701d3db21920f78b8ed2eb6b4286f858277928f50d567c9c6594bd1971e9c07e

Target

701d3db21920f78b8ed2eb6b4286f858277928f50d567c9c6594bd1971e9c07e
Size

1.2MB
MD5

6bb55449f9ad55bb73f25877a1041e1f
SHA1

b303f1c9c4564551853cd08a770836aae5725cf2
SHA256

701d3db21920f78b8ed2eb6b4286f858277928f50d567c9c6594bd1971e9c07e
SHA512

b6e5393b39ca5f0fc2f5f4a0ed0e5aeb8207e228abb676f4f25a069289dd322cb17b38b0e83f9767a32f9e202fff2adb26d6c4f00660721d3b4b161c07f8e49c
SSDEEP

24576:nCM1zIIQedHu6nxFMHjM8lJ5bnAd+V/PTfnT:P1zVB1yI8lJ5bZxTnT

Score

1^/10

Malware Config

Signatures

Files

701d3db21920f78b8ed2eb6b4286f858277928f50d567c9c6594bd1971e9c07e
.exe windows:5 windows x86 arch:x86

a61f41c9eaa90bb5e3d5a206b2275e3c

Code Sign

5a:be:cd:6f:a0:9f:6f:63:bc:f2:f0:0b:40:a2:56:16
Certificate

Issuer

CN=UUURDGHU

Not Before

22-02-2019 13:04

Not After

31-12-2039 23:59

Subject

CN=UUURDGHU

Extended Key Usages

ExtKeyUsageCodeSigning

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31-12-2015 00:00

Not After

09-07-2019 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

de:0a:13:3f:ac:77:ce:04:94:8f:3e:87:16:43:8f:37:36:40:b6:76:49:26:0a:b9:c8:60:9e:5c:42:ac:30:8b
Signer

Actual PE Digest

de:0a:13:3f:ac:77:ce:04:94:8f:3e:87:16:43:8f:37:36:40:b6:76:49:26:0a:b9:c8:60:9e:5c:42:ac:30:8b

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalUnlock
Heap32ListNext
HeapAlloc
HeapCreate
HeapFree
HeapReAlloc
HeapSize
HeapValidate
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
IsDebuggerPresent
IsValidCodePage
LCMapStringA
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
LoadResource
LocalAlloc
LocalFree
LocalReAlloc
LocalSize
LockResource
MapViewOfFile
MultiByteToWideChar
OpenEventW
OpenMutexW
OpenSemaphoreA
OpenThread
OutputDebugStringA
QueryPerformanceCounter
RaiseException
ReadConsoleW
ReadFile
ReleaseMutex
ReplaceFileA
RtlUnwind
GlobalReAlloc
SetConsoleCtrlHandler
SetConsoleMode
SetConsoleOutputCP
SetConsoleTextAttribute
SetErrorMode
SetEvent
SetFilePointer
SetHandleCount
SetLastError
SetStdHandle
SetThreadLocale
SetUnhandledExceptionFilter
SetVolumeMountPointW
SizeofResource
Sleep
SystemTimeToFileTime
TerminateProcess
TerminateThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
UnmapViewOfFile
VerLanguageNameA
VirtualAlloc
VirtualFree
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteConsoleA
WriteConsoleW
WriteFile
WritePrivateProfileStringW
_lwrite
lstrcmpA
lstrcmpW
lstrlenA
lstrlenW
GlobalLock
GlobalHandle
GlobalFree
GlobalFlags
GlobalFindAtomW
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomW
GetVersionExW
GetVersionExA
GetUserDefaultUILanguage
GetTickCount
GetThreadPriority
GetThreadLocale
GetSystemTimeAsFileTime
GetSystemDefaultLCID
GetStringTypeW
GetStringTypeExW
GetStringTypeA
GetStdHandle
GetStartupInfoW
GetStartupInfoA
GetShortPathNameW
GetProcessHeaps
GetProcessHeap
GetProcAddress
GetOEMCP
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameW
GetModuleFileNameA
GetLocaleInfoW
GetLocaleInfoA
GetLocalTime
GetLastError
GetFileType
GetExitCodeThread
GetEnvironmentStringsW
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetConsoleScreenBufferInfo
GetConsoleOutputCP
GetConsoleMode
GetConsoleFontSize
GetConsoleCP
GetComputerNameW
GetCommandLineW
GetCPInfo
GetACP
FreeLibrary
FreeEnvironmentStringsW
FormatMessageW
FlushFileBuffers
FindResourceW
FindNextFileW
FindFirstFileW
FindClose
FileTimeToLocalFileTime
FileTimeToDosDateTime
ExitProcess
EnumResourceLanguagesW
EnterCriticalSection
DeleteCriticalSection
CreateThread
CreateMutexW
CreateMutexA
CreateFileW
CreateFileMappingW
CreateFileA
CreateEventW
ConvertDefaultLocale
SetComputerNameExA
CloseHandle

