e9fe2ca0f4c935d2ab26c9131fd2852414aca726d80b78b1f3d51a588c885336N

Sharing

Copy URL

Twitter E-mail

General

Target

e9fe2ca0f4c935d2ab26c9131fd2852414aca726d80b78b1f3d51a588c885336N
Size

7.4MB
MD5

9cd3dc217ae85bb03f0caea1c2086f30
SHA1

34808a9bc80179d382424e30998850a8a67c3e29
SHA256

e9fe2ca0f4c935d2ab26c9131fd2852414aca726d80b78b1f3d51a588c885336
SHA512

1dcf3e0684e70be3ce835d78b3f4d34121223a2bcfc00cda6c788fe485b05e8a465c0658441d11a59d052fd09191ca04ee1e78d71d4075da1eb05276b3afbd5a
SSDEEP

196608:fWUSmp3ptqLZdSEmdP2qx5kURrqNVGCFe:fWUSmp3pHdO+dRrqNVGL

Score

1^/10

Malware Config

Signatures

Files

e9fe2ca0f4c935d2ab26c9131fd2852414aca726d80b78b1f3d51a588c885336N
.exe windows:6 windows x86 arch:x86

55fe43d28f77348988ec9a0e62f3f1ae

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

69:df:2d:39:b0:b1:dc:77:1a:c4:0a:b3
Certificate

Issuer

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

09/06/2023, 14:11

Not After

09/06/2026, 14:11

Subject

CN=IP Moskalev Ivan Sergeevich,O=IP Moskalev Ivan Sergeevich,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6a
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:45

Not After

08/05/2033, 07:45

Subject

CN=Globalsign TSA for CodeSign1 - R6,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

13:2c:d5:c4:cb:9a:fa:c7:03:25:00:73:d3:0d:f8:74:f2:8d:67:40:fb:ab:73:e8:f2:04:a3:72:72:0f:ce:16
Signer

Actual PE Digest

13:2c:d5:c4:cb:9a:fa:c7:03:25:00:73:d3:0d:f8:74:f2:8d:67:40:fb:ab:73:e8:f2:04:a3:72:72:0f:ce:16

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\work\kosmos\caramba-switcher-win\ReleaseCorporate\CarambaSwitcher.pdb

