2addc32790a7d2d2708774956db642e6d7042b075c2e00849b4982696ce7eccd

Sharing

Copy URL

Twitter E-mail

General

Target

2addc32790a7d2d2708774956db642e6d7042b075c2e00849b4982696ce7eccd
Size

1.0MB
MD5

d4450642884f7c2b9bdd8fe967807c43
SHA1

16080047596591b95878f657a92a70ddb0b16c04
SHA256

2addc32790a7d2d2708774956db642e6d7042b075c2e00849b4982696ce7eccd
SHA512

6f9a26d57b8275e7bb43d3641ff252122e54487d993b8a494d56f7d6417260a8e3380ea3914d6b19fdc74bbc16b163cfba357a5946aeb75154187d1bfa811c8e
SSDEEP

12288:ZPqflDDoYeMGKAJ5BGv7B2wX6EQ2XbhYoKw:V006ADo12GNbRKw

Score

1^/10

Malware Config

Signatures

Files

2addc32790a7d2d2708774956db642e6d7042b075c2e00849b4982696ce7eccd
.exe windows:1 windows x86 arch:x86

2a059f771e6277fa3e231f73c52a3c9b

Code Sign

6f:ea:f3:0e:71:a0:c1:5a:be:e1:dd:c5:62:e1:9d:43
Certificate

Issuer

CN=ESTPLXUCPOJUUZYPPZ

Not Before

14-11-2020 05:50

Not After

31-12-2039 23:59

Subject

CN=ESTPLXUCPOJUUZYPPZ

Extended Key Usages

ExtKeyUsageCodeSigning

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23-10-2020 00:00

Not After

22-01-2032 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e4:22:3c:6f:fe:1e:fe:52:d4:06:e2:13:e9:48:a9:96:a0:d3:fe:47:49:69:39:6d:ce:32:a0:65:87:b8:b0
Signer

Actual PE Digest

45:e4:22:3c:6f:fe:1e:fe:52:d4:06:e2:13:e9:48:a9:96:a0:d3:fe:47:49:69:39:6d:ce:32:a0:65:87:b8:b0

Digest Algorithm

sha256

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
VirtualAllocEx
GetModuleHandleA
CloseHandle
CreateEventA
CreateFileA
DeviceIoControl
GetCurrentProcess
GetCurrentThread
GetDriveTypeA
GetVersionExA
ResetEvent
SetPriorityClass
SetThreadPriority
WaitForSingleObject
SetConsoleTextAttribute
SetLocaleInfoW
FindAtomA
HeapAlloc
Heap32ListNext
GetFileSizeEx
VirtualQuery
GetTempPathW
GlobalLock
GetPriorityClass
GetEnvironmentStrings
GetPrivateProfileSectionA
GetProcessIoCounters
OpenJobObjectW
VerifyVersionInfoA
GetProcessWorkingSetSize
GetCommConfig
GetFileAttributesW
DebugActiveProcess
SetWaitableTimer
ConvertThreadToFiber
FindFirstFileA
GlobalReAlloc
TlsAlloc
SleepEx
GetNumberFormatW
GetDateFormatW
GetEnvironmentVariableW
InterlockedDecrement
GlobalFree
GetVersionExW
SizeofResource
LockResource
LoadResource
SetCurrentDirectoryW
CreateMutexW
FindResourceW
WritePrivateProfileSectionW
GetPrivateProfileStringW
WritePrivateProfileStringA
WritePrivateProfileStringW
MultiByteToWideChar
WideCharToMultiByte
ReleaseMutex
CreateEventW
GetUserDefaultUILanguage
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
CreateFileW
SetFilePointer
FlushFileBuffers
SetStdHandle
InitializeCriticalSection
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
LocalAlloc
FreeEnvironmentStringsA
GetConsoleMode
EnumResourceNamesW
GetStartupInfoA
GetFileType
SetHandleCount
LCMapStringW
LCMapStringA
GetStdHandle
WriteFile
VirtualAlloc
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
VirtualFree
HeapCreate
HeapDestroy
ExitProcess
HeapSize
Sleep
GetCurrentThreadId
SetLastError
TlsFree
TlsSetValue
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetStartupInfoW
GetProcessHeap
HeapReAlloc
HeapFree
RtlUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RaiseException
LoadLibraryA
InterlockedExchange
GetProcAddress
LoadLibraryW
FreeLibrary
DeleteFileW
CopyFileW
OpenProcess
GetLongPathNameW
ExpandEnvironmentStringsW
FindFirstFileW
FindNextFileW
FindClose
GlobalAlloc
GlobalUnlock
InterlockedIncrement
GetModuleFileNameA
MulDiv
TerminateThread
ReadFile
LoadLibraryExW
GetTempFileNameW
GetSystemTime
GetConsoleCP
LocalFree
GetModuleFileNameW
GetTickCount
FreeEnvironmentStringsW
CreateThread
WinExec
GetModuleHandleW
lstrlenW
CompareStringW
HeapSetInformation

