413dc830e27de01756dd505977b27d9e93030cf6c489cd46efc99648491c0bdb[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

413dc830e27de01756dd505977b27d9e93030cf6c489cd46efc99648491c0bdb.exe
Size

2.7MB
MD5

227035bbadc41b3c9aaeae4c04ff7187
SHA1

9d75f588d95fe3777b070f78fca36d1a39868dc5
SHA256

413dc830e27de01756dd505977b27d9e93030cf6c489cd46efc99648491c0bdb
SHA512

139554b3efd39cf99d3b8a944930672a22e8031b0ceba486d720c6f2d1b729d888d2f2d0541fa58d063efe79e8e917fb92fa97efad696d9050b24666ec9f40b4
SSDEEP

49152:ApiH+3GDWMWiCXP7VGu/y9kpk1Wb9co+bFFVOjE1McGv41H6dd8gNF:kc+3GDWMWf32kpz5k3Gv41H6dd8gNF

Score

1^/10

Malware Config

Signatures

Files

413dc830e27de01756dd505977b27d9e93030cf6c489cd46efc99648491c0bdb.exe
.exe windows:4 windows x64 arch:x64

5460fb5fa3cdefc673904482030d4e59

Code Sign

81:4e:42:3e:c4:8e:b1:e0:d2:fd:e2:e3:00:1d:34:80
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

19/06/2024, 03:25

Not After

28/07/2038, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

68:86:27:71:6a:10:c6:eb:d3:64:86:32
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

24/07/2024, 05:16

Not After

27/08/2026, 09:33

Subject

SERIALNUMBER=2016,CN=Nenad Hrg,O=Nenad Hrg,STREET=Edelweissstr. 104,L=Taufkirchen,ST=Bayern,C=DE,1.2.840.113549.1.9.1=#0c16737570706f727440736f6674776172656f6b2e636f6d,1.3.6.1.4.1.311.60.2.1.1=#130b546175666b69726368656e,1.3.6.1.4.1.311.60.2.1.2=#130642617965726e,1.3.6.1.4.1.311.60.2.1.3=#13024445,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:9b:ea:de:c8:4d:6b:8f:f7:6c:3a:9f:2e:01:24:16
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

07/11/2023, 17:13

Not After

09/12/2034, 17:13

Subject

CN=Globalsign TSA for CodeSign1 - R6 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:e5:00:53:47:85:84:7e:89:74:8b:4a:d3:35:de:98:69:af:d5:66:b0:7f:20:0a:cc:f4:dc:ed:dc:e4:ba:4b
Signer