Imports

kernel32

ReleaseSRWLockShared
AcquireSRWLockShared
RtlCaptureContext
GetModuleHandleW
GetProcessHeap
DeleteCriticalSection
GetProcAddress
GetEnvironmentVariableW
FormatMessageW
CreateMutexA
LoadLibraryA
WaitForSingleObjectEx
GetConsoleMode
GetStdHandle
WriteConsoleW
TlsAlloc
GetModuleHandleA
TlsGetValue
TlsSetValue
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
GetVersionExW
GetCurrentProcess
SetEvent
CreateEventW
WaitForSingleObject
RegisterApplicationRecoveryCallback
SetUnhandledExceptionFilter
LoadLibraryExW
GlobalUnlock
lstrcmpiW
QueryFullProcessImageNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
DeleteFileW
EnumSystemLocalesW
IsValidLocale
GetFileSizeEx
GetConsoleOutputCP
SetStdHandle
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
RtlUnwind
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
IsDebuggerPresent
GetCurrentThread
UnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
LCMapStringEx
EncodePointer
GetSystemTimeAsFileTime
VerifyVersionInfoW
WideCharToMultiByte
FreeLibrary
VerSetConditionMask
GlobalLock
LoadLibraryW
RaiseException
CloseHandle
DecodePointer
HeapAlloc
HeapReAlloc
GetLastError
HeapSize
InitializeCriticalSectionEx
HeapFree
LocalFree
FindResourceW
SizeofResource
LoadResource
LockResource
GetCommandLineW
GlobalAlloc
Sleep
GetExitCodeThread
TryAcquireSRWLockExclusive
InitializeSRWLock
GetStringTypeW
SleepConditionVariableSRW
IsProcessorFeaturePresent
MultiByteToWideChar
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
GetFileInformationByHandleEx
AreFileApisANSI
OpenProcess
ApplicationRecoveryFinished
ReleaseMutex
GetCurrentThreadId
SetFileInformationByHandle
GetFileAttributesExW
FindFirstFileExW
GetLocaleInfoEx
VirtualFree
VirtualAlloc
GetStartupInfoW
GetCurrentProcessId
SetEnvironmentVariableW
ReadDirectoryChangesW
GetLongPathNameW
WriteFile
SetFilePointerEx
ReadFile
FlushFileBuffers
CreateDirectoryW
LCMapStringW
GetExitCodeProcess
TerminateProcess
SetConsoleCtrlHandler
SetConsoleCursorPosition
GetConsoleScreenBufferInfo
ReadConsoleW
ReadConsoleInputW
GetNumberOfConsoleInputEvents
UnregisterWait
RegisterWaitForSingleObject
QueueUserWorkItem
CreateFileA
GetFileType
GetCPInfo
lstrlenW
LocalSize
LocalAlloc
GetFileAttributesW
ExitProcess
UnmapViewOfFile
FlushViewOfFile
MapViewOfFile
CreateFileMappingW
SetFilePointer
SetEndOfFile
GetFileSize
CreateFileW
PostQueuedCompletionStatus
GetQueuedCompletionStatus
CreateIoCompletionPort
SetErrorMode
FormatMessageA
DebugBreak
AllocConsole
LoadLibraryExA
GetModuleFileNameA
GlobalSize
GetTempFileNameA
GetTempPathA
MulDiv
OutputDebugStringW
GetUserDefaultLCID
GetSystemDefaultLCID
GetCurrencyFormatW
GetNumberFormatW
CompareStringA
CompareStringW
GetComputerNameW
QueryPerformanceFrequency
QueryPerformanceCounter
FindNextFileW
FindFirstFileW
FindClose
TlsFree
ResumeThread
CreateSemaphoreW
WaitForMultipleObjects
ReleaseSemaphore
ResetEvent
InitializeCriticalSection
GetLocaleInfoW
GetTimeFormatW
GetDateFormatW
GetTimeZoneInformation
SystemTimeToFileTime
FileTimeToSystemTime
GetLocalTime
GetSystemTime
GetCurrentDirectoryW
CreateMutexW
LeaveCriticalSection
GetModuleFileNameW
EnterCriticalSection
SetLastError

user32

GetMenuItemInfoW
GetMessageW
GetWindowThreadProcessId
DestroyWindow
GetDC
SetWindowPos
MessageBoxW
ShowWindow
PostMessageW
SystemParametersInfoW
UnregisterClassW
SendInput
GetGUIThreadInfo
GetCursorPos
ReleaseDC
InvalidateRect
SetForegroundWindow
GetWindowLongW
GetAsyncKeyState
UnhookWinEvent
PtInRect
RegisterWindowMessageW
GetClassInfoExW
SetWinEventHook
PostQuitMessage
KillTimer
IsClipboardFormatAvailable
AppendMenuW
GetClientRect
CheckMenuItem
RemoveMenu
TrackPopupMenuEx
SetWindowLongW
SetClipboardData
SetWindowsHookExW
LoadCursorW
LoadIconW
GetClipboardData
TranslateMessage
BringWindowToTop
GetKeyboardLayoutNameW
ActivateKeyboardLayout
UpdateLayeredWindow
EnumClipboardFormats
CountClipboardFormats
RegisterClipboardFormatW
GetClipboardSequenceNumber
FindWindowW
SetCaretPos
DestroyCaret
CreateCaret
SetActiveWindow
DrawIconEx
RedrawWindow
EndPaint
BeginPaint
IsWindowEnabled
AnimateWindow
RegisterClassW
NotifyWinEvent
GetMenuItemCount
SetScrollInfo
LoadMenuW
EnumThreadWindows
GetParent
GetDesktopWindow
SetClassLongW
GetClassLongW
IsRectEmpty
WindowFromPoint
ScreenToClient
ClientToScreen
SetCursor
AdjustWindowRectEx
SetWindowTextW
GetUpdateRect
UpdateWindow
GetSystemMetrics
EnableWindow
IsWindowUnicode
ReleaseCapture
SetCapture
GetCapture
GetActiveWindow
CallMsgFilterW
IsIconic
IsWindowVisible
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
GetWindowPlacement
MoveWindow
IsChild
GetDoubleClickTime
GetMessageExtraInfo
GetMessageTime
MessageBoxA
EnumDisplayMonitors
MonitorFromWindow
EnumDisplayDevicesW
DestroyCursor
LoadCursorFromFileA
GetSysColor
CharNextW
SetFocus
DestroyMenu
UnhookWindowsHookEx
GetForegroundWindow
GetKeyboardLayout
MapWindowPoints
PeekMessageW
EmptyClipboard
CloseClipboard
CreateIconIndirect
GetMonitorInfoW
DestroyIcon
SetTimer
DispatchMessageW
OpenClipboard
CallNextHookEx
GetFocus
GetKeyState
GetKeyboardLayoutList
GetWindowTextW
LoadStringA
CreateWindowExW
DefWindowProcW
CallWindowProcW
MapVirtualKeyW
MonitorFromPoint
GetWindow
GetWindowRect
GetIconInfo
IsWindow
GetSubMenu
LoadStringW
TrackPopupMenu
RegisterClassExW
CreatePopupMenu
SendMessageW
GetScrollInfo
MessageBeep

