7df402ad60d6aa217a76a9a9d9923af597b726025e892cb954293c9a5bfa2f84

Sharing

Copy URL Twitter E-mail

General

Target

7df402ad60d6aa217a76a9a9d9923af597b726025e892cb954293c9a5bfa2f84
Size

8.0MB
MD5

3bd4929c3a5f39694bef27d6deaece0a
SHA1

8a62366b37803183a98639bdd4cf5e5fc8ba7331
SHA256

7df402ad60d6aa217a76a9a9d9923af597b726025e892cb954293c9a5bfa2f84
SHA512

7f47a9a57be3d4702b58ef29e453d40d08c781453b07163b9ad25ceb6ae1adc06d6e8468f91044bbf27feded1555f275ca09915010884a4263be88c42071574a
SSDEEP

196608:Ku8wbRPD9D2I6JlTHd8hRjSi7Hf40PiG3UwXQTUPAFY/HG:dtPD9D2I6JlbcNUfwEY+

Score

1^/10

Malware Config

Signatures

Files

7df402ad60d6aa217a76a9a9d9923af597b726025e892cb954293c9a5bfa2f84
.exe windows:6 windows x86 arch:x86

d8357e1ed243b84c06ab3ab748e70bcc

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9c:29:bc:c8:1b:ad:6d:d8:e6:da:ea:08:47:92:e1:1e
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

30/11/2021, 00:00

Not After

29/11/2024, 23:59

Subject

CN=Beiley Software\, Inc.,O=Beiley Software\, Inc.,ST=Arizona,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

19:54:a4:37:62:f3:7d:cc:3b:c5:74:b4:1a:86:b6:b3:eb:e1:e3:7c
Signer

Actual PE Digest

19:54:a4:37:62:f3:7d:cc:3b:c5:74:b4:1a:86:b6:b3:eb:e1:e3:7c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Data\Code\fm32\WinRel\Fm.pdb

Imports

comctl32

ord14
ord15
ord13
ImageList_DragEnter
ImageList_BeginDrag
ImageList_Add
ImageList_Draw
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_EndDrag
ImageList_GetImageCount
InitCommonControlsEx
ImageList_Destroy
PropertySheetA
ImageList_ReplaceIcon
ImageList_Create
ord380

winmm

PlaySoundA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

wsock32

WSAGetLastError
WSAStartup
gethostbyname
gethostbyaddr
socket
setsockopt
send
recv
ioctlsocket
htons
connect
closesocket
WSACleanup

wininet

InternetWriteFile
InternetErrorDlg
HttpSendRequestExA
InternetCloseHandle
InternetConnectA
InternetReadFile
HttpEndRequestA
HttpQueryInfoA
InternetOpenA
HttpOpenRequestA
HttpSendRequestA
InternetSetOptionA
HttpAddRequestHeadersA

