ed95ee765af192752f32d6ac0501c4a0N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

ed95ee765af192752f32d6ac0501c4a0N.exe
Size

4.5MB
MD5

ed95ee765af192752f32d6ac0501c4a0
SHA1

f819d9bc6c046c18cc9f0fd1ed964c798e063baf
SHA256

ec630b700b09e94e9f1a02520893df0cf1d9f8acabb5dcf880b769d5aec3d8fe
SHA512

ad24b6e7b529ee43b5f83eafefd6642e434b96628304ba723ea5cf5e88563b2bbea8f9e5a83ab5296a21f69db77282257e60a929754d64766534370eda907665
SSDEEP

49152:zn4qMybpZuOeEmMNvCWsPXGR8sSOU6oAheF29wGq2XlaCUsKNqyWvX9RJUgTMTah:zn5M23p5kTGRSeM+PM2O0JBilLXq

Score

1^/10

Malware Config

Signatures

Files

ed95ee765af192752f32d6ac0501c4a0N.exe
.exe windows:6 windows x86 arch:x86

47075e691527716a80d61098aa9d3336

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6b:69:aa:85:1b:08:58:d0:e4:8c:52:b6
Certificate

Issuer

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

22/04/2021, 12:16

Not After

19/01/2024, 17:06

Subject

CN=Toontrack Music AB,O=Toontrack Music AB,L=Umeå,C=SE,1.2.840.113549.1.9.1=#0c15737570706f727440746f6f6e747261636b2e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1d
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:44

Not After

08/05/2033, 07:44

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

64:fc:4e:fc:ae:82:14:05:c2:02:65:1d:01:19:cf:8f:e1:7d:e1:03:67:dd:b3:9b:2e:1b:14:55:d7:30:58:0c
Signer

Actual PE Digest

64:fc:4e:fc:ae:82:14:05:c2:02:65:1d:01:19:cf:8f:e1:7d:e1:03:67:dd:b3:9b:2e:1b:14:55:d7:30:58:0c

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\trunk\Projects\Sound Installer\Win\Win32\ReleaseOutput\Installer.pdb

Imports

kernel32

ReadConsoleW
GetConsoleMode
FreeLibraryAndExitThread
ExitThread
SetStdHandle
MoveFileExW
GetFullPathNameA
GetFullPathNameW
GetModuleHandleExW
LoadLibraryExW
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwind
GetConsoleCP
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
ResetEvent
GetStringTypeW
LCMapStringW
CompareStringW
InitializeCriticalSectionAndSpinCount
DecodePointer
EncodePointer
GetTimeZoneInformation
HeapAlloc
HeapFree
HeapReAlloc
GetModuleFileNameA
GetDateFormatW
GetTimeFormatW
EnumSystemLocalesW
GetCurrentThread
GetCurrentDirectoryW
SetConsoleCtrlHandler
SetEndOfFile
SetEnvironmentVariableA
SetEnvironmentVariableW
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
FindFirstFileExA
FindFirstFileExW
FindNextFileA
GetCommandLineA
OutputDebugStringA
IsBadStringPtrA
IsBadReadPtr
RaiseException
GetSystemTimeAsFileTime
CreateProcessW
CreateThread
GetExitCodeProcess
SetEvent
PeekNamedPipe
SetNamedPipeHandleState
CreatePipe
DuplicateHandle
GetUserDefaultLCID
SetThreadLocale
IsValidLocale
GetLocaleInfoW
GetACP
OutputDebugStringW
GetCPInfo
IsValidCodePage
GetComputerNameW
GetProfileStringW
GlobalMemoryStatus
GetModuleFileNameW
OpenProcess
TerminateProcess
GetCurrentProcessId
GetDiskFreeSpaceW
GetEnvironmentVariableW
GetTempPathW
SetFileTime
GetTempFileNameW
GetShortPathNameW
GetFileTime
GetFileSize
CreateSemaphoreW
GetProcessAffinityMask
GetSystemInfo
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
ResumeThread
SuspendThread
GetExitCodeThread
TerminateThread
SetThreadPriority
ExitProcess
Sleep
CreateMutexW
WaitForSingleObject
ReleaseMutex
ReleaseSemaphore
EnumResourceNamesW
GetWindowsDirectoryW
GetFileType
GetFileAttributesW
GlobalFree
GlobalSize
GetProcessHeap
HeapSize
SetErrorMode
SetCurrentDirectoryW
LoadLibraryW
FreeLibrary
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GlobalUnlock
GlobalLock
GlobalAlloc
GetCurrentThreadId
SetLastError
MulDiv
WriteConsoleW
WriteConsoleA
FreeConsole
SetConsoleCursorPosition
GetConsoleScreenBufferInfo
FillConsoleOutputCharacterW
ReadConsoleOutputCharacterA
QueryPerformanceCounter
GetVersionExW
GetStdHandle
GetCommandLineW
SetFileAttributesW
CopyFileExW
FormatMessageW
SetThreadExecutionState
GetModuleHandleW
GetCurrentProcess
DeviceIoControl
GetVolumeInformationW
GetLogicalDriveStringsW
GetDriveTypeW
ExpandEnvironmentStringsW
GetProcAddress
GetModuleHandleA
WideCharToMultiByte
MoveFileW
CopyFileW
ReOpenFile
WaitForMultipleObjects
LocalFree
LocalAlloc
CreateEventW
CancelIoEx
GetOverlappedResult
GetLastError
CloseHandle
WriteFile
SetFilePointerEx
SetFilePointer
RemoveDirectoryW
ReadFile
GetFinalPathNameByHandleW
GetFileAttributesExW
FlushFileBuffers
FindNextFileW
FindFirstFileW
DeleteFileW
CreateFileW
CreateDirectoryW
FindClose
MultiByteToWideChar
FindResourceW
SizeofResource
LockResource
LoadResource
GetTickCount
QueryPerformanceFrequency
InitializeSListHead

user32

IsRectEmpty
ValidateRgn
ChildWindowFromPoint
ShowCaret
HideCaret
keybd_event
UnionRect
EndPaint
BeginPaint
GetWindowDC
TranslateAcceleratorW
DestroyAcceleratorTable
CreateAcceleratorTableW
LoadAcceleratorsW
ValidateRect
PostThreadMessageW
GetMessageW
GetDoubleClickTime
DestroyCursor
LoadCursorFromFileW
EnumDisplaySettingsW
ChangeDisplaySettingsW
GetClassNameW
MessageBeep
GetWindowTextLengthW
GetWindowTextW
DrawIconEx
OffsetRect
CopyRect
SetRectEmpty
DrawFocusRect
DrawTextW
FindWindowExW
InsertMenuItemW
RemoveMenu
ModifyMenuW
AppendMenuW
InsertMenuW
GetSubMenu
DestroyMenu
CreatePopupMenu
CreateMenu
CheckMenuRadioItem
SetRect
GetSysColorBrush
DrawStateW
SetMenuItemInfoW
RegisterClipboardFormatW
LoadStringA
GetDC
ReleaseDC
MonitorFromWindow
MessageBoxW
PeekMessageW
PostMessageW
RegisterClassW
UnregisterClassW
GetKeyState
MsgWaitForMultipleObjects
LoadCursorW
SendMessageW
SetMenu
GetClipboardFormatNameW
GetClassInfoW
OpenClipboard
CloseClipboard
SetClipboardData
GetClipboardData
EnumClipboardFormats
EmptyClipboard
IsClipboardFormatAvailable
AdjustWindowRectEx
ShowCursor
ExitWindowsEx
EnumWindows
GetWindowThreadProcessId
SetTimer
KillTimer
WaitForInputIdle
GetMenuState
DrawFrameControl
DrawEdge
CreateIconIndirect
GetDesktopWindow
SetForegroundWindow
EnableMenuItem
GetSystemMenu
DrawMenuBar
CreateDialogIndirectParamW
IsZoomed
BringWindowToTop
IsIconic
GetWindowPlacement
FlashWindow
SetWindowRgn
GetDlgItem
CreateDialogParamW
SystemParametersInfoW
GetScrollInfo
SetScrollInfo
IsDialogMessageW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetWindow
SetParent
GetParent
SetWindowLongW
GetWindowLongW
PtInRect
InflateRect
FillRect
DdeInitializeW
DdeUninitialize
DdeConnect
DdeDisconnect
DdePostAdvise
DdeNameService
DdeClientTransaction
DdeCreateDataHandle
DdeGetData
DdeFreeDataHandle
DdeGetLastError
DdeCreateStringHandleW
DdeQueryStringW
DdeFreeStringHandle
CheckMenuItem
GetSysColor
ChildWindowFromPointEx
WindowFromPoint
MapWindowPoints
ScreenToClient
ClientToScreen
GetCursorPos
SetCursor
SetCursorPos
GetClientRect
SetWindowTextW
EnableScrollBar
ScrollWindow
RedrawWindow
InvalidateRect
GetUpdateRgn
UpdateWindow
GetMenuItemInfoW
TrackPopupMenu
GetMenuItemCount
IsWindowEnabled
GetWindowRect
GetSystemMetrics
LoadBitmapW
LoadIconW
EnableWindow
ReleaseCapture
SetCapture
GetCapture
MapVirtualKeyW
VkKeyScanW
GetAsyncKeyState
GetFocus
GetActiveWindow
SetFocus
IsWindowVisible
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPos
MoveWindow
ShowWindow
DestroyWindow
IsWindow
CreateWindowExW
CallWindowProcW
PostQuitMessage
DefWindowProcW
GetMessageTime
GetMessagePos
UnregisterHotKey
RegisterHotKey
DispatchMessageW
TranslateMessage
DestroyIcon
GetIconInfo
LoadImageW
GetDialogBaseUnits