user32

LoadCursorFromFileA
GetClipboardData
InSendMessage
IsMenu
DestroyIcon
CharLowerW
GetMenuContextHelpId
VkKeyScanA
CountClipboardFormats
IsCharAlphaA
IsCharAlphaNumericA
GetProcessWindowStation
IsWindowUnicode
GetKeyboardLayout
VkKeyScanW
GetKBCodePage
GetClipboardOwner
GetAsyncKeyState
DestroyCursor
CloseClipboard
PaintDesktop
GetInputState
GetCursor
CharNextW
CloseDesktop
ReleaseCapture
EnumClipboardFormats
GetWindowContextHelpId
GetWindowTextLengthA
GetClipboardViewer
GetThreadDesktop
IsCharAlphaW
AnyPopup
CharUpperW
IsCharLowerW
IsClipboardFormatAvailable
GetQueueStatus
CloseWindow
GetDialogBaseUnits
OemKeyScan
CharNextA
LoadIconA
WindowFromDC
WinHelpW
ValidateRect
UnregisterDeviceNotification
UnregisterClassW
UnhookWindowsHookEx
UnhookWinEvent
TranslateMessage
TabbedTextOutW
SystemParametersInfoA
ShowWindow
SetWindowsHookExW
SetWindowTextW
SetWindowPos
SetWindowLongW
SetPropW
SetMessageQueue
SetMenuItemBitmaps
SetMenu
SetForegroundWindow
SetCursor
SendMessageW
SendMessageA
RemovePropW
ReleaseDC
RegisterWindowMessageW
RegisterClassW
PtInRect
PostThreadMessageA
PostQuitMessage
PostMessageW
PeekMessageW
NotifyWinEvent
MsgWaitForMultipleObjectsEx
ModifyMenuW
MessageBoxW
MessageBoxA
MapWindowPoints
LoadStringW
LoadMenuW
LoadIconW
LoadCursorW
LoadBitmapW
IsWindowVisible
IsWindowEnabled
IsWindow
IsIconic
GrayStringW
GetWindowThreadProcessId
GetWindowTextW
GetWindowRect
GetWindowPlacement
GetWindowLongW
GetWindow
GetTopWindow
GetSystemMetrics
GetSysColor
GetSubMenu
GetScrollPos
GetPropW
GetParent
GetMessageW
GetMessageTime
GetMessagePos
GetMessageExtraInfo
GetMenuState
GetMenuItemID
GetMenuItemCount
GetMenuCheckMarkDimensions
GetMenu
GetLastActivePopup
GetKeyState
GetForegroundWindow
GetFocus
GetDlgItem
GetDlgCtrlID
GetDC
GetCursorPos
GetClientRect
GetClassNameW
GetClassLongW
GetClassInfoW
GetClassInfoExW
GetCapture
GetActiveWindow
EnableWindow
EnableMenuItem
EmptyClipboard
DrawTextW
DrawTextExW
DispatchMessageW
DestroyWindow
DestroyMenu
DefWindowProcW
DefWindowProcA
DdeQueryConvInfo
CreateWindowExW
CreateDialogParamW
CopyRect
ClientToScreen
CheckMenuItem
CharToOemW
CharLowerA
CallWindowProcW
CallNextHookEx
AdjustWindowRectEx
GetSysColorBrush

