cf78a3bb1b9513d9c31bde6e6e36860570cd7d192f1a862c8545ea2d2df11c38[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

cf78a3bb1b9513d9c31bde6e6e36860570cd7d192f1a862c8545ea2d2df11c38.exe
Size

27.1MB
MD5

f02aaaf0d308cf00b19cd2ee4f389ac5
SHA1

dd2fa4b5d4b10a33551ba682b5e9d1dddbe127c5
SHA256

cf78a3bb1b9513d9c31bde6e6e36860570cd7d192f1a862c8545ea2d2df11c38
SHA512

f974bca69fa1b01014c35d8889c08e6fa771cab03c12723414e99a4a7bbc392710e81a506ff36f114ca4154663bee0002f346dca3a9c40dc061ed2ea8a4a1e09
SSDEEP

393216:3x5vAtM900k3ClwrwsWE3RaKGYeq9cwFE0dMPx+vGMeO36we3FwQJwN2GEE3WyxB:bDAwDE7elaEtyG7O36we3F+N2x+pGaR

Score

1^/10

Malware Config

Signatures

Files

cf78a3bb1b9513d9c31bde6e6e36860570cd7d192f1a862c8545ea2d2df11c38.exe
.exe windows:4 windows x86 arch:x86

a0722f4d4407b49f848f72fd4df721d0

Code Sign

67:de:f4:3e:f1:7b:da:e2:4f:f5:94:06:06:d2:c0:84
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01/01/2004, 00:00

Not After

31/12/2028, 23:59

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

c7:4f:79:c7:83:93:eb:f2:28:58:e9:ad:39:14:56:7f
Certificate

Issuer

CN=COMODO RSA Extended Validation Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/02/2021, 00:00

Not After

25/02/2024, 23:59

Subject

SERIALNUMBER=SC331902,CN=SimpleHelp Ltd,O=SimpleHelp Ltd,POSTALCODE=ML12 6HQ,STREET=Galavale,L=Broughton,ST=Scottish Borders,C=GB,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024742

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6d:d4:72:eb:02:ae:04:06:e3:dd:84:3f:5f:e1:45:e1
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/12/2014, 00:00

Not After

02/12/2029, 23:59

Subject

CN=COMODO RSA Extended Validation Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:48:90:3d:c2:8a:bc:a7:a1:19:4d:0c:1c:57:b8:29
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:41

Not After

08/05/2033, 07:41

Subject

CN=Globalsign TSA for MS Authenticode Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

67:de:f4:3e:f1:7b:da:e2:4f:f5:94:06:06:d2:c0:84
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01/01/2004, 00:00

Not After

31/12/2028, 23:59

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

c7:4f:79:c7:83:93:eb:f2:28:58:e9:ad:39:14:56:7f
Certificate

Issuer

CN=COMODO RSA Extended Validation Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/02/2021, 00:00

Not After

25/02/2024, 23:59

Subject

SERIALNUMBER=SC331902,CN=SimpleHelp Ltd,O=SimpleHelp Ltd,POSTALCODE=ML12 6HQ,STREET=Galavale,L=Broughton,ST=Scottish Borders,C=GB,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024742

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6d:d4:72:eb:02:ae:04:06:e3:dd:84:3f:5f:e1:45:e1
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/12/2014, 00:00

Not After

02/12/2029, 23:59

Subject

CN=COMODO RSA Extended Validation Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:48:90:3d:c2:8a:bc:a7:a1:19:4d:0c:1c:57:b8:29
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:41

Not After

08/05/2033, 07:41

Subject

CN=Globalsign TSA for MS Authenticode Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6b:67:2d:6c:4d:9a:60:ce:c3:c1:62:db:8d:6b:64:a8:e9:0f:cf:10:9f:01:21:84:d2:be:30:cf:e6:a9:2c:0e
Signer

Actual PE Digest

6b:67:2d:6c:4d:9a:60:ce:c3:c1:62:db:8d:6b:64:a8:e9:0f:cf:10:9f:01:21:84:d2:be:30:cf:e6:a9:2c:0e

Digest Algorithm

sha256

PE Digest Matches

true

d4:61:10:f1:0c:e0:27:49:34:fd:13:c2:75:fa:b8:0d:53:e5:cc:02
Signer

Actual PE Digest

d4:61:10:f1:0c:e0:27:49:34:fd:13:c2:75:fa:b8:0d:53:e5:cc:02

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

timeGetTime

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

comctl32

InitCommonControlsEx

wininet

HttpSendRequestA
InternetErrorDlg
InternetOpenA
InternetSetOptionA
InternetReadFile
InternetCrackUrlA
InternetConnectA
InternetOpenUrlA
HttpQueryInfoA
InternetCloseHandle
InternetQueryOptionA
HttpOpenRequestA

winhttp

WinHttpGetIEProxyConfigForCurrentUser
WinHttpCloseHandle
WinHttpOpen
WinHttpGetProxyForUrl

