RiseupVPN-win-latest[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

RiseupVPN-win-latest.exe
Size

57.8MB
MD5

f6ad9275ca66b9c1b8ec24810a440981
SHA1

afd953694139fb9bceb8e07c33dcae7c04d75317
SHA256

ddde44e1643e9580b6ee27ac4da366f0cc6d308ec055e484d12135480659f900
SHA512

12cb933173cded97f49bfba2483e6fcd0a0947d348a9311aed45708a520c2c6f1390ee3e7c258b14061c571430876f659ea63828b04382123a9542bf9a3241bf
SSDEEP

1572864:g5qTRwBjtZVTRt7sMyK0u6WvE+OPA2j4Yyd0:QqTRwtzVTRiMySXvZOPAB70

Score

1^/10

Malware Config

Signatures

Files

RiseupVPN-win-latest.exe
.exe windows:6 windows x86 arch:x86

4cbb54d5749a054fe5a199d7541a43a8

Code Sign

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:a3:6f:44:89:a3:10:9e:50:d9:ec:e5:d6:af:b2:cb
Certificate

Issuer

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

20/07/2022, 07:19

Not After

19/07/2025, 07:19

Subject

CN=LEAP Encryption Access Project,O=LEAP Encryption Access Project,ST=Washington,C=US,1.2.840.113549.1.9.1=#0c0f77696e646f7773406c6561702e7365

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:88:0f:22:2e:60:77:c2:23:8c:28:a5:36:54:37:05:a2:f7:f4:a1
Signer

Actual PE Digest

0d:88:0f:22:2e:60:77:c2:23:8c:28:a5:36:54:37:05:a2:f7:f4:a1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

imm32

ImmGetVirtualKey
ImmSetCandidateWindow
ImmSetCompositionWindow
ImmNotifyIME
ImmGetOpenStatus
ImmGetCompositionStringW
ImmAssociateContextEx
ImmAssociateContext
ImmReleaseContext
ImmGetContext
ImmGetDefaultIMEWnd

oleaut32

VariantCopy
VariantClear
SysAllocStringLen
SysAllocString
SafeArrayPutElement
SafeArrayCreateVector
SysFreeString

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

gdi32

GetTextFaceW
GetTextMetricsW
RemoveFontMemResourceEx
AddFontMemResourceEx
RemoveFontResourceExW
AddFontResourceExW
GetStockObject
GetFontData
EnumFontFamiliesExW
CreateFontIndirectW
GetObjectW
GetBitmapBits
SetPixelFormat
ChoosePixelFormat
ExtTextOutW
CreateDCW
CreateCompatibleBitmap
GetDeviceCaps
OffsetRgn
BitBlt
GdiFlush
CreateDIBSection
SelectObject
SelectClipRgn
GetRegionData
DeleteObject
SetWorldTransform
GetDIBits
SetTextAlign
SetTextColor
GetCharABCWidthsW
SetBkMode
GetCharABCWidthsI
GetTextExtentPoint32W
DeleteDC
CreateRectRgn
CreateCompatibleDC
CombineRgn
GetOutlineTextMetricsW
GetGlyphOutlineW
CreateBitmap
GetCharABCWidthsFloatW
SetGraphicsMode

uxtheme

CloseThemeData
ord47
GetThemeBackgroundRegion
IsThemeBackgroundPartiallyTransparent
GetThemeTransitionDuration
GetThemePropertyOrigin
OpenThemeData
GetThemePartSize
GetThemeBool
SetWindowTheme
IsThemeActive
IsAppThemed
GetCurrentThemeName
DrawThemeBackground
GetThemeSysFont
SetWindowThemeAttribute
DrawThemeTextEx
GetThemeEnumValue
GetThemeInt
GetThemeColor
GetThemeMargins

dwmapi

DwmDefWindowProc
DwmIsCompositionEnabled
DwmExtendFrameIntoClientArea
DwmEnableBlurBehindWindow

iphlpapi

ConvertInterfaceNameToLuidW
ConvertInterfaceLuidToNameW
ConvertInterfaceLuidToIndex
ConvertInterfaceIndexToLuid
GetAdaptersAddresses

crypt32

CertFreeCertificateChain
CertFreeCertificateContext
CertCreateCertificateContext
CertGetCertificateContextProperty
CertDuplicateCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CertGetCertificateChain

