7fff867271d6f0f7c301e83dad5875e2194dbf2389ac33130b7711db7e6904bd[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

7fff867271d6f0f7c301e83dad5875e2194dbf2389ac33130b7711db7e6904bd.exe
Size

9.3MB
MD5

c7ca98803a76b62a6a379a0b684b162a
SHA1

00de8f4666fe890f9fd3bf2d405cae32f3c2cc78
SHA256

7fff867271d6f0f7c301e83dad5875e2194dbf2389ac33130b7711db7e6904bd
SHA512

e9cf5fb9efd723fd404c10b3451ae6f22a8582041cd97292d09d43baaeb93f0d2f38f40cd9c1927221f8ad746b01490727c853b9a123fc4b34b6ce6ba557fb7b
SSDEEP

24576:UYCZttSeaoP5LJSkOQv2pjXhFoEQPx4IERmTs6ICUZKVBkPHXNj24:UYCftdbPXSbm2CUZKVBkPHXNjf

Score

1^/10

Malware Config

Signatures

Files

7fff867271d6f0f7c301e83dad5875e2194dbf2389ac33130b7711db7e6904bd.exe
.exe windows:5 windows x86 arch:x86

4d59408b225bab4cb9c0fde6a6958fe6

Code Sign

54:98:d2:d1:d4:5b:19:95:48:13:79:c8:11:c0:87:99
Certificate

Issuer

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Not Before

16-04-2020 18:36

Not After

16-04-2045 18:44

Subject

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:c5:e8:e8:50:60:ee:75:a9:c3:21:00:00:00:00:c5:e8
Certificate

Issuer

CN=Microsoft ID Verified CS EOC CA 02,O=Microsoft Corporation,C=US

Not Before

01-10-2024 07:13

Not After

04-10-2024 07:13

Subject

CN=BURNAWARE SL,O=BURNAWARE SL,L=MARBELLA,ST=Málaga,C=ES

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:00:00:c5:e8:e8:50:60:ee:75:a9:c3:21:00:00:00:00:c5:e8
Certificate

Issuer

CN=Microsoft ID Verified CS EOC CA 02,O=Microsoft Corporation,C=US

Not Before

01-10-2024 07:13

Not After

04-10-2024 07:13

Subject

CN=BURNAWARE SL,O=BURNAWARE SL,L=MARBELLA,ST=Málaga,C=ES

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:00:00:00:05:fb:7a:5c:32:13:61:df:5d:00:00:00:00:00:05
Certificate

Issuer

CN=Microsoft ID Verified Code Signing PCA 2021,O=Microsoft Corporation,C=US

Not Before

13-04-2021 17:31

Not After

13-04-2026 17:31

Subject

CN=Microsoft ID Verified CS EOC CA 02,O=Microsoft Corporation,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:07:87:a3:34:a3:7b:a5:8e:1c:00:00:00:00:00:07
Certificate

Issuer

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Not Before

01-04-2021 20:05

Not After

01-04-2036 20:15

Subject

CN=Microsoft ID Verified Code Signing PCA 2021,O=Microsoft Corporation,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:05:e5:cf:0f:ff:66:2e:c9:87:00:00:00:00:00:05
Certificate

Issuer

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Not Before

19-11-2020 20:32

Not After

19-11-2035 20:42

Subject

CN=Microsoft Public RSA Timestamping CA 2020,O=Microsoft Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:3e:d9:35:92:f7:b0:19:42:29:00:00:00:00:00:3e
Certificate

Issuer

CN=Microsoft Public RSA Timestamping CA 2020,O=Microsoft Corporation,C=US

Not Before

18-04-2024 17:59

Not After

17-04-2025 17:59

Subject

CN=Microsoft Public RSA Time Stamping Authority,OU=Microsoft Ireland Operations Limited+OU=Thales TSS ESN:91A2-966C-63FB,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

f8:ba:f6:21:15:4e:01:73:18:d1:81:9c:2c:37:78:2a:44:b0:75:d9:fe:72:a6:d9:f0:2a:9a:52:90:aa:0c:a3
Signer

Actual PE Digest

f8:ba:f6:21:15:4e:01:73:18:d1:81:9c:2c:37:78:2a:44:b0:75:d9:fe:72:a6:d9:f0:2a:9a:52:90:aa:0c:a3

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\wrk\umfen\Release\UndeleteMyFilesPro.pdb