gdi32

GetObjectType
GetColorSpace
AddFontResourceW
GetPolyFillMode
GetGraphicsMode
AbortPath
DeleteColorSpace
GetSystemPaletteUse
UnrealizeObject
StartDocW
GetDCPenColor
UpdateColors
CreatePatternBrush
StrokePath
CreateHalftonePalette
GdiFlush
GetBkColor
GetLayout
AbortDoc
GdiGetBatchLimit
FlattenPath
CreateSolidBrush
SwapBuffers
GetTextCharset
XLATEOBJ_cGetPalette
XFORMOBJ_iGetXform
CreateCompatibleDC
CopyMetaFileW
SetWindowExtEx
SetViewportOrgEx
SetViewportExtEx
SetTextColor
SetMapMode
SetBkColor
SelectObject
ScaleWindowExtEx
ScaleViewportExtEx
SaveDC
RestoreDC
RectVisible
PtVisible
OffsetViewportOrgEx
GetTextColor
GetStockObject
GetICMProfileW
GetDeviceCaps
GetClipBox
GetCharABCWidthsA
GdiStartDocEMF
GdiDllInitialize
ExtTextOutW
Escape
EngReleaseSemaphore
EngQueryLocalTime
EngLoadModule
DeleteObject
DeleteDC
DPtoLP
CreateBitmap
TextOutW

advapi32

RegSetValueExA
RegQueryValueW
RegQueryValueExW
RegQueryValueExA
RegOpenKeyW
RegOpenKeyExW
RegOpenKeyExA
RegEnumKeyW
RegDeleteKeyW
RegCreateKeyExW
RegCreateKeyExA
RegCloseKey
RegSetValueExW

shell32

ShellExecuteEx
ShellExecuteA
SHLoadNonloadedIconOverlayIdentifiers
SHIsFileAvailableOffline
SHInvokePrinterCommandW
SHInvokePrinterCommandA
SHGetSpecialFolderPathW
SHGetSpecialFolderPathA
SHGetDesktopFolder
SHGetDataFromIDListA
SHFormatDrive
SHFileOperationA
SHFileOperation
SHEmptyRecycleBinA
SHCreateDirectoryExA
SHBrowseForFolderA
SHBindToParent
ExtractIconW
DragQueryPoint
DragQueryFileAorW
DragQueryFileA
DoEnvironmentSubstW
CommandLineToArgvW

shlwapi

PathFindFileNameW
StrChrIW
StrChrW
StrCmpNIW
StrRChrIA
StrRChrW
PathFindExtensionW

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 106KB - Virtual size: 950KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

a61f41c9eaa90bb5e3d5a206b2275e3c

Code Sign

5a:be:cd:6f:a0:9f:6f:63:bc:f2:f0:0b:40:a2:56:16Certificate

Extended Key Usages

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77Certificate

Extended Key Usages

Key Usages

de:0a:13:3f:ac:77:ce:04:94:8f:3e:87:16:43:8f:37:36:40:b6:76:49:26:0a:b9:c8:60:9e:5c:42:ac:30:8bSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

shlwapi

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 12KB - Virtual size: 12KB

.data Size: 512B - Virtual size: 856B

.rsrc Size: 106KB - Virtual size: 950KB

5a:be:cd:6f:a0:9f:6f:63:bc:f2:f0:0b:40:a2:56:16
Certificate

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

de:0a:13:3f:ac:77:ce:04:94:8f:3e:87:16:43:8f:37:36:40:b6:76:49:26:0a:b9:c8:60:9e:5c:42:ac:30:8b
Signer

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 12KB - Virtual size: 12KB

.data
Size: 512B - Virtual size: 856B

.rsrc
Size: 106KB - Virtual size: 950KB