0632ad6072c34481aacebfe013d10f2318fdab7d840825d3de87c9af556d1207

Sharing

Copy URL

Twitter E-mail

General

Target

0632ad6072c34481aacebfe013d10f2318fdab7d840825d3de87c9af556d1207
Size

865KB
MD5

662d6d75d39e86db52e4d36f1acd34e2
SHA1

cd6aad03156b723cdff672a0f9603809c310f45d
SHA256

0632ad6072c34481aacebfe013d10f2318fdab7d840825d3de87c9af556d1207
SHA512

8b6085f923b5d6c07904052a9b451986f28de76d60e765a9f5840d6efe2a4f1f26d1a07170656cf796c99ab1951dfa33964a5bb781731d45f0ca778f1559657a

Score

N/A

Malware Config

Signatures

Files

0632ad6072c34481aacebfe013d10f2318fdab7d840825d3de87c9af556d1207
.exe windows x86

0a2c9dc0c58502fef9eb1bacba34005c

Code Sign

46:9a:25:e2:55:02:71:90:4e:c0:0a:d0:5f:2a:b2:d7
Certificate

Issuer

CN=YLVSQCSQRUQWMHUODO

Not Before

18-11-2020 14:05

Not After

31-12-2039 23:59

Subject

CN=YLVSQCSQRUQWMHUODO

Extended Key Usages

ExtKeyUsageCodeSigning

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23-10-2020 00:00

Not After

22-01-2032 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

60:0a:b7:97:d5:22:31:02:d7:33:2a:13:34:e4:ec:22:ff:91:42:7e:e8:64:0e:66:30:2d:fe:59:91:50:74:7c
Signer

Actual PE Digest

60:0a:b7:97:d5:22:31:02:d7:33:2a:13:34:e4:ec:22:ff:91:42:7e:e8:64:0e:66:30:2d:fe:59:91:50:74:7c

Digest Algorithm

sha256

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=YLVSQCSQRUQWMHUODO

28-03-2022 16:30
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
lstrlenA
GetLastError
VirtualAllocEx
GetModuleFileNameA
EnterCriticalSection
LeaveCriticalSection
CreateFileW
MoveFileExW
ExpandEnvironmentStringsW
SetLastError
CloseHandle
DeleteCriticalSection
LocalFree
LocalAlloc
GetCurrentThread
MultiByteToWideChar
lstrlenW
lstrcpyW
GetModuleFileNameW
InitializeCriticalSection
InterlockedIncrement
InterlockedDecrement
lstrcmpiW
lstrcpynW
lstrcatW
FreeLibrary
GetProcAddress
LoadLibraryW
GetCurrentProcess
GetCurrentThreadId
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetShortPathNameW
GetCommandLineW
GetStartupInfoW
WriteFile
SetFilePointer
OutputDebugStringW
GetCurrentProcessId
GetLocalTime
GetSystemTime
InitializeCriticalSectionAndSpinCount
CompareStringW
GetStartupInfoA

user32

CharNextA
CharNextW
GetOpenClipboardWindow
GetWindowDC
IsCharAlphaNumericW
DestroyCursor
WindowFromDC
GetThreadDesktop
GetMenu
OpenIcon
GetClipboardViewer
IsWindowUnicode
GetMessagePos
GetKeyboardLayout
IsGUIThread
GetActiveWindow
IsCharLowerA
EnumClipboardFormats
GetCaretBlinkTime
IsCharAlphaA
GetTopWindow
GetDesktopWindow
CloseClipboard
GetSysColor
DestroyIcon
GetDlgCtrlID
GetKeyState
GetWindowTextLengthW
GetWindowContextHelpId
GetInputState
ReleaseCapture
GetDoubleClickTime
LoadCursorFromFileA
CountClipboardFormats
InSendMessage
IsCharLowerW
GetDC
GetMenuItemCount
GetKeyboardType
GetDialogBaseUnits
CharLowerA
DestroyWindow
IsCharUpperW
GetMenuCheckMarkDimensions
PaintDesktop
CopyIcon
LoadIconA
wvsprintfW
PostThreadMessageW
MessageBoxW
LoadStringW
DispatchMessageW
GetMessageW

gdi32

CreateMetaFileA
SwapBuffers
DeleteColorSpace
GetTextCharacterExtra
GetTextAlign
GetObjectType
EndPage
EndPath
CloseEnhMetaFile
UnrealizeObject
CreateMetaFileW
GetBkMode
AbortDoc
GetStretchBltMode
GetGraphicsMode
GetROP2
BeginPath
WidenPath
DeleteDC
FlattenPath
DeleteEnhMetaFile
PathToRegion
GetPolyFillMode
CreateHalftonePalette
SaveDC
GetSystemPaletteUse
CloseFigure
GdiGetBatchLimit
GetColorSpace
GetEnhMetaFileBits
GetEnhMetaFileA
GetStockObject
CreateSolidBrush
AddFontResourceA

advapi32

RegOpenKeyExA
RegSetValueExA
RegCloseKey
RegOpenKeyW
RegQueryValueExA
AccessCheck
SetSecurityDescriptorControl
AccessCheckByType
GetNamedSecurityInfoW
DuplicateTokenEx
FreeSid
GetSecurityDescriptorLength
AllocateAndInitializeSid
MakeSelfRelativeSD
InitializeAcl
AddAccessAllowedAceEx
IsValidSid
DeregisterEventSource
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerW
OpenProcessToken
SetThreadToken
OpenThreadToken
CloseServiceHandle
OpenServiceW
OpenSCManagerW
RegSetValueExW
RegCreateKeyExW
CreateServiceW
DeleteService
ControlService
SetServiceStatus
RegDeleteKeyW
RegDeleteValueW
RegOpenKeyExW
RegQueryValueExW
RegQueryInfoKeyW
RegEnumValueW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CopySid
GetLengthSid
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
GetTokenInformation
RegEnumKeyExW

ole32

CoRevertToSelf
CoMarshalInterThreadInterfaceInStream
CoCreateGuid
CoGetInterfaceAndReleaseStream
CoCreateInstance
CoRevokeClassObject
CoRegisterClassObject
CoAddRefServerProcess
CoReleaseServerProcess
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
CoUninitialize
CoInitializeSecurity
CoInitializeEx
CoInitialize
CoImpersonateClient

msvcrt

_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
_controlfp

Sections

.text
Size: 145KB - Virtual size: 145KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 615KB - Virtual size: 614KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0a2c9dc0c58502fef9eb1bacba34005c

Code Sign

46:9a:25:e2:55:02:71:90:4e:c0:0a:d0:5f:2a:b2:d7Certificate

Extended Key Usages

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6bCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

60:0a:b7:97:d5:22:31:02:d7:33:2a:13:34:e4:ec:22:ff:91:42:7e:e8:64:0e:66:30:2d:fe:59:91:50:74:7cSigner

Signature Validations

Verification

28-03-2022 16:30 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

msvcrt

Sections

.text Size: 145KB - Virtual size: 145KB

.rdata Size: 98KB - Virtual size: 98KB

.data Size: 615KB - Virtual size: 614KB

46:9a:25:e2:55:02:71:90:4e:c0:0a:d0:5f:2a:b2:d7
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

60:0a:b7:97:d5:22:31:02:d7:33:2a:13:34:e4:ec:22:ff:91:42:7e:e8:64:0e:66:30:2d:fe:59:91:50:74:7c
Signer

28-03-2022 16:30
Valid: false

.text
Size: 145KB - Virtual size: 145KB

.rdata
Size: 98KB - Virtual size: 98KB

.data
Size: 615KB - Virtual size: 614KB