a08fa77833ace89dbc789d804f9f5632fec0b64a301567e07f495e98c33bee42

Sharing

Copy URL

Twitter E-mail

General

Target

a08fa77833ace89dbc789d804f9f5632fec0b64a301567e07f495e98c33bee42
Size

437KB
MD5

afe7a69ba07d6d8c7779b8d99277a87c
SHA1

fa203f36e976c3ef1fbad3c9b5a55117497e5768
SHA256

a08fa77833ace89dbc789d804f9f5632fec0b64a301567e07f495e98c33bee42
SHA512

d347c0169a0edb846ac11b49b28b709327917e3e35d36ccc356b9377ee72982926485e1895797ac599a347782fcdcc1e1511352461138bc2a617c9da437ccef3

Score

N/A

Malware Config

Signatures

Files

a08fa77833ace89dbc789d804f9f5632fec0b64a301567e07f495e98c33bee42
.dll windows x86

1f6298b9de4ec53a7bd75362c9cc4597

Code Sign

73:52:d6:f1:84:a9:c9:5f:be:cc:33:64:0e:bd:35:56
Certificate

Issuer

CN=SXRSRIBRGGUFMVWFFT

Not Before

18-12-2020 09:25

Not After

31-12-2039 23:59

Subject

CN=SXRSRIBRGGUFMVWFFT

Extended Key Usages

ExtKeyUsageCodeSigning

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23-10-2020 00:00

Not After

22-01-2032 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6d:6b:61:34:f5:cc:48:21:63:2e:1d:1c:d8:56:a8:05:c9:db:65:53
Signer

Actual PE Digest

6d:6b:61:34:f5:cc:48:21:63:2e:1d:1c:d8:56:a8:05:c9:db:65:53

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=SXRSRIBRGGUFMVWFFT

18-03-2022 14:21
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExpandEnvironmentStringsW
GetShortPathNameW
InitializeCriticalSectionAndSpinCount
RaiseException
DecodePointer
DeleteCriticalSection
GetLogicalDrives
GetSystemDefaultLCID
DeviceIoControl
SetErrorMode
GetLocaleInfoW
MultiByteToWideChar
GetUserDefaultLCID
GetTimeFormatW
GetComputerNameW
WideCharToMultiByte
GetSystemTime
GetDateFormatW
GetDriveTypeW
GetCurrentThreadId
ProcessIdToSessionId
AttachConsole
FreeConsole
GetLongPathNameW
GetExitCodeProcess
DuplicateHandle
SetEvent
GetCurrentProcessId
GetModuleFileNameW
ReadFile
SetFilePointer
UnmapViewOfFile
GetFileInformationByHandle
FileTimeToSystemTime
GetLocalTime
GetFileSize
SystemTimeToFileTime
GetTickCount
GetFullPathNameW
lstrcmpW
CreateThread
CreateEventW
FlushFileBuffers
MulDiv
GetEnvironmentStringsW
FreeLibrary
GetModuleHandleW
HeapSize
WriteConsoleW
SetEnvironmentVariableA
GetCommandLineW
GetCommandLineA
FindFirstFileExW
GetProcessHeap
GetSystemTimeAsFileTime
SetStdHandle
GetCurrentDirectoryW
GetOEMCP
IsValidCodePage
EnumSystemLocalesW
GetProcAddress
LoadResource
FindResourceExW
CloseHandle
GlobalFree
GlobalAlloc
LockResource
GetCurrentThread
GetDiskFreeSpaceExW
OpenProcess
FreeEnvironmentStringsW
CreateFileW
WriteFile
GetCurrentProcess
SizeofResource
GetLastError
WaitForSingleObject
GetVolumePathNamesForVolumeNameW
CreateProcessW
FindVolumeClose
Sleep
CreatePipe
LoadLibraryW
IsValidLocale
GetConsoleCP
ReadConsoleW
SetEndOfFile
QueryDosDeviceW
GetModuleHandleExW
ExitProcess
HeapFree
HeapReAlloc
HeapAlloc
SetConsoleCtrlHandler
SetConsoleMode
ReadConsoleInputA
GetConsoleMode
SetFilePointerEx
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileType
GetACP
TerminateProcess
GetTimeZoneInformation
LoadLibraryExW
RtlUnwind
InitializeSListHead
QueryPerformanceCounter
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
GetCPInfo
LCMapStringW
CompareStringW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
EncodePointer
LeaveCriticalSection
EnterCriticalSection
GetStringTypeW
OutputDebugStringW
OutputDebugStringA
FlushConsoleInputBuffer
GetStdHandle
FindClose
FindNextFileW
ExpandEnvironmentStringsA
GetModuleHandleA
VerifyVersionInfoA
FormatMessageA
SetLastError
WaitForMultipleObjectsEx
GetTempPathW
LoadLibraryA
GetSystemDirectoryA
InterlockedCompareExchange
SleepEx
FindNextVolumeW
FindFirstVolumeW
VirtualAlloc

