Ausado_Fiscal_N°_539547852[.]tar

Sharing

Copy URL

Twitter E-mail

General

Target

Ausado_Fiscal_N°_539547852.tar
Size

804KB
MD5

190ac2d22e5c5374fa01e93313856ede
SHA1

7fa7aea5a19fdf2b698e2f80a2b8cf33b2329bce
SHA256

54c06f73257dcc2bbc4a3f45a024cedf51f1f06b2893237377bef66c16f4e56f
SHA512

ae4cc44a83462247cc80c181dfeb9f0927537e7b03003b921c2ba232b5f2e40700408d07fee19764c0bcd97bc246c19396bcef4f943617998433710e57da9f72
SSDEEP

24576:NlvWix+eB9L7BuQvT9oh7Utn6vIa20calSb6N/m:Nlt+eB9Lxv5oh7Utn6v920GZ

Score

1^/10

Malware Config

Signatures

Files

Ausado_Fiscal_N°_539547852.tar
.rar

Password: 2023
Ausado_Fiscal_N°_539547852..exe
.exe windows:5 windows x86 arch:x86

Password: 2023

2da9251dfa0d83c4d9d7bd8ddfa3fbb5

Code Sign

04:5b:d7:bd:e9:5f:97:12
Certificate

Issuer

CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

09-10-2020 11:32

Not After

09-10-2021 11:32

Subject

CN=JetBrains s.r.o.,O=JetBrains s.r.o.,L=Praha 4,C=CZ

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

07
Certificate

Issuer

CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

03-05-2011 07:00

Not After

03-05-2031 07:00

Subject

CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13-04-2011 10:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24-05-2016 00:00

Not After

24-06-2027 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:5b:d7:bd:e9:5f:97:12
Certificate

Issuer

CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

09-10-2020 11:32

Not After

09-10-2021 11:32

Subject

CN=JetBrains s.r.o.,O=JetBrains s.r.o.,L=Praha 4,C=CZ

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

07
Certificate

Issuer

CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

03-05-2011 07:00

Not After

03-05-2031 07:00

Subject

CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13-04-2011 10:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24-05-2016 00:00

Not After

24-06-2027 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7f:45:87:16:c3:56:c1:b3:09:bc:db:9c:d1:75:5d:e9:ec:41:8a:d0:75:20:6f:34:62:1f:25:a1:99:1c:3a:83
Signer

Actual PE Digest

7f:45:87:16:c3:56:c1:b3:09:bc:db:9c:d1:75:5d:e9:ec:41:8a:d0:75:20:6f:34:62:1f:25:a1:99:1c:3a:83

Digest Algorithm

sha256

PE Digest Matches

false

da:9a:e8:33:e9:a7:12:9e:45:b3:d2:9b:da:d2:28:5f:ab:48:2e:15
Signer

Actual PE Digest

da:9a:e8:33:e9:a7:12:9e:45:b3:d2:9b:da:d2:28:5f:ab:48:2e:15

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\vmagent_new\bin\joblist\796026\out\Release\PromoUtil.pdb

