SecuriteInfo[.]com[.]FileRepMalware[.]16623[.]17166

Sharing

Copy URL Twitter E-mail

General

Target

SecuriteInfo.com.FileRepMalware.16623.17166
Size

1.1MB
MD5

5654d2672deab994c1d3bc15b9e8daff
SHA1

a2633403389a9cdc284b00b345bf1db2987b6261
SHA256

82bef45df82555c55653aa99606aab9b8c0288fec8274c8cbe9f4cc542edd404
SHA512

12ea10e0119a5e416992c7f0eab2529a01f59a8c16fc025fb72c0b1a3b70a61962e6924608d7ce00a5948d0be973cb097e0da8a960ba104986e74afea132fe60
SSDEEP

24576:6GmJF1rShv2DpiaKqJo8dmoLRVGcr/JPqh1maoGG:evsN2DpiaKq28HRVGcr/JP3

Score

1^/10

Malware Config

Signatures

Files

SecuriteInfo.com.FileRepMalware.16623.17166
.exe windows:6 windows x64 arch:x64

62483b3db3efa2372310b5b9fb5f58a1

Code Sign

98:0c:26:aa:ad:1d:7e:ce:bc:bc:35:fb:77:fa:b8:4c
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

27/05/2020, 00:00

Not After

27/05/2021, 23:59

Subject

CN=John David Basson,O=John David Basson,POSTALCODE=30040-5868,STREET=5262 KEITHWOOD DR,L=CUMMING,ST=Georgia,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/03/2019, 00:00

Not After

31/12/2028, 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

01/08/2030, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a8:6b:8d:b2:ca:28:38:53:09:2c:ae:2b:bf:08:ef:33:fc:75:a3:78:06:a1:a8:c5:63:19:22:1e:18:c5:f3:6d
Signer

Actual PE Digest

a8:6b:8d:b2:ca:28:38:53:09:2c:ae:2b:bf:08:ef:33:fc:75:a3:78:06:a1:a8:c5:63:19:22:1e:18:c5:f3:6d

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

wsock32

inet_addr
gethostbyname
gethostname
WSAStartup
WSACleanup

winmm

joyGetPosEx
mciSendStringW
mixerSetControlDetails
mixerGetDevCapsW
mixerGetLineInfoW
mixerGetLineControlsW
mixerGetControlDetailsW
joyGetDevCapsW
mixerOpen
mixerClose

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

comctl32

ImageList_AddMasked
ImageList_GetIconSize
ImageList_Create
ImageList_Destroy
CreateStatusWindowW
ImageList_ReplaceIcon

psapi

GetProcessImageFileNameW
GetModuleFileNameExW
GetModuleBaseNameW

kernel32

FindResourceW
SizeofResource
LoadResource
LockResource
SetDllDirectoryW
GetFileAttributesW
GetModuleHandleExW
FindFirstFileW
FindNextFileW
FindClose
Beep
MoveFileW
OutputDebugStringW
FormatMessageW
CreateProcessW
WideCharToMultiByte
MultiByteToWideChar
IsValidCodePage
GetExitCodeProcess
WriteProcessMemory
ReadProcessMemory
GetCurrentProcessId
OpenProcess
TerminateProcess
SetPriorityClass
SetLastError
SetEnvironmentVariableW
GetEnvironmentVariableW
GetLocalTime
GetDateFormatW
GetTimeFormatW
GetDiskFreeSpaceExW
SetVolumeLabelW
CreateFileW
DeviceIoControl
GetDriveTypeW
GetVolumeInformationW
GetDiskFreeSpaceW
CreateDirectoryW
ReadFile
DeleteFileW
WriteFile
SetFileAttributesW
FileTimeToLocalFileTime
LocalFileTimeToFileTime
SetFileTime
GetFileSizeEx
GetSystemTime
GetSystemDefaultUILanguage
GetFullPathNameW
GetWindowsDirectoryW
GetTempPathW
GetShortPathNameW
EnterCriticalSection
LeaveCriticalSection
VirtualProtect
QueryDosDeviceW
CompareStringW
RemoveDirectoryW
CopyFileW
GetCurrentProcess
GetPrivateProfileStringW
GetPrivateProfileSectionW
GetPrivateProfileSectionNamesW
WritePrivateProfileStringW
WritePrivateProfileSectionW
SetEndOfFile
GetACP
GetFileType
GetStdHandle
SetFilePointerEx
SystemTimeToFileTime
FileTimeToSystemTime
GetFileSize
IsWow64Process
VirtualAllocEx
VirtualFreeEx
EnumResourceNamesW
LoadLibraryExW
GlobalSize
InitializeSListHead
QueryPerformanceCounter
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetCommandLineA
GetCommandLineW
ExitProcess
HeapSize
HeapReAlloc
HeapQueryInformation
GetModuleFileNameW
DeleteCriticalSection
GetCPInfo
GetVersionExW
FreeLibrary
LoadLibraryW
GetModuleHandleW
GetProcAddress
GetLastError
CreateMutexW
CloseHandle
GetExitCodeThread
SetThreadPriority
CreateThread
GetStringTypeExW
lstrcmpiW
GetCurrentThreadId
GlobalUnlock
GlobalFree
GlobalAlloc
GlobalLock
GetCurrentDirectoryW
SetErrorMode
GetSystemTimeAsFileTime
InitializeCriticalSection
SetCurrentDirectoryW
Sleep
GetTickCount
MulDiv
RtlUnwindEx
RtlPcToFileHeader
RaiseException
HeapAlloc
HeapFree
LCMapStringW
GetStringTypeW
GetConsoleCP
GetConsoleMode
GetProcessHeap
FindFirstFileExW
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
FlushFileBuffers
ReadConsoleW
WriteConsoleW
GetComputerNameW