user32

IsTouchWindow
DestroyWindow
GetDC
ReleaseDC
GetSysColor
GetDesktopWindow
GetDoubleClickTime
IsWindow
MessageBeep
GetCaretBlinkTime
UpdateLayeredWindowIndirect
SendMessageW
AttachThreadInput
CreateWindowExW
GetUserObjectInformationW
GetProcessWindowStation
MessageBoxW
DrawIconEx
ChangeWindowMessageFilterEx
RealGetWindowClassW
GetWindowTextW
CloseTouchInputHandle
GetTouchInputInfo
GetAsyncKeyState
GetMessageExtraInfo
TrackMouseEvent
GetClipboardFormatNameW
GetCursorInfo
GetIconInfo
CreateIconIndirect
CreateCursor
LoadCursorW
GetCursor
SetCursorPos
EnumDisplayDevicesW
RegisterClassW
TrackPopupMenuEx
GetMenu
MapVirtualKeyW
ToUnicode
ToAscii
GetKeyboardState
GetKeyState
IsZoomed
PeekMessageW
FindWindowA
SetCaretPos
ShowCaret
HideCaret
DestroyCaret
CreateCaret
IsWindowEnabled
RegisterWindowMessageW
GetKeyboardLayout
RegisterClipboardFormatW
ChangeClipboardChain
SetClipboardViewer
IsHungAppWindow
LoadIconW
EnumDisplayMonitors
GetMonitorInfoW
MonitorFromWindow
SetMenuItemInfoW
GetMenuItemInfoW
TrackPopupMenu
RemoveMenu
ModifyMenuW
AppendMenuW
InsertMenuW
DestroyMenu
CreatePopupMenu
CreateMenu
DrawMenuBar
SetMenu
LoadImageW
GetSysColorBrush
ChildWindowFromPointEx
WindowFromPoint
GetCursorPos
GetClientRect
GetFocus
RegisterClassExW
GetClassInfoW
UnregisterClassW
GetKeyboardLayoutList
GetAncestor
MonitorFromPoint
DestroyIcon
DestroyCursor
GetWindow
SetParent
GetParent
SetWindowLongW
GetWindowLongW
ScreenToClient
ClientToScreen
SetCursor
AdjustWindowRectEx
GetWindowRect
SetWindowTextW
InvalidateRect
SetWindowRgn
GetUpdateRect
EndPaint
BeginPaint
SetForegroundWindow
GetForegroundWindow
EnableMenuItem
GetSystemMenu
ReleaseCapture
SetCapture
GetCapture
DefWindowProcW
UnregisterTouchWindow
RegisterTouchWindow
SetFocus
IsIconic
IsWindowVisible
SetWindowPlacement
IsChild
RemovePropW
GetPropW
SetPropW
CallWindowProcW
WindowFromDC
UnregisterDeviceNotification
RegisterDeviceNotificationW
CharNextExA
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
KillTimer
SetTimer
MsgWaitForMultipleObjectsEx
GetQueueStatus
DispatchMessageW
TranslateMessage
PostThreadMessageW
ShowWindow
UpdateLayeredWindow
SetLayeredWindowAttributes
FlashWindowEx
MoveWindow
SetWindowPos
GetWindowPlacement
SystemParametersInfoW
GetSystemMetrics
CharUpperW
SendMessageTimeoutW
GetWindowThreadProcessId
EnumWindows
PostMessageW

ws2_32

WSACleanup
WSASetLastError
send
recv
WSASocketW
WSASendTo
WSASend
WSARecvFrom
WSARecv
WSANtohs
WSANtohl
WSAIoctl
WSAHtonl
WSAConnect
WSAAccept
setsockopt
gethostname
WSAAsyncSelect
select
htonl
ntohl
WSAGetLastError
getaddrinfo
freeaddrinfo
getnameinfo
getsockopt
__WSAFDIsSet
bind
closesocket
getpeername
getsockname
htons
WSAStartup
listen

advapi32

RegEnumValueW
RegFlushKey
RegQueryInfoKeyW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
BuildTrusteeWithSidW
GetNamedSecurityInfoW
GetEffectiveRightsFromAclW
LookupAccountSidW
MapGenericMask
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
ReportEventW
DuplicateToken
CopySid
AccessCheck
SystemFunction036
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
GetFileSecurityW
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
CryptAcquireContextW
CryptReleaseContext
CryptGenRandom
RegNotifyChangeKeyValue
AddAccessAllowedAce
GetLengthSid
GetTokenInformation
InitializeAcl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
DeregisterEventSource
RegisterEventSourceW
RegEnumKeyExW