gdi32

SaveDC
SetViewportOrgEx
RestoreDC
SelectObject
CreateCompatibleDC
GetDeviceCaps
DeleteDC
GetObjectW
DeleteObject
CreateBitmap
AddFontMemResourceEx
GetDIBits
CreateDIBSection
CreateDCW
SetMapMode
StartDocW
EndDoc
StartPage
EndPage
GetStockObject
SetLayout
GetGlyphIndicesW
CreateFontW
EnumFontFamiliesExW
GetFontUnicodeRanges
GetObjectA
BitBlt
GetClipBox

advapi32

RegQueryInfoKeyW
SystemFunction036
RegNotifyChangeKeyValue
RegEnumValueW
RegDeleteKeyW
RegCreateKeyExW
RegEnumKeyExW
RegDeleteValueW
RegCloseKey
RegFlushKey
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
GetUserNameW

shell32

SHGetFolderPathW
ord727
ShellExecuteW
Shell_NotifyIconW
CommandLineToArgvW
SHGetFileInfoW
SHBrowseForFolderW
SHGetSpecialFolderPathW
SHGetPathFromIDListW
ShellExecuteExW

ole32

OleInitialize
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc
CreateStreamOnHGlobal
CoTaskMemAlloc
CoCreateGuid
OleUninitialize

oleaut32

SysFreeString
VarUI4FromStr
SysAllocStringLen

shlwapi

StrCmpIW
StrStrIW
StrCpyW

comctl32

ImageList_DrawEx
ImageList_GetIconSize
ImageList_Destroy

uxtheme

CloseThemeData
OpenThemeData
DrawThemeBackground
SetWindowTheme
IsThemeBackgroundPartiallyTransparent
GetThemePartSize

