2385459baa197502dd1edb4f709dfa9c5aae1e927fa255cb419b21de2e63a973[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

2385459baa197502dd1edb4f709dfa9c5aae1e927fa255cb419b21de2e63a973.exe
Size

247KB
MD5

150356809844d31fda2d2032aa319bc7
SHA1

9bef22530720ad3f23913b116a0651606d2fd912
SHA256

2385459baa197502dd1edb4f709dfa9c5aae1e927fa255cb419b21de2e63a973
SHA512

a0a8ed5456b431c2198cf824b2416fd2756b94d46df8c1f68d8dad3d82c7ffaae9dab73ec874d3b6af15631eecc721b21b81cda2f97d6c463196499a974360e6
SSDEEP

3072:CYIwWKGhzwSJ+WND61AgR5WWvdLYUeBY94ri2AxT1:CYIwWKGhzt4s8AGWed/p2q

Score

1^/10

Malware Config

Signatures

Files

2385459baa197502dd1edb4f709dfa9c5aae1e927fa255cb419b21de2e63a973.exe
.exe windows:4 windows x86 arch:x86

ae3ed54db4ec236c6afd5780f4278b16

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b6:4e:3f:40:1d:31:4f:6f:74:ea:d1:01:9f:15:d2:6a
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

18/04/2023, 00:00

Not After

17/04/2024, 23:59

Subject

CN=VISION HINET,O=VISION HINET,ST=Gyeonggi-do,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfcager

ord113
ord410
ord411
ord111
ord114
ord108

axgear

ord59
ord33
ord32
ord181
ord19
ord45
ord48
ord58
ord61
ord75

adbapi

ord2
ord101
ord115
ord102
ord116
ord113
ord104
ord3
ord4
ord118
ord110
ord117

adbtwl

ord160

adbwnfg

ord1100
ord172
ord1155
ord1160
ord590
ord120
ord1131
ord210
ord540
ord550
ord605
ord520
ord525
ord1125
ord1190
ord192
ord565
ord110
ord100
ord450

adbwnfi

ord105
ord540
ord1103
ord1100
ord840
ord615
ord141
ord107
ord617
ord1000
ord1242
ord1240
ord100
ord101
ord650
ord215
ord1190
ord109
ord250
ord1035
ord555
ord245
ord570
ord1422
ord1420
ord1362
ord645
ord965
ord967
ord1205
ord1200
ord190
ord1165
ord1105
ord1120
ord1110
ord640
ord400
ord530
ord825
ord665
ord525
ord155
ord695
ord1360
ord680
ord865
ord870
ord875
ord740
ord195
ord655
ord201
ord830
ord415
ord420
ord1125
ord1115
ord690
ord693
ord161
ord230
ord1140
ord560
ord145

adbwnfs

ord805
ord750
ord105
ord111
ord1035
ord195
ord725
ord1010
ord1013
ord740

msvfw32

DrawDibClose

ufxtwl

ord67
ord170
ord52
ord311
ord312
ord302
ord51
ord451
ord300
ord172
ord55
ord140
ord57
ord2
ord68
ord131
ord50
ord3
ord100
ord56

ufxtools

ord1038
ord2136
ord201
ord202
ord1034
ord2160
ord1020
ord1021
ord1033
ord2058
ord1000
ord200
ord1004
ord2069
ord1002
ord2225
ord86
ord87
ord2290
ord502
ord1006
ord10
ord11
ord2291
ord12222
ord2223
ord2
ord2220
ord12221
ord2224
ord2201
ord2043
ord2046
ord517
ord511
ord516
ord80
ord515
ord2044
ord514
ord508
ord506
ord2060
ord2260
ord2040
ord510
ord500
ord501
ord505
ord518
ord2146
ord2144
ord2065
ord2147
ord2200
ord1007
ord1001

