108a96119cd1e5778c97ed9ab4318540f4795bd07c4744135812ab2ca1ff8edd

Sharing

Copy URL Twitter E-mail

General

Target

108a96119cd1e5778c97ed9ab4318540f4795bd07c4744135812ab2ca1ff8edd
Size

2.6MB
MD5

19150864076ffed4e19a5b985aca8b49
SHA1

ec35265a81457aec641b9f8b8741c74ee493d49c
SHA256

108a96119cd1e5778c97ed9ab4318540f4795bd07c4744135812ab2ca1ff8edd
SHA512

dc4fd0ee1d55e95580bd26bf4ffa3170098ff4137cb631d55c5e7205b6cf0859f128ccdc8c0de93460a127a8dc36125d7c65fd8621189e9a2abc6503331fbfe4
SSDEEP

49152:GI99jmdrYg+2F9CvmKUwXThnmnM4atqZdd1v+0KrbR/:x99KWgn+vmwFnmnM4aqTPKrb9

Score

1^/10

Malware Config

Signatures

Files

108a96119cd1e5778c97ed9ab4318540f4795bd07c4744135812ab2ca1ff8edd
.exe windows:5 windows x86 arch:x86

cc86f5b3c14928e3640698c54c2c6976

Code Sign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

31/05/2021, 06:43

Not After

17/09/2029, 06:43

Subject

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2a:40:05:f1:0b:2e:57:68:09:a7:d1:c2:86:60:28:45
Certificate

Issuer

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

06/02/2024, 14:52

Not After

02/02/2025, 09:32

Subject

CN=Open Source Developer\, Noriyuki Miyazaki,O=Open Source Developer,L=Sapporo,ST=Hokkaido,C=JP

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

09:c5:cc:f8:bb:66:7d:71:37:aa:c1:59:80:06:cb:31
Certificate

Issuer

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

02/11/2023, 08:32

Not After

30/10/2034, 08:32

Subject

CN=Certum Timestamp 2023,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2a:40:05:f1:0b:2e:57:68:09:a7:d1:c2:86:60:28:45
Certificate

Issuer

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

06/02/2024, 14:52

Not After

02/02/2025, 09:32

Subject

CN=Open Source Developer\, Noriyuki Miyazaki,O=Open Source Developer,L=Sapporo,ST=Hokkaido,C=JP

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

09:c5:cc:f8:bb:66:7d:71:37:aa:c1:59:80:06:cb:31
Certificate

Issuer

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

02/11/2023, 08:32

Not After

30/10/2034, 08:32

Subject

CN=Certum Timestamp 2023,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

31/05/2021, 06:43

Not After

17/09/2029, 06:43

Subject

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2c:f0:41:a6:f7:0d:97:41:ed:db:3b:95:f8:6d:a3:94:13:49:30:cd:f9:2c:55:66:aa:dd:3a:10:17:21:5c:b8
Signer

Actual PE Digest

2c:f0:41:a6:f7:0d:97:41:ed:db:3b:95:f8:6d:a3:94:13:49:30:cd:f9:2c:55:66:aa:dd:3a:10:17:21:5c:b8

