b0c45827c169df0b99fa9cd7be05dde1650bd2bb539902ca97168a3a515fd6e6N

Sharing

Copy URL

Twitter E-mail

General

Target

b0c45827c169df0b99fa9cd7be05dde1650bd2bb539902ca97168a3a515fd6e6N
Size

165KB
MD5

fa1211e41b143c2b38c7b3dc3db2d580
SHA1

a58e03b6a14df8584b938fbb6248e22c66d406ff
SHA256

b0c45827c169df0b99fa9cd7be05dde1650bd2bb539902ca97168a3a515fd6e6
SHA512

4d56b338c75fbcb9608cff028ce285379e7993bf701a7bfa37608219da34915349ff5c29256b5d82813c374e5f57f0207e879c40ca440d4eaeae1f4cc01f7b1e
SSDEEP

3072:fWMG0BC83uZtGi5jKJZxgedEZ053JfU90WZXP6JvoQnK5+ivgX:fXC83nZSedEZ053Sd6pnc

Score

1^/10

Malware Config

Signatures

Files

b0c45827c169df0b99fa9cd7be05dde1650bd2bb539902ca97168a3a515fd6e6N
.exe windows:5 windows x86 arch:x86

851f54d64d439a17e2690dc5c131ac2e

Code Sign

74:e6:09:22:15:93:c2:b3:4c:df:8e:63:06:01:02:95
Certificate

Issuer

CN=HGNBDUPQVKOKEYVAUO

Not Before

16-05-2019 12:12

Not After

31-12-2039 23:59

Subject

CN=HGNBDUPQVKOKEYVAUO

Extended Key Usages

ExtKeyUsageCodeSigning

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02-05-2019 00:00

Not After

01-08-2030 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

19:1e:a5:a2:42:af:3d:8a:a9:8a:e2:c0:b6:9e:67:3b:63:11:76:20:66:a3:64:d0:4d:25:de:23:c0:76:d2:51
Signer

Actual PE Digest

19:1e:a5:a2:42:af:3d:8a:a9:8a:e2:c0:b6:9e:67:3b:63:11:76:20:66:a3:64:d0:4d:25:de:23:c0:76:d2:51