Actual PE Digest

07:e5:00:53:47:85:84:7e:89:74:8b:4a:d3:35:de:98:69:af:d5:66:b0:7f:20:0a:cc:f4:dc:ed:dc:e4:ba:4b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetDriveTypeA
FlushFileBuffers
SetStdHandle
GetLocaleInfoA
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
GetCPInfo
GetOEMCP
GetACP
LoadLibraryA
CompareStringA
VirtualQuery
GetSystemInfo
VirtualProtect
HeapCreate
HeapSetInformation
TlsGetValue
TlsSetValue
TlsFree
TlsAlloc
GetStartupInfoA
RtlPcToFileHeader
SetHandleCount
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
GetStdHandle
HeapSize
GetModuleHandleA
RtlUnwindEx
SetCurrentDirectoryW
GetCurrentDirectoryW
SetEnvironmentVariableW
HeapReAlloc
GetStartupInfoW
GetProcessHeap
HeapAlloc
GetVersionExA
HeapFree
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
InterlockedPushEntrySList
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsBadReadPtr
IsBadWritePtr
IsBadCodePtr
SetEndOfFile
GetTempFileNameW
SetVolumeLabelW
CreateMutexW
HeapDestroy
GetTickCount
GetProfileStringW
GetLocaleInfoW
GetNumberFormatW
GetEnvironmentVariableW
GetPrivateProfileIntW
GetPrivateProfileSectionW
WritePrivateProfileSectionW
WritePrivateProfileStringW
GetFullPathNameW
GetDiskFreeSpaceW
TerminateProcess
GetSystemDirectoryW
GetUserDefaultLangID
GetUserDefaultLCID
EnumDateFormatsW
EnumTimeFormatsW
GetTimeFormatW
GetDateFormatW
GetShortPathNameW
GetPrivateProfileStringW
GetLocalTime
GetFileSize
SetFilePointer
SetFileTime
ReadFile
GetLastError
TerminateThread
GetCurrentProcessId
MoveFileW
MulDiv
SizeofResource
GetTimeZoneInformation
lstrcpynA
GetLogicalDrives
DeleteCriticalSection
InitializeCriticalSection
__C_specific_handler
GlobalHandle
FreeResource
CreateThread
ExitProcess
Sleep
OutputDebugStringA
RemoveDirectoryW
DeleteFileW
CopyFileW
GetLogicalDriveStringsW
GetDriveTypeW
GetFileAttributesW
SetFileAttributesW
CreateDirectoryW
GetTempPathW
GetModuleFileNameW
CreateFileW
WriteFile
CloseHandle
lstrcpyW
SetLastError
FindFirstFileW
GetVersionExW
CompareStringW
FindClose
FindNextFileW
FindResourceW
LoadResource
LockResource
FreeLibrary
GetCurrentProcess
FlushInstructionCache
WideCharToMultiByte
lstrcmpiW
lstrcmpW
lstrcatW
GetWindowsDirectoryW
GetModuleHandleW
GetCurrentThreadId
GetProcAddress
OutputDebugStringW
lstrlenA
MultiByteToWideChar
LeaveCriticalSection
EnterCriticalSection
RaiseException
GlobalSize
GlobalLock
GlobalAlloc
GlobalUnlock
GlobalFree
lstrcpynW
lstrlenW
LoadLibraryW
GetFileType
SetEnvironmentVariableA

user32

SetMenuDefaultItem
IsRectEmpty
SetScrollInfo
SetScrollPos
GetScrollPos
MoveWindow
GetSystemMenu
GetMenuDefaultItem
PeekMessageW
IsMenu
SetWindowsHookExW
GetSysColorBrush
UnhookWindowsHookEx
CallNextHookEx
WindowFromPoint
GetWindowThreadProcessId
MessageBeep
SendMessageW
wsprintfW
SetWindowTextW
CallWindowProcW
GetWindowLongPtrW
SetWindowLongPtrW
EnumChildWindows
FindWindowExW
EndDialog
GetWindowLongW
SetWindowPos
TrackPopupMenuEx
SetMenuItemInfoW
InsertMenuW
CheckMenuItem
EnableMenuItem
GetWindowDC
IsDialogMessageW
TranslateAcceleratorW
SetRect
DrawEdge
TrackMouseEvent
SendMessageA
LoadBitmapW
GetIconInfo
TrackPopupMenu
IntersectRect
GetDoubleClickTime
GetMessagePos
EqualRect
CreatePopupMenu
AppendMenuW
CopyRect
CharUpperW
CopyImage
EnumWindows
SetMenu
SetForegroundWindow
DeleteMenu
LoadIconW
LoadAcceleratorsW
LoadStringA
GetMenuStringW
RemoveMenu
CheckDlgButton
IsDlgButtonChecked
CreateDialogIndirectParamW
GetClipboardData
SetPropW
GetMenu
SetActiveWindow
mouse_event
MenuItemFromPoint
GetClientRect
ShowWindow
SetTimer
KillTimer
GetParent
GetDlgItem
MapWindowPoints
SystemParametersInfoW
GetWindowRect
GetWindow
SetWindowLongW
CharNextW
RegisterClipboardFormatW
GetFocus
PostQuitMessage
GetAsyncKeyState
MessageBoxW
LoadImageW
GetSystemMetrics
GetDlgCtrlID
LoadMenuW
GetMenuItemCount
DestroyMenu
CreateWindowExW
GetWindowTextW
InsertMenuItemW
GetScrollInfo
SetMenuItemBitmaps
keybd_event
MapVirtualKeyW
DrawIcon
RegisterClassW
ScrollWindowEx
IsZoomed
SendMessageTimeoutW
GetMessageW
RemovePropW
GetMenuItemID
GetPropW
ShowCaret
GetKeyState
SetClassLongW
CreateDialogParamW
PostMessageW
FrameRect
InflateRect
SetParent
IsWindowVisible
ClientToScreen
CreateAcceleratorTableW
GetDesktopWindow
IsChild
RedrawWindow
InvalidateRgn
DialogBoxIndirectParamW
RegisterWindowMessageW
GetClassInfoExW
LoadCursorW
RegisterClassExW
MessageBoxA
GetCapture
ReleaseCapture
EndPaint
BeginPaint
DestroyIcon
DrawAnimatedRects
GetWindowTextLengthW
ScreenToClient
SetDlgItemTextW
IsWindow
LoadStringW
CharLowerW
DrawTextW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
EnableWindow
ReleaseDC
GetDC
DialogBoxParamW
GetSubMenu
DefWindowProcW
OffsetRect
GetMenuItemInfoW
DestroyCursor
GetActiveWindow
SetRectEmpty
CreateCursor
GetClassNameW
DestroyWindow
UpdateWindow
InvalidateRect
IsWindowEnabled
SetCapture
SetFocus
PtInRect
FillRect
DrawFocusRect
SetCursor
GetCursorPos
GetSysColor
SetWindowPlacement
DispatchMessageW
TranslateMessage
GetWindowPlacement
GetMenuState

