68dce9f214e7691db77a2f03af16a669a3cb655699f31a6c1f5aaede041468ff

Sharing

Copy URL

Twitter E-mail

General

Target

68dce9f214e7691db77a2f03af16a669a3cb655699f31a6c1f5aaede041468ff
Size

632KB
MD5

9760913fb7948f2983831d71a533a650
SHA1

af5eaf010e47eb1c4b073f31aa725df0e5547a25
SHA256

68dce9f214e7691db77a2f03af16a669a3cb655699f31a6c1f5aaede041468ff
SHA512

0c2b846b0836fa8a3669f736fa3db69fb04491dba67cb798556b290a97915b6d149b58a0b6cc96be9bbed3d0686da048f7f071ad3cf6fec3ea70c70ad0ba964a
SSDEEP

6144:jk0TC2AM0BdNIrVhPkP0qIo8pWmtlIDg8ZdOp/qc5rF:jkeL0BdmPXq983t58nOp35rF

Score

N/A

Malware Config

Signatures

Files

68dce9f214e7691db77a2f03af16a669a3cb655699f31a6c1f5aaede041468ff
.dll windows x86

ab4df206f6854bad9fe67f34fb6524b2

Code Sign

ca:7d:54:57:72:43:93:4f:66:5f:d1:d4:43:85:5a:3d
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12-10-2020 00:00

Not After

12-10-2021 23:59

Subject

CN=FABO SP Z O O,O=FABO SP Z O O,POSTALCODE=26-600,STREET=7 Ul. Ofiar Firleja,L=Radom,ST=MAZOWIECKIE,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-11-2018 00:00

Not After

31-12-2030 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2014 00:00

Not After

22-10-2024 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10-11-2006 00:00

Not After

10-11-2021 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

92:80:66:51:20:1e:90:59:72:92:eb:eb:95:b7:1c:84:21:2b:b0:12
Signer

Actual PE Digest

92:80:66:51:20:1e:90:59:72:92:eb:eb:95:b7:1c:84:21:2b:b0:12

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=FABO SP Z O O,O=FABO SP Z O O,POSTALCODE=26-600,STREET=7 Ul. Ofiar Firleja,L=Radom,ST=MAZOWIECKIE,C=PL

14-10-2020 10:59
Valid: true

Chain 1

CN=FABO SP Z O O,O=FABO SP Z O O,POSTALCODE=26-600,STREET=7 Ul. Ofiar Firleja,L=Radom,ST=MAZOWIECKIE,C=PL

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateThread
WaitForSingleObjectEx
WriteConsoleW
OutputDebugStringW
OutputDebugStringA
GetStringTypeW
HeapQueryInformation
FlushFileBuffers
HeapReAlloc
HeapFree
GetProcessHeap
FreeEnvironmentStringsW
CreateSemaphoreA
VirtualProtectEx
Sleep
GetCurrentDirectoryA
HeapSize
VirtualProtect
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileA
FindFirstFileExA
FindClose
LCMapStringW
GetStdHandle
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
InterlockedFlushSList
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
EncodePointer
RaiseException
CreateFileW
GetFileType
CloseHandle
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
GetModuleFileNameW
MultiByteToWideChar
WideCharToMultiByte
HeapAlloc
HeapValidate
GetSystemInfo
WriteFile
GetConsoleCP
GetConsoleMode
SetStdHandle
SetEndOfFile
ReadFile
ReadConsoleW
SetFilePointerEx
DecodePointer

user32

FillRect
DrawFrameControl
CreateMenu
AppendMenuA
TranslateMessage
SetWindowLongA
RegisterWindowMessageA
BeginDeferWindowPos
GetActiveWindow
DeferWindowPos
UnregisterHotKey
PostMessageA
TrackPopupMenu
IsDialogMessageA

gdi32

GetTextExtentPoint32A
SetPixel
PatBlt
StretchBlt
SelectObject

userenv

CreateEnvironmentBlock
EnterCriticalPolicySection

wtsapi32

WTSCloseServer
WTSOpenServerA
WTSEnumerateSessionsA

uxtheme

CloseThemeData
GetThemeBackgroundRegion

msimg32

GradientFill
TransparentBlt
AlphaBlend

tapi32

lineAccept
lineShutdown
lineTranslateDialogA
lineClose
lineInitializeExA
lineTranslateAddressA
lineOpenA

Sections

.text
Size: 198KB - Virtual size: 198KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 349KB - Virtual size: 349KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ab4df206f6854bad9fe67f34fb6524b2

Code Sign

ca:7d:54:57:72:43:93:4f:66:5f:d1:d4:43:85:5a:3dCertificate

Extended Key Usages

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

92:80:66:51:20:1e:90:59:72:92:eb:eb:95:b7:1c:84:21:2b:b0:12Signer

Signature Validations

Verification

14-10-2020 10:59 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

userenv

wtsapi32

uxtheme

msimg32

tapi32

Sections

.text Size: 198KB - Virtual size: 198KB

.rdata Size: 63KB - Virtual size: 62KB

.data Size: 4KB - Virtual size: 5.1MB

.rsrc Size: 349KB - Virtual size: 349KB

.reloc Size: 9KB - Virtual size: 9KB

ca:7d:54:57:72:43:93:4f:66:5f:d1:d4:43:85:5a:3d
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

92:80:66:51:20:1e:90:59:72:92:eb:eb:95:b7:1c:84:21:2b:b0:12
Signer

14-10-2020 10:59
Valid: true

.text
Size: 198KB - Virtual size: 198KB

.rdata
Size: 63KB - Virtual size: 62KB

.data
Size: 4KB - Virtual size: 5.1MB

.rsrc
Size: 349KB - Virtual size: 349KB

.reloc
Size: 9KB - Virtual size: 9KB