Digest Algorithm

sha256

PE Digest Matches

false

22:11:31:e9:ee:e9:34:7e:f8:7f:78:46:86:3e:77:5b:2f:9f:03:b4
Signer

Actual PE Digest

22:11:31:e9:ee:e9:34:7e:f8:7f:78:46:86:3e:77:5b:2f:9f:03:b4

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SystemTimeToTzSpecificLocalTime
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetFileTime
GetFileSizeEx
LoadLibraryExA
WriteConsoleW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetFileAttributesExW
SetFilePointerEx
ReadConsoleW
GetConsoleMode
GetConsoleOutputCP
LCMapStringW
GetTimeFormatW
GetDateFormatW
EnumSystemLocalesW
IsValidLocale
GetOEMCP
IsValidCodePage
GetStringTypeW
GetCPInfo
ExitProcess
GetStdHandle
HeapQueryInformation
GetFileType
SetStdHandle
GetCommandLineA
GetModuleHandleExW
VirtualQuery
GetSystemInfo
RtlUnwind
OutputDebugStringW
GetFileAttributesW
FileTimeToLocalFileTime
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
GlobalFlags
FileTimeToSystemTime
LocalReAlloc
LocalAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSection
GetThreadLocale
DuplicateHandle
UnlockFile
SetEndOfFile
LockFile
GetFullPathNameW
GetFileSize
FlushFileBuffers
GetCurrentProcessId
lstrcmpA
GetVersionExW
GetCurrentThread
CreateEventW
SetEvent
CompareStringW
GlobalFindAtomW
GlobalAddAtomW
GlobalDeleteAtom
LoadLibraryA
GetSystemDirectoryW
GetCurrentThreadId
EncodePointer
FormatMessageW
MulDiv
LocalFree
GlobalFree
GetModuleHandleA
SetLastError
OutputDebugStringA
GetACP
MultiByteToWideChar
FreeLibrary
VirtualFree
VirtualAlloc
OpenMutexW
ReleaseMutex
DeviceIoControl
SetFilePointer
ReadFile
GetDriveTypeW
DefineDosDeviceW
DeleteCriticalSection
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
RaiseException
DecodePointer
LoadLibraryW
GetPrivateProfileStringW
GetTickCount
VerifyVersionInfoW
GetWindowsDirectoryW
GetCurrentProcess
VerSetConditionMask
FindNextFileW
FindFirstFileW
FindClose
lstrlenW
lstrcmpW
LoadLibraryExW
VirtualProtect
GetTimeZoneInformation
GetProcAddress
GetModuleHandleW
WritePrivateProfileStringW
GetVolumeInformationW
GetDiskFreeSpaceExW
WideCharToMultiByte
GlobalLock
GlobalUnlock
GlobalAlloc
GetComputerNameW
GetLocalTime
CreateProcessW
GetExitCodeProcess
WaitForSingleObject
GetTempPathW
WriteFile
DeleteFileW
CreateFileW
GetPrivateProfileIntW
GetModuleFileNameW
Sleep
CreateMutexW
SetErrorMode
CloseHandle
CreateDirectoryW
GetCommandLineW
GetUserDefaultLCID
FindResourceW
SizeofResource
LockResource
LoadResource
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
FindFirstFileExW
GetLastError

user32

MapDialogRect
RealChildWindowFromPoint
GetSysColorBrush
WindowFromPoint
CharUpperW
ClientToScreen
GetWindowDC
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
RegisterClipboardFormatW
PostQuitMessage
TranslateMessage
GetMessageW
GetDesktopWindow
GetActiveWindow
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamW
IsDialogMessageW
SetWindowTextW
IsWindowEnabled
MoveWindow
ShowWindow
GetMonitorInfoW
WinHelpW
CallNextHookEx
UnhookWindowsHookEx
GetWindow
GetLastActivePopup
GetTopWindow
GetClassNameW
GetClassLongW
PtInRect
EqualRect
GetSysColor
MapWindowPoints
ScreenToClient
MessageBoxW
AdjustWindowRectEx
EnableWindow
InvalidateRect
GetClientRect
RegisterWindowMessageW
GetWindowTextLengthW
RemovePropW
RedrawWindow
ValidateRect
EndPaint
BeginPaint
GetForegroundWindow
SetActiveWindow
UpdateWindow
SetMenu
GetMenu
GetCapture
GetKeyState
SetFocus
GetDlgCtrlID
GetDlgItem
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
GetWindowPlacement
SetWindowPos
DestroyWindow
IsChild
SetCapture
ReleaseCapture
PostThreadMessageW
IntersectRect
CharNextW
CopyAcceleratorTableW
InvalidateRgn
SetRect
IsRectEmpty
IsMenu
IsWindow
CreateWindowExW
GetClassInfoExW
SetWindowContextHelpId
GetNextDlgGroupItem
MessageBeep
SetWindowsHookExW
SendMessageW
UnregisterDeviceNotification
PostMessageW
WaitForInputIdle
IsWindowVisible
IsIconic
SetTimer
KillTimer
GetSystemMetrics
GetMenuState
DrawMenuBar
DestroyMenu
CheckMenuItem
GetSubMenu
DrawIcon
SetForegroundWindow
GetWindowTextW
GetWindowRect
EnumWindows
GetWindowThreadProcessId
CheckMenuRadioItem
LoadIconW
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterDeviceNotificationW
CopyRect
MonitorFromRect
CreateMenu
CreatePopupMenu
TrackPopupMenu
InsertMenuItemW
GetCursorPos
LoadImageW
wsprintfW
EnableMenuItem
AppendMenuW
GetPropW
ModifyMenuW
RemoveMenu
SetScrollPos
GetScrollPos
SetScrollRange
SetCursor
LoadCursorW
GetClassInfoW
RegisterClassW
CallWindowProcW
DefWindowProcW
GetMessageTime
GetMessagePos
PeekMessageW
DispatchMessageW
LoadBitmapW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
GetFocus
GetMenuItemCount
GetMenuItemID
GetParent
OffsetRect
SetRectEmpty
SendDlgItemMessageA
GetWindowInfo
AdjustWindowRect
UnregisterClassW
FrameRect
PrintWindow
MonitorFromWindow
SetWindowLongW
GetWindowLongW
ReleaseDC
GetDC
TranslateAcceleratorW
LoadAcceleratorsW
SystemParametersInfoW
SetPropW
FillRect

