78f2ca4029241bf8cc03bfd7be796b5eb50e3e958008925061bdc11f31980fc8

Sharing

Copy URL

Twitter E-mail

General

Target

78f2ca4029241bf8cc03bfd7be796b5eb50e3e958008925061bdc11f31980fc8
Size

37.2MB
MD5

bf505dfa2cd9662e04f9610ff6713647
SHA1

e2278c6c7185e687e77dbf54f589e2fb54c50d68
SHA256

78f2ca4029241bf8cc03bfd7be796b5eb50e3e958008925061bdc11f31980fc8
SHA512

b9a56b677dd1db4b3e42c899409201f28ac1efb8fa2bbea76de338caabbe4b2d274e1cde8fb8fb9728b189ed7c69dd4fb0f9ba05b67cae372023d6ea2d6b99e1
SSDEEP

786432:CC7Z7trD6Exl1aFjBFF3AD/87F7VpOe9V6E2Jpr2z:CCd7gEH1aVBf3cE7H9Vtiy

Score

1^/10

Malware Config

Signatures

Files

78f2ca4029241bf8cc03bfd7be796b5eb50e3e958008925061bdc11f31980fc8
.exe windows:6 windows x86 arch:x86

af1a91f59ea7bf37e25e1374cb9d7753

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d3:fd:d7:f7:cc:44:b1:58:f1:9a:87:90:77:fd:13:fe
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

22/09/2023, 00:00

Not After

21/09/2024, 23:59

Subject

CN=AXIALIS SA,O=AXIALIS SA,ST=Île-de-France,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3a:18:24:50:94:b2:e4:24:92:25:ee:b4:69:8f:37:8f:ee:4f:0f:ca:f5:56:17:ab:c9:9d:e4:93:8e:56:ae:e1
Signer

Actual PE Digest

3a:18:24:50:94:b2:e4:24:92:25:ee:b4:69:8f:37:8f:ee:4f:0f:ca:f5:56:17:ab:c9:9d:e4:93:8e:56:ae:e1

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoCreateGuid
CoUninitialize
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CLSIDFromProgID
CoInitialize
CoCreateInstance

kernel32

GetUserDefaultUILanguage
FileTimeToLocalFileTime
GetFileAttributesExW
GetFileSizeEx
GetFileTime
SystemTimeToTzSpecificLocalTime
SetErrorMode
GetCurrentDirectoryW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
ResetEvent
WaitForSingleObjectEx
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetLocaleInfoW
RtlUnwind
GetStdHandle
GetFileType
GetModuleHandleExW
WriteConsoleW
SetFilePointerEx
GetConsoleMode
ReadConsoleW
GetConsoleOutputCP
ExitProcess
GetCommandLineA
GetCommandLineW
HeapQueryInformation
GlobalFlags
FileTimeToSystemTime
LocalReAlloc
GlobalHandle
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSection
GlobalGetAtomNameW
GetPrivateProfileStringW
GetPrivateProfileIntW
lstrcmpA
GetVersionExW
GetCurrentThread
CreateEventW
SetEvent
LCMapStringW
SetStdHandle
DuplicateHandle
UnlockFile
GetSystemDefaultUILanguage
SetEndOfFile
LockFile
GetVolumeInformationW
GetFileSize
FlushFileBuffers
GetCurrentProcessId
CompareStringW
GlobalFindAtomW
GlobalAddAtomW
GlobalDeleteAtom
LoadLibraryA
GetSystemDirectoryW
GetCurrentThreadId
EncodePointer
FormatMessageW
LocalFree
GetModuleHandleA
InitializeCriticalSectionAndSpinCount
SetLastError
OutputDebugStringA
GetACP
HeapSize
HeapReAlloc
DecodePointer
GetUserDefaultLangID
WritePrivateProfileStringW
lstrcmpiW
DosDateTimeToFileTime
LoadLibraryExW
FreeResource
ResumeThread
SuspendThread
ExitThread
SetThreadPriority
CreateThread
GetCurrentProcess
Sleep
WaitForSingleObject
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
SetFileTime
LocalFileTimeToFileTime
SetThreadPreferredUILanguages
SetThreadUILanguage
VerifyVersionInfoW
GetModuleHandleW
GetModuleFileNameW
GetLastError
VerSetConditionMask
WideCharToMultiByte
MultiByteToWideChar
lstrlenW
lstrcatW
lstrcpyW
lstrcmpW
MulDiv
LoadLibraryW
GetProcAddress
FreeLibrary
CloseHandle
GetTempPathW
WriteFile
SetFilePointer
SetFileAttributesW
RemoveDirectoryW
ReadFile
GetFullPathNameW
GetFileAttributesW
GetDriveTypeW
GetDiskFreeSpaceW
FindNextFileW
FindFirstFileW
FindClose
OutputDebugStringW
DeleteFileW
CreateFileW
CreateDirectoryW
SetCurrentDirectoryW
LocalAlloc
GlobalFree
GlobalReAlloc
GlobalAlloc
GetProcessHeap
HeapFree
HeapAlloc
GlobalLock
GlobalUnlock
FindResourceW
SizeofResource
LockResource
LoadResource
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
RaiseException
GetStringTypeW
GetTimeZoneInformation