Imports

kernel32

OpenMutexW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
TerminateProcess
LocalAlloc
CreateProcessW
GetBinaryTypeW
GetModuleHandleA
CreateEventA
FlushInstructionCache
RaiseException
GetSystemTimeAsFileTime
InterlockedIncrement
GetTempPathW
GetTempFileNameW
CreateDirectoryW
ReleaseSemaphore
CreateSemaphoreW
FileTimeToSystemTime
CompareFileTime
MulDiv
CopyFileW
lstrlenA
lstrcmpiA
GetPrivateProfileSectionNamesW
GetPrivateProfileSectionW
FreeConsole
GlobalFree
GetTimeZoneInformation
FileTimeToLocalFileTime
SetCurrentDirectoryW
GlobalAlloc
GlobalLock
GlobalUnlock
GetCommandLineW
DeleteFileA
GetStartupInfoW
QueryPerformanceCounter
GetComputerNameExW
SetErrorMode
lstrcmpW
lstrcmpA
GetFileAttributesW
SetWaitableTimer
OpenEventA
CompareStringW
CompareStringA
GetLocaleInfoW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
InitializeCriticalSectionAndSpinCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeA
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetConsoleMode
GetConsoleCP
GetStartupInfoA
GetFileType
SetHandleCount
GetModuleFileNameA
GetStdHandle
HeapCreate
IsValidCodePage
GetOEMCP
GetACP
ExitProcess
GetStringTypeW
LCMapStringW
LCMapStringA
RtlUnwind
GetCPInfo
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
ExitThread
TlsFree
TlsAlloc
HeapWalk
HeapLock
OpenThread
HeapUnlock
TlsSetValue
OutputDebugStringW
TlsGetValue
GetFileSizeEx
SetFilePointerEx
LocalFileTimeToFileTime
CreateFileA
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapSize
HeapReAlloc
HeapDestroy
SetEndOfFile
FlushFileBuffers
SetFilePointer
WriteFile
SetEnvironmentVariableA
GetCurrentThreadId
FreeResource
GetFileAttributesExW
lstrcmpiW
GetSystemInfo
DeleteFileW
SystemTimeToFileTime
GetSystemDirectoryW
GetSystemWindowsDirectoryW
ReadFile
GetFileSize
GetPrivateProfileIntW
WritePrivateProfileStringW
CloseHandle
GetModuleFileNameW
GetWindowsDirectoryW
GetVersionExW
GetPrivateProfileStringW
CreateThread
ResetEvent
CreateFileW
GetShortPathNameW
OpenProcess
InterlockedDecrement
GetSystemPowerStatus
HeapFree
GetProcessHeap
HeapAlloc
WideCharToMultiByte
GetCurrentProcess
lstrlenW
SetLastError
ProcessIdToSessionId
LoadLibraryA
GetUserDefaultUILanguage
LoadLibraryExW
GetModuleHandleW
MultiByteToWideChar
ReleaseMutex
CreateMutexW
GetCurrentProcessId
IsValidLocale
DeviceIoControl
InterlockedExchange
FindClose
FindNextFileW
FindFirstFileW
ResumeThread
SetEvent
CreateEventW
LoadLibraryW
GetProcAddress
InterlockedCompareExchange
Sleep
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
FreeLibrary
DeleteCriticalSection
GetTickCount
LocalFree
GetLastError
GetVersion
WaitForMultipleObjects
WaitForSingleObject
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
CreateWaitableTimerA

user32

SetWindowLongW
IsWindowVisible
GetWindowThreadProcessId
GetSystemMetrics
UnregisterClassA
LoadStringW
PostMessageW
IsWindow
GetLastInputInfo
GetCursorPos
RedrawWindow
ClientToScreen
MoveWindow
LoadImageW
PostQuitMessage
CharNextW
PeekMessageW
DestroyAcceleratorTable
InvalidateRgn
FillRect
CreateAcceleratorTableW
GetSysColor
GetClassNameW
GetDlgItem
GetFocus
DefWindowProcW
CallWindowProcW
KillTimer
DestroyWindow
SetTimer
RegisterClassExW
GetClassInfoExW
LoadCursorW
CreateWindowExW
SetRectEmpty
IsRectEmpty
FindWindowW
SendMessageTimeoutW
GetWindowPlacement
ShowWindow
EnableWindow
GetParent
SendMessageW
SetWindowPos
SetFocus
RegisterWindowMessageW
GetDC
ReleaseDC
ScreenToClient
GetWindowRect
PtInRect
SetCapture
ReleaseCapture
GetMonitorInfoW
AllowSetForegroundWindow
GetForegroundWindow
AttachThreadInput
SetForegroundWindow
SetActiveWindow
GetKeyboardState
keybd_event
GetDesktopWindow
MonitorFromRect
SetWindowRgn
InvalidateRect
UpdateWindow
MessageBoxW
GetActiveWindow
GetClientRect
IsDialogMessageW
CopyRect
OffsetRect
MapWindowPoints
MonitorFromWindow
GetWindow
SetWindowTextW
GetMessageW
TranslateMessage
DispatchMessageW
DrawTextW
GetMessagePos
SetRect
UpdateLayeredWindow
SetCursor
GetWindowDC
GetClassLongW
SetClassLongW
IsChild
EndPaint
BeginPaint
GetWindowTextW
GetWindowTextLengthW
GetWindowLongW

