeviceIoControl
CloseHandle
lstrcpyA
lstrlenA
lstrcatA
GetSystemTimeAsFileTime
FileTimeToSystemTime
lstrcpyW
lstrcmpiW
GetUserPreferredUILanguages
MulDiv
VirtualProtect
GetFileAttributesExW
WaitForSingleObject
CreateThread
SetThreadPriority
Sleep
GetTickCount
GetModuleHandleW
GetCurrentThreadId
GetAtomNameW
lstrcmpW
CreateThreadpoolWork
InitializeCriticalSection
WaitForThreadpoolWorkCallbacks
CloseThreadpoolWork
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetCurrentThread
SubmitThreadpoolWork
ExpandEnvironmentStringsW
GetCurrentProcess
CreateProcessW
CreateFileA
GetSystemFirmwareTable
GlobalAlloc
GlobalFree
GetProcAddress
LoadLibraryExW
FreeLibrary
QueueUserAPC
SetEvent
RaiseException
CreateEventW
ParseApplicationUserModelId
GetPackagesByPackageFamily
FindFirstFileW
FindNextFileW
FindClose
MoveFileW
InitOnceExecuteOnce
RegisterWaitForSingleObject
UnregisterWaitEx
FindNextChangeNotification
FindFirstChangeNotificationW
FindCloseChangeNotification
DeleteTimerQueueTimer
CreateTimerQueueTimer
GetVersionExW
OpenMutexW
GetModuleFileNameW

user32

EndDeferWindowPos
IsWindowVisible
GetWindow
MapWindowPoints
LockSetForegroundWindow
GetFocus
IsWindow
SetFocus
SetLayeredWindowAttributes
PeekMessageW
SystemParametersInfoW
NotifyWinEvent
ShowWindow
GetParent
DispatchMessageW
GetMessagePos
WindowFromPoint
ScreenToClient
ClientToScreen
TrackMouseEvent
GetCapture
GetNextDlgGroupItem
CreatePopupMenu
InsertMenuW
LoadMenuW
GetMenuStringW
GetSubMenu
DestroyMenu
CheckMenuItem
RegisterWindowMessageW
GetClassWord
GetSystemMetrics
InflateRect
PrintWindow
GetAsyncKeyState
BeginDeferWindowPos
CallNextHookEx
SetWinEventHook
UnhookWinEvent
SetWindowsHookExW
TrackPopupMenuEx
IsCharAlphaNumericA
RegisterClassExW
DestroyIcon
PostQuitMessage
GetCursorPos
MonitorFromPoint
GetWindowTextW
SetWindowTextW
MsgWaitForMultipleObjectsEx
SetCursor
SetMenuDefaultItem
CreateDialogParamW
GetDlgItemTextW
SetDlgItemTextW
IntersectRect
SendDlgItemMessageW
DrawFocusRect
EndDialog
GetSysColorBrush
GetActiveWindow
SetMenuInfo
GetMenuItemCount
GetMenuItemInfoW
DeleteMenu
SetMenuItemInfoW
TrackPopupMenu
TranslateMessage
GetMenuItemID
GetMenuDefaultItem
GetDC
PtInRect
InvalidateRect
GetMenuState
ExitWindowsEx
GetDoubleClickTime
EnableWindow
WindowFromDC
CallWindowProcW
CharLowerW
SetCapture
ReleaseCapture
DrawTextW
FillRect
IsRectEmpty
EqualRect
ModifyMenuW
EnumDisplayMonitors
DrawEdge
DrawTextExW
LoadImageW
GetRawInputDeviceInfoW
GetRawInputData
RegisterRawInputDevices
GetMessageW
GetRawInputDeviceList
EnumThreadWindows
DrawIconEx
UnionRect
UnregisterClassW
MonitorFromRect
SetForegroundWindow
GetWindowRgnBox
GetLayeredWindowAttributes
IsIconic
GetForegroundWindow
SetRectEmpty
EnumWindows
CheckDlgButton
IsDlgButtonChecked
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
SetCursorPos
UnhookWindowsHookEx
UnregisterHotKey
RegisterHotKey
AllowSetForegroundWindow
SwitchToThisWindow
SetActiveWindow
RegisterClipboardFormatW
GetMessageExtraInfo
ChildWindowFromPointEx
LookupIconIdFromDirectoryEx
PostThreadMessageW
SetRect
GetMonitorInfoW
RegisterClassW
LoadCursorW
DeferWindowPos
DestroyWindow
SetWindowLongW
GetWindowRgn
UpdateLayeredWindow
GetWindowDC
MonitorFromWindow
IsChild
GetGUIThreadInfo
GetAncestor
DefWindowProcW
RemovePropW
GetWindowLongW
SetWindowPos
SetTimer
FindWindowW
KillTimer
GetShellWindow
CreateWindowExW
GetWindowThreadProcessId
FindWindowExW
DialogBoxParamW
EndPaint
OffsetRect
GetWindowRect
GetWindowInfo
BeginPaint
SetPropW
GetPropW
GetDlgItem
GetComboBoxInfo
GetClassNameW
ReleaseDC
GetDCEx
PostMessageW
SendMessageW
RedrawWindow
EnumChildWindows
GetClientRect
SetWindowRgn
GetSysColor
CreateIconIndirect
GetKeyState
wsprintfW
LoadStringW
wsprintfA
SendNotifyMessageW

