d1b2394662c8607c049db62f2ce69d9949f3b509f8b6595b09be92a5b450f1d3

Sharing

Copy URL Twitter E-mail

General

Target

d1b2394662c8607c049db62f2ce69d9949f3b509f8b6595b09be92a5b450f1d3
Size

1.2MB
MD5

49b0d33cb0bab2b4fef7a0d1669fe301
SHA1

3157806de52710f7567db670048ea170e2b21b64
SHA256

d1b2394662c8607c049db62f2ce69d9949f3b509f8b6595b09be92a5b450f1d3
SHA512

5d17a6ac7a0d196d3728ba4e0f92eafcdf5d69839b9f19fec93061a78cf692a84b8d204d5a2947bd964205819dc748032884063b97785042ec2b3a4eeda0184b
SSDEEP

24576:HJaHWUOjzIHhvKk2Rj4zWyx26dzqJ24ICek50F+xmp7aeYTdmtxrSM9uiJNjD1Ez:ewadeyx26lkXIK50F+8j5IDF

Score

1^/10

Malware Config

Signatures

Files

d1b2394662c8607c049db62f2ce69d9949f3b509f8b6595b09be92a5b450f1d3
.exe windows:6 windows x64 arch:x64

83cf9ea17761c1d7ed54526d02149f3d

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:92:61:fa:48:6b:16:10:71:3a:4c:b9:ec:7e:6c:42
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

01/03/2022, 00:00

Not After

23/04/2025, 23:59

Subject

CN=STARDOCK SYSTEMS\, INC.,O=STARDOCK SYSTEMS\, INC.,L=Plymouth,ST=Michigan,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:92:61:fa:48:6b:16:10:71:3a:4c:b9:ec:7e:6c:42
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

01/03/2022, 00:00

Not After

23/04/2025, 23:59

Subject

CN=STARDOCK SYSTEMS\, INC.,O=STARDOCK SYSTEMS\, INC.,L=Plymouth,ST=Michigan,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

c2:fb:5f:9d:f8:4a:2f:7a:5b:f7:8f:f8:d9:52:92:7d:32:b5:32:ea:fb:c1:e7:f3:04:02:0a:84:3b:40:c0:76
Signer

Actual PE Digest

c2:fb:5f:9d:f8:4a:2f:7a:5b:f7:8f:f8:d9:52:92:7d:32:b5:32:ea:fb:c1:e7:f3:04:02:0a:84:3b:40:c0:76

Digest Algorithm

sha256

PE Digest Matches

true

d8:19:96:42:57:49:f6:80:af:cc:26:aa:89:a7:a3:fd:d4:fc:2c:c4
Signer

Actual PE Digest

d8:19:96:42:57:49:f6:80:af:cc:26:aa:89:a7:a3:fd:d4:fc:2c:c4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

F:\Groupy\GroupyCtrl\x64\Release\GroupyCtrl.pdb

Imports

uxtheme

CloseThemeData
DrawThemeTextEx
SetWindowTheme
IsCompositionActive
OpenThemeData

dwmapi

DwmIsCompositionEnabled
DwmRegisterThumbnail
DwmUpdateThumbnailProperties
DwmUnregisterThumbnail
DwmSetWindowAttribute
DwmFlush
DwmGetColorizationColor
DwmGetWindowAttribute
DwmEnableBlurBehindWindow

winmm

timeBeginPeriod
timeEndPeriod

msimg32

TransparentBlt
AlphaBlend

gdiplus

GdipFree
GdipAlloc
GdipDisposeImage
GdiplusStartup
GdipCloneImage
GdipCreateBitmapFromStream
GdipCreateHBITMAPFromBitmap