gdi32

SetWindowExtEx
SetWindowOrgEx
LineTo
MoveToEx
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
CreateHatchBrush
CreatePatternBrush
ExtCreatePen
CreateDIBitmap
GetDIBits
CreateDIBSection
GetDIBColorTable
CombineRgn
EqualRgn
GetRgnBox
PtInRegion
RectInRegion
CreatePolygonRgn
CreateRectRgnIndirect
GetCharABCWidthsW
SetROP2
SetViewportOrgEx
SetTextAlign
GetSystemPaletteEntries
EnumFontFamiliesExW
SetAbortProc
CreateDCW
StartDocW
EndDoc
StartPage
EndPage
CreateBitmapIndirect
GetMetaFileBitsEx
SetMetaFileBitsEx
CloseEnhMetaFile
CopyEnhMetaFileW
CreateEnhMetaFileW
DeleteEnhMetaFile
GetEnhMetaFileW
GetEnhMetaFileHeader
GetWinMetaFileBits
PlayEnhMetaFile
SetWinMetaFileBits
SetStretchBltMode
SetViewportExtEx
PolyBezier
Polyline
Polygon
ExtTextOutW
CreateICW
StretchDIBits
StretchBlt
SetPolyFillMode
SetPixel
SetMapMode
ExtSelectClipRgn
SelectClipRgn
RoundRect
Rectangle
PolyPolygon
Pie
MaskBlt
GetStockObject
GetPixel
GetObjectType
GetClipBox
GetBkColor
ExtFloodFill
Ellipse
Arc
CreatePen
GetTextExtentPoint32W
CreateSolidBrush
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
CreateBitmap
GetDeviceCaps
DeleteObject
GetObjectW
CreateFontIndirectW
GetOutlineTextMetricsW
SelectObject
GetTextMetricsW
CreateRectRgn
ExcludeClipRect
RealizePalette
SelectPalette
SetBrushOrgEx
GdiFlush
ExtCreateRegion
GetRegionData
OffsetRgn
SetBkColor
SetBkMode
SetTextColor
GetTextExtentExPointW
BitBlt