gdi32

CreateFontW
CreateDIBSection
CreateRectRgnIndirect
CreateCompatibleDC
DeleteDC
GetTextExtentPoint32W
GetStockObject
GetObjectA
GetTextMetricsW
SelectObject
GetObjectW
GetDeviceCaps
SetViewportOrgEx
BitBlt
CreateCompatibleBitmap
GetPixel
CreateRectRgn
CombineRgn
DeleteObject
CreateSolidBrush

advapi32

ConvertSidToStringSidW
GetTokenInformation
LookupAccountSidW
OpenProcessToken
CryptAcquireContextW
CryptReleaseContext
RegDeleteValueW
RegCreateKeyExW
RegEnumKeyExW
RegEnumValueW
RegQueryValueExW
RegDeleteKeyW
RegSetValueExW
RegOpenKeyExW
RegCloseKey
RegOpenKeyW
GetSidSubAuthority
RegCreateKeyA
RegQueryInfoKeyW
CryptGenRandom
RegQueryValueExA
RegEnumKeyExA
RegOpenKeyExA

shell32

CommandLineToArgvW
ord680
ShellExecuteW
ord165
SHGetFolderPathW
SHGetSpecialFolderPathW

ole32

CLSIDFromString
CoGetClassObject
OleLockRunning
StringFromGUID2
OleUninitialize
OleInitialize
CoTaskMemAlloc
CoTaskMemRealloc
CreateStreamOnHGlobal
CLSIDFromProgID
CoUninitialize
CoCreateInstance
CoInitialize
CoTaskMemFree

oleaut32

VariantInit
VariantClear
SysAllocStringLen
LoadTypeLi
LoadRegTypeLi
SysStringLen
OleCreateFontIndirect
VarUI4FromStr
VarBstrCmp
SafeArrayUnlock
SafeArrayLock
SafeArrayDestroy
DispCallFunc
SafeArrayGetUBound
SafeArrayGetLBound
VariantCopy
SafeArrayCopy
SafeArrayGetVartype
SafeArrayPutElement
SafeArrayCreate
SysAllocString
SysFreeString

shlwapi

PathIsDirectoryW
PathRemoveFileSpecW
StrStrIW
PathFileExistsW
PathCombineW
SHGetValueW
PathAppendW
SHSetValueW
SHDeleteValueW
StrStrIA
PathUnquoteSpacesW
SHGetValueA
SHDeleteValueA
SHSetValueA
ord437
PathStripPathW
PathCompactPathW
ColorRGBToHLS
ColorHLSToRGB
PathFindExtensionA
wnsprintfW
PathFindFileNameW
PathFindExtensionW
StrCmpIW