gdiplus

GdipDrawDriverString
GdipDrawImageI
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromGraphics
GdipGetFontSize
GdipGetDpiX
GdipDeleteFont
GdipDeleteGraphics
GdipCloneBrush
GdipCreateFromHDC
GdipDrawString
GdipFree
GdipCreateSolidFill
GdipCreateFont
GdipAlloc
GdipDeleteBrush
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdiplusShutdown
GdiplusStartup
GdipCreatePath
GdipClonePath
GdipDeletePath
GdipResetPath
GdipSetPathFillMode
GdipStartPathFigure
GdipClosePathFigure
GdipAddPathLine
GdipAddPathArc
GdipAddPathBezier
GdipAddPathEllipse
GdipAddPathLineI
GdipAddPathArcI
GdipAddPathRectangleI
GdipGetPathWorldBounds
GdipIsVisiblePathPoint
GdipCreateMatrix
GdipCreateMatrix2
GdipDeleteMatrix
GdipTranslateMatrix
GdipScaleMatrix
GdipRotateMatrix
GdipShearMatrix
GdipGetMatrixElements
GdipCreateTexture
GdipCreateLineBrush
GdipSetLinePresetBlend
GdipSetLineWrapMode
GdipMultiplyLineTransform
GdipCreatePathGradientFromPath
GdipSetPathGradientCenterPoint
GdipSetPathGradientPresetBlend
GdipSetPathGradientWrapMode
GdipSetPathGradientTransform
GdipCreatePen1
GdipCreatePen2
GdipDeletePen
GdipSetPenStartCap
GdipSetPenEndCap
GdipSetPenLineJoin
GdipSetPenMiterLimit
GdipSetPenDashStyle
GdipSetPenDashOffset
GdipGetFamily
GdipCloneImage
GdipDisposeImage
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageHeight
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesColorMatrix
GdipCreateFromHWND
GdipCreateFromHWNDICM
GdipSetCompositingQuality
GdipSetSmoothingMode
GdipGetSmoothingMode
GdipSetPixelOffsetMode
GdipSetTextRenderingHint
GdipSetInterpolationMode
GdipMultiplyWorldTransform
GdipTranslateWorldTransform
GdipGetWorldTransform
GdipSetPageUnit
GdipTransformPoints
GdipDrawLine
GdipDrawArc
GdipDrawRectangle
GdipDrawEllipse
GdipDrawPie
GdipDrawPath
GdipGraphicsClear
GdipFillRectangle
GdipFillRectangleI
GdipFillRectanglesI
GdipFillEllipse
GdipFillPie
GdipFillPath
GdipDrawImageRectRect
GdipSetClipRect
GdipSetClipRectI
GdipGetClipBoundsI
GdipSaveGraphics
GdipRestoreGraphics
GdipBeginContainer2
GdipEndContainer
GdipGetEmHeight
GdipGetCellAscent
GdipGetLineSpacing
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipSetPenDashArray

bcrypt

BCryptOpenAlgorithmProvider
BCryptGenRandom
BCryptCloseAlgorithmProvider

urlmon

FindMimeFromData

winmm

PlaySoundW

oleacc

AccessibleObjectFromWindow
LresultFromObject

imm32

ImmIsIME
ImmSetCandidateWindow
ImmNotifyIME
ImmGetCompositionStringW
ImmAssociateContextEx
ImmGetContext
ImmReleaseContext

usp10

ScriptFreeCache
ScriptItemize
ScriptShape
ScriptPlace
ScriptBreak
ScriptApplyDigitSubstitution

winspool.drv

ord203

comdlg32

CommDlgExtendedError
GetOpenFileNameW
GetSaveFileNameW
PrintDlgW

Sections

.text
Size: 4.1MB - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 212KB - Virtual size: 230KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 259KB - Virtual size: 258KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 291KB - Virtual size: 290KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

55fe43d28f77348988ec9a0e62f3f1ae

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54Certificate

Extended Key Usages

Key Usages

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47Certificate

Extended Key Usages

Key Usages

69:df:2d:39:b0:b1:dc:77:1a:c4:0a:b3Certificate

Extended Key Usages

Key Usages

01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6aCertificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51Certificate

Key Usages

13:2c:d5:c4:cb:9a:fa:c7:03:25:00:73:d3:0d:f8:74:f2:8d:67:40:fb:ab:73:e8:f2:04:a3:72:72:0f:ce:16Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

uxtheme

gdiplus

bcrypt

urlmon

winmm

oleacc

imm32

usp10

winspool.drv

comdlg32

Sections

.text Size: 4.1MB - Virtual size: 4.1MB

.rdata Size: 2.4MB - Virtual size: 2.4MB

.data Size: 212KB - Virtual size: 230KB

_RDATA Size: 10KB - Virtual size: 9KB

.rsrc Size: 259KB - Virtual size: 258KB

.reloc Size: 291KB - Virtual size: 290KB

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

69:df:2d:39:b0:b1:dc:77:1a:c4:0a:b3
Certificate

01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6a
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

13:2c:d5:c4:cb:9a:fa:c7:03:25:00:73:d3:0d:f8:74:f2:8d:67:40:fb:ab:73:e8:f2:04:a3:72:72:0f:ce:16
Signer

.text
Size: 4.1MB - Virtual size: 4.1MB

.rdata
Size: 2.4MB - Virtual size: 2.4MB

.data
Size: 212KB - Virtual size: 230KB

_RDATA
Size: 10KB - Virtual size: 9KB

.rsrc
Size: 259KB - Virtual size: 258KB

.reloc
Size: 291KB - Virtual size: 290KB