user32

SetMenu
SetPropW
RemovePropW
GetSysColor
SetWindowLongPtrW
RedrawWindow
DrawTextW
SetParent
GetClassInfoExW
AdjustWindowRectEx
SystemParametersInfoW
GetAncestor
UpdateWindow
GetMessagePos
GetSysColorBrush
FillRect
GetClassLongPtrW
DefDlgProcW
CallWindowProcW
CheckRadioButton
IntersectRect
GetUpdateRect
PtInRect
CreateDialogIndirectParamW
CreateAcceleratorTableW
DestroyAcceleratorTable
InsertMenuItemW
RemoveMenu
SetMenuItemInfoW
GetMenuItemInfoW
SetMenuDefaultItem
CreateMenu
CreatePopupMenu
SetMenuInfo
DestroyMenu
TrackPopupMenuEx
DrawIconEx
GetDesktopWindow
CopyImage
CreateIconIndirect
CreateIconFromResourceEx
EnumClipboardFormats
GetWindow
BringWindowToTop
MessageBoxW
GetQueueStatus
GetWindowRect
IsCharAlphaW
CheckMenuItem
IsWindowVisible
GetWindowLongPtrW
ChangeClipboardChain
SetClipboardViewer
LoadAcceleratorsW
GetMenu
CreateWindowExW
RegisterClassExW
LoadCursorW
DestroyWindow
DestroyIcon
MapVirtualKeyW
VkKeyScanExW
SendDlgItemMessageW
GetKeyboardLayoutNameW
ActivateKeyboardLayout
GetGUIThreadInfo
GetWindowTextW
mouse_event
WindowFromPoint
GetSystemMetrics
keybd_event
SetKeyboardState
GetKeyboardState
GetCursorPos
GetAsyncKeyState
AttachThreadInput
SendInput
UnregisterHotKey
RegisterHotKey
PostQuitMessage
SendMessageTimeoutW
CharUpperW
UnhookWindowsHookEx
SetWindowsHookExW
PostThreadMessageW
IsCharAlphaNumericW
IsCharUpperW
IsCharLowerW
ToUnicodeEx
GetKeyboardLayout
CallNextHookEx
CharLowerW
ReleaseDC
GetDC
OpenClipboard
GetClipboardData
GetClipboardFormatNameW
CloseClipboard
SetClipboardData
EmptyClipboard
PostMessageW
FindWindowW
GetClassLongW
FlashWindow
GetPropW
ExitWindowsEx
GetMenuStringW
GetSubMenu
GetMenuItemID
GetMenuItemCount
GetSystemMenu
GetLastInputInfo
GetCursor
MessageBeep
SetDlgItemTextW
LoadImageW
EndDialog
IsWindow
DispatchMessageW
TranslateMessage
ShowWindow
CountClipboardFormats
SetWindowLongW
ScreenToClient
IsDialogMessageW
SendMessageW
IsWindowEnabled
DialogBoxParamW
SetForegroundWindow
DefWindowProcW
RegisterWindowMessageW
GetIconInfo
EnumDisplayMonitors
GetClientRect
IsIconic
IsZoomed
EnumWindows
GetWindowTextLengthW
SetWindowTextW
EnableWindow
InvalidateRect
SetLayeredWindowAttributes
SetWindowPos
SetWindowRgn
SetFocus
IsChild
MapWindowPoints
SetActiveWindow
GetWindowLongW
GetKeyState
TranslateAcceleratorW
KillTimer
PeekMessageW
GetFocus
GetClassNameW
GetWindowThreadProcessId
GetForegroundWindow
GetMessageW
SetTimer
GetParent
GetDlgCtrlID
IsClipboardFormatAvailable
EnumChildWindows
GetDlgItem
ClientToScreen
MapVirtualKeyExW
MoveWindow
EnableMenuItem

