7586596643d56c53111f64092879acaa50a0cf5f515e831d8b6b5066997ef65bN[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

7586596643d56c53111f64092879acaa50a0cf5f515e831d8b6b5066997ef65bN.exe
Size

694KB
MD5

cff959b45466c61c5bbca44718b26a80
SHA1

abd7b01a895b68bc02f56dc812790978ab7c03ce
SHA256

7586596643d56c53111f64092879acaa50a0cf5f515e831d8b6b5066997ef65b
SHA512

ff16bce0611dabf5a758034fc5add633dd9f1998f620dfe23bdf9c3031af83f708b21f25bee645f91f568d9d992c398ebb0491f44cb120a20983b4f8997e8941
SSDEEP

12288:TeiJQ3Yb4dOtEp6zB9wtAYjBxqDseqZfKaX0vWAezbBjvrEH7P:KiJMYb4dw9QtB0D0ZfVX0ujrEH7P

Score

1^/10

Malware Config

Signatures

Files

7586596643d56c53111f64092879acaa50a0cf5f515e831d8b6b5066997ef65bN.exe
.exe windows:4 windows x86 arch:x86

cb0ec9aca24a304b414a7817ea6d4140

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28-07-2020 00:00

Not After

28-07-2030 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:28:cf:12:7e:b4:52:6b:3f:c8:df:87
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

27-07-2023 09:33

Not After

27-07-2024 09:33

Subject

SERIALNUMBER=15.06.2017,CN=Nenad Hrg,O=Nenad Hrg,STREET=Edelweissstrasse 104,L=Taufkirchen,ST=Bayern,C=DE,1.2.840.113549.1.9.1=#0c16737570706f727440736f6674776172656f6b2e636f6d,1.3.6.1.4.1.311.60.2.1.1=#130b546175666b69726368656e,1.3.6.1.4.1.311.60.2.1.2=#130642617965726e,1.3.6.1.4.1.311.60.2.1.3=#13024445,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6a
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06-04-2022 07:45

Not After

08-05-2033 07:45

Subject

CN=Globalsign TSA for CodeSign1 - R6,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20-06-2018 00:00

Not After

10-12-2034 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10-12-2014 00:00

Not After

10-12-2034 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1d:a3:f7:6e:10:73:29:83:c6:52:98:ac:c0:78:61:68:33:71:5d:bc:88:e7:9d:17:60:83:00:58:79:73:29:f2
Signer

Actual PE Digest

1d:a3:f7:6e:10:73:29:83:c6:52:98:ac:c0:78:61:68:33:71:5d:bc:88:e7:9d:17:60:83:00:58:79:73:29:f2

Digest Algorithm

sha256

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetStdHandle
IsBadCodePtr
SetUnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
GetCPInfo
LCMapStringW
LCMapStringA
GetCommandLineA
GetCommandLineW
GetEnvironmentStrings
GetEnvironmentStringsW
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetCurrentDirectoryW
GetFileType
GetStdHandle
SetHandleCount
SetFilePointer
HeapSize
VirtualAlloc
VirtualFree
GetEnvironmentVariableA
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
GetVersion
GetStartupInfoW
TerminateProcess
GetSystemTime
GetSystemTimeAsFileTime
RtlUnwind
HeapReAlloc
GetDriveTypeA
SetEndOfFile
CompareStringA
GetACP
GetOEMCP
SetEnvironmentVariableA
InterlockedExchange
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetExitCodeThread
HeapCreate
HeapAlloc
HeapFree
GetLocaleInfoW
GetNumberFormatW
GetFullPathNameW
lstrcpynA
GetProfileStringW
FlushFileBuffers
FindClose
FindNextFileW
FindFirstFileW
CreateProcessW
SetLastError
GetWindowsDirectoryW
GetVersionExA
RemoveDirectoryW
SetFileAttributesW
LoadLibraryA
MulDiv
GetDateFormatW
GetTimeFormatW
GetUserDefaultLCID
EnumDateFormatsW
EnumTimeFormatsW
GetPrivateProfileStringW
WritePrivateProfileStringW
CreateDirectoryW
GetFileAttributesW
GlobalHandle
FreeResource
DeleteFileW
GetFileSize
ReadFile
CopyFileW
WriteFile
WideCharToMultiByte
GetTimeZoneInformation
FormatMessageW
LocalFree
GetLogicalDriveStringsW
GetDriveTypeW
SizeofResource
GlobalUnlock
GlobalFree
GlobalAlloc
GlobalLock
CreateFileW
OutputDebugStringW
GetLocalTime
GetUserDefaultLangID
DeleteCriticalSection
HeapDestroy
InitializeCriticalSection
CreateMutexW
lstrcmpW
GetLastError
TerminateThread
CloseHandle
GetModuleHandleA
CompareStringW
lstrcmpiW
FindResourceW
LoadResource
LockResource
GetVersionExW
lstrcpynW
GetFileAttributesA
GetTempPathW
lstrcatW
GetModuleHandleW
FlushInstructionCache
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
FreeLibrary
lstrcpyW
InterlockedIncrement
Sleep
GetCurrentProcess
GetModuleFileNameW
lstrlenW
CreateThread
ExitProcess
OutputDebugStringA
lstrlenA
MultiByteToWideChar
LoadLibraryW
InterlockedDecrement
GetProcAddress
GetStartupInfoA

user32

GetMenuItemCount
CharUpperW
GetFocus
SetCursor
UpdateWindow
SetRectEmpty
SetClipboardData
OpenClipboard
GetClipboardData
CloseClipboard
GetIconInfo
TranslateMessage
EnumWindows
SendMessageTimeoutW
LoadIconW
GetClassInfoExW
SetRect
MessageBoxW
CharLowerW
IsDialogMessageW
SetWindowTextW
IsWindow
SendMessageW
GetWindowRect
GetDlgItem
LoadStringW
GetScrollPos
SetScrollInfo
SetScrollPos
TrackPopupMenu
DestroyMenu
SetWindowsHookExW
GetWindowDC
FillRect
CallNextHookEx
RegisterWindowMessageW
PtInRect
GetDlgCtrlID
CallWindowProcW
BeginPaint
EndPaint
MoveWindow
keybd_event
SetDlgItemTextW
GetKeyState
UnhookWindowsHookEx
EnumChildWindows
FindWindowExW
IsChild
SetParent
CreateDialogIndirectParamW
RedrawWindow
GetDesktopWindow
CreateAcceleratorTableW
InvalidateRgn
EnableWindow
ClientToScreen
DeleteMenu
GetMessagePos
EmptyClipboard
GetWindowPlacement
MapWindowPoints
SystemParametersInfoW
GetWindow
GetParent
GetWindowLongW
SetWindowPos
ScreenToClient
GetClientRect
LoadImageW
GetSystemMetrics
SetClassLongW
PostMessageW
SetWindowLongW
SetTimer
SetMenuItemInfoW
SetMenuDefaultItem
IsZoomed
LoadStringA
ScrollWindowEx
GetScrollInfo
SetForegroundWindow
GetKeyboardState
DestroyIcon
RegisterClassExW
PeekMessageW
GetMessageW
DispatchMessageW
SetCapture
GetCapture
ReleaseCapture
CopyRect
DrawFocusRect
InflateRect
DrawEdge
FrameRect
InvalidateRect
DefWindowProcW
GetSysColor
PostQuitMessage
DestroyWindow
GetActiveWindow
ShowWindow
wsprintfW
CharNextW
KillTimer
InsertMenuW
AppendMenuW
CreatePopupMenu
CheckMenuItem
GetMenuItemInfoW
IsWindowVisible
GetCursorPos
GetSubMenu
SetFocus
GetDC
CreateDialogParamW
CreateWindowExW
DialogBoxParamW
DialogBoxIndirectParamW
EnableMenuItem
GetSystemMenu
TrackPopupMenuEx
GetSysColorBrush
OffsetRect
GetWindowTextW
GetWindowTextLengthW
LoadCursorW
GetClassNameW
ReleaseDC
DrawTextW
EndDialog

gdi32

LPtoDP
OffsetViewportOrgEx
EnumFontFamiliesExW
PatBlt
CreatePatternBrush
CreateBitmap
CreateFontW
AddFontResourceW
GetCurrentObject
SetWindowOrgEx
ExcludeClipRect
RemoveFontResourceW
RemoveFontResourceExW
AddFontResourceExW
DeleteEnhMetaFile
RestoreDC
SetViewportExtEx
SetWindowExtEx
GetViewportExtEx
GetWindowExtEx
SetMapMode
SaveDC
IntersectClipRect
DPtoLP
GetEnhMetaFileHeader
SelectClipRgn
EndDoc
AbortDoc
EndPage
StartPage
ResetDCW
StartDocW
SetPixel
SetStretchBltMode
SetDIBitsToDevice
MoveToEx
LineTo
CreateDIBSection
CreateEnhMetaFileW
CloseEnhMetaFile
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
GetDIBits
OffsetWindowOrgEx
CreateDCW
SetViewportOrgEx
GetClipBox
GetBkColor
Rectangle
DeleteObject
GetObjectW
CreateSolidBrush
SetTextColor
SetBkColor
GetDeviceCaps
SelectObject
CreateFontIndirectW
DeleteDC
ExtTextOutW
CreatePen
GetTextExtentPoint32W
SetBkMode
GetStockObject