imm32

ImmReleaseContext
ImmGetConversionStatus
ImmGetContext
ImmSetConversionStatus

mfc42

ord2124
ord5277
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4425
ord3597
ord641
ord324
ord2414
ord4234
ord3092
ord4710
ord4853
ord5981
ord4224
ord6453
ord825
ord823
ord1168
ord3573
ord3626
ord3663
ord1641
ord2645
ord1783
ord1200
ord2652
ord6334
ord2938
ord1669
ord2379
ord6215
ord6880
ord2642
ord6199
ord2860
ord4299
ord4685
ord4681
ord1842
ord4242
ord2723
ord2390
ord3059
ord5100
ord5103
ord4303
ord3350
ord5012
ord5472
ord3403
ord2879
ord2878
ord4151
ord6055
ord4077
ord1776
ord5237
ord2649
ord1665
ord4436
ord2446
ord807
ord674
ord554
ord366
ord796
ord5282
ord5252
ord5910
ord6120
ord3481
ord2252
ord975
ord2494
ord2627
ord2626
ord6625
ord2117
ord3521
ord4457
ord6329
ord5852
ord2884
ord800
ord540
ord4413
ord6402
ord4083
ord6146
ord4317
ord5885
ord860
ord537
ord2863
ord4163
ord6232
ord6230
ord6148
ord2568
ord6268
ord6271
ord3225
ord3257
ord3912
ord2544
ord2543
ord2511
ord978
ord1731
ord5851
ord2883
ord2398
ord2418
ord6224
ord6226
ord2429
ord2250
ord4732
ord4541
ord5477
ord2259
ord5290
ord4836
ord4440
ord3391
ord4424
ord3720
ord794
ord527
ord5949
ord3916
ord2915
ord665
ord5442
ord3318
ord5186
ord354
ord5651
ord3127
ord3616
ord350
ord3126
ord3613
ord1576
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord561
ord815
ord4610
ord986
ord520
ord4159
ord5943
ord2725
ord4696
ord3058
ord3065
ord6336
ord2510
ord2542
ord5243
ord5740
ord5577
ord3172
ord5653
ord4420
ord4953
ord4858
ord2399
ord4387
ord3454
ord3198
ord6080
ord6175
ord4623
ord4426
ord4823
ord939
ord4160
ord4589
ord4588
ord4899
ord4370
ord4892
ord4340
ord4347
ord4889
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4963
ord4960
ord4108
ord6054
ord5240
ord5281
ord3748
ord1725
ord5260
ord2091
ord4432
ord4508
ord4533
ord2971
ord5759
ord6192
ord5756
ord6186
ord4330
ord6189
ord6172
ord5873
ord5789
ord5794
ord5678
ord5736
ord5579
ord5571
ord6061
ord5864
ord3596
ord640
ord2754
ord6194
ord6021
ord323
ord940
ord941
ord5572
ord858
ord3177
ord2515
ord355
ord1175
ord3571
ord1640
ord5785
ord2859
ord2864
ord4480
ord4456
ord6131
ord6216
ord3495
ord4614
ord4613
ord1945
ord4273
ord5076
ord4341
ord4349
ord4723
ord4890
ord4964
ord4961
ord1726
ord560
ord813
ord2535
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5280
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1775
ord4078
ord6052
ord2514
ord4998
ord4376
ord5265
ord4427
ord4615

msvcrt

_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
sprintf
__getmainargs
strtok
strcmp
strstr
_strupr
memcmp
_setmbcp
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
_controlfp
__p__fmode
_except_handler3
__set_app_type
strcat
__CxxFrameHandler
memset
strlen
memcpy
strncmp
strcpy
atol
_ftol

kernel32

LockResource
LoadResource
FindResourceA
WritePrivateProfileStringA
GetProcAddress
SizeofResource
GetModuleHandleA
GetStartupInfoA
MulDiv
GetPrivateProfileIntA
FreeResource
GlobalAlloc
GlobalLock
LoadLibraryA
GlobalUnlock
lstrlenA
lstrcpyA

user32

GetDC
ReleaseDC
LoadBitmapA
RedrawWindow
IsWindowVisible
DrawMenuBar
GetMenu
GetSubMenu
CheckMenuItem
GetClientRect
DrawTextA
GetSystemMetrics
InvalidateRect
PostMessageA
EnableWindow
SendMessageA
TabbedTextOutA
wsprintfA
GetWindowRect
SetWindowLongA
GetWindowThreadProcessId
WinHelpA
GetSysColor
GetDesktopWindow
GrayStringA

gdi32

DPtoLP
Escape
ExtTextOutA
TextOutA
BitBlt
RectVisible
PtVisible
LPtoDP
GetMapMode
GetBkColor
CreateCompatibleDC
CreateCompatibleBitmap
DeleteObject
GetDeviceCaps
CreateSolidBrush

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA

ole32

CreateStreamOnHGlobal

olepro32

ord251

msvcp60

??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ

adbwnft

ord215
ord235
ord231
ord225
ord221
ord171
ord125
ord121
ord115
ord111
ord101
ord105
ord211

adbwnfc

ord800
ord802
ord785

Sections

.text
Size: 152KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ae3ed54db4ec236c6afd5780f4278b16

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

b6:4e:3f:40:1d:31:4f:6f:74:ea:d1:01:9f:15:d2:6aCertificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

Signer

Headers

File Characteristics

Imports

mfcager

axgear

adbapi

adbtwl

adbwnfg

adbwnfi

adbwnfs

msvfw32

ufxtwl

ufxtools

imm32

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

ole32

olepro32

msvcp60

adbwnft

adbwnfc

Sections

.text Size: 152KB - Virtual size: 148KB

.rdata Size: 24KB - Virtual size: 22KB

.data Size: 4KB - Virtual size: 3KB

.rsrc Size: 52KB - Virtual size: 49KB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

b6:4e:3f:40:1d:31:4f:6f:74:ea:d1:01:9f:15:d2:6a
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

.text
Size: 152KB - Virtual size: 148KB

.rdata
Size: 24KB - Virtual size: 22KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 52KB - Virtual size: 49KB