c1c1278e20d3873a088dbe56dc1f59f3

Sharing

Copy URL

Twitter E-mail

General

Target

c1c1278e20d3873a088dbe56dc1f59f3
Size

299KB
MD5

c1c1278e20d3873a088dbe56dc1f59f3
SHA1

b23531bf87624a717183756de5954cb059fd3df1
SHA256

c6ebefab2e87ee95b7bd9946bd7bf35ef367e0a8e6dcbc3722b7f7984a5ec272
SHA512

6756218a1618c14e040060075fcf52b15349b83fb7acddf2b304fd1fc2c023e957265d206e45cb46ce1082002fa9fef6ed5ba2460bfa50278e7598fe19f071c0
SSDEEP

6144:dLKOIFZmKUGk9cecAOOhNripBqaGLSud9JSGO/N7/G:dLIFwKUhNrGGuuLAG2Ni

Score

N/A

Malware Config

Signatures

Files

c1c1278e20d3873a088dbe56dc1f59f3
.exe windows x86

2c23f72807c56628ee647eebf3aea386

Code Sign

f6:ad:45:18:8e:55:66:aa:31:7b:e2:3b:4b:8b:2c:2f
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2024 23:59

Subject

CN=Gary Kramlich,O=Gary Kramlich,POSTALCODE=53210,STREET=2653 N 54TH ST,L=MILWAUKEE,ST=Wisconsin,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01-01-2004 00:00

Not After

31-12-2028 23:59

Subject

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12-03-2019 00:00

Not After

31-12-2028 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-11-2018 00:00

Not After

31-12-2030 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-01-2021 00:00

Not After

06-01-2031 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

f6:ad:45:18:8e:55:66:aa:31:7b:e2:3b:4b:8b:2c:2f
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2024 23:59

Subject

CN=Gary Kramlich,O=Gary Kramlich,POSTALCODE=53210,STREET=2653 N 54TH ST,L=MILWAUKEE,ST=Wisconsin,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01-01-2004 00:00

Not After

31-12-2028 23:59

Subject

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12-03-2019 00:00

Not After

31-12-2028 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-11-2018 00:00

Not After

31-12-2030 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-01-2021 00:00

Not After

06-01-2031 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0f:35:05:af:68:56:f9:69:6a:6c:2f:1b:a5:1d:d6:4b:f6:e0:95:4f:4e:6f:4c:01:b2:7f:86:81:16:11:7a:8a
Signer

Actual PE Digest

0f:35:05:af:68:56:f9:69:6a:6c:2f:1b:a5:1d:d6:4b:f6:e0:95:4f:4e:6f:4c:01:b2:7f:86:81:16:11:7a:8a

Digest Algorithm

sha256

PE Digest Matches

false

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Gary Kramlich,O=Gary Kramlich,POSTALCODE=53210,STREET=2653 N 54TH ST,L=MILWAUKEE,ST=Wisconsin,C=US

17-09-2021 03:00
Valid: true

Chain 1

CN=Gary Kramlich,O=Gary Kramlich,POSTALCODE=53210,STREET=2653 N 54TH ST,L=MILWAUKEE,ST=Wisconsin,C=US

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Chain 2

CN=Gary Kramlich,O=Gary Kramlich,POSTALCODE=53210,STREET=2653 N 54TH ST,L=MILWAUKEE,ST=Wisconsin,C=US

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

57:d6:6a:fa:ba:88:9a:c1:c6:6c:ed:87:67:70:3a:1c:76:3e:43:4b
Signer

Actual PE Digest

57:d6:6a:fa:ba:88:9a:c1:c6:6c:ed:87:67:70:3a:1c:76:3e:43:4b

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Gary Kramlich,O=Gary Kramlich,POSTALCODE=53210,STREET=2653 N 54TH ST,L=MILWAUKEE,ST=Wisconsin,C=US

17-09-2021 03:00
Valid: true

Chain 1

CN=Gary Kramlich,O=Gary Kramlich,POSTALCODE=53210,STREET=2653 N 54TH ST,L=MILWAUKEE,ST=Wisconsin,C=US

