Static task
static1
Behavioral task
behavioral1
Sample
3290b8a28d937417e38c54224d1af29e.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
3290b8a28d937417e38c54224d1af29e.exe
Resource
win10-en-20211208
General
-
Target
3290b8a28d937417e38c54224d1af29e
-
Size
666KB
-
MD5
3290b8a28d937417e38c54224d1af29e
-
SHA1
5c228fdd851667ae7091ec3de1ad2a4742bc16b8
-
SHA256
18a2ca4b4f0a41b87f12ce121488a656e3db3a59a3934bbcb76d7e8d3113c363
-
SHA512
353f90bc030d8af1b8568c70a845d069669968bcaf0ced8d179239bf96d2a49afe743d1aafbfaf48edf5e11d4a2b314c352cef6cd63ba7721d77844ae94579a8
-
SSDEEP
12288:B7tJcOfDFH+iLrdr9obqztpQ0yFCXCWxhY4Vio/3oYNG3R5UdRruilRU:bOQDQiLrdWbavQ0mOBxW4Vi4BY3RwRr
Malware Config
Signatures
Files
-
3290b8a28d937417e38c54224d1af29e.exe windows x86
64d34b7757297f5ae52b632128171037
Code Sign
2c:f8:2c:74:b3:9f:0c:88:4e:d2:fd:b3:ee:2f:4d:5aCertificate
IssuerCN=Polaroid Candy JER (SWL 7008-04)Not Before26-01-2022 10:26Not After27-01-2032 10:26SubjectCN=Polaroid Candy JER (SWL 7008-04)8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6bCertificate
IssuerCN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBNot Before23-10-2020 00:00Not After22-01-2032 23:59SubjectCN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate
IssuerCN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=USNot Before02-05-2019 00:00Not After18-01-2038 23:59SubjectCN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
76:bc:c0:26:dd:a4:66:87:59:5b:15:92:69:34:8f:3e:39:ba:85:11:dc:d3:fe:09:66:61:79:7f:e1:5a:1e:bcSigner
Actual PE Digest76:bc:c0:26:dd:a4:66:87:59:5b:15:92:69:34:8f:3e:39:ba:85:11:dc:d3:fe:09:66:61:79:7f:e1:5a:1e:bcDigest Algorithmsha256PE Digest MatchestrueSignature Validations
TrustedfalseVerification
Signing CertificateCN=Polaroid Candy JER (SWL 7008-04)28-01-2022 14:03 Valid: false
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GetModuleHandleA
user32
UpdateWindow
advapi32
RegQueryValueA
mscoree
_CorExeMain
shell32
SHGetDiskFreeSpaceExW
comctl32
ImageList_Draw
Sections
DATA Size: - Virtual size: 244KB
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.adata Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 184KB - Virtual size: 184KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rdata Size: 94KB - Virtual size: 96KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE