ec12757bd56e9ac7bacca59cd9e1800d3aac682fa1426ccf5358cdfbc20eed9a

Sharing

Copy URL Twitter E-mail

General

Target

ec12757bd56e9ac7bacca59cd9e1800d3aac682fa1426ccf5358cdfbc20eed9a
Size

1.6MB
MD5

59f4a6c3b63dd2fdff9c3bb484ad72a0
SHA1

95a78393285142381811f725957d17f16d9313de
SHA256

ec12757bd56e9ac7bacca59cd9e1800d3aac682fa1426ccf5358cdfbc20eed9a
SHA512

33751fc276bafcab0c1fcaf43442c429b37f42c590b0081e0380ef179ca1f8e5464f0abf63b2c83931a38e278497756b82e3d17054d95050d847f574e2e17e2e
SSDEEP

24576:SzGusFHMOxcn61C6F+v8bJDIauAc1uVM03khWOxLdDe/nWNp3rmivKvaPkNXV:sGusFZcVCS8bR1uASL2khWOaPnvaP6XV

Score

1^/10

Malware Config

Signatures

Files

ec12757bd56e9ac7bacca59cd9e1800d3aac682fa1426ccf5358cdfbc20eed9a
.exe windows:6 windows x86 arch:x86

f4d8fa63e018ff80e1d4fd63aaee19d4

Code Sign

1c:75:33:d7:77:28:bc:41:7d:50:4d:fd:8b:79:3e:dc
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

17/09/2020, 00:00

Not After

16/12/2023, 23:59

Subject

CN=DeskSoft,O=DeskSoft,POSTALCODE=2231,STREET=Mozart-Straße 31,L=Strasshof,ST=Niederösterreich,C=AT

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/03/2019, 00:00

Not After

31/12/2028, 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

65:77:ca:f0:9f:6e:ff:8f:a1:20:8d:b1:af:13:0d:cf:e2:a0:8a:39:7b:62:a6:c5:f7:24:72:b0:9c:b4:a9:fa
Signer

Actual PE Digest

65:77:ca:f0:9f:6e:ff:8f:a1:20:8d:b1:af:13:0d:cf:e2:a0:8a:39:7b:62:a6:c5:f7:24:72:b0:9c:b4:a9:fa

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

WSACleanup
bind
closesocket
connect
inet_ntoa
getsockname
WSAStartup
htons
accept
listen
recv
select
send
shutdown
socket
WSAGetLastError
gethostname
WSASetLastError
gethostbyname

winmm

PlaySoundA

comctl32

ImageList_Create
_TrackMouseEvent
InitCommonControlsEx
ImageList_Destroy
ImageList_ReplaceIcon

kernel32

DecodePointer
RaiseException
GetLastError
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
GetTickCount
GlobalMemoryStatus
FlushConsoleInputBuffer
GetDriveTypeW
SetConsoleMode
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetConsoleCP
GetCurrentDirectoryW
GetFullPathNameW
GetTickCount64
CopyFileA
WideCharToMultiByte
MultiByteToWideChar
CreateEventA
WaitForSingleObject
SetEvent
GetTimeFormatA
ReadConsoleInputW
PeekNamedPipe
GetDateFormatA
LoadLibraryA
GetModuleHandleA
Sleep
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetFileAttributesA
DeleteFileA
WriteConsoleW
SetEndOfFile
ReadConsoleW
FlushFileBuffers
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
CreateThread
CloseHandle
DeleteCriticalSection
InitializeCriticalSectionEx
GetEnvironmentStringsW
GetCommandLineA
FindFirstFileExW
SetConsoleCtrlHandler
GetOEMCP
GetCommandLineW
CreateFileA
GetCurrentProcess
GetCurrentProcessId
ExitProcess
GetCurrentThreadId
OpenProcess
GetModuleFileNameA
GetProcAddress
GetShortPathNameA
CreateDirectoryA
GetFileSize
ReadFile
SetFilePointer
WriteFile
GetLocalTime
FreeLibrary
LoadResource
LockResource
SizeofResource
FindResourceA
MoveFileExA
FindClose
FindFirstFileExA
FindNextFileA
MulDiv
ReleaseMutex
CreateMutexA
CreateFileW
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
GetTimeZoneInformation
FindFirstFileA
FindFirstFileW
FindNextFileW
CopyFileW
FileTimeToLocalFileTime
GetFileInformationByHandle
FileTimeToDosDateTime
SystemTimeToFileTime
GetCurrentDirectoryA
LocalFileTimeToFileTime
SetFileTime
CompareFileTime
SetLastError
GetSystemTime
IsDebuggerPresent
OutputDebugStringW
InitializeCriticalSectionAndSpinCount
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwind
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
GetModuleHandleExW
GetModuleFileNameW
GetStdHandle
GetFileType
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetConsoleOutputCP
GetConsoleMode
GetFileSizeEx
SetFilePointerEx
GetCPInfo
GetStringTypeW
IsValidCodePage
GetACP