user32

GetScrollPos
RedrawWindow
ValidateRect
SetForegroundWindow
GetForegroundWindow
TrackPopupMenu
SetMenu
GetKeyState
IsIconic
IsWindowVisible
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
DestroyWindow
IsChild
IsMenu
IsWindow
CreateWindowExW
GetClassInfoExW
GetMessageTime
GetMessagePos
PeekMessageW
DispatchMessageW
RegisterWindowMessageW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
GetFocus
GetWindowDC
TabbedTextOutW
GrayStringW
DrawTextExW
UnhookWindowsHookEx
GetMenuItemCount
GetMenuItemID
GetSubMenu
SetRectEmpty
SendDlgItemMessageA
UnregisterClassW
SystemParametersInfoW
EnumWindows
FindWindowW
EnumChildWindows
TranslateAcceleratorW
CopyRect
ScreenToClient
MessageBeep
SetWindowTextW
SetActiveWindow
GetMenu
SetFocus
GetDlgCtrlID
SendDlgItemMessageW
EndDialog
DialogBoxParamW
SetWindowPlacement
GetWindowPlacement
SetWindowPos
ShowWindow
DefWindowProcW
PostMessageW
LoadStringW
LoadIconW
MessageBoxW
GetSystemMetrics
GetClassInfoW
RegisterClassW
FrameRect
CharNextW
MoveWindow
wsprintfW
GetDesktopWindow
IsRectEmpty
LoadCursorW
LoadBitmapW
GetParent
SetWindowLongW
GetWindowLongW
PtInRect
FillRect
DrawFocusRect
GetSysColor
ClientToScreen
SetCursor
AdjustWindowRectEx
MapWindowPoints
GetClassLongW
GetTopWindow
GetLastActivePopup
GetWindow
SetWindowsHookExW
CallNextHookEx
GetWindowRect
GetClientRect
GetWindowTextW
RemovePropW
WinHelpW
MonitorFromWindow
GetMonitorInfoW
GetClassNameW
GetPropW
SetPropW
InvalidateRect
EndPaint
BeginPaint
ReleaseDC
GetDC
UpdateWindow
DrawTextW
IsDialogMessageW
LoadMenuW
GetWindowThreadProcessId
CharUpperW
GetMessageW
TranslateMessage
GetActiveWindow
GetCursorPos
PostQuitMessage
ShowOwnedPopups
GetMenuItemInfoW
RealChildWindowFromPoint
GetSysColorBrush
ReuseDDElParam
UnpackDDElParam
IntersectRect
InsertMenuItemW
DestroyMenu
OffsetRect
CreatePopupMenu
IsWindowEnabled
EnableWindow
LoadAcceleratorsW
BringWindowToTop
GetNextDlgTabItem
InflateRect
KillTimer
SetTimer
ReleaseCapture
SetCapture
GetCapture
GetDlgItem
CallWindowProcW
SendMessageW
CreateDialogIndirectParamW
EqualRect

gdi32

StretchBlt
CreateDIBSection
CreateFontW
SetMapMode
StartDocW
EndDoc
StartPage
EndPage
CreatePatternBrush
Escape
GetClipBox
PtVisible
RectVisible
PatBlt
TextOutW
ExtTextOutW
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
OffsetViewportOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
GetStockObject
GetDeviceCaps
CreateDCW
GetObjectW
SetTextColor
SetBkMode
SetBkColor
SelectObject
SaveDC
RestoreDC
GetTextExtentPoint32W
GetPixel
DeleteObject
DeleteDC
CreateSolidBrush
CreateFontIndirectW
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
CreateBitmap

comdlg32

PrintDlgW

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

advapi32

RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegQueryValueW
RegEnumKeyW
RegQueryInfoKeyW
RegCloseKey
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegEnumValueW
RegEnumKeyExW

shell32

DragFinish
SHGetSpecialFolderLocation
ShellExecuteW
ShellExecuteExW
SHBrowseForFolderW
SHChangeNotify
SHGetPathFromIDListW
DragQueryFileW

comctl32

CreatePropertySheetPageW
PropertySheetW
ord17

shlwapi

PathStripToRootW
PathFindExtensionW
PathFindFileNameW
PathIsUNCW

oleaut32

VariantChangeType
VariantInit
SysFreeString
VarUI4FromStr
VariantClear
SysAllocString

oleacc

LresultFromObject
CreateStdAccessibleObject

Sections

.text
Size: 417KB - Virtual size: 417KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 118KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36.7MB - Virtual size: 36.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

af1a91f59ea7bf37e25e1374cb9d7753

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

d3:fd:d7:f7:cc:44:b1:58:f1:9a:87:90:77:fd:13:feCertificate

Extended Key Usages

Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

3a:18:24:50:94:b2:e4:24:92:25:ee:b4:69:8f:37:8f:ee:4f:0f:ca:f5:56:17:ab:c9:9d:e4:93:8e:56:ae:e1Signer

Headers

DLL Characteristics

File Characteristics

Imports

ole32

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oleaut32

oleacc

Sections

.text Size: 417KB - Virtual size: 417KB

.rdata Size: 118KB - Virtual size: 117KB

.data Size: 13KB - Virtual size: 54KB

.rsrc Size: 36.7MB - Virtual size: 36.7MB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

d3:fd:d7:f7:cc:44:b1:58:f1:9a:87:90:77:fd:13:fe
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

3a:18:24:50:94:b2:e4:24:92:25:ee:b4:69:8f:37:8f:ee:4f:0f:ca:f5:56:17:ab:c9:9d:e4:93:8e:56:ae:e1
Signer

.text
Size: 417KB - Virtual size: 417KB

.rdata
Size: 118KB - Virtual size: 117KB

.data
Size: 13KB - Virtual size: 54KB

.rsrc
Size: 36.7MB - Virtual size: 36.7MB