20fe62c4757929b72a94d02b52e6e660N

Sharing

Copy URL

Twitter E-mail

General

Target

20fe62c4757929b72a94d02b52e6e660N
Size

2.2MB
MD5

20fe62c4757929b72a94d02b52e6e660
SHA1

2fd7cc66cb46ad7044ec54a723445818e2c05c79
SHA256

2ea638f1d8fa4feb6d800c3d4747fe663e5748a1d7d90bd14682d5d2625c56ca
SHA512

fda4920c40ca0090195419747e65a25496559eac446f5914071f125c62e487d8b28416ac094d29f4912ff1be91e8ce705a963f4a6305cad9eddee9756fede38e
SSDEEP

49152:6VgFDPYe1IlSiuncDbRKfoAsPFKFp/be0ThvT0boMJsV5ygLGlueqePjS:6VgFDAynYbVAsPF6NpT0sMu2gCzu

Score

1^/10

Malware Config

Signatures

Files

20fe62c4757929b72a94d02b52e6e660N
.exe windows:5 windows x86 arch:x86

4a9ba3a4d89ba59ce8649e532f6e115a

Code Sign

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-11-2018 00:00

Not After

31-12-2030 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

73:09:80:91:ab:52:0b:92:b7:82:5c:b8:49:3b:55:dc
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11-03-2021 00:00

Not After

10-03-2024 23:59

Subject

CN=AVB Disc Soft\, SIA,O=AVB Disc Soft\, SIA,POSTALCODE=2015,STREET=Turaidas iela 65A,L=Jūrmala,C=LV

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1a:83:d1:eb:e6:52:c6:d2:33:ea:98:6b:44:0e:49:4e:01:68:f5:07:86:42:19:a9:77:b4:d7:e8:52:cf:bf:2a
Signer

Actual PE Digest

1a:83:d1:eb:e6:52:c6:d2:33:ea:98:6b:44:0e:49:4e:01:68:f5:07:86:42:19:a9:77:b4:d7:e8:52:cf:bf:2a

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\vmagent_new\bin\joblist\810756\out\Release\PopTip.pdb

Imports

kernel32

GetPrivateProfileStringW
SystemTimeToFileTime
MultiByteToWideChar
WideCharToMultiByte
GetUserDefaultUILanguage
GetTempFileNameW
GetTempPathW
GlobalAlloc
GlobalFree
MulDiv
FormatMessageW
SetCurrentDirectoryW
CreateDirectoryW
GetStartupInfoW
CompareFileTime
RaiseException
CreateRemoteThread
FlushInstructionCache
GetSystemTimeAsFileTime
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
SetErrorMode
GetSystemInfo
OpenProcess
ProcessIdToSessionId
CreateProcessW
GetExitCodeThread
GetCurrentThreadId
RtlUnwind
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
lstrcmpiW
ReleaseSemaphore
LocalFree
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetThreadPriority
SetThreadPriority
SignalObjectAndWait
CreateTimerQueue
lstrcmpiA
lstrcmpA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
OpenThread
HeapWalk
HeapUnlock
HeapLock
SetFilePointerEx
GetFileSizeEx
LocalFileTimeToFileTime
CreateFileA
CompareStringW
TryEnterCriticalSection
QueryPerformanceCounter
GetCurrentThread
SwitchToThread
WaitForSingleObjectEx
DuplicateHandle
LCMapStringW
GetStringTypeW
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
OutputDebugStringW
IsDebuggerPresent
LocalAlloc
LoadLibraryW
FindResourceW
SizeofResource
LockResource
CreateSemaphoreW
LoadResource
CreateThread
GetExitCodeProcess
TerminateProcess
GetCurrentProcessId
GetCurrentProcess
Sleep
CreateEventW
CreateMutexW
WaitForSingleObject
ReleaseMutex
LoadLibraryExW
GetProcAddress
GetModuleHandleExW
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameW
FreeResource
FreeLibrary
FindResourceExW
GetVersionExW
GetSystemWindowsDirectoryW
GetSystemDirectoryW
GetTickCount
GetVersion
VirtualProtect
ResetEvent
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
DeviceIoControl
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
SetLastError
GetLastError
CloseHandle
WriteFile
ReadFile
GetShortPathNameW
GetFileSize
GetFileAttributesW
DeleteFileW
CreateFileW
ExitProcess

