9bc99f73b3762f63b6552dd00b8f2a67c244f8658b0ecc2db536447199e9236c

Sharing

Copy URL Twitter E-mail

General

Target

9bc99f73b3762f63b6552dd00b8f2a67c244f8658b0ecc2db536447199e9236c
Size

192KB
MD5

002315fa3a5ee9548dbab0d181647a90
SHA1

02f114d450e106943d27a5a4b08a7b24169f4613
SHA256

9bc99f73b3762f63b6552dd00b8f2a67c244f8658b0ecc2db536447199e9236c
SHA512

e78cbca70ddf9fe98930c3626711e1319b55f484feaebf5bfb3a3da6b2b9d818cb5d0ffd39aea015583ee9dbcd8002c966fe003a5a4633ca8478a61059a46884
SSDEEP

3072:xrhVreJ7ll8Ki5zyCFgOheGHu2Y5KeO+5QSjmf7+G+AW6:xrjeJ7X8K6Q5rO++KO

Score

N/A

Malware Config

Signatures

Files

9bc99f73b3762f63b6552dd00b8f2a67c244f8658b0ecc2db536447199e9236c
.exe windows x64

dacb9509506f6a60b0fa0172086f51e3

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

04/04/2006, 17:44

Not After

26/04/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:46:9e:cb:00:04:00:00:00:65
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/04/2006, 19:43

Not After

04/10/2007, 19:53

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

9d:f3:20:c6:32:7c:fc:dc:fa:49:eb:b6:45:18:81:38:20:bf:47:96
Signer

Actual PE Digest

9d:f3:20:c6:32:7c:fc:dc:fa:49:eb:b6:45:18:81:38:20:bf:47:96

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

29/09/2022, 18:51
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW
GetTokenInformation
OpenProcessToken
ConvertSidToStringSidW
IsValidSid
GetSidSubAuthority
GetSidSubAuthorityCount
RegQueryValueExW
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegOpenKeyExW

comctl32

PropertySheetW

gdi32

CreateCompatibleDC
CreateCompatibleBitmap
GetTextExtentPoint32W
GetDeviceCaps
DeleteObject
SetBkMode
CreateSolidBrush
CreateFontIndirectW
DeleteDC
BitBlt
SelectObject

imm32

ImmAssociateContext

kernel32

CompareStringW
LocalFree
CloseHandle
GetLastError
CreateMutexW
lstrcmpW
ExpandEnvironmentStringsW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetUserDefaultUILanguage
GetCommandLineW
lstrlenW
FreeLibrary
GetProcAddress
LoadLibraryW
FindResourceExW
FindResourceW
SizeofResource
LoadResource
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoA
Sleep
HeapAlloc
HeapFree
GetTempPathA
GetTempFileNameA
CreateProcessA
GetModuleHandleW
GetProcessHeap
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
VirtualProtect
LockResource
InitializeCriticalSection

ole32

CoCreateInstance
CoInitializeEx
CoUninitialize
CLSIDFromProgID
ReadClassStm

user32

DialogBoxIndirectParamW
IsWindowEnabled
IsDlgButtonChecked
CheckRadioButton
CheckDlgButton
SetWindowTextW
GetClientRect
GetSystemMetrics
GetWindowLongW
IsWindow
DrawFocusRect
RemovePropW
SetPropW
SetWindowLongPtrW
GetPropW
CallWindowProcW
TrackMouseEvent
SetForegroundWindow
FrameRect
InflateRect
GetSysColor
FillRect
DrawFrameControl
GetParent
ScreenToClient
SetWindowPos
DestroyWindow
GetDC
ReleaseDC
EnableWindow
LoadIconW
DrawIconEx
OffsetRect
DrawTextW
SendMessageW
PostMessageW
GetLastActivePopup
FindWindowW
DestroyIcon
LoadImageW
SetFocus
DialogBoxParamW
InvalidateRect
GetWindowRect
CreateWindowExW
EndDialog
GetDlgItem
GetWindowTextW
MessageBoxW
LoadKeyboardLayoutW
SendMessageCallbackW
GetKeyboardLayout

msvcr80

??0exception@std@@QEAA@AEBQEBD@Z
?what@exception@std@@UEBAPEBDXZ
??1exception@std@@UEAA@XZ
??0exception@std@@QEAA@XZ
_invalid_parameter_noinfo
memmove_s
??0exception@std@@QEAA@AEBV01@@Z
_CxxThrowException
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__crt_debugger_hook
_decode_pointer
??3@YAXPEAX@Z
memset
memcpy
memcmp
__CxxFrameHandler3
??_V@YAXPEAX@Z
??_U@YAPEAX_K@Z
iswalnum
iswalpha
??2@YAPEAX_K@Z
_vsnwprintf
wcsstr
_wtoi64
strstr
wcsrchr
vswprintf_s
wcscpy_s
vsprintf_s
fclose
fwprintf_s
fopen_s
_amsg_exit
__getmainargs
__C_specific_handler
_XcptFilter
_exit
_ismbblead
_cexit
exit
_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_commode
_fmode
_encode_pointer
__set_app_type
?terminate@@YAXXZ
_unlock
__dllonexit
_lock
_onexit

msvcp80

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@PEBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEBAPEBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@AEBV01@@Z

oleaut32

SysFreeString
SetErrorInfo
VariantInit
VariantClear
VariantChangeType
GetErrorInfo
CreateErrorInfo

Sections

.text
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

p�
Size: 1024B - Virtual size: 702B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dacb9509506f6a60b0fa0172086f51e3

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:baCertificate

Extended Key Usages

Key Usages

61:46:9e:cb:00:04:00:00:00:65Certificate

Extended Key Usages

Key Usages

9d:f3:20:c6:32:7c:fc:dc:fa:49:eb:b6:45:18:81:38:20:bf:47:96Signer

Signature Validations

Verification

29/09/2022, 18:51 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

comctl32

gdi32

imm32

kernel32

ole32

user32

msvcr80

msvcp80

oleaut32

Sections

.text Size: 101KB - Virtual size: 100KB

.rdata Size: 37KB - Virtual size: 37KB

.data Size: 2KB - Virtual size: 3KB

.pdata Size: 11KB - Virtual size: 10KB

.rsrc Size: 28KB - Virtual size: 27KB

p� Size: 1024B - Virtual size: 702B

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

6a:0b:99:4f:c0:00:1d:ab:11:da:c4:02:a1:66:27:ba
Certificate

61:46:9e:cb:00:04:00:00:00:65
Certificate

9d:f3:20:c6:32:7c:fc:dc:fa:49:eb:b6:45:18:81:38:20:bf:47:96
Signer

29/09/2022, 18:51
Valid: false

.text
Size: 101KB - Virtual size: 100KB

.rdata
Size: 37KB - Virtual size: 37KB

.data
Size: 2KB - Virtual size: 3KB

.pdata
Size: 11KB - Virtual size: 10KB

.rsrc
Size: 28KB - Virtual size: 27KB

p�
Size: 1024B - Virtual size: 702B