414bb1af4fbb618c4889d69144c7f66591c6e5294d0ab3b7ea8b774946977cf2

Target

414bb1af4fbb618c4889d69144c7f66591c6e5294d0ab3b7ea8b774946977cf2
Size

1.4MB
MD5

4c6f64715df65201b347a48ac66d3daa
SHA1

2c4ff72e0f17af6dad7146a2f9de06e1187e0b69
SHA256

414bb1af4fbb618c4889d69144c7f66591c6e5294d0ab3b7ea8b774946977cf2
SHA512

64b3b78a5a22eac66ad73954870e8beb620815735b6c3554c65965c913679d0d78fdc9d5403038101ed1f8a6934cff8377ade62985c839d3ff980a15d1392e6d
SSDEEP

24576:AcH4RyUdH474qoYqDDBfdcxVrGpw+yf2fJala9wth/j9O/1:jgh4sqoYiDge3o2xaASZMd

Score

1^/10

Malware Config

Signatures

Files

414bb1af4fbb618c4889d69144c7f66591c6e5294d0ab3b7ea8b774946977cf2
.exe windows:4 windows x86 arch:x86

c0b56bf400b50c017c67f5287c8df2b0

Code Sign

66:26:61:2e:58:58:dd:5f:be:05:a3:0c:cc:1e:e7:2d
Certificate

Issuer

CN=IIYGGNPS

Not Before

28-12-2018 12:31

Not After

31-12-2039 23:59

Subject

CN=IIYGGNPS

Extended Key Usages

ExtKeyUsageCodeSigning

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31-12-2015 00:00

Not After

09-07-2019 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

4b:64:e1:89:20:96:eb:59:f2:f4:15:80:31:ac:e5:70:00:ff:87:d9
Signer

Actual PE Digest

4b:64:e1:89:20:96:eb:59:f2:f4:15:80:31:ac:e5:70:00:ff:87:d9

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
GetLocalTime
SystemTimeToFileTime
GetCurrentProcessId
GetPrivateProfileIntW
GetCommandLineW
GetLastError
GetFileSize
WideCharToMultiByte
Sleep
GetTickCount
CopyFileW
MultiByteToWideChar
GetFileAttributesExW
FileTimeToLocalFileTime
FileTimeToSystemTime
GetTempPathW
TerminateProcess
GetCurrentProcess
GetProcessHeap
HeapFree
GetCurrentThreadId
FlushInstructionCache
lstrlenW
OutputDebugStringW
ExpandEnvironmentStringsW
WritePrivateProfileStringW
lstrcmpiW
RaiseException
InitializeCriticalSection
DeleteCriticalSection
InterlockedDecrement
InterlockedIncrement
OpenSemaphoreW
CreateSemaphoreW
WaitForSingleObject
LocalFree
CreateMutexW
ReleaseMutex
CreateThread
SetLastError
ReleaseSemaphore
InterlockedCompareExchange
GetLongPathNameW
GetFileTime
GetSystemTime
CreateDirectoryW
GetPrivateProfileStringW
CreateProcessW
SetErrorMode
SetUnhandledExceptionFilter
DeleteAtom
FindAtomW
AddAtomW
OpenThread
GetVersionExW
FormatMessageW
SetFilePointerEx
LocalFileTimeToFileTime
SetEnvironmentVariableA
GetFileSizeEx
CompareStringA
CreateFileA
ReadFile
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
GetLocaleInfoA
GetModuleHandleW
InterlockedExchange
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
LoadLibraryExW
GetModuleFileNameW
EnterCriticalSection
GetStringTypeW
GetStringTypeA
LCMapStringA
QueryPerformanceCounter
LoadLibraryW
GetStartupInfoA
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetTimeZoneInformation
LCMapStringW
HeapCreate
InitializeCriticalSectionAndSpinCount
GetModuleFileNameA
GetStdHandle
WriteFile
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
LeaveCriticalSection
GetProcAddress
GetCPInfo
RtlUnwind
GetStartupInfoW
GetFileAttributesW
CompareStringW
CreateFileW
GetSystemTimeAsFileTime
IsDebuggerPresent
UnhandledExceptionFilter
FreeLibrary
GetAtomNameW
HeapDestroy
HeapAlloc
HeapReAlloc
HeapSize
LoadLibraryA
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
DeviceIoControl
GetSystemDirectoryW
ExitProcess
GetVolumeNameForVolumeMountPointA
ReadDirectoryChangesW
Module32FirstW
EnumResourceLanguagesW
GetShortPathNameW
GetPrivateProfileSectionW
FreeEnvironmentStringsA
GetEnvironmentStrings
VirtualQuery
VirtualProtect
GetSystemInfo
GetModuleHandleA
GetCommandLineA
MulDiv
GetVersionExA
GlobalAlloc
lstrcpyW
GlobalFree
lstrcatW

