f98b14cdb0359762fa8db13f627d00a31d28bcc61fa7cf69e9430967c1b0c5a8N

Sharing

Copy URL Twitter E-mail

General

Target

f98b14cdb0359762fa8db13f627d00a31d28bcc61fa7cf69e9430967c1b0c5a8N
Size

2.6MB
MD5

16aac18c9d83535e42cc6b5b6654d3b0
SHA1

8aabc34a81d12ffebd1d3d66781af3756437ba72
SHA256

f98b14cdb0359762fa8db13f627d00a31d28bcc61fa7cf69e9430967c1b0c5a8
SHA512

a8a22eefe442656ac5e7b8e36b5f4ce842318d4f0ec760a33f23fe356ce89c6c8292345bd272beb56935c794b53f6c51621263501abc677d8cbc5503d884be16
SSDEEP

24576:45FoH/ztvgZVgswYFuGq8zBZLXt9pBZabl65W2DuNlnmnMIlL2Yc4abIZdWFzE1j:WZV757LzBZL7MnmnM4atqZdd1v+0Krbo

Score

1^/10

Malware Config

Signatures

Files

f98b14cdb0359762fa8db13f627d00a31d28bcc61fa7cf69e9430967c1b0c5a8N
.exe windows:5 windows x86 arch:x86

93a3aec2a7684e24671d873caf0bd3aa

Code Sign

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

29/10/2015, 11:30

Not After

09/06/2027, 11:30

Subject

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1f:6c:30:da:6e:cd:32:75:62:86:c1:35:2c:61:60:82
Certificate

Issuer

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/03/2021, 12:33

Not After

19/03/2022, 12:33

Subject

CN=Open Source Developer\, Noriyuki Miyazaki,O=Open Source Developer,ST=Hokkaido,C=JP,1.2.840.113549.1.9.1=#0c196869796f6869796f406372797374616c6d61726b2e696e666f

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

f1:64:25:8c:09:b6:e2:7b:e2:0e:32:60:8e:4b:f4:a8
Certificate

Issuer

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

19/05/2021, 05:42

Not After

18/05/2032, 05:42

Subject

CN=Certum Timestamp 2021,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

31/05/2021, 06:43

Not After

17/09/2029, 06:43

Subject

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

29/10/2015, 11:30

Not After

09/06/2027, 11:30

Subject

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1f:6c:30:da:6e:cd:32:75:62:86:c1:35:2c:61:60:82
Certificate

Issuer

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/03/2021, 12:33

Not After

19/03/2022, 12:33

Subject

CN=Open Source Developer\, Noriyuki Miyazaki,O=Open Source Developer,ST=Hokkaido,C=JP,1.2.840.113549.1.9.1=#0c196869796f6869796f406372797374616c6d61726b2e696e666f

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

f1:64:25:8c:09:b6:e2:7b:e2:0e:32:60:8e:4b:f4:a8
Certificate

Issuer

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

19/05/2021, 05:42

Not After

18/05/2032, 05:42

Subject

CN=Certum Timestamp 2021,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

31/05/2021, 06:43

Not After

17/09/2029, 06:43

Subject

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

a5:84:10:f6:bb:76:8b:19:c8:e0:7f:37:f3:34:7b:e7:c6:cd:17:ef:b4:a9:91:f8:9d:c4:8e:5d:4c:99:07:31
Signer

Actual PE Digest

a5:84:10:f6:bb:76:8b:19:c8:e0:7f:37:f3:34:7b:e7:c6:cd:17:ef:b4:a9:91:f8:9d:c4:8e:5d:4c:99:07:31

