9aacffe08f5bf96a8e96214021094a80N

Sharing

Copy URL

Twitter E-mail

General

Target

9aacffe08f5bf96a8e96214021094a80N
Size

1.5MB
MD5

9aacffe08f5bf96a8e96214021094a80
SHA1

65d2569e8dafc1cf990c8c2d4605078980630847
SHA256

9019cb133061aa1cbc767b73f22d01bae3d2241978557cea4889fc484e9719f0
SHA512

a40219316089558b3d8c38c4ec3220e593818df0feef9ef505662baf818bd6f2c16d081f8b40c10142e22e500d4cf8b63a58b386cb3f23b321eda12af911df07
SSDEEP

6144:YFjeFW6wiDwJ8pFAhp7Lyf/8c/28AH7O8zu/Ab2:YFj36NpFAXW8cOs

Score

1^/10

Malware Config

Signatures

Files

9aacffe08f5bf96a8e96214021094a80N
.dll windows:3 windows x86 arch:x86

1fff8ad4189b02bcef3a181072f6b4f8

Code Sign

4a:7f:07:c5:d4:ad:2e:23:f9:e8:e0:3f:0e:22:9d:d4
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23-12-2020 00:00

Not After

23-12-2021 23:59

Subject

CN=Danalis LLC,O=Danalis LLC,POSTALCODE=117321,STREET=d. 132 korp. 1 kv. 45\, ul. Profsoyuznaya,L=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01-01-2004 00:00

Not After

31-12-2028 23:59

Subject

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12-03-2019 00:00

Not After

31-12-2028 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-11-2018 00:00

Not After

31-12-2030 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4c:35:0f:c2:da:31:00:ad:67:68:df:72:fe:63:df:8e:75:00:25:15
Signer

Actual PE Digest

4c:35:0f:c2:da:31:00:ad:67:68:df:72:fe:63:df:8e:75:00:25:15

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleW
LoadLibraryA
GetProcAddress
GetLastError
FreeLibrary
LocalAlloc
RaiseException
LoadLibraryExW
GetSystemDirectoryW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoA
InterlockedCompareExchange
Sleep
InterlockedExchange
GetProcessHeap
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
VirtualProtect
IsBadWritePtr
FormatMessageW
GetTickCount
CreateThread
CloseHandle
HeapDestroy
lstrlenA
OutputDebugStringA
GetModuleFileNameW
SetLastError
lstrlenW
InitializeCriticalSection
DeleteCriticalSection
GetCurrentThreadId
MultiByteToWideChar
GetModuleHandleA
LoadLibraryW
GetFileAttributesW
GetVersion
LeaveCriticalSection
EnterCriticalSection
FlushInstructionCache
GetCurrentProcess
WriteFileEx
GetConsoleAliasesLengthW
EnumLanguageGroupLocalesW
RtlFillMemory
GetOverlappedResult
EnumCalendarInfoExW
WritePrivateProfileStructA
GetTempFileNameA
GetLocalTime
GetDevicePowerState
SetupComm
GetSystemWindowsDirectoryA
GetSystemInfo
GetProcessHeaps
UnregisterWaitEx
GetLongPathNameA
SetNamedPipeHandleState
GlobalAlloc
SetCommMask
GetBinaryTypeW
WaitForSingleObject
ReleaseMutex
EnumSystemCodePagesA
ContinueDebugEvent
Heap32ListNext
EnumDateFormatsW
SetStdHandle
GetTimeFormatW
GetThreadContext
TerminateThread
ExitProcess
MoveFileWithProgressA
CreateWaitableTimerA
SetComputerNameA
DeleteVolumeMountPointW
SetConsoleCursor
FillConsoleOutputCharacterW
GetProcessAffinityMask
BackupWrite
CompareStringW