user32

LoadIconW
CharNextA
IsCharAlphaW
GetShellWindow
GetClipboardSequenceNumber
IsCharUpperW
GetMenuContextHelpId
VkKeyScanA
CreateMenu
CharLowerA
GetMessageTime
GetLastActivePopup
IsWindow
GetActiveWindow
DestroyCursor
GetKeyState
DrawMenuBar
CountClipboardFormats
DestroyWindow
AnyPopup
IsCharLowerW
GetDlgCtrlID
GetFocus
GetWindowContextHelpId
GetTopWindow
GetDoubleClickTime
GetThreadDesktop
GetListBoxInfo
GetMenuCheckMarkDimensions
CloseDesktop
OpenIcon
IsGUIThread
IsIconic
IsCharAlphaA
VkKeyScanW
GetMessageExtraInfo
GetAsyncKeyState
GetWindowTextLengthA
CharUpperW
IsWindowVisible
GetMenu
CloseWindow
CharLowerW
DestroyIcon
EndMenu
IsCharAlphaNumericW
CloseWindowStation
GetDC
GetClipboardData

gdi32

DeleteColorSpace
RealizePalette
GetEnhMetaFileW
CreateMetaFileW
DeleteObject
SwapBuffers
GetSystemPaletteUse
CreateMetaFileA
GetTextCharacterExtra
UpdateColors
EndPath
GdiFlush
FillPath
GetPolyFillMode
GetColorSpace
SetMetaRgn
AbortDoc
GetTextAlign
StrokePath
CreateSolidBrush
CreatePatternBrush
GetTextCharset
GetObjectType
GetMapMode
PathToRegion
GdiGetBatchLimit
CloseEnhMetaFile
AddFontResourceW

advapi32

RegOpenKeyW

Sections

.text
Size: 282KB - Virtual size: 282KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1f6298b9de4ec53a7bd75362c9cc4597

Code Sign

73:52:d6:f1:84:a9:c9:5f:be:cc:33:64:0e:bd:35:56Certificate

Extended Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6bCertificate

Extended Key Usages

Key Usages

6d:6b:61:34:f5:cc:48:21:63:2e:1d:1c:d8:56:a8:05:c9:db:65:53Signer

Signature Validations

Verification

18-03-2022 14:21 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

Sections

.text Size: 282KB - Virtual size: 282KB

.data Size: 107KB - Virtual size: 107KB

.rsrc Size: 35KB - Virtual size: 34KB

.reloc Size: 6KB - Virtual size: 6KB

73:52:d6:f1:84:a9:c9:5f:be:cc:33:64:0e:bd:35:56
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

6d:6b:61:34:f5:cc:48:21:63:2e:1d:1c:d8:56:a8:05:c9:db:65:53
Signer

18-03-2022 14:21
Valid: false

.text
Size: 282KB - Virtual size: 282KB

.data
Size: 107KB - Virtual size: 107KB

.rsrc
Size: 35KB - Virtual size: 34KB

.reloc
Size: 6KB - Virtual size: 6KB