gdi32

SetBkMode
GetClipBox
CreatePatternBrush
SetBrushOrgEx
EnumFontFamiliesExW
CreateDIBSection
GdiFlush
SetBkColor
CreateFontIndirectW
GetObjectW
GetStockObject
CreateSolidBrush
GetCharABCWidthsW
GetTextMetricsW
CreateDCW
GetPixel
BitBlt
CreateCompatibleBitmap
DeleteDC
GetSystemPaletteEntries
SelectObject
GetDIBits
CreateCompatibleDC
CreatePolygonRgn
CreateRectRgn
CreateRoundRectRgn
CreateEllipticRgn
CreateFontW
SetTextColor
GetDeviceCaps
DeleteObject

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

RegDeleteValueW
RegDeleteKeyW
RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
CloseServiceHandle
UnlockServiceDatabase
LockServiceDatabase
OpenSCManagerW
GetUserNameW
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegOpenKeyExW
RegCloseKey
RegConnectRegistryW

shell32

ExtractIconW
DragQueryPoint
SHEmptyRecycleBinW
SHFileOperationW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetDesktopFolder
SHGetMalloc
SHGetFolderPathW
ShellExecuteExW
Shell_NotifyIconW
DragFinish
DragQueryFileW

ole32

OleUninitialize
CoCreateInstance
CoInitialize
CoUninitialize
CLSIDFromString
OleInitialize
CLSIDFromProgID
CoGetObject
StringFromGUID2
CreateStreamOnHGlobal

oleaut32

GetActiveObject
SafeArrayGetLBound
SysStringLen
OleLoadPicture
SafeArrayUnaccessData
SafeArrayGetElemsize
SafeArrayAccessData
SafeArrayUnlock
SafeArrayPtrOfIndex
SafeArrayLock
SafeArrayGetDim
SafeArrayDestroy
SafeArrayGetUBound
VariantCopyInd
SafeArrayCopy
SysAllocString
VariantChangeType
VariantClear
SafeArrayCreate
SysFreeString

Sections

.text
Size: 790KB - Virtual size: 789KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 233KB - Virtual size: 232KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

62483b3db3efa2372310b5b9fb5f58a1

Code Sign

98:0c:26:aa:ad:1d:7e:ce:bc:bc:35:fb:77:fa:b8:4cCertificate

Extended Key Usages

Key Usages

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95Certificate

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

a8:6b:8d:b2:ca:28:38:53:09:2c:ae:2b:bf:08:ef:33:fc:75:a3:78:06:a1:a8:c5:63:19:22:1e:18:c5:f3:6dSigner

Headers

DLL Characteristics

File Characteristics

Imports

wsock32

winmm

version

comctl32

psapi

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 790KB - Virtual size: 789KB

.rdata Size: 233KB - Virtual size: 232KB

.data Size: 27KB - Virtual size: 48KB

.pdata Size: 27KB - Virtual size: 26KB

_RDATA Size: 512B - Virtual size: 148B

.rsrc Size: 20KB - Virtual size: 19KB

98:0c:26:aa:ad:1d:7e:ce:bc:bc:35:fb:77:fa:b8:4c
Certificate

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

a8:6b:8d:b2:ca:28:38:53:09:2c:ae:2b:bf:08:ef:33:fc:75:a3:78:06:a1:a8:c5:63:19:22:1e:18:c5:f3:6d
Signer

.text
Size: 790KB - Virtual size: 789KB

.rdata
Size: 233KB - Virtual size: 232KB

.data
Size: 27KB - Virtual size: 48KB

.pdata
Size: 27KB - Virtual size: 26KB

_RDATA
Size: 512B - Virtual size: 148B

.rsrc
Size: 20KB - Virtual size: 19KB