TotalBrowser Setup[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

TotalBrowser Setup.exe
Size

6.3MB
MD5

cc7e1a1cd6e8de860df0548b08c164d4
SHA1

1bca692240bcbcdcf2ea05d34f9f73ecdefe6409
SHA256

9a1626e0c55432f12d8d06f21ff5817f72b04e092e912e5e5b7fe5890e43374e
SHA512

c6847c02ee7b3943a39b897e11b05cbf262ee2a5b11bd87f4a31c78d18e74e82bf4b9f1540072b1fa4a3345c82e8aee3f93cabf144f1c59c5925b35a25ffd879
SSDEEP

98304:zUHPHQZAQCxVPGR5tXSwQo/BjYdi9Pr/AIASUWpNMl/qrqN6n3Iuv:zUvHcE+R/2iYdi9j4IzzrqN1uv

Score

1^/10

Malware Config

Signatures

Files

TotalBrowser Setup.exe
.exe windows:6 windows x86 arch:x86

c45629b00661903c500a095a6233c97d

Code Sign

76:53:fe:ac:75:46:48:93:f5:e5:d7:4a:48:3a:4e:f8
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

18/03/2020, 00:00

Not After

18/03/2045, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:1f:6d:0e:f9:a9:2c:98:57:59:be:ee
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

19/05/2022, 07:34

Not After

19/05/2025, 07:34

Subject

SERIALNUMBER=10161957,CN=Protected.net Group Limited,O=Protected.net Group Limited,STREET=Larch House\, Parklands Business Park,L=Denmead,ST=Hampshire,C=GB,1.3.6.1.4.1.311.60.2.1.3=#13024742,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6a
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:45

Not After

08/05/2033, 07:45

Subject

CN=Globalsign TSA for CodeSign1 - R6,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

e2:48:19:b4:9c:8a:53:6a:f9:54:d5:92:46:76:1a:33:ad:39:02:c9:6a:2f:9f:56:fe:33:17:05:fb:e4:e5:1e
Signer

Actual PE Digest

e2:48:19:b4:9c:8a:53:6a:f9:54:d5:92:46:76:1a:33:ad:39:02:c9:6a:2f:9f:56:fe:33:17:05:fb:e4:e5:1e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSAIoctl
listen
WSASocketW
bind
WSASendTo
getpeername
getsockname
FreeAddrInfoW
GetAddrInfoW
getaddrinfo
freeaddrinfo
socket
connect
WSARecv
WSARecvFrom
ioctlsocket
closesocket
getsockopt
setsockopt
htons
WSASetLastError
WSAStartup
select
ntohl
WSASend
ntohs
shutdown
WSAGetLastError
htonl

wininet

InternetCloseHandle
HttpSendRequestA
InternetConnectA
InternetReadFile
InternetOpenA
InternetSetOptionW
HttpQueryInfoW
InternetQueryOptionW
HttpQueryInfoA
HttpOpenRequestA
InternetErrorDlg