kernel32

LocalFree
GetFileSize
VerSetConditionMask
CreateMutexA
GetTickCount
VerifyVersionInfoW
CreateProcessA
lstrlenA
MultiByteToWideChar
FindClose
FindFirstFileA
FindNextFileA
FileTimeToLocalFileTime
GetFileTime
FileTimeToSystemTime
GetTimeFormatA
GetProfileStringA
lstrcpyA
LocalAlloc
GetFileAttributesA
_lopen
_lcreat
_lread
_lwrite
_lclose
GlobalFlags
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetErrorMode
lstrcmpA
CompareFileTime
SetFilePointer
LoadLibraryExA
SetConsoleCtrlHandler
GetModuleHandleExW
FreeLibraryAndExitThread
ResumeThread
ExitThread
CreateThread
SetLastError
RaiseException
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
FormatMessageA
RtlUnwind
FlushConsoleInputBuffer
GlobalMemoryStatus
GetFileType
GetStdHandle
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
UnhandledExceptionFilter
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
SetStdHandle
HeapSize
ExitProcess
GetACP
GetModuleHandleA
GetSystemTime
GetConsoleMode
ReadConsoleInputA
SetConsoleMode
HeapFree
HeapAlloc
HeapReAlloc
GetStringTypeW
CompareStringW
LCMapStringW
DecodePointer
GetFileAttributesExW
ReadConsoleW
GetConsoleCP
WaitForSingleObject
GetLastError
ExpandEnvironmentStringsA
IsBadReadPtr
GetTimeZoneInformation
WriteFile
ReadFile
GetProcessHeap
FindFirstFileExA
IsValidCodePage
GetOEMCP
GetDateFormatA
CopyFileA
GetLocaleInfoA
WritePrivateProfileStructA
GetPrivateProfileStructA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetWindowsDirectoryA
GetCurrentDirectoryA
SetCurrentDirectoryA
GetModuleFileNameA
WideCharToMultiByte
LoadLibraryA
GetProcAddress
FreeLibrary
GetLocalTime
GetCurrentThreadId
TerminateProcess
GetCPInfo
GetCurrentProcessId
GetCurrentProcess
SetUnhandledExceptionFilter
CloseHandle
CreateFileA
CreateDirectoryA
GetTempFileNameA
GetTempPathA
GlobalFree
GlobalAlloc
DeleteFileA
GlobalUnlock
GlobalLock
GlobalReAlloc
GetPrivateProfileSectionA
MulDiv
Sleep
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlushFileBuffers
SetFilePointerEx
CreateFileW
WriteConsoleW
SetEndOfFile
SetEnvironmentVariableA
EncodePointer

user32

SetWindowPos
EqualRect
CopyRect
ScrollWindow
GetMenuItemInfoA
InsertMenuItemA
SetScrollRange
SetScrollPos
GetSystemMenu
SetDlgItemInt
RegisterWindowMessageA
SetScrollInfo
DefWindowProcA
GetMenuItemID
LoadBitmapA
GetSysColorBrush
TabbedTextOutA
LoadImageA
DestroyIcon
GetScrollPos
TranslateMDISysAccel
DefMDIChildProcA
DefFrameProcA
IsDialogMessageA
LoadIconA
FindWindowA
IntersectRect
FillRect
RedrawWindow
EndPaint
BeginPaint
ModifyMenuA
DrawMenuBar
GetMenuStringA
GetMenu
TranslateAcceleratorA
LoadAcceleratorsA
IsWindowVisible
OpenIcon
RegisterClassA
GetMessageA
DrawEdge
InflateRect
GetUpdateRect
TrackMouseEvent
SetForegroundWindow
AppendMenuA
GetMenuItemCount
GetWindowPlacement
GetComboBoxInfo
InsertMenuA
CreateWindowExA
PostQuitMessage
LoadCursorA
GetCapture
PtInRect
RemovePropA
GetPropA
SetPropA
InvalidateRect
UpdateWindow
GetDlgCtrlID
CallWindowProcA
GetWindow
GetTopWindow
EnumChildWindows
GetClientRect
ValidateRect
CheckMenuItem
PeekMessageA
DispatchMessageA
TranslateMessage
GetCursorPos
SendDlgItemMessageA
IsZoomed
IsIconic
GetWindowLongA
GetSysColor
ClientToScreen
MapWindowPoints
GetMessagePos
SystemParametersInfoA
SetParent
GetMonitorInfoA
MonitorFromWindow
UnregisterClassA
SetWindowRgn
SetCursor
SetWindowTextA
TrackPopupMenu
DeleteMenu
GetSubMenu
EnableMenuItem
DestroyMenu
LoadMenuA
KillTimer
SetTimer
ReleaseCapture
SetCapture
GetKeyState
IsClipboardFormatAvailable
EmptyClipboard
GetClipboardData
SetClipboardData
CloseClipboard
OpenClipboard
CreateDialogParamA
DestroyWindow
MoveWindow
MapDialogRect
GetParent
GetDesktopWindow
SetWindowLongA
ScreenToClient
MessageBoxA
GetWindowRect
ReleaseDC
GetDC
GetSystemMetrics
EnableWindow
SetFocus
IsDlgButtonChecked
CheckDlgButton
GetDlgItemTextA
SetDlgItemTextA
GetDlgItem
EndDialog
DialogBoxParamA
ShowWindow
IsWindow
PostMessageA
SendMessageA
LoadStringA
GetProcessWindowStation
GetUserObjectInformationW
GetFocus
RegisterClipboardFormatA

gdi32

SelectObject
SetTextColor
SetTextAlign
MoveToEx
Arc
CreateSolidBrush
GetStockObject
Rectangle
SetBkMode
TextOutA
GetObjectA
DeleteDC
SetROP2
CreateDCA
SetBkColor
StartDocA
EndDoc
SetAbortProc
ExtTextOutA
SelectClipRgn
EndPage
ExtCreatePen
CreateBitmap
CreatePatternBrush
GetBkColor
GetTextColor
Ellipse
Pie
Polygon
GetCurrentObject
CreateCompatibleBitmap
CreateCompatibleDC
GetDIBits
PatBlt
StretchDIBits
CombineRgn
CreateRectRgnIndirect
SetRectRgn
LineTo
GetTextExtentPoint32A
CreateRectRgn
CreatePen
CreateFontIndirectA
GetTextMetricsA
GetDeviceCaps
StartPage
CreateFontA
DeleteObject

winspool.drv

OpenPrinterA
ClosePrinter
EnumPrintersA
DeviceCapabilitiesA
DocumentPropertiesA

comdlg32

PrintDlgA
GetSaveFileNameA
CommDlgExtendedError
ChooseColorA
ChooseFontA
GetOpenFileNameA

advapi32

ReportEventA
RegOpenKeyExA
RegQueryInfoKeyA
RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyExA
RegQueryValueExA
RegSetValueExA
GetUserNameA
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA
RegRestoreKeyA
DeregisterEventSource
RegisterEventSourceA
RegEnumValueA

shell32

SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
ShellExecuteExA
ShellExecuteA
SHGetSpecialFolderPathA
Shell_NotifyIconA

ole32

CoCreateInstance
CoTaskMemFree
CoInitializeEx
CoUninitialize

crypt32

CertGetNameStringW

wintrust

WTHelperGetProvCertFromChain
WTHelperGetProvSignerFromChain
WinVerifyTrust
WTHelperProvDataFromStateData

Sections

.text
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 274KB - Virtual size: 274KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 268B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4.1MB - Virtual size: 4.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 209KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d8357e1ed243b84c06ab3ab748e70bcc

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

9c:29:bc:c8:1b:ad:6d:d8:e6:da:ea:08:47:92:e1:1eCertificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

19:54:a4:37:62:f3:7d:cc:3b:c5:74:b4:1a:86:b6:b3:eb:e1:e3:7cSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

comctl32

winmm

version

wsock32

wininet

kernel32

user32

gdi32

winspool.drv

comdlg32

advapi32

shell32

ole32

crypt32

wintrust

Sections

.text Size: 3.4MB - Virtual size: 3.4MB

.rdata Size: 274KB - Virtual size: 274KB

.data Size: 19KB - Virtual size: 80KB

.tls Size: 512B - Virtual size: 9B

.gfids Size: 512B - Virtual size: 268B

_RDATA Size: 2KB - Virtual size: 2KB

.rsrc Size: 4.1MB - Virtual size: 4.1MB

.reloc Size: 209KB - Virtual size: 208KB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

9c:29:bc:c8:1b:ad:6d:d8:e6:da:ea:08:47:92:e1:1e
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

19:54:a4:37:62:f3:7d:cc:3b:c5:74:b4:1a:86:b6:b3:eb:e1:e3:7c
Signer

.text
Size: 3.4MB - Virtual size: 3.4MB

.rdata
Size: 274KB - Virtual size: 274KB

.data
Size: 19KB - Virtual size: 80KB

.tls
Size: 512B - Virtual size: 9B

.gfids
Size: 512B - Virtual size: 268B

_RDATA
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 4.1MB - Virtual size: 4.1MB

.reloc
Size: 209KB - Virtual size: 208KB