Digest Algorithm

sha256

PE Digest Matches

false

47:2a:d0:46:69:6f:d0:c5:e4:4d:9f:a6:b3:2f:24:6d:07:c5:49:46
Signer

Actual PE Digest

47:2a:d0:46:69:6f:d0:c5:e4:4d:9f:a6:b3:2f:24:6d:07:c5:49:46

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileTime
SystemTimeToTzSpecificLocalTime
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetFileAttributesExW
GetFileAttributesW
FileTimeToLocalFileTime
LoadLibraryExA
WriteConsoleW
SetEnvironmentVariableW
GetEnvironmentStringsW
FindFirstFileExW
SetFilePointerEx
ReadConsoleW
GetConsoleMode
GetConsoleOutputCP
LCMapStringW
GetTimeFormatW
GetDateFormatW
EnumSystemLocalesW
IsValidLocale
GetOEMCP
IsValidCodePage
GetStringTypeW
GetCPInfo
ExitProcess
GetStdHandle
HeapQueryInformation
GetFileType
SetStdHandle
GetModuleHandleExW
GetCommandLineA
VirtualQuery
GetSystemInfo
RtlUnwind
OutputDebugStringW
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
GlobalFlags
FileTimeToSystemTime
LocalReAlloc
LocalAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSection
GetThreadLocale
DuplicateHandle
UnlockFile
SetEndOfFile
LockFile
GetFullPathNameW
GetFileSize
FlushFileBuffers
CreateEventW
SetEvent
GetCurrentProcessId
lstrcmpA
GetCurrentThread
CompareStringW
GlobalFindAtomW
GlobalAddAtomW
GlobalDeleteAtom
LoadLibraryA
FreeLibrary
GetSystemDirectoryW
GetCurrentThreadId
EncodePointer
FormatMessageW
MulDiv
LocalFree
GlobalFree
GetModuleHandleA
SetLastError
OutputDebugStringA
GetACP
LoadLibraryW
DefineDosDeviceW
VirtualFree
VirtualAlloc
ReadFile
SetFilePointer
GetDriveTypeW
MultiByteToWideChar
DeviceIoControl
VerifyVersionInfoW
VerSetConditionMask
GetProcessHeap
DeleteCriticalSection
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
HeapSize
HeapFree
GetWindowsDirectoryW
GetCurrentProcess
GetFileSizeEx
FindClose
FindNextFileW
FindFirstFileW
lstrlenW
lstrcmpW
VirtualProtect
LoadLibraryExW
GetTimeZoneInformation
GetModuleHandleW
GetProcAddress
GetTickCount
GetVolumeInformationW
GetDiskFreeSpaceExW
WideCharToMultiByte
GlobalUnlock
GlobalLock
GlobalAlloc
WriteFile
CreateFileW
GetExitCodeProcess
WaitForSingleObject
CreateProcessW
GetComputerNameW
GetLocalTime
DeleteFileW
GetTempPathW
CloseHandle
ReleaseMutex
GetVersionExW
CreateDirectoryW
GetPrivateProfileStringW
CreateMutexW
Sleep
GetCommandLineW
WritePrivateProfileStringW
GetPrivateProfileIntW
GetModuleFileNameW
SetErrorMode
GetUserDefaultLCID
FindResourceW
LoadResource
LockResource
SizeofResource
LeaveCriticalSection
EnterCriticalSection
GetLastError
FreeEnvironmentStringsW
InitializeCriticalSectionAndSpinCount