comctl32

InitCommonControlsEx

gdiplus

GdipTranslateWorldTransform
GdipSetPathGradientGammaCorrection
GdipSetPathGradientCenterPoint
GdipAddPathLine2
GdipGetPathWorldBoundsI
GdipPrivateAddMemoryFont
GdipDrawImageRectRectI
GdipDrawLine
GdipAddPathLine
GdipAddPathArc
GdipSaveImageToFile
GdipDeletePrivateFontCollection
GdipNewPrivateFontCollection
GdipAddPathPie
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipSetInterpolationMode
GdipAddPathEllipseI
GdipGetPathGradientPointCount
GdipSetPathGradientSurroundColorsWithCount
GdipCreateBitmapFromFile
GdipCreateBitmapFromStream
GdipDrawImagePointRectI
GdipResetWorldTransform
GdipRotateWorldTransform
GdipSetPathGradientCenterColor
GdipCreatePathGradientFromPath
GdipCreateFromHWND
GdipDrawString
GdipGetFontHeight
GdipFillRectangle
GdipResetClip
GdipSetClipRectI
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipSetTextRenderingHint
GdipMeasureString
GdipCreateStringFormat
GdipDeleteFont
GdipCreateFont
GdipGetFontCollectionFamilyList
GdipCloneFontFamily
GdipDeleteFontFamily
GdipSetLinePresetBlend
GdipDrawLineI
GdipCreatePen2
GdipDrawRectangleI
GdipCreateLineBrushFromRect
GdipAddPathRectangleI
GdipGetPixelOffsetMode
GdipSetPenWidth
GdipDrawEllipseI
GdipSetPenDashStyle
GdipSetPenDashOffset
GdipAddPathLineI
GdipSetPixelOffsetMode
GdipDrawImageRectI
GdipGetImageGraphicsContext
GdipGetImagePixelFormat
GdipDisposeImage
GdipCloneImage
GdipCreateBitmapFromScan0
GdipBitmapSetPixel
GdipBitmapGetPixel
GdipGetImageHeight
GdipGetImageWidth
GdipDrawPath
GdipDeletePen
GdipCreatePen1
GdipFillPath
GdipCreateSolidFill
GdipSetSmoothingMode
GdipGetSmoothingMode
GdipDeletePath
GdipCreatePath
GdipFillRectangleI
GdipCloneBrush
GdipAlloc
GdipFree
GdipDeleteBrush
GdipCreateLineBrushFromRectI
GdipDeleteGraphics
GdipCreateFromHDC
GdipClosePathFigure
GdipAddPathArcI
GdipResetPath
GdipDeleteStringFormat

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

psapi

GetModuleFileNameExW

wininet

InternetOpenUrlW
InternetOpenW
InternetSetOptionW
InternetCloseHandle
HttpQueryInfoW
InternetReadFile
InternetCrackUrlA
InternetGetConnectedState
DeleteUrlCacheEntryW

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

userenv

GetUserProfileDirectoryW

dnsapi

DnsQuery_A
DnsFree

ws2_32

inet_ntoa
htons
htonl
ntohl
ntohs

imm32

ImmDisableIME

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 231KB - Virtual size: 232KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 509KB - Virtual size: 509KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: 2023

Password: 2023

2da9251dfa0d83c4d9d7bd8ddfa3fbb5

Code Sign

04:5b:d7:bd:e9:5f:97:12Certificate

Extended Key Usages

Key Usages

07Certificate

Key Usages

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14Certificate

Extended Key Usages

Key Usages

04:5b:d7:bd:e9:5f:97:12Certificate

Extended Key Usages

Key Usages

07Certificate

Key Usages

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14Certificate

Extended Key Usages

Key Usages

7f:45:87:16:c3:56:c1:b3:09:bc:db:9c:d1:75:5d:e9:ec:41:8a:d0:75:20:6f:34:62:1f:25:a1:99:1c:3a:83Signer

da:9a:e8:33:e9:a7:12:9e:45:b3:d2:9b:da:d2:28:5f:ab:48:2e:15Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

gdiplus

version

psapi

wininet

wtsapi32

userenv

dnsapi

ws2_32

imm32

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 231KB - Virtual size: 232KB

.data Size: 32KB - Virtual size: 60KB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 509KB - Virtual size: 509KB

04:5b:d7:bd:e9:5f:97:12
Certificate

07
Certificate

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

04:5b:d7:bd:e9:5f:97:12
Certificate

07
Certificate

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

7f:45:87:16:c3:56:c1:b3:09:bc:db:9c:d1:75:5d:e9:ec:41:8a:d0:75:20:6f:34:62:1f:25:a1:99:1c:3a:83
Signer

da:9a:e8:33:e9:a7:12:9e:45:b3:d2:9b:da:d2:28:5f:ab:48:2e:15
Signer

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 231KB - Virtual size: 232KB

.data
Size: 32KB - Virtual size: 60KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 509KB - Virtual size: 509KB