user32

LoadStringW
PostQuitMessage
MoveWindow
SwitchToThisWindow
LoadImageW
ClientToScreen
LoadCursorW
FindWindowW
GetParent
SetClassLongW
GetClassLongW
SetWindowLongW
GetWindowLongW
PtInRect
IsRectEmpty
CopyRect
SetRectEmpty
ScreenToClient
SetCursor
SetForegroundWindow
DrawTextW
IsWindowEnabled
EnableWindow
KillTimer
SetTimer
GetWindowPlacement
SetWindowPos
ShowWindow
DestroyWindow
CreateWindowExW
GetClassInfoExW
RegisterClassExW
UnregisterClassW
CallWindowProcW
DefWindowProcW
SendMessageTimeoutW
SendMessageW
LockSetForegroundWindow
GetMessagePos
RegisterWindowMessageW
WaitForInputIdle
GetClientRect
InvalidateRect
GetMonitorInfoW
MonitorFromRect
OffsetRect
GetWindowRect
ReleaseDC
GetWindowDC
GetDC
IsWindowVisible
GetWindowThreadProcessId
GetMessageW
TranslateMessage
DispatchMessageW
PeekMessageW
BringWindowToTop
CharNextW
UpdateLayeredWindow
GetCursorPos
PostMessageW
GetSystemMetrics
IsWindow

gdi32

GetPixel
CreateFontW
CreateDIBSection
SelectObject
GetStockObject
DeleteObject
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
GetTextMetricsW
GetObjectA
GetObjectW
SetViewportOrgEx
GetDeviceCaps
CreateRectRgnIndirect

advapi32

ConvertSidToStringSidW
CryptReleaseContext
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
GetTokenInformation
GetSidSubAuthority
OpenProcessToken
RegCreateKeyA
RegQueryInfoKeyW
RegQueryValueExA
CryptAcquireContextA
CryptGenRandom
RegEnumKeyExA
RegOpenKeyExA

shell32

ord680
SHGetFolderPathW
SHGetSpecialFolderPathW
ord165

ole32

CoTaskMemFree
CoUninitialize
CoInitialize
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CreateStreamOnHGlobal

oleaut32

DispCallFunc
SafeArrayPutElement
VarUI4FromStr
VarBstrCmp
VariantCopy
SafeArrayGetVartype
SafeArrayCopy
SafeArrayUnlock
SafeArrayLock
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayDestroy
SafeArrayCreate
SysAllocStringByteLen
SysStringByteLen
VariantClear
VariantInit
SysFreeString
SysAllocString

shlwapi

SHDeleteValueA
ColorHLSToRGB
SHGetValueW
SHSetValueW
ord437
ColorRGBToHLS
StrStrIA
StrStrIW
StrCmpIW
wnsprintfW
PathAddBackslashW
PathAppendW
PathCombineW
PathFileExistsW
PathFindFileNameW
PathRemoveFileSpecW
SHGetValueA
SHSetValueA

gdiplus

GdipResetClip
GdipCreateFontFromLogfontA
GdipDeleteFont
GdipGetFontHeight
GdipCreateFontFromDC
GdipCreateFont
GdipDeleteFontFamily
GdipCloneFontFamily
GdipNewPrivateFontCollection
GdipDeletePrivateFontCollection
GdipGetFontCollectionFamilyList
GdipSetStringFormatLineAlign
GdipSetClipRectI
GdipFillRectangle
GdipDrawEllipseI
GdipDrawRectangleI
GdipDrawLineI
GdipDrawLine
GdipRotateWorldTransform
GdipSetStringFormatAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdipMeasureString
GdipDrawString
GdipPrivateAddMemoryFont
GdipTranslateWorldTransform
GdipResetWorldTransform
GdipSetTextRenderingHint
GdipGetPixelOffsetMode
GdipGetSmoothingMode
GdipCreateFromHWND
GdipCreateFromHDC
GdipBitmapGetPixel
GdipSetPenDashOffset
GdipSetPenDashStyle
GdipSetPenWidth
GdipCreatePen1
GdipSetLinePresetBlend
GdipCreateLineBrushFromRectI
GdipCreateLineBrushFromRect
GdipAddPathEllipseI
GdipAddPathRectangleI
GdipAddPathArcI
GdipAddPathLineI
GdipClosePathFigure
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipDrawImageRectRectI
GdipDrawImagePointRectI
GdipDrawImageRectI
GdipFillPath
GdipFillRectangleI
GdipDrawPath
GdipSetInterpolationMode
GdipSetPixelOffsetMode
GdipSetSmoothingMode
GdipDeleteGraphics
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdipCreateBitmapFromStream
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipSaveImageToFile
GdipDisposeImage
GdipCloneImage
GdipDeletePen
GdipCreatePen2
GdipSetPathGradientGammaCorrection
GdipResetPath
GdipGetPathGradientPointCount
GdipSetPathGradientCenterPoint
GdipSetPathGradientSurroundColorsWithCount
GdipSetPathGradientCenterColor
GdipCreatePathGradientFromPath
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdipGetPathWorldBoundsI
GdipAddPathPie
GdipAddPathArc
GdipAddPathLine2
GdipAddPathLine
GdipDeletePath
GdipCreatePath
GdipFree
GdipAlloc
GdipBitmapSetPixel