ole32

OleIsCurrentClipboard
OleFlushClipboard
OleGetClipboard
OleSetClipboard
CoTaskMemAlloc
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
CoTaskMemFree
CoCreateInstance
OleUninitialize
OleInitialize
ReleaseStgMedium

oleaut32

SafeArrayUnlock
SysReAllocString
SysFreeString
SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayCreate
SafeArrayDestroy
SafeArrayGetVartype
VariantInit
VarBstrFromCy
SafeArrayGetDim
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayLock
SysAllocString

comdlg32

ChooseFontW
GetSaveFileNameW
GetOpenFileNameW
PageSetupDlgW
PrintDlgW
CommDlgExtendedError

advapi32

SystemFunction036
FreeSid
InitializeSecurityDescriptor
SetFileSecurityW
SetSecurityDescriptorDacl
SetEntriesInAclW
RegCloseKey
RegCreateKeyExA
RegDeleteValueW
RegEnumKeyExA
RegEnumValueA
RegOpenKeyExA
RegQueryValueExW
RegSetValueExW
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
SetNamedSecurityInfoW
GetUserNameW
RegCreateKeyExW
RegDeleteKeyW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumValueW
RegEnumKeyW
AllocateAndInitializeSid

shell32

SHGetFolderPathW
SHGetSpecialFolderPathW
ExtractIconW
ExtractIconExW
ShellExecuteExW
DragQueryFileW
DragQueryPoint
DragFinish
DragAcceptFiles
SHGetMalloc
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFileInfoW
SHFileOperationW
SHGetSpecialFolderLocation

comctl32

ord16
ImageList_Create
ImageList_Destroy
ImageList_Add
ImageList_Draw
ImageList_GetImageCount
ImageList_ReplaceIcon
ImageList_SetBkColor
ImageList_Replace
ImageList_AddMasked
ImageList_Remove
ImageList_GetIcon
ImageList_GetIconSize
ImageList_BeginDrag
ImageList_EndDrag
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_SetDragCursorImage
ord17

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

Sections

.text
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 911KB - Virtual size: 911KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 51KB - Virtual size: 246KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 13B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 190KB - Virtual size: 189KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 259KB - Virtual size: 259KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

47075e691527716a80d61098aa9d3336

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54Certificate

Extended Key Usages

Key Usages

6b:69:aa:85:1b:08:58:d0:e4:8c:52:b6Certificate

Extended Key Usages

Key Usages

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47Certificate

Extended Key Usages

Key Usages

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1dCertificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51Certificate

Key Usages

64:fc:4e:fc:ae:82:14:05:c2:02:65:1d:01:19:cf:8f:e1:7d:e1:03:67:dd:b3:9b:2e:1b:14:55:d7:30:58:0cSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

ole32

oleaut32

comdlg32

advapi32

shell32

comctl32

winspool.drv

Sections

.text Size: 3.1MB - Virtual size: 3.1MB

.rdata Size: 911KB - Virtual size: 911KB

.data Size: 51KB - Virtual size: 246KB

.tls Size: 512B - Virtual size: 13B

.gfids Size: 2KB - Virtual size: 2KB

.rsrc Size: 190KB - Virtual size: 189KB

.reloc Size: 259KB - Virtual size: 259KB

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

6b:69:aa:85:1b:08:58:d0:e4:8c:52:b6
Certificate

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1d
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

64:fc:4e:fc:ae:82:14:05:c2:02:65:1d:01:19:cf:8f:e1:7d:e1:03:67:dd:b3:9b:2e:1b:14:55:d7:30:58:0c
Signer

.text
Size: 3.1MB - Virtual size: 3.1MB

.rdata
Size: 911KB - Virtual size: 911KB

.data
Size: 51KB - Virtual size: 246KB

.tls
Size: 512B - Virtual size: 13B

.gfids
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 190KB - Virtual size: 189KB

.reloc
Size: 259KB - Virtual size: 259KB