gdi32

GetMapMode
GetRgnBox
CreateRectRgnIndirect
ScaleWindowExtEx
ScaleViewportExtEx
OffsetViewportOrgEx
SetWindowExtEx
SetViewportOrgEx
SetViewportExtEx
ExtTextOutW
TextOutW
SetBkMode
ExtSelectClipRgn
SaveDC
RestoreDC
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
GetStockObject
GetClipBox
Escape
SetBkColor
CreateBitmap
GetPixel
CreatePatternBrush
GetTextColor
GetBkColor
CreateSolidBrush
MoveToEx
GetObjectW
SetDIBColorTable
CreateDIBSection
SetTextColor
SetBitmapBits
BitBlt
DeleteDC
EnumFontFamiliesExW
CreateCompatibleBitmap
CreateCompatibleDC
SetMapMode
SelectObject
CreateFontIndirectW
CreatePen
DeleteObject
GetBitmapBits
GetDeviceCaps
GetTextExtentPoint32W
LineTo

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

advapi32

StartServiceW
RegCreateKeyExW
RegDeleteValueW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
AddAccessAllowedAce
RegEnumValueW
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
AllocateAndInitializeSid
QueryServiceStatus
OpenServiceW
OpenSCManagerW
CloseServiceHandle
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
InitializeAcl
FreeSid
RegCloseKey

shell32

ShellExecuteW
ord680
SHAppBarMessage
Shell_NotifyIconW
CommandLineToArgvW

comctl32

ImageList_ReplaceIcon
_TrackMouseEvent
InitCommonControlsEx

shlwapi

UrlCreateFromPathW
PathFindFileNameW
SHDeleteKeyW
PathRemoveFileSpecW
PathIsUNCW
PathStripToRootW
PathFindExtensionW

uxtheme

SetWindowTheme

ole32

CoGetClassObject
CLSIDFromString
CoRevokeClassObject
OleUninitialize
OleInitialize
CoFreeUnusedLibraries
CoInitialize
CoCreateGuid
CoTaskMemFree
CoTaskMemAlloc
CoInitializeSecurity
CoSetProxyBlanket
CoCreateInstance
CoInitializeEx
CoUninitialize
OleFlushClipboard
OleIsCurrentClipboard
StgOpenStorageOnILockBytes
CreateILockBytesOnHGlobal
CLSIDFromProgID
StgCreateDocfileOnILockBytes
CoRegisterMessageFilter

