792474b38315e55d49a76f68e97b8a6b498ca794decc326cbaef5df22476c88d[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

792474b38315e55d49a76f68e97b8a6b498ca794decc326cbaef5df22476c88d.exe
Size

73.0MB
MD5

762266932c784bb2723293ad1cbecc37
SHA1

7983d7eda278567ba082c13b5690266212c447d4
SHA256

792474b38315e55d49a76f68e97b8a6b498ca794decc326cbaef5df22476c88d
SHA512

6862c10dbad70c356be44001f5f514a3f55b23e64aa4a2b89c6e49f1375bb83977bf8bf2398f4eb3f92fc0526968e9ff2e5021cff72725fcafef4351277838a3
SSDEEP

24576:iy3UVrqlCZuTti0JGBtlfvrVTPOk338FNR8olu6jF/3UDIBsS14tB1lzFlE675+E:L3UdqO4+OnXPPpBs1qg5lRCTk6A

Score

1^/10

Malware Config

Signatures

Files

792474b38315e55d49a76f68e97b8a6b498ca794decc326cbaef5df22476c88d.exe
.exe windows:4 windows x86 arch:x86

ff67bf11cc36c35722df0b7f1c459325

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

14:78:1b:c8:62:e8:dc:50:3a:55:93:46:f5:dc:c5:18
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

28-07-2015 00:00

Not After

26-07-2018 23:59

Subject

CN=NVIDIA Corporation,O=NVIDIA Corporation,L=SANTA CLARA,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22-02-2011 19:25

Not After

22-02-2021 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:c1:5a:f2:13:67:d0:75:8b:ed:dc:ca:11:86:42:de
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

13-07-2015 00:00

Not After

13-07-2018 23:59

Subject

CN=NVIDIA Corporation,OU=IT MIIS,O=NVIDIA Corporation,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22-02-2011 19:25

Not After

22-02-2021 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

32:58:e8:ee:54:af:5c:27
Certificate

Issuer

CN=Starfield Services Root Certificate Authority,OU=http://certificates.starfieldtech.com/repository/,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

13-12-2016 07:00

Not After

13-12-2021 07:00

Subject

CN=Starfield Services Timestamp Authority - G1,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

58:23:a1:24:2c:f7:d0:02:2d:61:8f:e7:11:58:36:17:ea:06:12:33:3e:94:af:be:fb:d2:29:34:74:3a:02:37
Signer

Actual PE Digest

58:23:a1:24:2c:f7:d0:02:2d:61:8f:e7:11:58:36:17:ea:06:12:33:3e:94:af:be:fb:d2:29:34:74:3a:02:37

Digest Algorithm

sha256

PE Digest Matches

false

8e:b0:c1:a9:77:9a:66:f6:1e:ef:08:58:15:06:57:29:30:75:aa:f0
Signer

Actual PE Digest

8e:b0:c1:a9:77:9a:66:f6:1e:ef:08:58:15:06:57:29:30:75:aa:f0

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTimeZoneInformation
GetSystemTime
GetLocalTime
CreateThread
ExitThread
HeapSize
SetStdHandle
GetFileType
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetEnvironmentStrings
GetCommandLineW
GetCommandLineA
SetHandleCount
GetStdHandle
GetStartupInfoA
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
CompareStringA
CompareStringW
SetUnhandledExceptionFilter
GetCurrentDirectoryA
LCMapStringA
LCMapStringW
IsBadReadPtr
IsBadCodePtr
GetCPInfo
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeA
HeapReAlloc
GetDriveTypeA
GetLocaleInfoW
GetACP
GetOEMCP
SetEnvironmentVariableA
GetLastError
CreateMutexW
lstrcmpW
FreeLibrary
GetProcAddress
LoadLibraryW
GetModuleHandleW
lstrcpynW
GetVersionExW
lstrlenW
Sleep
GlobalUnlock
GlobalLock
GlobalAlloc
DeleteFileW
MoveFileW
CopyFileW
LocalFree
FormatMessageW
GetShortPathNameW
GetFileAttributesExW
CreateDirectoryW
GetTempPathW
GetCurrentProcess
GetPrivateProfileStringW
CloseHandle
GetExitCodeProcess
WaitForSingleObject
CreateProcessW
TerminateProcess
FreeConsole
InterlockedExchange
GetProfileStringA
GlobalAddAtomA
FindResourceA
GetDriveTypeW
RaiseException
HeapAlloc
HeapFree
RtlUnwind
ExitProcess
GetStartupInfoW
SetErrorMode
FindResourceExW
GetCurrentDirectoryW
SystemTimeToFileTime
LocalFileTimeToFileTime
FindNextFileW
GetProfileIntW
GetThreadLocale
GetStringTypeExW
GetVolumeInformationW
FindFirstFileW
FindClose
UnlockFile
LockFile
DuplicateHandle
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
GetProcessVersion
GlobalFlags
lstrcmpiW
FileTimeToLocalFileTime
FileTimeToSystemTime
lstrcmpA
lstrcmpiA
GetCurrentThread
GlobalGetAtomNameW
CreateEventW
SuspendThread
SetEvent
LoadLibraryA
FindResourceW
GetVersion
lstrcatW
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
lstrcpyW
GetDiskFreeSpaceW
GetFileTime
SetFileTime
GetFullPathNameW
GetTempFileNameW
GetFileAttributesW
lstrlenA
InterlockedDecrement
InterlockedIncrement
MulDiv
GetModuleHandleA
SetLastError
SetFilePointer
SizeofResource
LoadResource
GenerateConsoleCtrlEvent
LockResource
GlobalSize
GetFileSize
SetCurrentDirectoryW
GlobalFree
FlushFileBuffers
WriteFile
ReadFile
SetFilePointerEx
SetEndOfFile
GetFileSizeEx
CreateFileW
AreFileApisANSI
SetFileAttributesW
WritePrivateProfileStringW
GetPrivateProfileIntW
GetWindowsDirectoryW
GetTickCount
GetModuleFileNameW
MultiByteToWideChar
WideCharToMultiByte
ResumeThread
TerminateThread
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
DeleteCriticalSection
SetThreadPriority
AttachConsole
GetStringTypeW