user32

MessageBoxW
FindWindowW
IsWindow
SendMessageTimeoutW
GetWindowThreadProcessId
IsWindowVisible
DefWindowProcW
GetActiveWindow
UnregisterClassA
SetWindowLongW
GetWindowLongW
CallWindowProcW
SendMessageW
GetWindowTextW
PostQuitMessage
CreateWindowExW
LoadCursorW
GetClassInfoExW
RegisterClassExW
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
SetWindowTextW
SetTimer
EnumThreadWindows
DestroyWindow
CharNextW
GetAltTabInfoA
CreateIconIndirect
GetMenuItemID
GetWindowInfo
GetTitleBarInfo
GrayStringW
CharLowerA
EnumWindows
OpenWindowStationW
SetDeskWallpaper
GetGuiResources
CheckMenuRadioItem
SetWindowRgn
CallMsgFilterW
EnableWindow
ValidateRgn
RealGetWindowClassA
WINNLSGetEnableStatus
GetWindowRect
InvalidateRect
EndDialog
EnableMenuItem
GetMenu
DialogBoxParamW
LoadStringW
ReleaseDC
GetDC
SetCapture
GetWindowPlacement
IsIconic
IsZoomed
DrawMenuBar
DrawTextW
SetRect
FrameRect
FillRect
OffsetRect
InvertRect
IntersectRect
ReleaseCapture
UpdateWindow
PostMessageW
PtInRect
GetSubMenu
GetDesktopWindow
MoveWindow
GetForegroundWindow
ShowWindow
GetSystemMetrics
EndPaint
BeginPaint
WaitMessage
TranslateAcceleratorW
LoadAcceleratorsW
RegisterClassW
LoadIconW
MessageBoxA
LoadStringA
SetDlgItemTextW
GetDlgItem
WinHelpW
CheckDlgButton
IsDlgButtonChecked
CheckRadioButton
GetDlgItemTextW
UnionRect
LoadBitmapW
wsprintfW
GetClientRect
GetParent
CharUpperW
IsMenu
GetWindowContextHelpId
CharNextA
GetDialogBaseUnits
VkKeyScanA
CreatePopupMenu
IsClipboardFormatAvailable
GetMessagePos
CharLowerW
GetMessageExtraInfo
LoadCursorFromFileA
CloseDesktop
AnyPopup
OpenIcon
CreateMenu

gdi32

SetRectRgn
BRUSHOBJ_hGetColorTransform
CreateHalftonePalette
EngQueryLocalTime
GdiGetLocalBrush
GdiGetSpoolMessage
GdiReleaseDC
GdiGradientFill
CLIPOBJ_cEnumStart
CreateColorSpaceW
RestoreDC
ExtCreateRegion
ExtEscape
SetWinMetaFileBits
StrokeAndFillPath
PolyDraw
StartFormPage
EnumFontFamiliesA
DrawEscape
GetCharWidth32A
CreateScalableFontResourceW
EngAlphaBlend
SetMiterLimit
SetWindowExtEx
GetGlyphOutline
SetDCBrushColor
GdiConvertMetaFilePict
GetCurrentObject
GetPixel
CreateSolidBrush
GdiInitSpool
CancelDC
HT_Get8BPPMaskPalette
SetBkColor
GdiGetCharDimensions
PlayMetaFileRecord
GdiConvertBrush
CreateEnhMetaFileA
GetGlyphOutlineA
Polyline
EngQueryEMFInfo
FONTOBJ_pQueryGlyphAttrs
SaveDC
GetDeviceCaps
CreateFontIndirectW
Ellipse
GetTextExtentPoint32W
GdiFlush
ExcludeClipRect
CreateCompatibleBitmap
GetStockObject
GetBkMode
GetTextColor
SetBkMode
SetTextColor
SetPixel
MoveToEx
LineTo
CreateCompatibleDC
SelectObject
BitBlt
DeleteObject
DeleteDC
CloseFigure
DeleteEnhMetaFile
GetMapMode
CloseMetaFile
GetLayout
GetTextCharacterExtra
GetTextAlign
GetDCBrushColor

advapi32

RegQueryValueExA
RegQueryValueExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegOpenKeyExW
RegOpenKeyExA

shell32

SHGetSpecialFolderPathW
CommandLineToArgvW
SHGetFolderPathW
ShellExecuteW
SHLoadInProc
DoEnvironmentSubstA
ExtractAssociatedIconExA
SHFileOperationW

ole32

CoInitialize
CoUninitialize
CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance
CoTaskMemAlloc

shlwapi

SHSetValueW
PathFindFileNameW
PathAppendW
StrStrIW
PathRemoveFileSpecW
SHGetValueW
PathCombineW
PathFileExistsW
StrToIntW
StrCmpNIW
StrCmpNA
StrStrIA

comctl32

InitCommonControlsEx

imm32

ImmDisableIME

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 63KB - Virtual size: 683KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Resubmissions

Sharing

General

Malware Config

Signatures

Files

c0b56bf400b50c017c67f5287c8df2b0

Code Sign

66:26:61:2e:58:58:dd:5f:be:05:a3:0c:cc:1e:e7:2dCertificate

Extended Key Usages

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0bCertificate

Extended Key Usages

Key Usages

4b:64:e1:89:20:96:eb:59:f2:f4:15:80:31:ac:e5:70:00:ff:87:d9Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

shlwapi

comctl32

imm32

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 63KB - Virtual size: 683KB

66:26:61:2e:58:58:dd:5f:be:05:a3:0c:cc:1e:e7:2d
Certificate

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

4b:64:e1:89:20:96:eb:59:f2:f4:15:80:31:ac:e5:70:00:ff:87:d9
Signer

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 63KB - Virtual size: 683KB