crypt32

CryptStringToBinaryW
CryptBinaryToStringW

oleacc

AccessibleObjectFromWindow

comctl32

InitCommonControlsEx

kernel32

CreateEventA
SetEvent
WaitForSingleObject
Sleep
DeleteFileW
CreateFileW
WriteFile
WritePrivateProfileStringW
LocalFree
GetCurrentThreadId
Beep
ExitThread
GlobalAddAtomW
FindFirstFileW
FindNextFileW
FindClose
WideCharToMultiByte
GetCurrentProcessId
GetThreadLocale
SetThreadLocale
MultiByteToWideChar
SetThreadPriority
GetCurrentThread
GetCurrentProcess
GlobalFindAtomW
GlobalDeleteAtom
CreateMutexW
ReleaseMutex
SetProcessShutdownParameters
GetSystemDirectoryA
SetPriorityClass
GlobalFindAtomA
ResetEvent
GetFileAttributesW
GetProcessId
HeapDestroy
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
FindResourceExW
LoadLibraryA
GetComputerNameA
lstrcmpA
lstrlenA
InitializeCriticalSectionEx
RaiseException
DecodePointer
LoadLibraryExW
FreeLibrary
RtlUnwindEx
InterlockedPushEntrySList
RtlPcToFileHeader
QueryPerformanceFrequency
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
GetCPInfo
EncodePointer
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
InitializeSListHead
CreateEventW
WaitForSingleObjectEx
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
OutputDebugStringW
IsDebuggerPresent
GetModuleFileNameW
GetStdHandle
GetACP
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetModuleFileNameA
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
LoadResource
LockResource
SizeofResource
FindResourceW
ReadProcessMemory
GetModuleHandleW
SetLastError
GetLastError
K32GetModuleFileNameExA
K32GetModuleFileNameExW
OpenProcess
CloseHandle
GetModuleHandleA
GetProcAddress
GetTickCount
GetTickCount64
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetPrivateProfileStringW
ExitProcess
GetPrivateProfileIntW
GetUserPreferredUILanguages
CreateDirectoryW
CreateThread
GetFileType
GetTimeZoneInformation
FlushFileBuffers
GetConsoleCP
GetConsoleMode
ReadFile
SetFilePointerEx
FindFirstFileExW
ResumeThread
FreeLibraryAndExitThread
GetModuleHandleExW
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetStdHandle
ReadConsoleW
WriteConsoleW
SetEndOfFile

user32

BroadcastSystemMessageW
FindWindowW
LoadStringW
DisableProcessWindowsGhosting
ChangeWindowMessageFilter
RegisterClassExW
UnregisterHotKey
RegisterHotKey
DialogBoxParamW
PostQuitMessage
EndDialog
GetClassLongPtrA
DefWindowProcA
GetClassLongPtrW
IsWindowUnicode
ValidateRect
DestroyWindow
TrackMouseEvent
MonitorFromPoint
LoadCursorW
SetCursor
EnableWindow
NotifyWinEvent
BlockInput
ReleaseCapture
SetCapture
EndPaint
BeginPaint
SetActiveWindow
GetCursorPos
GetAsyncKeyState
KillTimer
LockSetForegroundWindow
AllowSetForegroundWindow
DispatchMessageW
TranslateMessage
InvalidateRect
IsWindowEnabled
SendInput
FindWindowA
SetWindowPlacement
ShowWindowAsync
GetWindowRgnBox
WindowFromPoint
GetForegroundWindow
ReplyMessage
UpdateLayeredWindow
PostMessageW
GetKeyState
PtInRect
GetWindowDC
CreateWindowExW
SetTimer
wsprintfW
GetWindowTextW
GetAncestor
GetLayeredWindowAttributes
SetLayeredWindowAttributes
GetIconInfo
IsIconic
GetWindow
SendNotifyMessageW
RegisterWindowMessageW
SendMessageTimeoutW
GetWindowPlacement
SetWindowPos
IsZoomed
GetMonitorInfoW
SetWindowLongPtrW
SetWindowLongW
SetWinEventHook
UpdateWindow
GetWindowRgn
LogicalToPhysicalPoint
PostThreadMessageW
GetWindowLongPtrW
EqualRect
GetClassNameW
IsHungAppWindow
CallWindowProcW
DefWindowProcW
GetClientRect
DrawTextW
EnumChildWindows
SetWindowTextW
UnhookWindowsHookEx
DestroyMenu
TrackPopupMenu
InsertMenuItemW
CreatePopupMenu
SetWindowsHookExW
SetFocus
GetMessageW
MessageBoxW
DrawTextA
SendMessageW
DrawFrameControl
FillRect
GetMenuInfo
MapWindowPoints
GetPropA
GetClassLongW
GetWindowRect
GetMenuItemInfoW
GetMenuItemCount
GetMenu
GetDesktopWindow
GetSysColor
FindWindowExW
GetWindowThreadProcessId
SwitchToThisWindow
SetForegroundWindow
ShowWindow
MonitorFromWindow
IsWindow
SystemParametersInfoW
GetSystemMetrics
ReleaseDC
GetDC
RegisterWindowMessageA
SetPropW
InternalGetWindowText
GetWindowLongW
SetPropA
RemovePropW
GetPropW
MonitorFromRect
GetClassNameA
AppendMenuW
GetParent
CallNextHookEx
EnumWindows
RemovePropA
IsWindowVisible