mpr

WNetGetUniversalNameA

netapi32

NetShareEnum
NetApiBufferFree

userenv

GetUserProfileDirectoryW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

kernel32

VerifyVersionInfoW
VerSetConditionMask
GetTempFileNameA
GetTempPathA
CreateMutexW
DecodePointer
EncodePointer
ReleaseMutex
RaiseException
TryEnterCriticalSection
QueueUserWorkItem
GetUserGeoID
GetGeoInfoW
FindNextChangeNotification
FindFirstFileExW
GetFileInformationByHandleEx
TzSpecificLocalTimeToSystemTime
MoveFileExW
CopyFileW
SetFilePointerEx
GetLogicalDrives
WriteFileEx
SleepEx
CancelIoEx
ReadFileEx
RegisterWaitForSingleObject
UnregisterWaitEx
LCMapStringW
CompareStringW
GetUserPreferredUILanguages
GetUserDefaultLCID
GetTimeFormatW
GetDateFormatW
GetTickCount64
QueryPerformanceFrequency
ResumeThread
TerminateThread
GetThreadPriority
SetThreadPriority
GetCurrentThread
CreateThread
SwitchToThread
GetProcessId
Sleep
WaitForSingleObjectEx
DuplicateHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetLocalTime
GetStartupInfoW
CompareStringEx
IsProcessorFeaturePresent
OutputDebugStringW
GetNativeSystemInfo
ReadConsoleW
ReadConsoleA
SetConsoleMode
GetConsoleMode
ConvertThreadToFiber
ConvertFiberToThread
QueryPerformanceCounter
CreateFiber
DeleteFiber
SwitchToFiber
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
GetModuleHandleExW
SystemTimeToFileTime
GetSystemTime
SetHandleInformation
CreateNamedPipeW
ConnectNamedPipe
GlobalFree
WaitNamedPipeW
DisconnectNamedPipe
CreateFileMappingW
VirtualProtect
GetTimeZoneInformation
ExitProcess
GetConsoleWindow
GetVolumeInformationW
GetUserDefaultLangID
GlobalSize
LoadLibraryA
GetLocaleInfoW
GlobalLock
GlobalUnlock
GlobalAlloc
CheckRemoteDebuggerPresent
ExpandEnvironmentStringsW
WTSGetActiveConsoleSessionId
lstrcmpW
GetExitCodeProcess
PeekNamedPipe
GetFullPathNameW
GetProcessHeap
HeapFree
HeapAlloc
GetOEMCP
GetACP
IsValidCodePage
CancelIo
GetOverlappedResult
GetVolumePathNameW
GetDiskFreeSpaceW
GetFileType
GetFileAttributesW
WaitForMultipleObjects
GetSystemInfo
VirtualFree
VirtualAlloc
CreateSemaphoreW
CreateEventW
ReleaseSemaphore
ResetEvent
SetEvent
InitializeCriticalSection
GetVersionExW
FileTimeToDosDateTime
GetSystemTimeAsFileTime
LoadLibraryW
LoadLibraryExW
GetModuleFileNameW
FreeLibrary
WideCharToMultiByte
MultiByteToWideChar
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetModuleHandleA
GetLogicalDriveStringsW
FindNextFileW
FindFirstFileW
FindFirstChangeNotificationW
FindCloseChangeNotification
FindClose
GetFileInformationByHandle
GetStdHandle
MoveFileW
GetModuleHandleW
GetSystemDirectoryW
GetTickCount
GetCurrentThreadId
GetStringTypeW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
CreateTimerQueue
SignalObjectAndWait
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
UnregisterWait
GetThreadTimes
FreeLibraryAndExitThread
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
RtlUnwind
ExitThread
SetStdHandle
SystemTimeToTzSpecificLocalTime
SetConsoleCtrlHandler
GetCommandLineA
GetConsoleCP
HeapReAlloc
IsValidLocale
EnumSystemLocalesW
GetFileSizeEx
SetEnvironmentVariableW
WriteConsoleW
GetCurrencyFormatW
GetCurrentProcessId
SetLastError
GetTempPathW
SetFileAttributesW
RemoveDirectoryW
DeleteFileW
CreateDirectoryW
GetCurrentDirectoryW
SetCurrentDirectoryW
UnmapViewOfFile
MapViewOfFile
FreeConsole
GetConsoleProcessList
GetCommandLineW
CloseHandle
CreateProcessW
LocalFree
FormatMessageW
GetFileAttributesExW
GetLongPathNameW
GetShortPathNameW
BeginUpdateResourceW
UpdateResourceW
EndUpdateResourceW
GetEnvironmentVariableW
OpenProcess
GetLogicalDriveStringsA
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetCurrentProcess
IsWow64Process
FindFirstVolumeW
FindNextVolumeW
FindVolumeClose
GetDiskFreeSpaceExA
GetDriveTypeA
GetDriveTypeW
GetVolumePathNamesForVolumeNameW
SetErrorMode
WaitForSingleObject
TerminateProcess
GetLastError
FileTimeToSystemTime
CreateFileW
FlushFileBuffers
LockFile
UnlockFile
WriteFile
DeviceIoControl
CompareFileTime
GetProcAddress
GetFileSize
ReadFile
SetEndOfFile
SetFilePointer
SetFileTime
OpenEventW
OpenFileMappingW
HeapSize