oleaut32

SysAllocStringLen
VariantChangeType
VariantCopy
LoadRegTypeLi
DispCallFunc
SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayCreate
SafeArrayDestroy
SysFreeString
SafeArrayGetElemsize
SafeArrayAccessData
SafeArrayUnaccessData
OleCreateFontIndirect
SafeArrayGetElement
VariantClear
VariantInit
SysAllocString

gdiplus

GdipCreateBitmapFromHBITMAP
GdipCreateFromHDC
GdipSetInterpolationMode
GdipDrawImageRectI
GdipSaveImageToFile
GdipGetImageEncodersSize
GdipDrawImageI
GdiplusShutdown
GdipCreateBitmapFromFile
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipGetImageEncoders
GdiplusStartup
GdipGetImageGraphicsContext
GdipAlloc
GdipFree
GdipCloneImage
GdipDisposeImage
GdipCreateBitmapFromFileICM

winmm

mciSendCommandW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

wintrust

WTHelperGetProvCertFromChain
WTHelperGetProvSignerFromChain
WinVerifyTrust
WTHelperProvDataFromStateData

crypt32

CertGetNameStringW

setupapi

SetupDiGetClassDevsW
CM_Get_Device_IDW
SetupDiEnumDeviceInfo

oleacc

LresultFromObject
CreateStdAccessibleObject

Sections

.text
Size: 787KB - Virtual size: 787KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 241KB - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cc86f5b3c14928e3640698c54c2c6976

Code Sign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27Certificate

Key Usages

2a:40:05:f1:0b:2e:57:68:09:a7:d1:c2:86:60:28:45Certificate

Extended Key Usages

Key Usages

09:c5:cc:f8:bb:66:7d:71:37:aa:c1:59:80:06:cb:31Certificate

Extended Key Usages

Key Usages

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39Certificate

Extended Key Usages

Key Usages

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87Certificate

Extended Key Usages

Key Usages

2a:40:05:f1:0b:2e:57:68:09:a7:d1:c2:86:60:28:45Certificate

Extended Key Usages

Key Usages

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39Certificate

Extended Key Usages

Key Usages

09:c5:cc:f8:bb:66:7d:71:37:aa:c1:59:80:06:cb:31Certificate

Extended Key Usages

Key Usages

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87Certificate

Extended Key Usages

Key Usages

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27Certificate

Key Usages

2c:f0:41:a6:f7:0d:97:41:ed:db:3b:95:f8:6d:a3:94:13:49:30:cd:f9:2c:55:66:aa:dd:3a:10:17:21:5c:b8Signer

22:11:31:e9:ee:e9:34:7e:f8:7f:78:46:86:3e:77:5b:2f:9f:03:b4Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

gdiplus

winmm

version

wintrust

crypt32

setupapi

oleacc

Sections

.text Size: 787KB - Virtual size: 787KB

.rdata Size: 241KB - Virtual size: 240KB

.data Size: 15KB - Virtual size: 57KB

.rsrc Size: 1.5MB - Virtual size: 1.5MB

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

2a:40:05:f1:0b:2e:57:68:09:a7:d1:c2:86:60:28:45
Certificate

09:c5:cc:f8:bb:66:7d:71:37:aa:c1:59:80:06:cb:31
Certificate

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39
Certificate

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

2a:40:05:f1:0b:2e:57:68:09:a7:d1:c2:86:60:28:45
Certificate

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39
Certificate

09:c5:cc:f8:bb:66:7d:71:37:aa:c1:59:80:06:cb:31
Certificate

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

2c:f0:41:a6:f7:0d:97:41:ed:db:3b:95:f8:6d:a3:94:13:49:30:cd:f9:2c:55:66:aa:dd:3a:10:17:21:5c:b8
Signer

22:11:31:e9:ee:e9:34:7e:f8:7f:78:46:86:3e:77:5b:2f:9f:03:b4
Signer

.text
Size: 787KB - Virtual size: 787KB

.rdata
Size: 241KB - Virtual size: 240KB

.data
Size: 15KB - Virtual size: 57KB

.rsrc
Size: 1.5MB - Virtual size: 1.5MB