user32

SetCapture
MapDialogRect
RealChildWindowFromPoint
GetSysColorBrush
WindowFromPoint
CharUpperW
ClientToScreen
GetWindowDC
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
TranslateMessage
GetMessageW
RegisterClipboardFormatW
PostQuitMessage
LoadBitmapW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
GetMonitorInfoW
WinHelpW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetLastActivePopup
GetTopWindow
GetClassNameW
GetClassLongW
PtInRect
EqualRect
GetSysColor
MapWindowPoints
ScreenToClient
MessageBoxW
AdjustWindowRectEx
RemovePropW
ReleaseCapture
RedrawWindow
ValidateRect
EndPaint
BeginPaint
GetForegroundWindow
UpdateWindow
SetMenu
GetMenu
GetCapture
GetKeyState
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
InvalidateRect
EnableWindow
RegisterWindowMessageW
GetWindowPlacement
IsChild
IsMenu
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
CallWindowProcW
DefWindowProcW
GetMessageTime
GetMessagePos
PeekMessageW
DispatchMessageW
IsDialogMessageW
GetWindow
GetWindowTextLengthW
SetWindowTextW
GetFocus
SetFocus
GetDlgCtrlID
PostThreadMessageW
IntersectRect
CharNextW
CopyAcceleratorTableW
InvalidateRgn
SetRect
IsRectEmpty
GetNextDlgGroupItem
MessageBeep
GetPropW
LoadIconW
DestroyMenu
UnregisterDeviceNotification
EnumWindows
GetWindowTextW
GetWindowThreadProcessId
PostMessageW
IsIconic
SendMessageW
GetSystemMetrics
DrawIcon
GetSubMenu
CheckMenuRadioItem
IsWindowVisible
CheckMenuItem
DrawMenuBar
GetMenuState
GetWindowRect
WaitForInputIdle
KillTimer
SetTimer
SystemParametersInfoW
SetForegroundWindow
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
RegisterDeviceNotificationW
MonitorFromRect
LoadImageW
GetCursorPos
TrackPopupMenu
CreatePopupMenu
CreateMenu
InsertMenuItemW
wsprintfW
ModifyMenuW
EnableMenuItem
RemoveMenu
AppendMenuW
SetScrollRange
GetClientRect
GetScrollPos
SetScrollPos
SetWindowContextHelpId
CopyRect
SetCursor
LoadCursorW
SetWindowPos
MoveWindow
ShowWindow
GetDesktopWindow
SetActiveWindow
IsWindowEnabled
GetActiveWindow
GetNextDlgTabItem
GetDlgItem
EndDialog
CreateDialogIndirectParamW
DestroyWindow
IsWindow
GetMenuItemCount
GetMenuItemID
GetParent
OffsetRect
SetRectEmpty
SendDlgItemMessageA
AdjustWindowRect
GetWindowInfo
UnregisterClassW
FrameRect
PrintWindow
GetWindowLongW
SetWindowLongW
TranslateAcceleratorW
LoadAcceleratorsW
MonitorFromWindow
ReleaseDC
GetDC
SetPropW
FillRect

gdi32

OffsetViewportOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
GetMapMode
GetRgnBox
SetWindowExtEx
SetViewportOrgEx
SetViewportExtEx
ExtTextOutW
TextOutW
ExtSelectClipRgn
SaveDC
RestoreDC
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
GetStockObject
GetClipBox
Escape
CreateRectRgnIndirect
CreateBitmap
SetBkColor
GetPixel
CreatePatternBrush
GetBkColor
GetTextColor
CreateSolidBrush
CreateFontIndirectW
GetTextExtentPoint32W
SetTextColor
LineTo
MoveToEx
CreatePen
GetDeviceCaps
CreateCompatibleBitmap
SetBitmapBits
GetBitmapBits
DeleteDC
SetMapMode
GetObjectW
BitBlt
EnumFontFamiliesExW
CreateCompatibleDC
CreateDIBSection
SetBkMode
DeleteObject
SelectObject
SetDIBColorTable

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

advapi32

RegSetValueExW
RegCloseKey
RegDeleteValueW
RegOpenKeyExW
RegQueryValueExW
OpenSCManagerW
OpenServiceW
CloseServiceHandle
RegEnumValueW
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
QueryServiceStatus
DeregisterEventSource
ReportEventW
RegisterEventSourceW
StartServiceW
RegCreateKeyExW

shell32

ShellExecuteW
ord680
Shell_NotifyIconW
CommandLineToArgvW

comctl32

_TrackMouseEvent
ImageList_ReplaceIcon
InitCommonControlsEx

shlwapi

PathFindExtensionW
UrlCreateFromPathW
PathFindFileNameW
PathRemoveFileSpecW
PathIsUNCW
PathStripToRootW
SHDeleteKeyW

uxtheme

SetWindowTheme

ole32

CoGetClassObject
CLSIDFromString
CoRevokeClassObject
CoInitialize
OleUninitialize
OleInitialize
CoFreeUnusedLibraries
CoCreateGuid
CoTaskMemFree
CoTaskMemAlloc
CoInitializeSecurity
CoSetProxyBlanket
CoCreateInstance
CoUninitialize
CoInitializeEx
OleFlushClipboard
OleIsCurrentClipboard
CoRegisterMessageFilter
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CreateILockBytesOnHGlobal
CLSIDFromProgID