shell32

SHGetKnownFolderPath
CommandLineToArgvW
SHParseDisplayName
ord155
Shell_NotifyIconGetRect
Shell_NotifyIconW
SHBrowseForFolderW
SHGetKnownFolderIDList
SHGetPathFromIDListW
SHGetMalloc
SHCreateItemFromParsingName
SHCreateItemFromIDList
ShellExecuteW
ord727
SHGetStockIconInfo
SHGetFileInfoW
SHChangeNotify
SHGetFolderLocation
ShellExecuteExW
SHGetFolderPathW

ole32

ReleaseStgMedium
DoDragDrop
CoGetMalloc
OleFlushClipboard
OleGetClipboard
OleSetClipboard
CoInitializeEx
OleUninitialize
CoCreateGuid
StringFromGUID2
OleInitialize
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
CoTaskMemFree
CoCreateInstance
CoInitialize
CoUninitialize
OleIsCurrentClipboard

winmm

timeKillEvent
timeSetEvent

d3d9

D3DPERF_BeginEvent
D3DPERF_EndEvent
D3DPERF_SetMarker
D3DPERF_GetStatus
Direct3DCreate9

bcrypt

BCryptDeriveKeyPBKDF2
BCryptHashData
BCryptEncrypt
BCryptGenerateSymmetricKey
BCryptFinishHash
BCryptGenRandom
BCryptDestroyKey
BCryptCreateHash
BCryptOpenAlgorithmProvider
BCryptGetProperty
BCryptSetProperty
BCryptCloseAlgorithmProvider

Exports

Exports

??0PlatformMethods@angle@@QAE@XZ
??4PlatformMethods@angle@@QAEAAU01@$$QAU01@@Z
??4PlatformMethods@angle@@QAEAAU01@ABU01@@Z
_ANGLEGetDisplayPlatform@20
_ANGLEResetDisplayPlatform@4

Sections

.text
Size: 15.2MB - Virtual size: 15.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6.1MB - Virtual size: 6.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 278KB - Virtual size: 423KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qtmetad
Size: 512B - Virtual size: 239B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 13B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 304B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 594KB - Virtual size: 594KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4cbb54d5749a054fe5a199d7541a43a8

Code Sign

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39Certificate

Extended Key Usages

Key Usages

54:a3:6f:44:89:a3:10:9e:50:d9:ec:e5:d6:af:b2:cbCertificate

Extended Key Usages

Key Usages

0d:88:0f:22:2e:60:77:c2:23:8c:28:a5:36:54:37:05:a2:f7:f4:a1Signer

Headers

DLL Characteristics

File Characteristics

Imports

imm32

oleaut32

wtsapi32

gdi32

uxtheme

dwmapi

iphlpapi

crypt32

user32

ws2_32

advapi32

mpr

netapi32

userenv

version

kernel32

shell32

ole32

winmm

d3d9

bcrypt

Exports

Exports

Sections

.text Size: 15.2MB - Virtual size: 15.2MB

.rdata Size: 6.1MB - Virtual size: 6.1MB

.data Size: 278KB - Virtual size: 423KB

.qtmetad Size: 512B - Virtual size: 239B

.tls Size: 512B - Virtual size: 13B

.gfids Size: 3KB - Virtual size: 2KB

_RDATA Size: 512B - Virtual size: 304B

.rsrc Size: 31KB - Virtual size: 30KB

.reloc Size: 594KB - Virtual size: 594KB

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39
Certificate

54:a3:6f:44:89:a3:10:9e:50:d9:ec:e5:d6:af:b2:cb
Certificate

0d:88:0f:22:2e:60:77:c2:23:8c:28:a5:36:54:37:05:a2:f7:f4:a1
Signer

.text
Size: 15.2MB - Virtual size: 15.2MB

.rdata
Size: 6.1MB - Virtual size: 6.1MB

.data
Size: 278KB - Virtual size: 423KB

.qtmetad
Size: 512B - Virtual size: 239B

.tls
Size: 512B - Virtual size: 13B

.gfids
Size: 3KB - Virtual size: 2KB

_RDATA
Size: 512B - Virtual size: 304B

.rsrc
Size: 31KB - Virtual size: 30KB

.reloc
Size: 594KB - Virtual size: 594KB