user32

DialogBoxParamA
GetKeyState
GetKeyNameTextA
MapVirtualKeyA
SetCapture
ReleaseCapture
GetForegroundWindow
ReleaseDC
GetWindowRect
AdjustWindowRectEx
MessageBeep
SetCursor
ScreenToClient
WindowFromPoint
ChildWindowFromPoint
SetClassLongA
GetDesktopWindow
GetParent
EnumChildWindows
FindWindowExA
GetClassNameA
GetWindowThreadProcessId
LoadIconA
DestroyIcon
LoadImageA
DrawIconEx
IsDialogMessageA
MonitorFromRect
MonitorFromWindow
SetProcessDPIAware
GetActiveWindow
EnableWindow
IsWindowEnabled
GetSystemMetrics
SetLayeredWindowAttributes
InvalidateRgn
MessageBoxA
CopyRect
PtInRect
EnumWindows
GetMonitorInfoA
EnumDisplayMonitors
DrawFrameControl
WindowFromDC
FrameRect
CreateIconIndirect
GetIconInfo
SystemParametersInfoA
PeekMessageA
IsZoomed
IsRectEmpty
GetWindowDC
FillRect
OffsetRect
SetScrollInfo
SetParent
CreatePopupMenu
TrackPopupMenuEx
InsertMenuItemA
GetDlgItem
CreateIconFromResourceEx
LookupIconIdFromDirectoryEx
SetDlgItemTextW
SetDlgItemTextA
DispatchMessageA
TranslateMessage
GetMessageA
RegisterWindowMessageA
GetProcessWindowStation
GetUserObjectInformationW
BringWindowToTop
SetActiveWindow
GetDoubleClickTime
EndDialog
CreateDialogParamA
SetWindowPos
LoadCursorA
SetWindowLongA
GetDC
KillTimer
RegisterClassA
RedrawWindow
GetWindowLongA
SetRect
DrawFocusRect
GetSysColor
GetCursorPos
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
InvalidateRect
EndPaint
BeginPaint
SetForegroundWindow
DrawTextA
SetTimer
GetAsyncKeyState
GetFocus
SetFocus
IsClipboardFormatAvailable
IsWindowVisible
CreateWindowExA
CallWindowProcA
PostQuitMessage
DefWindowProcA
DrawEdge
MapWindowPoints
GetClientRect
SendDlgItemMessageA
GetDlgItemTextA
ShowWindow
DestroyWindow
PostMessageA
SendMessageA
IsIconic
wsprintfA

gdi32

GetTextExtentPoint32A
LineTo
GetStockObject
GetDIBits
CreateRectRgnIndirect
SetBkMode
Rectangle
DeleteDC
CreateSolidBrush
CreatePen
SetTextColor
CreateFontA
SelectObject
DeleteObject
PatBlt
SelectClipRgn
SetDCBrushColor
SetDCPenColor
SetDIBits
CreateCompatibleDC
SetMapMode
SetStretchBltMode
CreateDIBSection
GetObjectA
MoveToEx
ExtTextOutA
Polygon
CreateBitmap
Ellipse
CreateCompatibleBitmap
BitBlt
GetPixel
CreateRectRgn
CombineRgn
GetDeviceCaps
SetBkColor

comdlg32

CommDlgExtendedError
GetSaveFileNameA
GetOpenFileNameA
ChooseColorA
ChooseFontA

shell32

FindExecutableA
SHGetPathFromIDListA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation
SHCreateItemFromIDList
SHGetDesktopFolder
Shell_NotifyIconA
SHGetMalloc

iphlpapi

GetAdaptersAddresses
GetIpAddrTable

shlwapi

ord176

version

GetFileVersionInfoA
VerQueryValueA

msimg32

GradientFill

advapi32

ReportEventA
RegisterEventSourceA
DeregisterEventSource
OpenProcessToken
GetTokenInformation
ImpersonateLoggedOnUser
GetUserNameA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
CryptAcquireContextA
CryptReleaseContext
CryptImportKey
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptVerifySignatureA

ole32

CoInitialize
CoTaskMemFree
CoUninitialize
OleUninitialize
OleInitialize
CoCreateInstance

oleaut32

SysFreeString
SysAllocString
VariantClear

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 304KB - Virtual size: 304KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 116KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 125KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f4d8fa63e018ff80e1d4fd63aaee19d4

Code Sign

1c:75:33:d7:77:28:bc:41:7d:50:4d:fd:8b:79:3e:dcCertificate

Extended Key Usages

Key Usages

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95Certificate

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

65:77:ca:f0:9f:6e:ff:8f:a1:20:8d:b1:af:13:0d:cf:e2:a0:8a:39:7b:62:a6:c5:f7:24:72:b0:9c:b4:a9:faSigner

Headers

DLL Characteristics

File Characteristics

Imports

wsock32

winmm

comctl32

kernel32

user32

gdi32

comdlg32

shell32

iphlpapi

shlwapi

version

msimg32

advapi32

ole32

oleaut32

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 304KB - Virtual size: 304KB

.data Size: 116KB - Virtual size: 176KB

.rsrc Size: 125KB - Virtual size: 125KB

1c:75:33:d7:77:28:bc:41:7d:50:4d:fd:8b:79:3e:dc
Certificate

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

65:77:ca:f0:9f:6e:ff:8f:a1:20:8d:b1:af:13:0d:cf:e2:a0:8a:39:7b:62:a6:c5:f7:24:72:b0:9c:b4:a9:fa
Signer

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 304KB - Virtual size: 304KB

.data
Size: 116KB - Virtual size: 176KB

.rsrc
Size: 125KB - Virtual size: 125KB