oleaut32

SysAllocStringLen
VariantChangeType
VariantCopy
LoadRegTypeLi
DispCallFunc
SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayCreate
SafeArrayDestroy
VariantClear
SafeArrayGetElemsize
SafeArrayAccessData
SafeArrayUnaccessData
OleCreateFontIndirect
SafeArrayGetElement
SysFreeString
SysAllocString
VariantInit

gdiplus

GdipSetInterpolationMode
GdipDrawImageRectI
GdipCreateBitmapFromHBITMAP
GdipSaveImageToFile
GdipGetImageEncodersSize
GdipGetImageEncoders
GdiplusStartup
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFile
GdipGetImagePalette
GdipFree
GdipAlloc
GdipDisposeImage
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCreateFromHDC
GdipDrawImageI
GdipCloneImage
GdiplusShutdown

winmm

mciSendCommandW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

cfgmgr32

CM_Get_Device_IDW

setupapi

SetupDiEnumDeviceInfo
SetupDiGetClassDevsW

wintrust

WinVerifyTrust
WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain
WTHelperGetProvCertFromChain

crypt32

CertGetNameStringW

oleacc

LresultFromObject
CreateStdAccessibleObject

Sections

.text
Size: 756KB - Virtual size: 755KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 236KB - Virtual size: 236KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

93a3aec2a7684e24671d873caf0bd3aa

Code Sign

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2Certificate

Extended Key Usages

Key Usages

1f:6c:30:da:6e:cd:32:75:62:86:c1:35:2c:61:60:82Certificate

Extended Key Usages

Key Usages

f1:64:25:8c:09:b6:e2:7b:e2:0e:32:60:8e:4b:f4:a8Certificate

Extended Key Usages

Key Usages

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87Certificate

Extended Key Usages

Key Usages

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27Certificate

Key Usages

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2Certificate

Extended Key Usages

Key Usages

1f:6c:30:da:6e:cd:32:75:62:86:c1:35:2c:61:60:82Certificate

Extended Key Usages

Key Usages

f1:64:25:8c:09:b6:e2:7b:e2:0e:32:60:8e:4b:f4:a8Certificate

Extended Key Usages

Key Usages

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87Certificate

Extended Key Usages

Key Usages

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27Certificate

Key Usages

a5:84:10:f6:bb:76:8b:19:c8:e0:7f:37:f3:34:7b:e7:c6:cd:17:ef:b4:a9:91:f8:9d:c4:8e:5d:4c:99:07:31Signer

47:2a:d0:46:69:6f:d0:c5:e4:4d:9f:a6:b3:2f:24:6d:07:c5:49:46Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

gdiplus

winmm

version

cfgmgr32

setupapi

wintrust

crypt32

oleacc

Sections

.text Size: 756KB - Virtual size: 755KB

.rdata Size: 236KB - Virtual size: 236KB

.data Size: 14KB - Virtual size: 56KB

.rsrc Size: 1.5MB - Virtual size: 1.5MB

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2
Certificate

1f:6c:30:da:6e:cd:32:75:62:86:c1:35:2c:61:60:82
Certificate

f1:64:25:8c:09:b6:e2:7b:e2:0e:32:60:8e:4b:f4:a8
Certificate

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2
Certificate

1f:6c:30:da:6e:cd:32:75:62:86:c1:35:2c:61:60:82
Certificate

f1:64:25:8c:09:b6:e2:7b:e2:0e:32:60:8e:4b:f4:a8
Certificate

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

a5:84:10:f6:bb:76:8b:19:c8:e0:7f:37:f3:34:7b:e7:c6:cd:17:ef:b4:a9:91:f8:9d:c4:8e:5d:4c:99:07:31
Signer

47:2a:d0:46:69:6f:d0:c5:e4:4d:9f:a6:b3:2f:24:6d:07:c5:49:46
Signer

.text
Size: 756KB - Virtual size: 755KB

.rdata
Size: 236KB - Virtual size: 236KB

.data
Size: 14KB - Virtual size: 56KB

.rsrc
Size: 1.5MB - Virtual size: 1.5MB