user32

LoadCursorA
LoadIconA
EnumClipboardFormats
GetSystemMetrics
SendMessageW
SetWindowPos
GetDlgCtrlID
RegisterClassExA
GetClassInfoExA
CreateWindowExW
GetMessagePos
wsprintfA
SetCursor
DefWindowProcA
CallWindowProcA
DestroyWindow
GetNextDlgTabItem
GetDlgItem
ShowWindow
CreateDialogParamW
DialogBoxParamW
LoadImageA
TranslateMessage
GetMessageA
PeekMessageA
EnableWindow
CheckRadioButton
IsDialogMessageA
PostQuitMessage
IsWindow
GetActiveWindow
LoadStringW
MessageBoxW
PostMessageA
SendDlgItemMessageA
SetDlgItemTextW
SendMessageA
IsDlgButtonChecked
CheckDlgButton
GetWindowLongA
SetWindowLongA
EndDialog
GetParent
GetWindow
GetWindowRect
SystemParametersInfoA
GetClientRect
DispatchMessageA
MapWindowPoints
ScreenToClient
CharToOemW
DrawStateW
SetWindowWord
MessageBoxIndirectA
SwitchToThisWindow

gdi32

RealizePalette
GetCharABCWidthsI
ExtCreateRegion
GetTextExtentExPointA
StartPage

advapi32

GetUserNameA
RegOpenKeyA
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegQueryValueExA
RegSetValueExA
RegCloseKey

shell32

DuplicateIcon
DoEnvironmentSubstA
CommandLineToArgvW
SHFileOperationA
SHGetFolderLocation
DragAcceptFiles
SHLoadNonloadedIconOverlayIdentifiers
SHFreeNameMappings
ShellAboutA
ShellExecuteA
ExtractIconW
DragQueryFile
FindExecutableA
SHGetPathFromIDListA
SHEmptyRecycleBinW

shlwapi

StrRChrA
StrChrW

Sections

.text
Size: 990KB - Virtual size: 989KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text7
Size: 512B - Virtual size: 10B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text6
Size: 512B - Virtual size: 10B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text5
Size: 512B - Virtual size: 10B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text4
Size: 512B - Virtual size: 10B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text3
Size: 512B - Virtual size: 10B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text2
Size: 512B - Virtual size: 10B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 704B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 502KB - Virtual size: 502KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1fff8ad4189b02bcef3a181072f6b4f8

Code Sign

4a:7f:07:c5:d4:ad:2e:23:f9:e8:e0:3f:0e:22:9d:d4Certificate

Extended Key Usages

Key Usages

01Certificate

Key Usages

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95Certificate

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

4c:35:0f:c2:da:31:00:ad:67:68:df:72:fe:63:df:8e:75:00:25:15Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

shlwapi

Sections

.text Size: 990KB - Virtual size: 989KB

.text7 Size: 512B - Virtual size: 10B

.text6 Size: 512B - Virtual size: 10B

.text5 Size: 512B - Virtual size: 10B

.text4 Size: 512B - Virtual size: 10B

.text3 Size: 512B - Virtual size: 10B

.text2 Size: 512B - Virtual size: 10B

.rdata Size: 1024B - Virtual size: 704B

.data Size: 502KB - Virtual size: 502KB

.reloc Size: 1KB - Virtual size: 1KB

4a:7f:07:c5:d4:ad:2e:23:f9:e8:e0:3f:0e:22:9d:d4
Certificate

01
Certificate

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

4c:35:0f:c2:da:31:00:ad:67:68:df:72:fe:63:df:8e:75:00:25:15
Signer

.text
Size: 990KB - Virtual size: 989KB

.text7
Size: 512B - Virtual size: 10B

.text6
Size: 512B - Virtual size: 10B

.text5
Size: 512B - Virtual size: 10B

.text4
Size: 512B - Virtual size: 10B

.text3
Size: 512B - Virtual size: 10B

.text2
Size: 512B - Virtual size: 10B

.rdata
Size: 1024B - Virtual size: 704B

.data
Size: 502KB - Virtual size: 502KB

.reloc
Size: 1KB - Virtual size: 1KB