winspool.drv

ClosePrinter
OpenPrinterW
GetPrinterW

comdlg32

GetSaveFileNameW
GetOpenFileNameW
ChooseColorW
PageSetupDlgW
PrintDlgW

advapi32

LookupPrivilegeValueW
OpenProcessToken
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
CryptCreateHash
CryptAcquireContextW
CryptDestroyHash
CryptReleaseContext
CryptHashData
CryptGetHashParam
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegDeleteKeyW
RegOpenKeyW
AdjustTokenPrivileges
RegEnumValueW

shell32

ord155
Shell_NotifyIconW
ord18
ord17
ord16
SHOpenFolderAndSelectItems
DragQueryFileW
ord190
SHGetDesktopFolder
SHGetSpecialFolderPathW
SHGetSpecialFolderLocation
SHFileOperationW
ShellExecuteExW
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetMalloc
ShellExecuteW
SHGetFileInfoW

ole32

CoInitializeSecurity
CoSetProxyBlanket
CoInitialize
CLSIDFromProgID
CoCreateInstance
OleInitialize
OleUninitialize
CLSIDFromString
CoTaskMemFree
StringFromCLSID
CoTaskMemAlloc
OleLockRunning
CoInitializeEx
CreateStreamOnHGlobal

oleaut32

VariantClear
SysAllocStringLen
SysAllocString
SysFreeString
OleCreateFontIndirect
DispCallFunc
LoadRegTypeLi
SysStringLen
SafeArrayDestroy
SafeArrayCreateVector
SafeArrayAccessData
SafeArrayUnaccessData
VariantInit

comctl32

ImageList_GetIcon
ImageList_ReplaceIcon
ImageList_Create
ImageList_LoadImageW
InitCommonControlsEx
ImageList_GetImageCount
ImageList_DrawEx
ImageList_SetImageCount
CreateStatusWindowW
ImageList_Draw
ImageList_Replace
ImageList_GetBkColor

gdiplus

GdipDeleteFontFamily
GdipGetImageWidth
GdipGetImageHeight
GdipCreateFontFamilyFromName
GdipSetInterpolationMode
GdipSetCompositingQuality
GdipDrawImageRectI
GdipDeleteGraphics
GdipCreateHICONFromBitmap
GdiplusStartup
GdipDisposeImage
GdipFree
GdipCloneImage
GdipAlloc
GdipDeletePrivateFontCollection
GdipGetFamilyName
GdipCloneFontFamily
GdipGetFontCollectionFamilyList
GdipPrivateAddFontFile
GdipNewPrivateFontCollection
GdipGetImageGraphicsContext
GdipCreateBitmapFromScan0

winmm

timeGetTime

Sections

.text
Size: 404KB - Virtual size: 403KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 100KB - Virtual size: 328KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 80KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cb0ec9aca24a304b414a7817ea6d4140

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

07:28:cf:12:7e:b4:52:6b:3f:c8:df:87Certificate

Extended Key Usages

Key Usages

01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6aCertificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51Certificate

Key Usages

1d:a3:f7:6e:10:73:29:83:c6:52:98:ac:c0:78:61:68:33:71:5d:bc:88:e7:9d:17:60:83:00:58:79:73:29:f2Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

comdlg32

advapi32

shell32

ole32

oleaut32

comctl32

gdiplus

winmm

Sections

.text Size: 404KB - Virtual size: 403KB

.rdata Size: 20KB - Virtual size: 16KB

.data Size: 100KB - Virtual size: 328KB

.rsrc Size: 80KB - Virtual size: 76KB

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

07:28:cf:12:7e:b4:52:6b:3f:c8:df:87
Certificate

01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6a
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

1d:a3:f7:6e:10:73:29:83:c6:52:98:ac:c0:78:61:68:33:71:5d:bc:88:e7:9d:17:60:83:00:58:79:73:29:f2
Signer

.text
Size: 404KB - Virtual size: 403KB

.rdata
Size: 20KB - Virtual size: 16KB

.data
Size: 100KB - Virtual size: 328KB

.rsrc
Size: 80KB - Virtual size: 76KB