user32

DestroyIcon
GetMessageTime
GetCaretBlinkTime
CloseWindowStation
IsCharUpperA
GetCursor
GetCapture
GetMenuContextHelpId
IsCharAlphaNumericW
VkKeyScanA
ReleaseCapture
CharUpperA
DrawMenuBar
GetActiveWindow
IsCharAlphaNumericA
LoadIconA
FlashWindow
OpenIcon
DrawTextExW
CreateIcon
LoadMenuIndirectW
EnumDisplaySettingsExA
ModifyMenuA
WaitForInputIdle
SetDeskWallpaper
GetKeyNameTextW
SetUserObjectSecurity
GetMonitorInfoA
CreateMDIWindowW
EnumWindows
DrawFrame
EnumThreadWindows
BeginPaint
EnumClipboardFormats
OpenClipboard
CheckRadioButton
InsertMenuA
DlgDirListComboBoxW
GetProcessWindowStation
OpenWindowStationW
GetTabbedTextExtentA
TileChildWindows
CallWindowProcA
AppendMenuA
FrameRect
GetWindowWord
AllowSetForegroundWindow
TileWindows
CopyIcon
RegisterHotKey
OpenInputDesktop
CreateWindowExA
FillRect
SetFocus
FindWindowA
PostQuitMessage
InvalidateRect
CloseDesktop
CreateMenu
GetInputState
GetInputDesktop
ChangeDisplaySettingsExW
CreatePopupMenu
DispatchMessageW
LoadIconW
LoadCursorW
RemovePropW
SetWindowPlacement
IsZoomed
GetWindowPlacement
IsIconic
SetPropW
GetPropW
ShowWindow
SetForegroundWindow
GetForegroundWindow
ShowOwnedPopups
PostMessageW
SetTimer
MoveWindow
MapWindowPoints
GetWindowRect
PtInRect
GetWindowLongW
GetAncestor
EnumChildWindows
UpdateLayeredWindow
SetActiveWindow
DestroyMenu
KillTimer
GetCursorPos
EnableWindow
GetDlgItem
SetRect
GetClassNameW
GetClientRect
GetWindowTextW
SetWindowTextW
SendMessageW
WindowFromPoint
GetAsyncKeyState
DialogBoxParamW
RedrawWindow
BringWindowToTop
GetTopWindow
MessageBoxW
UnregisterHotKey
EndDialog
DefWindowProcW
IsWindow
GetWindowThreadProcessId
TrackPopupMenu
CheckMenuItem
EnableMenuItem
AppendMenuW
SetCapture
SetWindowLongW
UnhookWindowsHookEx
DestroyWindow
RegisterShellHookWindow
SetWindowsHookExW
RegisterClipboardFormatW
CreateWindowExW
RegisterWindowMessageW
GetDC
ReleaseDC
GetWindowRgn
GetDesktopWindow
GetIconInfo
LookupIconIdFromDirectoryEx
CreateIconFromResourceEx
FindWindowW
SystemParametersInfoW
GetWindow
GetParent
SendDlgItemMessageW
IsWindowVisible
TranslateMessage
TranslateAcceleratorW
GetMessageW
LoadAcceleratorsW
LoadImageW
GetSystemMetrics
EnumDisplayMonitors
SetWindowPos
RegisterClassExW

gdi32

RealizePalette
GetTextCharacterExtra
CloseEnhMetaFile
SaveDC
CancelDC
GetTextColor
CloseMetaFile
DeleteColorSpace
GetGraphicsMode
CreatePatternBrush
GetStretchBltMode
GetDCPenColor
CreateHalftonePalette
FlattenPath
GetEnhMetaFileA
GetEnhMetaFileBits
GetStockObject
CreateSolidBrush
AddFontResourceA
SetEnhMetaFileBits
EngTransparentBlt
PlayEnhMetaFileRecord
CreatePalette
GetTextMetricsA
PATHOBJ_bEnum
EngGetCurrentCodePage
CreateEllipticRgn
STROBJ_bEnumPositionsOnly
GdiEntry10
CreateRectRgn
GetDeviceCaps
BitBlt
CreateCompatibleDC
CreateDIBSection
DeleteDC
SelectObject
DeleteObject
GetObjectW

comdlg32

GetSaveFileNameW
ChooseColorW
ChooseFontW
GetOpenFileNameW
CommDlgExtendedError

advapi32

RegOpenKeyW
RegQueryValueExA
RegQueryValueExW
RegCreateKeyW
RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegDeleteValueW
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor

shell32

SHGetFolderPathW
ShellHookProc
SHGetIconOverlayIndexA
SHGetSpecialFolderPathA
DragQueryPoint
SHGetDiskFreeSpaceExW
ExtractIconExA
SHGetPathFromIDListW
DoEnvironmentSubstW
SHGetIconOverlayIndexW
SHInvokePrinterCommandW
SHFileOperationW
DragFinish
ShellExecuteW
SHGetSpecialFolderLocation
SHBindToParent
SHGetDataFromIDListW
SHGetMalloc
SHGetSpecialFolderPathW
SHGetFileInfoW
ShellExecuteExW
SHBrowseForFolderW

ole32

OleInitialize
OleUninitialize
CreateStreamOnHGlobal
RegisterDragDrop
CoLockObjectExternal
ReleaseStgMedium
CoCreateInstance

shlwapi

StrRStrIA
StrChrIA
StrChrW
PathRemoveFileSpecW
PathRemoveFileSpecA
PathIsDirectoryW
PathSearchAndQualifyW
PathFileExistsW
StrRetToBufW

comctl32

ImageList_Create
ImageList_Add

msvcrt

_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
_controlfp

Sections

.text
Size: 346KB - Virtual size: 346KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 620KB - Virtual size: 619KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2a059f771e6277fa3e231f73c52a3c9b

Code Sign

6f:ea:f3:0e:71:a0:c1:5a:be:e1:dd:c5:62:e1:9d:43Certificate

Extended Key Usages

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6bCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

45:e4:22:3c:6f:fe:1e:fe:52:d4:06:e2:13:e9:48:a9:96:a0:d3:fe:47:49:69:39:6d:ce:32:a0:65:87:b8:b0Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

shlwapi

comctl32

msvcrt

Sections

.text Size: 346KB - Virtual size: 346KB

.rdata Size: 100KB - Virtual size: 99KB

.data Size: 620KB - Virtual size: 619KB

6f:ea:f3:0e:71:a0:c1:5a:be:e1:dd:c5:62:e1:9d:43
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

45:e4:22:3c:6f:fe:1e:fe:52:d4:06:e2:13:e9:48:a9:96:a0:d3:fe:47:49:69:39:6d:ce:32:a0:65:87:b8:b0
Signer

.text
Size: 346KB - Virtual size: 346KB

.rdata
Size: 100KB - Virtual size: 99KB

.data
Size: 620KB - Virtual size: 619KB