kernel32

GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
MoveFileExA
FreeLibrary
GetCurrentProcess
Sleep
GetProcAddress
LoadLibraryA
GetModuleHandleA
GetVersion
GetTempPathA
WaitForSingleObject
SetEvent
TerminateThread
CreateEventA
GetLastError
CloseHandle
CreateMutexA
ReleaseMutex
CreateThread
SetEnvironmentVariableA
GlobalFree
DeleteFileA
InitializeCriticalSection
SetStdHandle
EnterCriticalSection
DeleteCriticalSection
GetExitCodeProcess
CreateProcessA
GetCurrentDirectoryA
lstrlenA
FormatMessageA
GetShortPathNameA
SetCurrentDirectoryA
LocalAlloc
GetVersionExA
LocalFree
FreeEnvironmentStringsA
SetFilePointer
HeapSize
ReadFile
RtlUnwind
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetStartupInfoA
GetFileType
SetHandleCount
GetOEMCP
GetACP
GetCPInfo
InterlockedDecrement
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
GetStdHandle
WriteFile
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEndOfFile
CompareStringA
CompareStringW
LeaveCriticalSection
InterlockedExchange
RaiseException
HeapFree
HeapAlloc
FileTimeToSystemTime
FileTimeToLocalFileTime
FindFirstFileA
FindNextFileA
FindClose
MoveFileA
ExitProcess
GetTimeFormatA
GetDateFormatA
GetDriveTypeA
GetFullPathNameA
GetTimeZoneInformation
GetSystemTimeAsFileTime
ExitThread
GetCurrentThreadId
MultiByteToWideChar
WideCharToMultiByte
GetFileAttributesA
CreateDirectoryA
RemoveDirectoryA
GetCommandLineA
GetProcessHeap
HeapReAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc

user32

SetTimer
GetWindowRect
KillTimer
SetWindowPos
GetDesktopWindow
DestroyWindow
GetMessageA
PostThreadMessageA
MonitorFromPoint
LoadIconA
SendMessageA
GetMonitorInfoA
TranslateMessage
SetWindowLongA
GetWindowLongA
CreateWindowExA
PeekMessageA
DefWindowProcA
GetCursorPos
ShowWindow
DispatchMessageA
SystemParametersInfoA
LoadCursorA
ValidateRect
RegisterClassA

advapi32

GetUserNameA
GetExplicitEntriesFromAclA
GetNamedSecurityInfoA
EqualSid
ConvertStringSidToSidA
SetNamedSecurityInfoA
SetEntriesInAclA

Sections

.text
Size: 220KB - Virtual size: 218KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a0722f4d4407b49f848f72fd4df721d0

Code Sign

67:de:f4:3e:f1:7b:da:e2:4f:f5:94:06:06:d2:c0:84Certificate

Key Usages

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51Certificate

Key Usages

c7:4f:79:c7:83:93:eb:f2:28:58:e9:ad:39:14:56:7fCertificate

Extended Key Usages

Key Usages

6d:d4:72:eb:02:ae:04:06:e3:dd:84:3f:5f:e1:45:e1Certificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

01:48:90:3d:c2:8a:bc:a7:a1:19:4d:0c:1c:57:b8:29Certificate

Extended Key Usages

Key Usages

67:de:f4:3e:f1:7b:da:e2:4f:f5:94:06:06:d2:c0:84Certificate

Key Usages

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51Certificate

Key Usages

c7:4f:79:c7:83:93:eb:f2:28:58:e9:ad:39:14:56:7fCertificate

Extended Key Usages

Key Usages

6d:d4:72:eb:02:ae:04:06:e3:dd:84:3f:5f:e1:45:e1Certificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

01:48:90:3d:c2:8a:bc:a7:a1:19:4d:0c:1c:57:b8:29Certificate

Extended Key Usages

Key Usages

6b:67:2d:6c:4d:9a:60:ce:c3:c1:62:db:8d:6b:64:a8:e9:0f:cf:10:9f:01:21:84:d2:be:30:cf:e6:a9:2c:0eSigner

d4:61:10:f1:0c:e0:27:49:34:fd:13:c2:75:fa:b8:0d:53:e5:cc:02Signer

Headers

File Characteristics

Imports

winmm

version

comctl32

wininet

winhttp

kernel32

user32

advapi32

Sections

.text Size: 220KB - Virtual size: 218KB

.rdata Size: 64KB - Virtual size: 61KB

.data Size: 8KB - Virtual size: 68KB

.rsrc Size: 44KB - Virtual size: 40KB

67:de:f4:3e:f1:7b:da:e2:4f:f5:94:06:06:d2:c0:84
Certificate

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

c7:4f:79:c7:83:93:eb:f2:28:58:e9:ad:39:14:56:7f
Certificate

6d:d4:72:eb:02:ae:04:06:e3:dd:84:3f:5f:e1:45:e1
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

01:48:90:3d:c2:8a:bc:a7:a1:19:4d:0c:1c:57:b8:29
Certificate

67:de:f4:3e:f1:7b:da:e2:4f:f5:94:06:06:d2:c0:84
Certificate

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

c7:4f:79:c7:83:93:eb:f2:28:58:e9:ad:39:14:56:7f
Certificate

6d:d4:72:eb:02:ae:04:06:e3:dd:84:3f:5f:e1:45:e1
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

01:48:90:3d:c2:8a:bc:a7:a1:19:4d:0c:1c:57:b8:29
Certificate

6b:67:2d:6c:4d:9a:60:ce:c3:c1:62:db:8d:6b:64:a8:e9:0f:cf:10:9f:01:21:84:d2:be:30:cf:e6:a9:2c:0e
Signer

d4:61:10:f1:0c:e0:27:49:34:fd:13:c2:75:fa:b8:0d:53:e5:cc:02
Signer

.text
Size: 220KB - Virtual size: 218KB

.rdata
Size: 64KB - Virtual size: 61KB

.data
Size: 8KB - Virtual size: 68KB

.rsrc
Size: 44KB - Virtual size: 40KB