kernel32

InitializeSRWLock
TlsSetValue
EnterCriticalSection
ReleaseSemaphore
TryAcquireSRWLockExclusive
WakeAllConditionVariable
WakeConditionVariable
LeaveCriticalSection
InitializeCriticalSection
InitializeConditionVariable
ResumeThread
DuplicateHandle
CreateEventW
ReleaseSRWLockExclusive
SetEvent
GetCurrentThread
AcquireSRWLockExclusive
TlsAlloc
DeleteCriticalSection
CreateSemaphoreW
TlsGetValue
TlsFree
MulDiv
HeapFree
GetLocaleInfoW
GlobalSize
HeapAlloc
GetProcAddress
GlobalLock
GetProcessHeap
GlobalUnlock
LoadLibraryExW
GetTempPathA
GetTempFileNameA
FindFirstFileW
FindNextFileW
FindClose
WideCharToMultiByte
CompareStringW
GetSystemDefaultLCID
GetFullPathNameW
GetUserDefaultLCID
QueryPerformanceFrequency
GetNumberFormatW
GetCurrencyFormatW
GetTimeFormatW
VerSetConditionMask
GetComputerNameW
VerifyVersionInfoW
QueryPerformanceCounter
GetDateFormatW
FileTimeToSystemTime
SystemTimeToFileTime
GetSystemTime
GetCurrentThreadId
Sleep
FreeLibrary
SetLastError
SetEnvironmentVariableW
GetConsoleTitleW
GetEnvironmentVariableW
GetTempPathW
GetVersionExW
FreeEnvironmentStringsW
GetSystemInfo
GetCurrentDirectoryW
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
OutputDebugStringW
FormatMessageA
DebugBreak
lstrlenW
LocalAlloc
FormatMessageW
GlobalAlloc
GlobalFree
SleepConditionVariableCS
GetModuleHandleW
GetCPInfo
ExitProcess
GetFileAttributesW
SizeofResource
SetEndOfFile
CreateFileW
UnmapViewOfFile
FlushViewOfFile
GetFileSize
CreateFileMappingW
MapViewOfFile
IsWow64Process2
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
GetModuleHandleA
LoadLibraryA
SetHandleInformation
SetFileCompletionNotificationModes
CancelIo
RegisterWaitForSingleObject
UnregisterWait
CancelIoEx
SwitchToThread
SetConsoleCtrlHandler
InitializeCriticalSectionEx
DecodePointer
CreateDirectoryW
ReadFile
GetFileInformationByHandleEx
GetFileSizeEx
WriteFile
GetDiskFreeSpaceW
DeviceIoControl
RemoveDirectoryW
SetFileTime
ReOpenFile
CreateHardLinkW
GetFileInformationByHandle
SetFilePointerEx
MoveFileExW
CopyFileW
CreateSymbolicLinkW
FlushFileBuffers
GetConsoleMode
GetFileType
GetLongPathNameW
GetShortPathNameW
ReadDirectoryChangesW
SetNamedPipeHandleState
CreateNamedPipeA
CreateNamedPipeW
PeekNamedPipe
QueueUserWorkItem
CancelSynchronousIo
CreateFileA
GetNamedPipeHandleStateW
WaitNamedPipeW
ConnectNamedPipe
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
SetConsoleMode
GetConsoleCursorInfo
SetConsoleCursorInfo
FillConsoleOutputCharacterW
ReadConsoleInputW
ReadConsoleW
ResetEvent
WriteConsoleInputW
FillConsoleOutputAttribute
WriteConsoleW
GetNumberOfConsoleInputEvents
SetConsoleCursorPosition
SetInformationJobObject
AssignProcessToJobObject
TerminateProcess
CreateJobObjectW
UnregisterWaitEx
LCMapStringW
CreateProcessW
LoadLibraryW
VirtualFree
VirtualAlloc
WaitForMultipleObjects
lstrcmpW
SetThreadPriority
HeapReAlloc
CreateThread
GetStartupInfoW
GetStdHandle
GetThreadPriority
GetTickCount
GetTimeZoneInformation
AttachConsole
LocalSize
GetModuleFileNameW
LockResource
LoadResource
LocalFree
ExpandEnvironmentStringsW
GetCommandLineW
RaiseException
WaitForSingleObjectEx
GetExitCodeThread
EncodePointer
LCMapStringEx
GetNativeSystemInfo
GetExitCodeProcess
GetCurrentProcess
WaitForSingleObject
GetLastError
CloseHandle
MultiByteToWideChar
SetErrorMode
GetStringTypeW
GetLocaleInfoEx
FindFirstFileExW
GetFileAttributesExW
SetFileAttributesW
AreFileApisANSI
FindResourceW
InitializeCriticalSectionAndSpinCount
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
InitializeSListHead
RtlUnwind
HeapSize
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
SetStdHandle
GetConsoleOutputCP
IsValidLocale
EnumSystemLocalesW
DeleteFileW
IsValidCodePage
GetACP
GetOEMCP
SetFilePointer
GetCommandLineA
SleepConditionVariableSRW

user32

GetMenu
DrawIconEx
CreateIconIndirect
GetIconInfo
DestroyCaret
FindWindowW
GetKeyboardLayout
CreateCaret
SetCaretPos
UpdateLayeredWindow
IsClipboardFormatAvailable
SetClipboardData
GetClipboardData
EnumClipboardFormats
CountClipboardFormats
EmptyClipboard
CloseClipboard
OpenClipboard
RegisterClipboardFormatW
PostThreadMessageW
GetQueueStatus
GetActiveWindow
SetClassLongW
BeginDeferWindowPos
GetAsyncKeyState
GetCapture
ClientToScreen
IsChild
UnhookWindowsHookEx
GetMessageTime
IsRectEmpty
SetFocus
LoadIconW
SetCapture
EndDeferWindowPos
EnumThreadWindows
SetWindowsHookExW
SetCursor
FlashWindowEx
IsZoomed
GetClassLongW
KillTimer
IsWindowUnicode
RegisterWindowMessageW
IsIconic
GetWindowTextW
GetWindowThreadProcessId
GetMenuItemCount
GetWindowRect
DestroyWindow
IsWindowVisible
SetWindowPos
SetActiveWindow
CreateWindowExW
WindowFromPoint
SetMenu
InsertMenuW
RemoveMenu
CreateMenu
UnregisterHotKey
RegisterHotKey
MessageBoxW
DestroyIcon
MessageBeep
GetDoubleClickTime
SetScrollInfo
GetMessageW
GetWindowPlacement
ShowWindow
IsWindow
SetTimer
RegisterClassW
MapWindowPoints
GetForegroundWindow
IsWindowEnabled
MoveWindow
SetParent
AnimateWindow
SetWindowLongW
GetClientRect
GetDesktopWindow
GetParent
UpdateWindow
ReleaseCapture
DeferWindowPos
AdjustWindowRectEx
GetMessageExtraInfo
PostMessageW
MapVirtualKeyW
MonitorFromPoint
GetWindow
SetForegroundWindow
InvalidateRect
GetCursorPos
BeginPaint
EndPaint
EnableWindow
LoadCursorFromFileA
DestroyCursor
LoadCursorW
GetKeyState
MonitorFromWindow
EnumDisplayMonitors
GetSystemMetrics
MsgWaitForMultipleObjects
DispatchMessageW
GetMonitorInfoW
PeekMessageW
CallMsgFilterW
TranslateMessage
EnumDisplayDevicesW
PostQuitMessage
SystemParametersInfoW
GetDC
GetSysColor
GetFocus
ScreenToClient
CallNextHookEx
SetWindowTextW
NotifyWinEvent
ReleaseDC
GetWindowLongW
SendMessageW
GetScrollInfo
DefWindowProcW
RegisterClassExW

gdi32

SetViewportOrgEx
RestoreDC
SaveDC
StretchDIBits
CreateBitmap
GetFontUnicodeRanges
EnumFontFamiliesExW
CreateFontW
GetGlyphIndicesW
GetObjectA
CreateSolidBrush
SetLayout
GetStockObject
GetDIBits
GetObjectW
BitBlt
SelectObject
StartPage
CreateDIBSection
CreateCompatibleDC
EndDoc
CreateDCW
DeleteDC
DeleteObject
SetMapMode
StartDocW
EndPage
GetClipBox
GetDeviceCaps
AddFontMemResourceEx

winspool.drv

ord203

shell32

CommandLineToArgvW
ShellExecuteW
SHGetFileInfoW
ord727
ord74
DragQueryFileW
SHGetPathFromIDListW
SHBrowseForFolderW
Shell_NotifyIconW
SHGetSpecialFolderPathW
ShellExecuteExW

ole32

CoTaskMemFree
OleInitialize
CoCreateGuid
OleUninitialize
ReleaseStgMedium
CoCreateInstance
RegisterDragDrop
RevokeDragDrop
CreateStreamOnHGlobal
CoInitialize
CoTaskMemAlloc
CoUninitialize
CoFreeUnusedLibraries
DoDragDrop
StringFromCLSID

oleaut32

SafeArrayPutElement
SafeArrayCreateVector
SysAllocStringLen
SafeArrayDestroy
SysFreeString

comdlg32

CommDlgExtendedError
PrintDlgW
GetSaveFileNameW
GetOpenFileNameW

advapi32

GetTokenInformation
GetUserNameW
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
OpenProcessToken
SystemFunction036
RegCloseKey
RegOpenKeyExW
RegQueryValueExW

gdiplus

GdipBitmapUnlockBits
GdipSetPenStartCap
GdipCloneImage
GdipFillRectanglesI
GdipSetPathGradientCenterPoint
GdipSetClipRect
GdipSetPathGradientTransform
GdipSetLineWrapMode
GdipDrawImageRectRect
GdipSaveGraphics
GdipAddPathArcI
GdipAddPathRectangleI
GdipSetCompositingQuality
GdipSetImageAttributesColorMatrix
GdipGetImageHeight
GdipSetPathGradientPresetBlend
GdipMultiplyLineTransform
GdipAddPathLine
GdipGetFontSize
GdipDeleteFont
GdipGetCellAscent
GdipCreateFontFromDC
GdipIsVisiblePathPoint
GdipGetEmHeight
GdipCreateFontFromLogfontA
GdipGetFamily
GdipDeleteFontFamily
GdiplusShutdown
GdiplusStartup
GdipDrawImageI
GdipCreateBitmapFromGraphics
GdipCreateHBITMAPFromBitmap
GdipDrawDriverString
GdipRotateMatrix
GdipFillRectangleI
GdipAddPathArc
GdipCreatePen2
GdipDeleteGraphics
GdipClonePath
GdipDrawArc
GdipStartPathFigure
GdipGetImageWidth
GdipScaleMatrix
GdipAlloc
GdipTranslateWorldTransform
GdipDeletePen
GdipCreateBitmapFromScan0
GdipCreateMatrix2
GdipAddPathBezier
GdipDisposeImageAttributes
GdipDeletePath
GdipCreatePathGradientFromPath
GdipCreateMatrix
GdipDisposeImage
GdipSetPathFillMode
GdipCreatePen1
GdipDeleteMatrix
GdipSetSmoothingMode
GdipEndContainer
GdipSetWorldTransform
GdipGetWorldTransform
GdipSetClipPath
GdipCreateLineBrush
GdipCreatePath
GdipSetPenMiterLimit
GdipSetLinePresetBlend
GdipSetInterpolationMode
GdipSetPathGradientWrapMode
GdipCreateSolidFill
GdipResetPath
GdipFillPie
GdipShearMatrix
GdipFillPath
GdipGetPathWorldBounds
GdipSetPenDashArray
GdipMultiplyWorldTransform
GdipGraphicsClear
GdipSetPenDashStyle
GdipCreateFromHWND
GdipDrawLine
GdipAddPathLineI
GdipDrawRectangle
GdipSetPixelOffsetMode
GdipFillRectangle
GdipAddPathEllipse
GdipSetPageUnit
GdipSetClipRectI
GdipClosePathFigure
GdipTransformPoints
GdipGetSmoothingMode
GdipCreateImageAttributes
GdipFree
GdipDrawPath
GdipTranslateMatrix
GdipBitmapLockBits
GdipDeleteBrush
GdipSetPenLineJoin
GdipGetClipBoundsI
GdipCreateFromHDC
GdipFillEllipse
GdipSetPenEndCap
GdipBeginContainer2
GdipCreateTexture
GdipGetMatrixElements
GdipGetBrushType
GdipSetTextRenderingHint
GdipDrawEllipse
GdipGetSolidFillColor
GdipRestoreGraphics
GdipCloneBrush
GdipSetPenDashOffset
GdipGetImageGraphicsContext
GdipGetLineSpacing
GdipDrawPie

shlwapi

PathIsRelativeW

userenv

GetUserProfileDirectoryW

oleacc

AccessibleObjectFromWindow
LresultFromObject

winmm

timeBeginPeriod
timeGetTime
timeEndPeriod
timeKillEvent
timeSetEvent

comctl32

ImageList_Destroy
ImageList_GetIconSize
ImageList_DrawEx

imm32

ImmReleaseContext
ImmGetCompositionStringW
ImmSetCandidateWindow
ImmAssociateContextEx
ImmNotifyIME
ImmIsIME
ImmGetContext

usp10

ScriptPlace
ScriptShape
ScriptFreeCache
ScriptItemize
ScriptApplyDigitSubstitution
ScriptBreak

Sections

.text
Size: 4.6MB - Virtual size: 4.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 100KB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 300KB - Virtual size: 299KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c45629b00661903c500a095a6233c97d

Code Sign

76:53:fe:ac:75:46:48:93:f5:e5:d7:4a:48:3a:4e:f8Certificate

Key Usages

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

45:1f:6d:0e:f9:a9:2c:98:57:59:be:eeCertificate

Extended Key Usages

Key Usages

01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6aCertificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51Certificate

Key Usages

e2:48:19:b4:9c:8a:53:6a:f9:54:d5:92:46:76:1a:33:ad:39:02:c9:6a:2f:9f:56:fe:33:17:05:fb:e4:e5:1eSigner

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

wininet

kernel32

user32

gdi32

winspool.drv

shell32

ole32

oleaut32

comdlg32

advapi32

gdiplus

shlwapi

userenv

oleacc

winmm

comctl32

imm32

usp10

Sections

.text Size: 4.6MB - Virtual size: 4.6MB

.rdata Size: 1.3MB - Virtual size: 1.3MB

.data Size: 100KB - Virtual size: 2.7MB

.rsrc Size: 41KB - Virtual size: 40KB

.reloc Size: 300KB - Virtual size: 299KB

76:53:fe:ac:75:46:48:93:f5:e5:d7:4a:48:3a:4e:f8
Certificate

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

45:1f:6d:0e:f9:a9:2c:98:57:59:be:ee
Certificate

01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6a
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

e2:48:19:b4:9c:8a:53:6a:f9:54:d5:92:46:76:1a:33:ad:39:02:c9:6a:2f:9f:56:fe:33:17:05:fb:e4:e5:1e
Signer

.text
Size: 4.6MB - Virtual size: 4.6MB

.rdata
Size: 1.3MB - Virtual size: 1.3MB

.data
Size: 100KB - Virtual size: 2.7MB

.rsrc
Size: 41KB - Virtual size: 40KB

.reloc
Size: 300KB - Virtual size: 299KB