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleW
GetNumberOfConsoleMouseButtons
GetOEMCP
GetOverlappedResult
GetPrivateProfileIntW
GetPrivateProfileSectionNamesW
GetPrivateProfileSectionW
GetPrivateProfileStringW
GetProcAddress
GetProcessAffinityMask
GetProcessHeap
GetProcessIoCounters
GetStartupInfoA
GetStartupInfoW
GetStdHandle
GetStringTypeA
GetStringTypeExW
GetStringTypeW
GetSystemDefaultLangID
GetSystemDefaultUILanguage
GetSystemDirectoryW
GetSystemInfo
GetSystemPowerStatus
GetSystemTime
GetSystemTimeAsFileTime
GetSystemTimes
GetSystemWindowsDirectoryW
GetTempFileNameW
GetTempPathW
GetThreadLocale
GetTickCount
GetTimeFormatA
GetTimeZoneInformation
GetUserDefaultLCID
GetUserDefaultUILanguage
GetVersion
GetVersionExW
GetVolumeInformationW
GetWindowsDirectoryW
GlobalAlloc
GlobalFindAtomA
GlobalFree
GlobalUnWire
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InterlockedCompareExchange
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
IsBadReadPtr
IsDBCSLeadByte
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocale
IsWow64Process
LCMapStringA
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
LoadLibraryW
LoadResource
LocalAlloc
LocalFileTimeToFileTime
LocalFree
LockFile
LockResource
MapViewOfFileEx
Module32FirstW
MoveFileW
MulDiv
MultiByteToWideChar
OpenEventA
OpenEventW
OpenMutexA
OpenMutexW
OpenProcess
OpenThread
GetModuleHandleA
PeekNamedPipe
Process32FirstW
Process32NextW
ProcessIdToSessionId
QueryPerformanceCounter
RaiseException
ReadConsoleInputA
ReadDirectoryChangesW
ReadFile
ReadProcessMemory
ReleaseMutex
ReleaseSemaphore
ReplaceFile
ResetEvent
ResumeThread
RtlUnwind
ScrollConsoleScreenBufferA
SearchPathA
SetConsoleCtrlHandler
SetConsoleCursorPosition
SetConsoleMode
SetConsoleTextAttribute
SetCurrentDirectoryW
SetEndOfFile
SetEnvironmentVariableA
SetErrorMode
SetEvent
SetFileAttributesA
SetFilePointer
SetFilePointerEx
SetFileTime
SetHandleCount
SetLastError
SetNamedPipeHandleState
SetStdHandle
SetThreadLocale
SetThreadPriority
SetUnhandledExceptionFilter
SetWaitableTimer
SizeofResource
Sleep
SystemTimeToFileTime
TerminateProcess
TerminateThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryEnterCriticalSection
UnhandledExceptionFilter
UnlockFile
UnmapViewOfFile
VerSetConditionMask
VerifyVersionInfoW
VirtualAlloc
VirtualAllocEx
VirtualFree
VirtualFreeEx
VirtualLock
WTSGetActiveConsoleSessionId
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteConsoleA
WriteConsoleOutputCharacterA
WriteConsoleW
WriteFile
WritePrivateProfileSectionW
WritePrivateProfileStringW
_lclose
_lcreat
_llseek
_lopen
_lread
_lwrite
lstrcatA
lstrcmpA
lstrcmpiA
lstrcmpiW
lstrcpyA
lstrcpynA
lstrcpynW
lstrlen
lstrlenA
lstrlenW
GetModuleFileNameW
GetModuleFileNameA
GetLongPathNameW
GetLogicalDrives
GetLocaleInfoW
GetLocaleInfoA
GetLocalTime
GetLastError
GetFullPathNameA
GetFileType
GetFileTime
GetFileSizeEx
GetFileSize
GetFileAttributesW
GetFileAttributesExW
GetFileAttributesExA
GetFileAttributesA
GetExitCodeThread
GetExitCodeProcess
GetEnvironmentStringsW
GetEnvironmentStrings
GetDriveTypeA
GetDiskFreeSpaceExW
GetDateFormatA
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetCurrentDirectoryW
GetCurrentDirectoryA
GetConsoleScreenBufferInfo
GetConsoleOutputCP
GetConsoleMode
GetConsoleCP
GetConsoleAliasesW
GetCommandLineW
GetCommandLineA
GetCommState
GetCPInfoExA
GetCPInfo
GetAtomNameW
GetACP
FreeResource
FreeLibrary
FreeEnvironmentStringsW
FreeEnvironmentStringsA
FreeConsole
FormatMessageW
FormatMessageA
FlushInstructionCache
FlushFileBuffers
FindResourceW
FindResourceExW
FindNextFileW
FindFirstFileW
FindFirstFileA
FindCloseChangeNotification
FindClose
FindAtomW
FillConsoleOutputCharacterA
FillConsoleOutputAttribute
FileTimeToSystemTime
FileTimeToLocalFileTime
FatalAppExitA
ExitThread
ExitProcess
EnumSystemLocalesA
EnterCriticalSection
DuplicateHandle
DosDateTimeToFileTime
DisconnectNamedPipe
DeviceIoControl
DeleteVolumeMountPointW
DeleteFileW
DeleteFileA
DeleteCriticalSection
DeleteAtom
CreateWaitableTimerA
CreateToolhelp32Snapshot
CreateThread
CreateSemaphoreW
CreateSemaphoreA
CreateRemoteThread
CreateProcessW
CreateNamedPipeW
CreateMutexW
CreateMutexA
CreateFileW
CreateFileMappingW
CreateFileA
CreateEventW
CreateEventA
CreateDirectoryW
CreateDirectoryA
CopyFileW
CopyFileExA
ConnectNamedPipe
CompareStringW
CompareStringA
CompareFileTime
CloseHandle
CancelIo
OutputDebugStringW
AddAtomW

user32

PostThreadMessageW
MessageBoxW
LoadStringW
GetMessageW
DispatchMessageW
CharNextW
wvsprintfW

