080d85b4fb230f61157fdde662290742adbd105888a575cdc692c3938376e48a

Sharing

Copy URL

Twitter E-mail

General

Target

080d85b4fb230f61157fdde662290742adbd105888a575cdc692c3938376e48a
Size

225KB
MD5

c0a3c069a94b35620fc210e4b68b4f01
SHA1

e8b3ec66c28dedaa18b968bcd267a2c912a92e87
SHA256

080d85b4fb230f61157fdde662290742adbd105888a575cdc692c3938376e48a
SHA512

5bd77b40aaf46cb96c94562585b5bb0fb86e9a80d842c8e36e3c032c0d7c55cecf3aca9168df49bcc43039ccebc12a81af6dd1748962a0ae42d10c28bd6448f6
SSDEEP

3072:rwwbq/XSqcbXdOg9gkx/yrNPwwApe6eIDK+C9iKy6K7kDlUzYak6ve4o6+fGxsQM:kKqKDXdOAgUKXvji7oDvaNm4dSGq7n

Score

N/A

Malware Config

Signatures

Files

080d85b4fb230f61157fdde662290742adbd105888a575cdc692c3938376e48a
.dll windows x86

8efacb95866fcc4885b1ca245d75e940

Code Sign

2c:a2:23:bb:af:a2:70:77:b4:08:c7:b1:ee:20:31:27
Certificate

Issuer

CN=YIYEBWXQHAHXTYLOTE

Not Before

14/06/2020, 19:26

Not After

31/12/2039, 23:59

Subject

CN=YIYEBWXQHAHXTYLOTE

Extended Key Usages

ExtKeyUsageCodeSigning

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

01/08/2030, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c2:4a:c9:5c:54:e2:4b:a3:f8:09:5c:64:2b:c7:f0:c8:4e:f9:4b:00
Signer

Actual PE Digest

c2:4a:c9:5c:54:e2:4b:a3:f8:09:5c:64:2b:c7:f0:c8:4e:f9:4b:00

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=YIYEBWXQHAHXTYLOTE

28/01/2022, 14:04
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WritePrivateProfileStringA
GetTickCount
RtlUnwind
Sleep
ExitProcess
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitThread
CreateThread
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
GetCommandLineA
GetStartupInfoA
HeapFree
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapReAlloc
HeapSize
GetACP
IsValidCodePage
LCMapStringA
GetStdHandle
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetFileType
VirtualFree
HeapCreate
GetTimeZoneInformation
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
SetErrorMode
GetModuleHandleW
GetOEMCP
GetCPInfo
InterlockedIncrement
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
GlobalFlags
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetProfileIntA
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
InterlockedExchange
lstrcmpA
GetFullPathNameA
GetVolumeInformationA
GetCurrentProcess
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
GetThreadLocale
GetFileTime
GetFileSizeEx
GetFileAttributesExA
FileTimeToLocalFileTime
FileTimeToSystemTime
SuspendThread
SetThreadPriority
InterlockedDecrement
GetModuleFileNameW
GetModuleFileNameA
FormatMessageA
LocalFree
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
CompareStringA
GetLastError
lstrcmpW
GetModuleHandleA
GetVersionExA
GetProcessHeap
HeapAlloc
FreeResource
GlobalFree
CreateEventA
ResumeThread
SetEvent
lstrlenA
MultiByteToWideChar
MulDiv
DeleteFileA
lstrcpyA
CreateProcessA
LoadLibraryA
GetProcAddress
FreeLibrary
WaitForSingleObject
GetWindowsDirectoryA
GetPrivateProfileStringA
CreateFileA
GetFileSize
GlobalAlloc
GlobalLock
ReadFile
GlobalUnlock
CloseHandle
WideCharToMultiByte
GetCurrentProcessId
OpenProcess
GetExitCodeProcess
TerminateProcess
FindResourceA
LoadResource
LockResource
SizeofResource
GetCurrentDirectoryA
SetCurrentDirectoryA
SetLastError
FindFirstFileA
FindClose
GetFileAttributesA
SetFileAttributesA
RemoveDirectoryA
LCMapStringW
CreateDirectoryA

user32

LoadIconW

gdi32

GetStockObject
GetMapMode
GetTextCharacterExtra
GdiGetBatchLimit
GetTextColor
EndDoc
GetEnhMetaFileW
DeleteMetaFile
CloseEnhMetaFile
DeleteEnhMetaFile
DeleteObject
GetEnhMetaFileA
CancelDC
CreateCompatibleDC
GdiFlush
GetTextAlign
FillPath
GetDCBrushColor
GetPolyFillMode
GetDCPenColor
GetLayout
RealizePalette
CreateSolidBrush
GetTextCharset
BeginPath

advapi32

RegQueryValueExW
RegOpenKeyA

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 103B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 172KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 672B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8efacb95866fcc4885b1ca245d75e940

Code Sign

2c:a2:23:bb:af:a2:70:77:b4:08:c7:b1:ee:20:31:27Certificate

Extended Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08Certificate

Extended Key Usages

Key Usages

c2:4a:c9:5c:54:e2:4b:a3:f8:09:5c:64:2b:c7:f0:c8:4e:f9:4b:00Signer

Signature Validations

Verification

28/01/2022, 14:04 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

Sections

.text Size: 44KB - Virtual size: 43KB

.rdata Size: 512B - Virtual size: 103B

.data Size: 172KB - Virtual size: 171KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 672B

2c:a2:23:bb:af:a2:70:77:b4:08:c7:b1:ee:20:31:27
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

c2:4a:c9:5c:54:e2:4b:a3:f8:09:5c:64:2b:c7:f0:c8:4e:f9:4b:00
Signer

28/01/2022, 14:04
Valid: false

.text
Size: 44KB - Virtual size: 43KB

.rdata
Size: 512B - Virtual size: 103B

.data
Size: 172KB - Virtual size: 171KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 672B