ntdll

RtlDllShutdownInProgress

psapi

GetModuleFileNameExW

imm32

ImmDisableIME

wininet

InternetGetConnectedState
InternetCrackUrlA

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

userenv

GetUserProfileDirectoryW

dnsapi

DnsFree
DnsQuery_A

ws2_32

inet_ntoa
htons
htonl
ntohl
ntohs

msvcrt

_CIsqrt
floor
_wtoi
realloc
wcstoul
srand
rand
_atoi64
strpbrk
wcsftime
_mbscspn
_mbsicmp
_mbsspn
modf
_mktime64
??0exception@@QAE@XZ
_CIcos
__RTDynamicCast
_wtoi64
__p___argc
__p___wargv
__uncaught_exception
___mb_cur_max_func
__pctype_func
___lc_codepage_func
___lc_handle_func
_wfsopen
atoi
??3@YAXPAX@Z
memcmp
_amsg_exit
__wgetmainargs
__setusermatherr
_initterm
__p__commode
_strlwr
strncat
strncpy
isprint
_CIexp
__CxxFrameHandler
__DestructExceptionObject
iswctype
_wcslwr
_iob
_gmtime64
memset
_lseeki64
_lock
_unlock
_ismbblead
_wcstoui64
memmove
fwrite
_msize
__set_app_type
_wcmdln
_control87
_XcptFilter
_fmode
_isatty
_fileno
mbtowc
strrchr
memcpy
_CIlog10
ceil
_clearfp
?terminate@@YAXXZ
_CIsin
memchr
_CxxThrowException
_CIpow
localeconv
setlocale
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@ABQBD@Z
_time64
_beginthreadex
ldexp
frexp
ungetc
setvbuf
fseek
fsetpos
fgetpos
fgetc
fflush
fclose
_ismbcspace
strcspn
_wcsnicmp
_wcsicmp
wcsspn
wcscspn
wcsstr
wcschr
strchr
tolower
isspace
isdigit
strtol
strtod
abort
wcstol
malloc
free
calloc
_errno
??_V@YAXPAX@Z
??_U@YAPAXI@Z
??2@YAPAXI@Z
fputc
fread

msvcp60

_Tolower
_Toupper
_Mbrtowc
_Wcrtomb
_Getctype
_Getcoll

Sections

.text
Size: 925KB - Virtual size: 925KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 203KB - Virtual size: 203KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 291KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4a9ba3a4d89ba59ce8649e532f6e115a

Code Sign

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

73:09:80:91:ab:52:0b:92:b7:82:5c:b8:49:3b:55:dcCertificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

1a:83:d1:eb:e6:52:c6:d2:33:ea:98:6b:44:0e:49:4e:01:68:f5:07:86:42:19:a9:77:b4:d7:e8:52:cf:bf:2aSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

gdiplus

ntdll

psapi

imm32

wininet

version

userenv

dnsapi

ws2_32

msvcrt

msvcp60

Sections

.text Size: 925KB - Virtual size: 925KB

.rdata Size: 203KB - Virtual size: 203KB

.data Size: 22KB - Virtual size: 291KB

.rsrc Size: 1.0MB - Virtual size: 1.0MB

.reloc Size: 42KB - Virtual size: 41KB

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

73:09:80:91:ab:52:0b:92:b7:82:5c:b8:49:3b:55:dc
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

1a:83:d1:eb:e6:52:c6:d2:33:ea:98:6b:44:0e:49:4e:01:68:f5:07:86:42:19:a9:77:b4:d7:e8:52:cf:bf:2a
Signer

.text
Size: 925KB - Virtual size: 925KB

.rdata
Size: 203KB - Virtual size: 203KB

.data
Size: 22KB - Virtual size: 291KB

.rsrc
Size: 1.0MB - Virtual size: 1.0MB

.reloc
Size: 42KB - Virtual size: 41KB