138fa977f6f1de4e92e1b1ad04751c6a48fbf6dafe1eea0e59668425c3f03fb5N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

138fa977f6f1de4e92e1b1ad04751c6a48fbf6dafe1eea0e59668425c3f03fb5N.exe
Size

1.2MB
MD5

dfde7b01153135be4548aa7b9b472370
SHA1

ff19730ac78ed3c843305da3537d5f36e322fcc0
SHA256

138fa977f6f1de4e92e1b1ad04751c6a48fbf6dafe1eea0e59668425c3f03fb5
SHA512

2762cdb718c30b122c00af81da7625d1141de95d8c1d15a7058e94b8866be8be3c99cbe27b1d7efcc0798eccd01c1970961a388f6b3b7352dc44b39768b46c54
SSDEEP

6144:JsHHUPFY76DEoS5rYU/LPlbuo2YILNkFVZ5VfUllOp2n2FxHot1WL+Lwb5tJRt:fs6AoS5EU/Lp56kBgXOInmNouL+Lwb5H

Score

1^/10

Malware Config

Signatures

Files

138fa977f6f1de4e92e1b1ad04751c6a48fbf6dafe1eea0e59668425c3f03fb5N.exe
.exe windows:4 windows x86 arch:x86

65b7e4d2b8f7b3cf1dfc4bed557e0068

Code Sign

13:79:43:71:c0:52:ec:05:59:e9:b4:92:ab:b2:5c:26
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

04-09-2020 00:00

Not After

04-09-2021 23:59

Subject

CN=Carmel group LLC,O=Carmel group LLC,STREET=Serpukhovskaya B. House\, 31/9\, Apartment 291,L=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01-01-2004 00:00

Not After

31-12-2028 23:59

Subject

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12-03-2019 00:00

Not After

31-12-2028 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-11-2018 00:00

Not After

31-12-2030 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

df:5e:31:4f:a2:8a:85:df:29:94:a4:b4:e9:ce:5d:7d:1a:93:69:ba
Signer

Actual PE Digest

df:5e:31:4f:a2:8a:85:df:29:94:a4:b4:e9:ce:5d:7d:1a:93:69:ba

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetVersion
LoadLibraryA
VirtualAlloc
VirtualFree
VirtualProtect
GetModuleHandleA
GetTickCount
lstrcmpA
ReadFileScatter
SetThreadAffinityMask
VerLanguageNameW
UpdateResourceA
SetConsoleOutputCP
InterlockedPushEntrySList
MoveFileExA
SignalObjectAndWait
GetSystemTimeAdjustment
GetCurrentProcess

ole32

OleUninitialize
HACCEL_UserSize
DoDragDrop
CoGetCurrentLogicalThreadId
CoSwitchCallContext
CoReactivateObject
CLSIDFromOle1Class
STGMEDIUM_UserMarshal
CoGetObjectContext
CoLockObjectExternal
CoAllowSetForegroundWindow
CoGetCancelObject
CoRegisterClassObject
MonikerRelativePathTo
CoBuildVersion
CreateStdProgressIndicator
CoPushServiceDomain
CoGetSystemSecurityPermissions
EnableHookObject

version

VerFindFileW
VerInstallFileA
GetFileVersionInfoW
GetFileVersionInfoSizeA
VerFindFileA
GetFileVersionInfoA

advapi32

SystemFunction033
PrivilegedServiceAuditAlarmW
SystemFunction035
SetEntriesInAccessListA
IsValidSecurityDescriptor
LsaEnumeratePrivileges
EnumServicesStatusExA
ConvertSecurityDescriptorToAccessNamedW
ConvertSecurityDescriptorToAccessA
OpenEventLogW
SetEntriesInAuditListW

shell32

ILGetNext
StrCmpNA
Shell_GetCachedImageIndex
ILCreateFromPathW
SHShellFolderView_Message
SHFindFiles
Options_RunDLLW
GetFileNameFromBrowse
SHChangeNotifyRegister
SHSetInstanceExplorer
SheChangeDirExW
RestartDialogEx
WOWShellExecute
ShellHookProc
StrStrIW
SHUpdateRecycleBinIcon
PathYetAnotherMakeUniqueName

oledlg

OleUIChangeSourceW
OleUIEditLinksA
OleUIPromptUserW
OleUIConvertA
OleUIPasteSpecialW
OleUIObjectPropertiesW
OleUIChangeIconW
OleUIAddVerbMenuA
OleUIInsertObjectW
OleUIPasteSpecialA
OleUIInsertObjectA

winspool.drv

DeletePrintProcessorA
EnumJobsW
GetSpoolFileHandle
DeletePrinterKeyA
AddFormA
SeekPrinter
AddPrintProvidorW
GetPrinterDriverDirectoryA
QueryColorProfile
EndPagePrinter
EnumPrintersW
EnumPrinterKeyA

user32

LoadImageW
IMPGetIMEA
GetMenuItemRect
EqualRect
DrawAnimatedRects
RegisterShellHookWindow
LoadStringW
TabbedTextOutA
GetKeyNameTextW
RegisterClipboardFormatW
DestroyReasons
AllowForegroundActivation

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 428B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

65b7e4d2b8f7b3cf1dfc4bed557e0068

Code Sign

13:79:43:71:c0:52:ec:05:59:e9:b4:92:ab:b2:5c:26Certificate

Extended Key Usages

Key Usages

01Certificate

Key Usages

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95Certificate

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

df:5e:31:4f:a2:8a:85:df:29:94:a4:b4:e9:ce:5d:7d:1a:93:69:baSigner

Headers

File Characteristics

Imports

kernel32

ole32

version

advapi32

shell32

oledlg

winspool.drv

user32

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.data Size: 6KB - Virtual size: 21KB

.rdata Size: 4KB - Virtual size: 3KB

.rdata Size: 2KB - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 428B

13:79:43:71:c0:52:ec:05:59:e9:b4:92:ab:b2:5c:26
Certificate

01
Certificate

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

df:5e:31:4f:a2:8a:85:df:29:94:a4:b4:e9:ce:5d:7d:1a:93:69:ba
Signer

.text
Size: 1.2MB - Virtual size: 1.2MB

.data
Size: 6KB - Virtual size: 21KB

.rdata
Size: 4KB - Virtual size: 3KB

.rdata
Size: 2KB - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 428B