Imports

shlwapi

PathFindExtensionW
PathFindFileNameW
PathStripToRootW
PathIsUNCW
PathFileExistsW
PathIsFileSpecW

kernel32

InterlockedIncrement
FileTimeToLocalFileTime
LockFile
UnlockFile
DuplicateHandle
GetCurrentProcess
GetFileTime
SetErrorMode
GetStartupInfoW
HeapFree
HeapAlloc
RtlUnwind
HeapReAlloc
ExitProcess
HeapSize
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
SetUnhandledExceptionFilter
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetThreadLocale
GetFileType
GetStartupInfoA
HeapCreate
VirtualFree
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
InitializeCriticalSectionAndSpinCount
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
LCMapStringA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
GlobalFlags
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
TlsGetValue
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
GetLocaleInfoW
CompareStringA
WritePrivateProfileStringW
GetPrivateProfileIntW
GetProfileIntW
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
GetVersionExA
GlobalSize
FreeResource
InterlockedDecrement
lstrlenA
lstrcmpA
WideCharToMultiByte
MulDiv
GetModuleHandleA
GetCurrentProcessId
GetModuleFileNameW
RaiseException
LoadLibraryA
InterlockedExchange
LocalAlloc
FlushFileBuffers
GetTickCount
QueryPerformanceCounter
SetEndOfFile
GetFullPathNameW
GetTempPathW
CompareFileTime
CreateMutexW
GetEnvironmentVariableW
GetVersionExW
InitializeCriticalSection
GetSystemTime
OpenEventW
SetFilePointerEx
GetExitCodeThread
LocalFree
SetCurrentDirectoryW
GetCurrentDirectoryW
FormatMessageW
CopyFileW
DeviceIoControl
CreateEventW
GetLocalTime
SystemTimeToFileTime
GetDriveTypeW
ResetEvent
SetEvent
lstrcmpiW
ReadFile
Sleep
WaitForSingleObject
CreateProcessW
SetFilePointer
FindNextFileW
FindClose
MultiByteToWideChar
WriteFile
FindFirstFileW
GetVolumeInformationW
DeleteFileW
GetDiskFreeSpaceExW
GetFileSizeEx
lstrcmpW
ExitThread
SetFileAttributesW
DeleteCriticalSection
GetFileAttributesExW
RemoveDirectoryW
LockResource
EnterCriticalSection
GetFileAttributesW
LeaveCriticalSection
SizeofResource
GetLogicalDrives
FreeLibrary
lstrcpynW
CreateThread
lstrcpyW
lstrcatW
lstrlenW
FileTimeToSystemTime
GetTimeFormatW
CreateDirectoryW
GetDateFormatW
GetProcAddress
SetLastError
LoadLibraryW
GetModuleHandleW
GlobalReAlloc
CloseHandle
CreateFileMappingW
GlobalFree
GetLastError
GlobalUnlock
CreateFileW
GlobalAlloc
GlobalLock
LoadResource
FindResourceW
UnmapViewOfFile
MapViewOfFile
GetFileSize
SetHandleCount

user32

PostThreadMessageW
GetNextDlgGroupItem
InvalidateRgn
CopyAcceleratorTableW
CharNextW
MessageBeep
CharUpperW
DestroyMenu
GetSysColorBrush
GetMessageW
TranslateMessage
ValidateRect
SetWindowContextHelpId
MapDialogRect
PostQuitMessage
InflateRect
SetWindowTextW
IsDialogMessageW
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
SetPropW
GetPropW
RemovePropW
GetForegroundWindow
DispatchMessageW
GetTopWindow
GetMessageTime
PeekMessageW
GetKeyState
SetMenu
GetClassInfoW
AdjustWindowRectEx
CallWindowProcW
GetMenu
SystemParametersInfoA
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
GetWindowTextLengthW
GetWindowTextW
GetWindow
SetFocus
IsWindow
SetMenuItemBitmaps
SetRect
EnableWindow
SendMessageW
LoadBitmapW
GetClientRect
GetMenuCheckMarkDimensions
GetFocus
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
UnhookWindowsHookEx
GetWindowDC
GrayStringW
DrawTextExW
TabbedTextOutW
GetWindowThreadProcessId
GetLastActivePopup
IsIconic
DrawIcon
LoadIconW
GetSystemMetrics
SetForegroundWindow
FindWindowW
LoadStringW
SetCursor
SetWindowRgn
ScreenToClient
SetCapture
OffsetRect
IntersectRect
UnionRect
EqualRect
ReleaseCapture
GetWindowRect
GetMessagePos
UpdateWindow
MapWindowPoints
MessageBoxW
wsprintfW
GetParent
RegisterClipboardFormatW
SetWindowPos
GetDC
DrawTextW
InvalidateRect
PostMessageW
EnumThreadWindows
GetDlgCtrlID
IsWindowVisible
EnumChildWindows
GetClassNameW
GetWindowLongW
MoveWindow
CopyRect
DefWindowProcW
CreateWindowExW
ShowWindow
RedrawWindow
SetWindowLongW
GetWindowPlacement
RegisterClassExW
BeginPaint
DrawEdge
IsWindowEnabled
KillTimer
UnregisterClassW
FillRect
SetTimer
EndPaint
RegisterClassW
GetSysColor
ReleaseDC
IsRectEmpty
ClientToScreen
TrackMouseEvent
PtInRect
GetCursorPos
LoadCursorW
GetClassInfoExW

