Static task
static1
Behavioral task
behavioral1
Sample
f99b7e79cb5352202f3a68f84dc84621583c9cfcdb3bbbe8f17c8764cd4300bb.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
f99b7e79cb5352202f3a68f84dc84621583c9cfcdb3bbbe8f17c8764cd4300bb.exe
Resource
win10v2004-20220901-en
General
-
Target
f99b7e79cb5352202f3a68f84dc84621583c9cfcdb3bbbe8f17c8764cd4300bb
-
Size
830KB
-
MD5
66836690b5cc87384b240ba0bafca359
-
SHA1
cbed8b1e8f5b5626b3036486841ffcb5f3669ee5
-
SHA256
f99b7e79cb5352202f3a68f84dc84621583c9cfcdb3bbbe8f17c8764cd4300bb
-
SHA512
45bcd1da1d108bacf01a5b989d36a1f77cc7a4f1eaef03e2381bcf63ab8410d68a363aaaf3144f62adecb7242371e40aa6d80719f7a214d571c9382fbf30200f
-
SSDEEP
12288:zZhyOvPw8Ze6S9PFW/GVcGXxSJYxwvtCOMCQthGeknvg386wSe5/YBtdhW63LYP:z/eyMxAYOvtnahGpvvVSU/Y/TW64
Malware Config
Signatures
Files
-
f99b7e79cb5352202f3a68f84dc84621583c9cfcdb3bbbe8f17c8764cd4300bb.exe windows x86
9a95255ebe51a1db5c645c976a93f0d6
Code Sign
70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bfCertificate
IssuerOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USNot Before29-01-1996 00:00Not After01-08-2028 23:59SubjectOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate
IssuerOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USNot Before16-07-2004 00:00Not After15-07-2014 23:59SubjectCN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
0f:c5:0c:01:52:ab:6d:16:2b:83:2a:c3:52:8b:10:f1Certificate
IssuerCN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=USNot Before12-10-2006 00:00Not After11-10-2009 23:59SubjectCN=LogMeIn\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=LogMeIn\, Inc.,ST=Massachusetts,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
99:32:e8:2b:da:20:ef:cb:34:e0:bd:83:b6:13:0a:5f:1b:93:8a:abSigner
Actual PE Digest99:32:e8:2b:da:20:ef:cb:34:e0:bd:83:b6:13:0a:5f:1b:93:8a:abDigest Algorithmsha1PE Digest MatchestrueSignature Validations
TrustedfalseVerification
Signing CertificateCN=LogMeIn\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=LogMeIn\, Inc.,ST=Massachusetts,C=US29-09-2022 18:52 Valid: false
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
HeapFree
CloseHandle
WriteFile
ReadFile
HeapAlloc
GetProcessHeap
SetFilePointer
GetFileSize
CreateFileA
lstrcatA
GetWindowsDirectoryA
GetShortPathNameA
RemoveDirectoryA
Sleep
DeleteFileA
FindClose
FindNextFileA
lstrcpynA
lstrcmpA
FindFirstFileA
lstrlenA
GetProcAddress
GetModuleHandleA
GetVersion
FormatMessageA
GetLastError
SetLastError
SetCurrentDirectoryA
CreateDirectoryA
GetTempFileNameA
GetTempPathA
LockResource
LoadResource
SizeofResource
FindResourceA
FreeResource
GetFileAttributesA
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
GetStdHandle
ExitProcess
GetStartupInfoA
GetCommandLineA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
RtlUnwind
user32
wvsprintfA
MessageBoxA
wsprintfA
Sections
.text Size: 9KB - Virtual size: 8KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 940B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 813KB - Virtual size: 813KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