gdi32

GetLayout
GetCharWidth32W
CreateFontW
RestoreDC
ExcludeClipRect
SaveDC
GdiFlush
GetRgnBox
CombineRgn
CreateRectRgnIndirect
GetStockObject
ExtTextOutW
CreateSolidBrush
SetBkColor
SetTextColor
BitBlt
SetLayout
CreateRectRgn
DeleteObject
CreateBitmap
DeleteDC
GdiAlphaBlend
GetObjectW
SelectObject
CreateCompatibleDC
CreateDIBSection
GetTextExtentExPointW
OffsetClipRgn
SelectClipRgn
StretchBlt
GetDeviceCaps
StretchDIBits
OffsetRgn
GetBoundsRect
SetBoundsRect
GetClipBox
GetCurrentObject
GetBkMode
SetBkMode
TextOutW
GetBkColor
GetTextColor
GetTextExtentPointW
SetWindowOrgEx
CreateFontIndirectW

advapi32

RegSetValueExA
RegCloseKey
RegQueryValueA
RegOpenKeyExA
RegCreateKeyExA
RegQueryInfoKeyW
RegCreateKeyW
RegSetKeyValueW
RegGetValueW
RegDeleteKeyValueW
RegOpenKeyExW
RegEnumKeyW
RegNotifyChangeKeyValue
RegOpenKeyW
RegSetValueExW
RegDeleteValueW
RegCreateKeyExW
RegQueryValueExW
RegDeleteKeyW
InitiateShutdownW
GetUserNameW
RegQueryValueExA
RegDeleteValueA

shell32

ord155
ord152
ord16
ord18
ord25
ord190
ord256
SHCreateDataObject
SHCreateDefaultContextMenu
AssocCreateForClasses
SHCreateShellItemArrayFromIDLists
SHCreateItemFromParsingName
ord6
SHCreateShellItemArrayFromDataObject
SHAssocEnumHandlers
SHGetKnownFolderPath
ord100
SHBindToObject
ord846
ord27
ord21
ord68
SHGetKnownFolderIDList
Shell_NotifyIconGetRect
ShellExecuteW
SHCreateItemInKnownFolder
SHGetPropertyStoreForWindow
SHGetIDListFromObject
SHCreateItemFromIDList
SHCreateDefaultExtractIcon
SHGetFolderPathW
SHChangeNotify
SHGetNameFromIDList
ord162
SHGetFileInfoW
Shell_GetCachedImageIndexW
SHOpenFolderAndSelectItems
SHGetSpecialFolderPathW
ord193
SHBindToParent
ord22
ord134
ord132
ord23
ord727
ord17
SHGetFolderLocation
SHGetDesktopFolder
ord98
SHParseDisplayName
ord88
ord644
ord645
ord4
ord2
SHCreateItemWithParent
ord62
SHFileOperationW
SHGetStockIconInfo

ole32

CoInitialize
CoUninitialize
CoWaitForMultipleHandles
CoCreateFreeThreadedMarshaler
CoGetInterfaceAndReleaseStream
CoCreateInstance
RegisterDragDrop
RevokeDragDrop
StringFromGUID2
ReleaseStgMedium
CoInitializeEx
CoMarshalInterThreadInterfaceInStream
CoTaskMemAlloc
CoTaskMemFree
PropVariantClear

Exports

Exports

DllCanUnloadNow
DllGetClassObject
LoadSystemOrb2
PickGlyphDlg
RemoteInit

Sections

.text
Size: 307KB - Virtual size: 306KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 145KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

53f225f8dc0cecbc0bb103079473d845

Code Sign

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2Certificate

Extended Key Usages

Key Usages

71:c3:e6:c6:7b:8c:e5:4f:c3:dc:14:a5:ef:a1:fa:04Certificate

Extended Key Usages

Key Usages

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6bCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

a3:98:b5:2e:f1:60:1d:67:70:fc:53:9f:81:5b:5e:36:a8:37:4b:29:a7:36:1c:d0:33:36:4a:ff:cd:f0:16:55Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

dwmapi

uxtheme

api-ms-win-shcore-scaling-l1-1-1

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-winrt-error-l1-1-0

msvcrt

kernel32

user32

gdi32

advapi32

shell32

ole32

Exports

Exports

Sections

.text Size: 307KB - Virtual size: 306KB

.rdata Size: 60KB - Virtual size: 59KB

.data Size: 2KB - Virtual size: 5KB

.rsrc Size: 145KB - Virtual size: 145KB

.reloc Size: 27KB - Virtual size: 27KB

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2
Certificate

71:c3:e6:c6:7b:8c:e5:4f:c3:dc:14:a5:ef:a1:fa:04
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

a3:98:b5:2e:f1:60:1d:67:70:fc:53:9f:81:5b:5e:36:a8:37:4b:29:a7:36:1c:d0:33:36:4a:ff:cd:f0:16:55
Signer

.text
Size: 307KB - Virtual size: 306KB

.rdata
Size: 60KB - Virtual size: 59KB

.data
Size: 2KB - Virtual size: 5KB

.rsrc
Size: 145KB - Virtual size: 145KB

.reloc
Size: 27KB - Virtual size: 27KB