gdi32

CreateRectRgnIndirect
CopyMetaFileW
GetMapMode
GetBkColor
GetTextColor
GetRgnBox
CreateBitmap
SetViewportExtEx
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
GetObjectW
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
CreateDIBitmap
SelectClipRgn
GetClipBox
SetMapMode
SetBkColor
RestoreDC
SaveDC
StretchBlt
PtInRegion
OffsetRgn
CreateRectRgn
CreateCompatibleBitmap
CreateSolidBrush
SetTextColor
CreateFontIndirectW
SetBkMode
Rectangle
GetStockObject
BitBlt
DeleteDC
CreateDIBSection
GetDeviceCaps
CreatePalette
DeleteObject
SelectObject
CreateCompatibleDC
CombineRgn
ExtCreateRegion
StretchDIBits
SelectPalette
ScaleViewportExtEx

comdlg32

GetFileTitleW
GetSaveFileNameW
GetOpenFileNameW

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

advapi32

RegOpenKeyExW
RegDeleteKeyW
RegCreateKeyExW
RegQueryValueW
RegCreateKeyW
RegOpenKeyW
RegEnumKeyW
RegSetValueExW
RegCloseKey
RegEnumValueW
RegDeleteValueW
RegQueryValueExW

shell32

ExtractIconExW
SHGetFileInfoW
SHGetPathFromIDListW
SHGetMalloc
SHBrowseForFolderW
DoEnvironmentSubstW
ShellExecuteW

comctl32

InitCommonControlsEx

oledlg

OleUIBusyW

ole32

CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CreateStreamOnHGlobal
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CLSIDFromString
CLSIDFromProgID
DoDragDrop
CoRevokeClassObject
OleIsCurrentClipboard
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
CoTaskMemFree
CoRegisterMessageFilter
OleFlushClipboard

oleaut32

SysAllocString
OleCreateFontIndirect
SysFreeString
SysStringLen
SysAllocStringLen
VariantClear
VariantChangeType
VariantInit
VariantCopy
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime

msvfw32

MCIWndCreateW

Sections

.text
Size: 434KB - Virtual size: 434KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 119KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 242KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8.7MB - Virtual size: 8.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4d59408b225bab4cb9c0fde6a6958fe6

Code Sign

54:98:d2:d1:d4:5b:19:95:48:13:79:c8:11:c0:87:99Certificate

Key Usages

33:00:00:c5:e8:e8:50:60:ee:75:a9:c3:21:00:00:00:00:c5:e8Certificate

Extended Key Usages

Key Usages

33:00:00:c5:e8:e8:50:60:ee:75:a9:c3:21:00:00:00:00:c5:e8Certificate

Extended Key Usages

Key Usages

33:00:00:00:05:fb:7a:5c:32:13:61:df:5d:00:00:00:00:00:05Certificate

Key Usages

33:00:00:00:07:87:a3:34:a3:7b:a5:8e:1c:00:00:00:00:00:07Certificate

Key Usages

33:00:00:00:05:e5:cf:0f:ff:66:2e:c9:87:00:00:00:00:00:05Certificate

Extended Key Usages

Key Usages

33:00:00:00:3e:d9:35:92:f7:b0:19:42:29:00:00:00:00:00:3eCertificate

Extended Key Usages

Key Usages

f8:ba:f6:21:15:4e:01:73:18:d1:81:9c:2c:37:78:2a:44:b0:75:d9:fe:72:a6:d9:f0:2a:9a:52:90:aa:0c:a3Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

oleaut32

msvfw32

Sections

.text Size: 434KB - Virtual size: 434KB

.rdata Size: 119KB - Virtual size: 119KB

.data Size: 13KB - Virtual size: 242KB

.rsrc Size: 8.7MB - Virtual size: 8.7MB

54:98:d2:d1:d4:5b:19:95:48:13:79:c8:11:c0:87:99
Certificate

33:00:00:c5:e8:e8:50:60:ee:75:a9:c3:21:00:00:00:00:c5:e8
Certificate

33:00:00:c5:e8:e8:50:60:ee:75:a9:c3:21:00:00:00:00:c5:e8
Certificate

33:00:00:00:05:fb:7a:5c:32:13:61:df:5d:00:00:00:00:00:05
Certificate

33:00:00:00:07:87:a3:34:a3:7b:a5:8e:1c:00:00:00:00:00:07
Certificate

33:00:00:00:05:e5:cf:0f:ff:66:2e:c9:87:00:00:00:00:00:05
Certificate

33:00:00:00:3e:d9:35:92:f7:b0:19:42:29:00:00:00:00:00:3e
Certificate

f8:ba:f6:21:15:4e:01:73:18:d1:81:9c:2c:37:78:2a:44:b0:75:d9:fe:72:a6:d9:f0:2a:9a:52:90:aa:0c:a3
Signer

.text
Size: 434KB - Virtual size: 434KB

.rdata
Size: 119KB - Virtual size: 119KB

.data
Size: 13KB - Virtual size: 242KB

.rsrc
Size: 8.7MB - Virtual size: 8.7MB