Static task
static1
Behavioral task
behavioral1
Sample
d3b49cdddca1da2d959af96fcd8e8f6d11c36efa991c7db3deb58ce558f7ee42.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
d3b49cdddca1da2d959af96fcd8e8f6d11c36efa991c7db3deb58ce558f7ee42.exe
Resource
win10v2004-20220901-en
General
-
Target
d3b49cdddca1da2d959af96fcd8e8f6d11c36efa991c7db3deb58ce558f7ee42
-
Size
9KB
-
MD5
7d1dd92d48df4bba02ecf033c57b47aa
-
SHA1
42d9ea0e9aed22320962d8d1be13596d739e6e08
-
SHA256
d3b49cdddca1da2d959af96fcd8e8f6d11c36efa991c7db3deb58ce558f7ee42
-
SHA512
0d5f8de087fec20f70ef18b8a3cb6b86cb0ac82c1cd96cf3909162ec90fca59e1c6497b831119bb0b4787a0c2175f9d39768b5896847922f201e3f755f97fe23
-
SSDEEP
192:xVI+kgMBAcWgP1oynlVMaEYeS3RWjlnkTN2+zbUHy:fI+kgMBmW1HaBe5
Malware Config
Signatures
Files
-
d3b49cdddca1da2d959af96fcd8e8f6d11c36efa991c7db3deb58ce558f7ee42.exe windows x86
e1b0627f3b1f1064d1087bbb250c77c4
Code Sign
4a:19:d2:38:8c:82:59:1c:a5:5d:73:5f:15:5d:dc:a3Certificate
IssuerOU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust NetworkNot Before12/05/1997, 00:00Not After07/01/2004, 23:59SubjectOU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust Network09:4a:ccCertificate
IssuerCN=Thawte Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c177365727665722d6365727473407468617774652e636f6dNot Before20/08/2002, 18:05Not After14/08/2003, 10:49SubjectCN=C2 Media Ltd.,OU=Secure Application Development,O=C2 Media Ltd.,L=Borehamwood,ST=Hertfordshire,C=UKExtended Key Usages
ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
01Certificate
IssuerCN=Thawte Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c177365727665722d6365727473407468617774652e636f6dNot Before01/08/1996, 00:00Not After31/12/2020, 23:59SubjectCN=Thawte Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c177365727665722d6365727473407468617774652e636f6d08:7a:6d:5c:6f:62:93:4f:ba:c4:fd:43:e1:14:18:9dCertificate
IssuerOU=VeriSign\, Inc.+OU=VeriSign Time Stamping Service Root+OU=NO LIABILITY ACCEPTED\, (c)97 VeriSign\, Inc.,O=VeriSign Trust NetworkNot Before28/02/2001, 00:00Not After06/01/2004, 23:59SubjectCN=VeriSign Time Stamping Service,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)01,O=VeriSign\, Inc.Extended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
Signer
Actual PE DigestDigest AlgorithmPE Digest MatchesfalseHeaders
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GetStartupInfoA
CloseHandle
CreateProcessA
GetTempFileNameA
GetTempPathA
GetTickCount
GetModuleHandleA
user32
PostQuitMessage
BeginPaint
CreateDialogParamA
InvalidateRect
UpdateWindow
GetMessageA
TranslateMessage
DispatchMessageA
IsDialogMessageA
KillTimer
SetTimer
ShowWindow
SetDlgItemTextA
DestroyWindow
EndPaint
HideCaret
wininet
InternetCloseHandle
InternetReadFile
InternetOpenUrlA
InternetOpenA
msvcrt
fclose
fwrite
fopen
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_ftol
_controlfp
sprintf
_exit
remove
Sections
.text Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 488KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 200B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