gdi32

ExtSelectClipRgn
SelectClipRgn
SetStretchBltMode
CreateRectRgn
CreateFontIndirectW
ExtTextOutW
GetTextColor
LPtoDP
GetCurrentObject
CreateFontW
SetBkMode
SetDCBrushColor
GetStockObject
CreateRoundRectRgn
CombineRgn
OffsetRgn
GetRgnBox
PtInRegion
CreateDIBSection
StretchDIBits
CreateFontA
Rectangle
CreateSolidBrush
CreatePen
GetObjectW
SetDIBitsToDevice
GetDIBits
GetPixel
DeleteDC
DeleteObject
SetTextColor
SetBkColor
CreateBitmap
BitBlt
CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
SetBrushOrgEx
GetDeviceCaps

advapi32

CryptGenRandom
CryptReleaseContext
CryptAcquireContextA
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority
IsValidSid
LookupAccountNameA
RegQueryValueExW
RegOpenKeyW
RegOpenKeyExA
RegDeleteValueA
RegSetValueExA
RegCreateKeyA
RegDeleteKeyA
RegCloseKey
RegQueryValueExA
RegOpenKeyA
GetTokenInformation
OpenProcessToken

shell32

SHGetFolderPathW
SHGetPathFromIDListEx
CommandLineToArgvW
SHGetFolderPathA
ShellExecuteExW
ShellExecuteW

ole32

CoTaskMemFree
CoInitialize
CoUninitialize
CreateStreamOnHGlobal
CoInitializeEx
CoAllowSetForegroundWindow
CoCreateInstance

oleaut32

VariantInit
SysAllocString
SysFreeString
SysAllocStringLen
VariantClear

shlwapi

PathIsNetworkPathW
PathAppendA
PathFileExistsW

Sections

.text
Size: 766KB - Virtual size: 766KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 245KB - Virtual size: 245KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 17.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

83cf9ea17761c1d7ed54526d02149f3d

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

02:92:61:fa:48:6b:16:10:71:3a:4c:b9:ec:7e:6c:42Certificate

Extended Key Usages

Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

02:92:61:fa:48:6b:16:10:71:3a:4c:b9:ec:7e:6c:42Certificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

c2:fb:5f:9d:f8:4a:2f:7a:5b:f7:8f:f8:d9:52:92:7d:32:b5:32:ea:fb:c1:e7:f3:04:02:0a:84:3b:40:c0:76Signer

d8:19:96:42:57:49:f6:80:af:cc:26:aa:89:a7:a3:fd:d4:fc:2c:c4Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

uxtheme

dwmapi

winmm

msimg32

gdiplus

crypt32

oleacc

comctl32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

Sections

.text Size: 766KB - Virtual size: 766KB

.rdata Size: 245KB - Virtual size: 245KB

.data Size: 20KB - Virtual size: 17.0MB

.pdata Size: 36KB - Virtual size: 36KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 124KB - Virtual size: 123KB

.reloc Size: 7KB - Virtual size: 7KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

02:92:61:fa:48:6b:16:10:71:3a:4c:b9:ec:7e:6c:42
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

02:92:61:fa:48:6b:16:10:71:3a:4c:b9:ec:7e:6c:42
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

c2:fb:5f:9d:f8:4a:2f:7a:5b:f7:8f:f8:d9:52:92:7d:32:b5:32:ea:fb:c1:e7:f3:04:02:0a:84:3b:40:c0:76
Signer

d8:19:96:42:57:49:f6:80:af:cc:26:aa:89:a7:a3:fd:d4:fc:2c:c4
Signer

.text
Size: 766KB - Virtual size: 766KB

.rdata
Size: 245KB - Virtual size: 245KB

.data
Size: 20KB - Virtual size: 17.0MB

.pdata
Size: 36KB - Virtual size: 36KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 124KB - Virtual size: 123KB

.reloc
Size: 7KB - Virtual size: 7KB