gdi32

CreateEnhMetaFileW
Rectangle
GetBkColor
DPtoLP
LPtoDP
SetMapMode
OffsetViewportOrgEx
GetViewportExtEx
GetWindowExtEx
SetViewportExtEx
SetWindowExtEx
CloseEnhMetaFile
ResetDCW
StartPage
EndPage
DeleteEnhMetaFile
EndDoc
AbortDoc
StartDocW
SetStretchBltMode
StretchBlt
GetCurrentObject
GetPixel
SetDIBitsToDevice
SetPixel
CreateDCW
SetViewportOrgEx
CreateBitmap
CreatePatternBrush
PatBlt
SelectClipRgn
GetDIBits
GetClipBox
GetTextExtentPoint32W
LineTo
MoveToEx
CreatePen
IntersectClipRect
OffsetWindowOrgEx
ExcludeClipRect
SetWindowOrgEx
ExtTextOutW
RestoreDC
CreateCompatibleBitmap
BitBlt
GetDeviceCaps
SetBkMode
CreateFontIndirectW
DeleteDC
CreateDIBSection
CreateCompatibleDC
SelectObject
DeleteObject
GetObjectW
GetStockObject
SetBkColor
SetTextColor
GetEnhMetaFileHeader
SaveDC
CreateSolidBrush

winspool.drv

ClosePrinter
OpenPrinterW
GetPrinterW

comdlg32

ChooseColorW
PrintDlgW
PageSetupDlgW
GetOpenFileNameW
GetSaveFileNameW

advapi32

RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegEnumKeyExW
GetUserNameW
RegOpenKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
CryptDestroyHash
CryptReleaseContext
CryptCreateHash
CryptAcquireContextW
CryptHashData
CryptGetHashParam
GetTokenInformation
RegDeleteKeyW

shell32

SHBrowseForFolderW
ord190
SHGetSpecialFolderLocation
SHGetPathFromIDListW
ShellExecuteW
ShellExecuteExW
SHAppBarMessage
Shell_NotifyIconW
ord21
DragFinish
SHGetSpecialFolderPathW
ord88
ord68
ExtractIconExW
SHGetSettings
ord25
DragQueryFileW
ord17
ord16
SHGetFileInfoW
DragAcceptFiles
SHFileOperationW
ord155
ord18
SHGetDesktopFolder
ord4
ord2
SHGetMalloc

ole32

RegisterDragDrop
OleLockRunning
CoTaskMemAlloc
CLSIDFromString
CLSIDFromProgID
StringFromCLSID
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CoCreateInstance
CoTaskMemFree
PropVariantClear
ReleaseStgMedium
OleDuplicateData
CoInitialize
CoUninitialize
OleSetClipboard
OleGetClipboard
RevokeDragDrop
CoSetProxyBlanket
DoDragDrop