gdi32

SetTextColor
SetRectRgn
SetROP2
SetDIBColorTable
SelectObject
RoundRect
PolyBezier
PlayMetaFile
PATHOBJ_bEnum
LPtoDP
HT_Get8BPPMaskPalette
GetTextExtentPointI
GetTextExtentPoint32W
GetStockObject
GetOutlineTextMetricsW
GetObjectW
GetLogColorSpaceA
GetEnhMetaFileDescriptionW
GetCharWidthInfo
GetCharABCWidthsI
GetCharABCWidthsFloatA
GetBkMode
GdiValidateHandle
GdiEntry9
GdiCreateLocalEnhMetaFile
ExtCreatePen
EngReleaseSemaphore
EngFillPath
EngDeletePath
DeviceCapabilitiesExW
DeleteObject
DeleteDC
CreatePolygonRgn
CreateFontW
CreateFontIndirectW
CreateEllipticRgn
CreateDIBSection
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CloseMetaFile
BitBlt
AngleArc
SwapBuffers
UnloadNetworkFonts
cGetTTFFromFOT

advapi32

StartServiceW
SetSecurityDescriptorDacl
SetNamedSecurityInfoW
SetEntriesInAclW
RevertToSelf
RegSetValueExW
RegQueryValueExW
RegQueryValueExA
RegQueryInfoKeyW
RegOpenKeyW
RegOpenKeyExW
RegOpenKeyExA
RegNotifyChangeKeyValue
RegEnumKeyExW
RegEnumKeyExA
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCreateKeyA
RegCloseKey
ReadEventLogW
QueryServiceStatus
OpenServiceW
OpenSCManagerW
OpenProcessToken
OpenEventLogW
LookupPrivilegeValueW
LookupAccountSidW
InitializeSecurityDescriptor
ImpersonateLoggedOnUser
GetUserNameW
GetTokenInformation
GetNamedSecurityInfoW
FreeSid
EqualSid
DuplicateTokenEx
DuplicateToken
CryptReleaseContext
CryptGenRandom
CryptAcquireContextW
CreateWellKnownSid
ConvertStringSidToSidW
ConvertSidToStringSidW
CloseServiceHandle
CloseEventLog
CheckTokenMembership
AllocateAndInitializeSid
AdjustTokenPrivileges
RegOpenKeyA

shell32

DragQueryFileA
Shell_NotifyIconW
ShellExecuteW
ShellExecuteExW
ShellExecuteA
SHLoadInProc
SHGetSpecialFolderPathW
SHGetMalloc
SHGetIconOverlayIndexW
SHGetFolderPathW
SHGetFolderPathA
SHFileOperationA
SHCreateDirectoryExW
SHChangeNotify
ExtractAssociatedIconExW

shlwapi

AssocQueryStringW
ColorHLSToRGB
ColorRGBToHLS
PathAddBackslashW
PathAppendW
PathCombineA
PathCombineW
PathCompactPathW
PathFileExistsA
PathFileExistsW
PathFindExtensionW
PathFindFileNameA
PathFindFileNameW
PathIsDirectoryW
PathIsPrefixW
PathRemoveBackslashW
PathRemoveExtensionW
PathRemoveFileSpecW
PathStripPathW
SHDeleteKeyW
SHDeleteValueA
SHDeleteValueW
SHGetValueA
SHGetValueW
SHSetValueA
SHSetValueW
StrCmpIW
StrCmpNA
StrRStrIW
StrStrIW
StrStrW
wnsprintfW

comctl32

ord17

imm32

ImmDisableIME
ImmGetContext
ImmGetOpenStatus
ImmReleaseContext

Sections

.text
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

851f54d64d439a17e2690dc5c131ac2e

Code Sign

74:e6:09:22:15:93:c2:b3:4c:df:8e:63:06:01:02:95Certificate

Extended Key Usages

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

19:1e:a5:a2:42:af:3d:8a:a9:8a:e2:c0:b6:9e:67:3b:63:11:76:20:66:a3:64:d0:4d:25:de:23:c0:76:d2:51Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

shlwapi

comctl32

imm32

Sections

.text Size: 92KB - Virtual size: 91KB

.rdata Size: 32KB - Virtual size: 32KB

.data Size: 21KB - Virtual size: 21KB

.rsrc Size: 12KB - Virtual size: 11KB

74:e6:09:22:15:93:c2:b3:4c:df:8e:63:06:01:02:95
Certificate

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

19:1e:a5:a2:42:af:3d:8a:a9:8a:e2:c0:b6:9e:67:3b:63:11:76:20:66:a3:64:d0:4d:25:de:23:c0:76:d2:51
Signer

.text
Size: 92KB - Virtual size: 91KB

.rdata
Size: 32KB - Virtual size: 32KB

.data
Size: 21KB - Virtual size: 21KB

.rsrc
Size: 12KB - Virtual size: 11KB