user32

SetRectEmpty
wvsprintfW
EndDialog
CreateDialogIndirectParamW
GetActiveWindow
ValidateRect
WindowFromPoint
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
IsDlgButtonChecked
SetDlgItemTextW
SetDlgItemInt
GetDlgItemInt
CheckDlgButton
SendDlgItemMessageW
SendDlgItemMessageA
MapWindowPoints
PeekMessageW
SetActiveWindow
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetTopWindow
IsChild
WinHelpW
GetClassInfoW
RegisterClassW
TrackPopupMenu
GetDlgItem
GetWindowTextLengthW
GetWindowTextW
DestroyWindow
SetWindowsHookExW
CallNextHookEx
CallWindowProcW
DefWindowProcW
GetMessageTime
GetMessagePos
GetForegroundWindow
IntersectRect
SystemParametersInfoW
GetWindowPlacement
GetMenuCheckMarkDimensions
GetMenuState
ModifyMenuW
SetMenuItemBitmaps
EnableMenuItem
GetNextDlgTabItem
wsprintfW
UnhookWindowsHookEx
EndPaint
BeginPaint
GetWindowDC
MessageBoxW
LoadAcceleratorsW
SetPropW
SetClassLongW
SetMenu
HideCaret
ShowCaret
ExcludeUpdateRgn
GetWindowTextA
DrawTextA
GetClassInfoA
DefDlgProcA
DefWindowProcA
DestroyMenu
GetMessageW
TranslateMessage
DispatchMessageW
GetMenuStringW
FindWindowW
ExitWindowsEx
EmptyClipboard
SetClipboardData
GetClipboardData
CloseClipboard
OpenClipboard
DrawFocusRect
ReleaseDC
KillTimer
SetTimer
ScreenToClient
TranslateAcceleratorW
ReuseDDElParam
UnpackDDElParam
BringWindowToTop
IsZoomed
PostQuitMessage
ShowOwnedPopups
RegisterClipboardFormatW
GetAsyncKeyState
MapDialogRect
SetRect
LoadStringW
GetClassNameW
GetSysColorBrush
CharUpperW
IsWindowEnabled
SetFocus
RegisterWindowMessageW
GetDlgCtrlID
SetWindowPos
GetMenu
GetMenuItemCount
GetMenuItemID
GetWindowLongW
SetWindowLongW
DeleteMenu
GetKeyState
OffsetRect
InflateRect
GetSysColor
GetFocus
BeginDeferWindowPos
EndDeferWindowPos
GetCursorPos
ReleaseCapture
GetCapture
ClientToScreen
SetCursorPos
PtInRect
SetCursor
CharNextA
CallWindowProcA
RemovePropA
SetWindowsHookExA
GetWindowLongA
SendMessageA
IsWindowUnicode
GetClassNameA
SetWindowLongA
SetPropA
GetPropA
SetCapture
GrayStringW
DrawTextW
TabbedTextOutW
IsClipboardFormatAvailable
PostThreadMessageW
SetParent
LockWindowUpdate
RemovePropW
GetDCEx
GetParent
GetDesktopWindow
GetWindow
GetPropW
IsIconic
GetLastActivePopup
UpdateWindow
TrackPopupMenuEx
InvalidateRect
IsWindowVisible
GetSystemMenu
InsertMenuW
CheckMenuItem
DestroyIcon
LoadIconW
LoadImageW
GetDC
CopyRect
GetWindowRect
PostMessageW
IsWindow
LoadMenuW
GetClientRect
GetSubMenu
SetMenuDefaultItem
GetSystemMetrics
SendMessageW
SetForegroundWindow
EnableWindow
DestroyCursor
LoadBitmapW
LoadCursorW
GetWindowTextLengthA
UnregisterClassW
CreateWindowExW