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Chain 2

CN=Gary Kramlich,O=Gary Kramlich,POSTALCODE=53210,STREET=2653 N 54TH ST,L=MILWAUKEE,ST=Wisconsin,C=US

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleFileNameW
GetModuleHandleW
GetModuleHandleExW
GetModuleHandleA
FreeLibrary
LoadLibraryExW

api-ms-win-core-processthreads-l1-1-0

ExitProcess
TerminateProcess
GetStartupInfoW
TlsFree
TlsSetValue
GetCurrentThreadId
TlsGetValue
GetCurrentProcessId
TlsAlloc
GetCurrentProcess

api-ms-win-core-localization-l1-2-0

LCMapStringEx
GetACP
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
GetCPInfo
LCMapStringW
IsValidCodePage
GetOEMCP

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
InitializeCriticalSectionEx
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
DeleteCriticalSection

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-string-l1-1-0

GetStringTypeW
CompareStringW
MultiByteToWideChar
WideCharToMultiByte

user32

GetForegroundWindow

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-errorhandling-l1-1-0

RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
GetLastError

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-rtlsupport-l1-1-0

RtlUnwind

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetStdHandle
FreeEnvironmentStringsW
SetStdHandle
SetEnvironmentVariableW

api-ms-win-core-file-l1-1-0

WriteFile
FindFirstFileExW
SetFilePointerEx
GetFileSizeEx
CreateFileW
FindNextFileW
FindClose
FlushFileBuffers
ReadFile
GetFileType

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapSize
HeapFree
HeapReAlloc
GetProcessHeap

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-console-l1-1-0

WriteConsoleW
ReadConsoleW
GetConsoleMode
GetConsoleOutputCP

Sections

.text
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 111KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2c23f72807c56628ee647eebf3aea386

Code Sign

f6:ad:45:18:8e:55:66:aa:31:7b:e2:3b:4b:8b:2c:2fCertificate

Extended Key Usages

Key Usages

01Certificate

Key Usages

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95Certificate

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

f6:ad:45:18:8e:55:66:aa:31:7b:e2:3b:4b:8b:2c:2fCertificate

Extended Key Usages

Key Usages

01Certificate

Key Usages

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95Certificate

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0f:35:05:af:68:56:f9:69:6a:6c:2f:1b:a5:1d:d6:4b:f6:e0:95:4f:4e:6f:4c:01:b2:7f:86:81:16:11:7a:8aSigner

Signature Validations

Verification

17-09-2021 03:00 Valid: true

Chain 1

Chain 2

57:d6:6a:fa:ba:88:9a:c1:c6:6c:ed:87:67:70:3a:1c:76:3e:43:4bSigner

Signature Validations

Verification

17-09-2021 03:00 Valid: true

Chain 1

Chain 2

Headers

DLL Characteristics

File Characteristics

Imports

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-string-l1-1-0

user32

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-console-l1-1-0

Sections

.text Size: 108KB - Virtual size: 108KB

.rdata Size: 52KB - Virtual size: 51KB

.data Size: 111KB - Virtual size: 114KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 7KB - Virtual size: 6KB

f6:ad:45:18:8e:55:66:aa:31:7b:e2:3b:4b:8b:2c:2f
Certificate

01
Certificate

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

f6:ad:45:18:8e:55:66:aa:31:7b:e2:3b:4b:8b:2c:2f
Certificate

01
Certificate

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0f:35:05:af:68:56:f9:69:6a:6c:2f:1b:a5:1d:d6:4b:f6:e0:95:4f:4e:6f:4c:01:b2:7f:86:81:16:11:7a:8a
Signer

17-09-2021 03:00
Valid: true

57:d6:6a:fa:ba:88:9a:c1:c6:6c:ed:87:67:70:3a:1c:76:3e:43:4b
Signer

17-09-2021 03:00
Valid: true

.text
Size: 108KB - Virtual size: 108KB

.rdata
Size: 52KB - Virtual size: 51KB

.data
Size: 111KB - Virtual size: 114KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 7KB - Virtual size: 6KB