oleaut32

VariantChangeType
OleCreatePictureIndirect
DispCallFunc
SafeArrayDestroy
VariantInit
SafeArrayCreateVector
SafeArrayAccessData
SafeArrayUnaccessData
LoadRegTypeLi
SysStringLen
SysAllocString
VariantClear
SysAllocStringLen
SysFreeString

comctl32

ImageList_LoadImageW
_TrackMouseEvent
ImageList_ReplaceIcon
ImageList_Create
ImageList_GetIconSize
InitCommonControlsEx
ImageList_SetBkColor
ImageList_DrawEx
ImageList_GetIcon
ImageList_GetImageCount
ImageList_Remove
ImageList_Destroy
ImageList_Draw
ImageList_AddMasked
ImageList_GetImageInfo
CreateStatusWindowW
PropertySheetW
DestroyPropertySheetPage
CreatePropertySheetPageW

msimg32

AlphaBlend

gdiplus

GdipGetImagePixelFormat
GdipCloneImage
GdipCloneBrush
GdipDrawImageRectRectI
GdipDrawImageRectI
GdipFillPath
GdipSetSmoothingMode
GdipSetInterpolationMode
GdipGetImageGraphicsContext
GdipCreateFromHDC
GdipAddPathArcI
GdipAddPathLineI
GdipGetPropertyItemSize
GdipCreateSolidFill
GdipSetImageAttributesColorMatrix
GdiplusStartup
GdipCreateHICONFromBitmap
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipCreateBitmapFromFile
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipDeleteGraphics
GdipDeletePath
GdipCreatePath
GdipDeleteBrush
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipFree
GdipAlloc
GdipSetCompositingMode
GdipImageSelectActiveFrame
GdipImageRotateFlip
GdipGetImageThumbnail
GdipClosePathFigure
GdipSetCompositingQuality

winmm

PlaySoundW
timeGetTime

shlwapi

StrCpyW
PathRelativePathToW

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 226KB - Virtual size: 225KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 39KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 91KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Shared
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 25B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 524KB - Virtual size: 523KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5460fb5fa3cdefc673904482030d4e59

Code Sign

81:4e:42:3e:c4:8e:b1:e0:d2:fd:e2:e3:00:1d:34:80Certificate

Extended Key Usages

Key Usages

68:86:27:71:6a:10:c6:eb:d3:64:86:32Certificate

Extended Key Usages

Key Usages

01:9b:ea:de:c8:4d:6b:8f:f7:6c:3a:9f:2e:01:24:16Certificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51Certificate

Key Usages

07:e5:00:53:47:85:84:7e:89:74:8b:4a:d3:35:de:98:69:af:d5:66:b0:7f:20:0a:cc:f4:dc:ed:dc:e4:ba:4bSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

comdlg32

advapi32

shell32

ole32

oleaut32

comctl32

msimg32

gdiplus

winmm

shlwapi

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rdata Size: 226KB - Virtual size: 225KB

.data Size: 39KB - Virtual size: 99KB

.pdata Size: 91KB - Virtual size: 91KB

Shared Size: 2KB - Virtual size: 1KB

.tls Size: 512B - Virtual size: 25B

.rsrc Size: 524KB - Virtual size: 523KB

81:4e:42:3e:c4:8e:b1:e0:d2:fd:e2:e3:00:1d:34:80
Certificate

68:86:27:71:6a:10:c6:eb:d3:64:86:32
Certificate

01:9b:ea:de:c8:4d:6b:8f:f7:6c:3a:9f:2e:01:24:16
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

07:e5:00:53:47:85:84:7e:89:74:8b:4a:d3:35:de:98:69:af:d5:66:b0:7f:20:0a:cc:f4:dc:ed:dc:e4:ba:4b
Signer

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 226KB - Virtual size: 225KB

.data
Size: 39KB - Virtual size: 99KB

.pdata
Size: 91KB - Virtual size: 91KB

Shared
Size: 2KB - Virtual size: 1KB

.tls
Size: 512B - Virtual size: 25B

.rsrc
Size: 524KB - Virtual size: 523KB