gdi32

SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
SelectClipRgn
ExcludeClipRect
IntersectClipRect
GetDeviceCaps
CreateSolidBrush
CreatePatternBrush
SetRectRgn
GetCharWidthW
CreateFontW
GetTextMetricsW
EnumFontFamiliesExW
CopyMetaFileW
CreateRectRgn
CombineRgn
SetTextColor
SetBkMode
SetBkColor
SaveDC
GetClipBox
CreateRectRgnIndirect
ExtSelectClipRgn
SetStretchBltMode
StretchDIBits
SetDIBitsToDevice
RestoreDC
CreateDIBSection
DeleteDC
PatBlt
DeleteObject
SelectObject
GetBkMode
GetTextExtentPoint32W
GetBkColor
GetTextColor
BitBlt
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
CreateCompatibleBitmap
CreateCompatibleDC
CreateBitmap
GetStockObject
GetObjectW
ExtTextOutA
GetTextExtentPointA
CreateDIBitmap
CreateFontIndirectW

comdlg32

GetFileTitleW
GetSaveFileNameW
GetOpenFileNameW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegQueryValueW
RegSetValueExW
RegCreateKeyW
RegSetValueW
RegDeleteKeyW
RegEnumKeyW
RegOpenKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegDeleteValueW
SetFileSecurityW
GetFileSecurityW
RegCloseKey

shell32

DragAcceptFiles
ShellExecuteW
DragQueryFileW
SHGetSpecialFolderPathW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetMalloc
SHGetDesktopFolder
SHFileOperationW
ExtractIconW
SHGetFileInfoW
DragFinish

comctl32

ImageList_DragLeave
ImageList_DragEnter
ImageList_BeginDrag
ImageList_DragMove
ImageList_GetImageInfo
ImageList_Draw
ImageList_AddMasked
ImageList_EndDrag
_TrackMouseEvent
ImageList_SetBkColor
ImageList_Destroy
ImageList_Create
ord17
PropertySheetW
DestroyPropertySheetPage
CreatePropertySheetPageW
ImageList_DrawIndirect
ImageList_GetImageCount

oledlg

OleUIBusyW

ole32

CoTaskMemAlloc
RevokeDragDrop
OleDuplicateData
RegisterDragDrop
OleGetClipboard
ReleaseStgMedium
CoFreeUnusedLibraries
OleUninitialize
OleInitialize
CoInitialize
CoCreateInstance
CoUninitialize
CoCreateGuid
OleIsCurrentClipboard
CoRegisterMessageFilter
CoRevokeClassObject
CoLockObjectExternal
OleFlushClipboard

oleaut32

SysFreeString
SysAllocString
VariantClear
VarBstrFromDate

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

shlwapi

PathGetCharTypeW
PathIsRootW
PathRemoveFileSpecW
PathIsURLW
PathFindExtensionW
PathFileExistsW
PathIsDirectoryW
PathFindFileNameW

winhttp

WinHttpOpenRequest
WinHttpCrackUrl
WinHttpAddRequestHeaders
WinHttpReadData
WinHttpCloseHandle
WinHttpSendRequest
WinHttpSetOption
WinHttpQueryOption
WinHttpQueryHeaders
WinHttpOpen
WinHttpConnect
WinHttpReceiveResponse

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 236KB - Virtual size: 235KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 608KB - Virtual size: 633KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 656KB - Virtual size: 656KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ff67bf11cc36c35722df0b7f1c459325

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

14:78:1b:c8:62:e8:dc:50:3a:55:93:46:f5:dc:c5:18Certificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

7b:c1:5a:f2:13:67:d0:75:8b:ed:dc:ca:11:86:42:deCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

32:58:e8:ee:54:af:5c:27Certificate

Extended Key Usages

Key Usages

58:23:a1:24:2c:f7:d0:02:2d:61:8f:e7:11:58:36:17:ea:06:12:33:3e:94:af:be:fb:d2:29:34:74:3a:02:37Signer

8e:b0:c1:a9:77:9a:66:f6:1e:ef:08:58:15:06:57:29:30:75:aa:f0Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

oleaut32

version

shlwapi

winhttp

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 236KB - Virtual size: 235KB

.data Size: 608KB - Virtual size: 633KB

.rsrc Size: 656KB - Virtual size: 656KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

14:78:1b:c8:62:e8:dc:50:3a:55:93:46:f5:dc:c5:18
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

7b:c1:5a:f2:13:67:d0:75:8b:ed:dc:ca:11:86:42:de
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

32:58:e8:ee:54:af:5c:27
Certificate

58:23:a1:24:2c:f7:d0:02:2d:61:8f:e7:11:58:36:17:ea:06:12:33:3e:94:af:be:fb:d2:29:34:74:3a:02:37
Signer

8e:b0:c1:a9:77:9a:66:f6:1e:ef:08:58:15:06:57:29:30:75:aa:f0
Signer

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 236KB - Virtual size: 235KB

.data
Size: 608KB - Virtual size: 633KB

.rsrc
Size: 656KB - Virtual size: 656KB