da4e761450ecbe8f797755ae6f7339578d976ee5b57a9ecbb019bd09e02dff28

Sharing

Copy URL Twitter E-mail

General

Target

da4e761450ecbe8f797755ae6f7339578d976ee5b57a9ecbb019bd09e02dff28
Size

225KB
MD5

4cee3f80027fb4ad42b487ae03c59428
SHA1

0659c583e20a6a7295550b66d56f142e420f37ea
SHA256

da4e761450ecbe8f797755ae6f7339578d976ee5b57a9ecbb019bd09e02dff28
SHA512

d19c06d553dde98802c46d7a31eea84f03b56ca863bc442933e38ebd7ff9beda3966bb1ffa87b83a65b5f0bdab09e7685d5c97078bd504e5f48388cc017d2166
SSDEEP

3072:7VAyzIFE/m7yRFYr6BwZhEp8L3f+El0X6S7im+azwqODy3fnp:7VA3m/DYr4ghEp8L3Pod7aLqOu3v

Score

N/A

Malware Config

Signatures

Files

da4e761450ecbe8f797755ae6f7339578d976ee5b57a9ecbb019bd09e02dff28
.exe windows x86

b2d8b0b05c7e2222d4bb8c13da0989ab

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

65:68:0c:78:3b:72:8a:b2:a1:88:0d:f4:23:2d:ed:32
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

17/04/2006, 00:00

Not After

31/05/2009, 23:59

Subject

CN=Intel Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=LAN Access Division,O=Intel Corporation,L=Hillsboro,ST=Oregon,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

02:78:96:10:93:6e:32:cb:ca:f6:0f:6f:1f:ea:6b:cb:e9:58:83:8a
Signer

Actual PE Digest

02:78:96:10:93:6e:32:cb:ca:f6:0f:6f:1f:ea:6b:cb:e9:58:83:8a

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Intel Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=LAN Access Division,O=Intel Corporation,L=Hillsboro,ST=Oregon,C=US

03/10/2022, 12:43
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ncscrt8

_recalloc
_CxxThrowException
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??_V@YAXPAX@Z
??0exception@std@@QAE@XZ
__CxxFrameHandler3
_invalid_parameter_noinfo
??2@YAPAXI@Z
??0exception@std@@QAE@ABV01@@Z
free
_purecall
wcscpy
memmove_s
wcscat
_controlfp_s
_invoke_watson
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
_decode_pointer
_onexit
_lock
__dllonexit
_encode_pointer
_unlock
_except_handler4_common
?terminate@@YAXXZ
wcsncmp
qsort
iswspace
wcsncpy
sprintf
atol
sscanf
_wcsicmp
memcpy
wcschr
_itow
??3@YAXPAX@Z
wcscat_s
wcsncpy_s
wcscpy_s
memcpy_s
memcmp
_wtoi64
_wcslwr
_wcsupr
malloc
_wcsset
wcslen
_wfopen
memset
??_U@YAPAXI@Z
_swprintf
_wtoi
wcscmp
_vswprintf
fclose
fflush
fwprintf
_vsnwprintf
_snwprintf
_filelength
_fileno

ncscrt8_p

??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
?compare@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEHABV12@@Z
?compare@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEHPB_W@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@II@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@V32@0@Z
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z

kernel32

GetCurrentThreadId
GetLocalTime
LeaveCriticalSection
OutputDebugStringW
LocalFree
FormatMessageW
GetLastError
GetACP
GetCurrentProcessId
LoadLibraryW
FreeLibrary
GetComputerNameW
lstrlenW
RaiseException
InterlockedIncrement
InterlockedDecrement
lstrcmpiW
SetEvent
HeapAlloc
GetProcessHeap
HeapFree
HeapReAlloc
MultiByteToWideChar
InitializeCriticalSection
GetLocaleInfoA
GetThreadLocale
GetVersionExA
GetLocaleInfoW
EnterCriticalSection
CloseHandle
WaitForSingleObject
GetModuleFileNameW
CreateThread
CreateEventW
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetModuleHandleW
Sleep
GetCommandLineW
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoW
InterlockedCompareExchange
InterlockedExchange
lstrlenA
GetSystemDefaultLCID
GetProcAddress
GetTimeZoneInformation
DeleteCriticalSection

user32

UnregisterClassA
RegisterWindowMessageW
RegisterClassExW
CreateWindowExW
GetMessageW
DispatchMessageW
DefWindowProcW
PostThreadMessageW
CharNextW
wsprintfW
LoadStringW
CharUpperBuffW

advapi32

RegQueryValueExW
RegSetValueExW
RegEnumKeyExW
RegEnumValueW
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegQueryInfoKeyW
RegOpenKeyExW

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoRevokeClassObject
CoRegisterClassObject
CoTaskMemFree
CoSuspendClassObjects
CoCreateInstance
StringFromGUID2
CoUninitialize
CoResumeClassObjects
CoInitializeSecurity
CoInitializeEx
CoImpersonateClient
CoRevertToSelf

oleaut32

SafeArrayDestroy
SafeArrayDestroyData
SafeArrayCreate
SafeArrayPutElement
VariantInit
VariantClear
VarBstrCat
SysStringLen
VarBstrCmp
SysFreeString
SysAllocString
SysAllocStringByteLen
SysStringByteLen
SysAllocStringLen
SafeArrayGetElement
SafeArrayGetUBound
SafeArrayGetLBound
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr

Exports

Exports

??0CNcsDebug@@QAE@ABV0@@Z
??0CNcsDebug@@QAE@XZ
??0CNcsRegKey@@QAE@ABV0@@Z
??0CNcsRegKey@@QAE@PAUHKEY__@@@Z
??0CNcsRegKey@@QAE@XZ
??0CNcsString@@QAE@ABV0@@Z
??0CNcsString@@QAE@PB_W@Z
??0CNcsString@@QAE@QA_W@Z
??0CNcsString@@QAE@XZ
??1CNcsDebug@@UAE@XZ
??1CNcsRegKey@@UAE@XZ
??1CNcsString@@QAE@XZ
??4CNcsDebug@@QAEAAV0@ABV0@@Z
??4CNcsRegKey@@QAEAAV0@ABV0@@Z
??4CNcsRegKey@@QAEAAV0@PAUHKEY__@@@Z
??4CNcsString@@QAEAAV0@ABV0@@Z
??4CNcsString@@QAEAAV0@PB_W@Z
??8CNcsString@@QBE_NABV0@@Z
??8CNcsString@@QBE_NPB_W@Z
??BCNcsString@@QBEPB_WXZ
??HCNcsString@@QAE?AV0@ABV0@@Z
??MCNcsString@@QBE_NABV0@@Z
??_7CNcsDebug@@6B@
??_7CNcsRegKey@@6B@
?Close@CNcsRegKey@@QAEXXZ
?Configure@CNcsDebug@@QAEHPB_W0KHK0@Z
?Create@CNcsRegKey@@QAE_NPAUHKEY__@@ABVCNcsString@@_N2@Z
?DeleteSubKey@CNcsRegKey@@QAE_NPB_W@Z
?DeleteValue@CNcsRegKey@@QAE_NABVCNcsString@@@Z
?Empty@CNcsString@@QAEXXZ
?EnumSubKey@CNcsRegKey@@QAE_NAAVCNcsString@@@Z
?EnumValue@CNcsRegKey@@QAE_NAAVCNcsString@@@Z
?Error@CNcsDebug@@QAAXPA_WHPB_WZZ
?FormatString@CNcsString@@QAAHPB_WZZ
?GetCurrentLogLevel@CNcsDebug@@QAEKXZ
?GetHKey@CNcsRegKey@@QAEPAUHKEY__@@XZ
?GetRegType@CNcsRegKey@@QAEKABVCNcsString@@@Z
?GetValue@CNcsRegKey@@QAE_NABVCNcsString@@AAK@Z
?GetValue@CNcsRegKey@@QAE_NABVCNcsString@@AAV2@@Z
?GetValue@CNcsRegKey@@QAE_NABVCNcsString@@AAV?$vector@VCNcsString@@V?$allocator@VCNcsString@@@std@@@std@@@Z
?GetValue@CNcsRegKey@@QAE_NABVCNcsString@@PAEAAK@Z
?Init@CNcsRegKey@@AAEXXZ
?IsEmpty@CNcsString@@QBEHXZ
?LastResult@CNcsRegKey@@QAEJXZ
?Length@CNcsString@@QBEIXZ
?LoadStringW@CNcsString@@QAEHPAUHINSTANCE__@@K@Z
?MakeLower@CNcsString@@QAEXXZ
?MakeUpper@CNcsString@@QAEXXZ
?Open@CNcsRegKey@@QAE_NPAUHKEY__@@ABVCNcsString@@_N@Z
?Print@CNcsDebug@@QAAXPB_WZZ
?PrintLastError@CNcsDebug@@QAEXH@Z
?RemoveSubKey@CNcsRegKey@@AAEKPB_W@Z
?ResetEnumeration@CNcsRegKey@@QAEXXZ
?SetValue@CNcsRegKey@@QAE_NABVCNcsString@@AAV2@_N@Z
?SetValue@CNcsRegKey@@QAE_NABVCNcsString@@K@Z
?SetValue@CNcsRegKey@@QAE_NABVCNcsString@@PAEK@Z
?SetValue@CNcsRegKey@@QAE_NABVCNcsString@@V?$vector@VCNcsString@@V?$allocator@VCNcsString@@@std@@@std@@@Z
?SubKeyExists@CNcsRegKey@@QAE_NABVCNcsString@@@Z
GetCodePage

Sections

.text
Size: 116KB - Virtual size: 114KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b2d8b0b05c7e2222d4bb8c13da0989ab

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

65:68:0c:78:3b:72:8a:b2:a1:88:0d:f4:23:2d:ed:32Certificate

Extended Key Usages

Key Usages

02:78:96:10:93:6e:32:cb:ca:f6:0f:6f:1f:ea:6b:cb:e9:58:83:8aSigner

Signature Validations

Verification

03/10/2022, 12:43 Valid: false

Headers

File Characteristics

Imports

ncscrt8

ncscrt8_p

kernel32

user32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 116KB - Virtual size: 114KB

.rdata Size: 72KB - Virtual size: 69KB

.data Size: 4KB - Virtual size: 8KB

.rsrc Size: 29KB - Virtual size: 29KB

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

65:68:0c:78:3b:72:8a:b2:a1:88:0d:f4:23:2d:ed:32
Certificate

02:78:96:10:93:6e:32:cb:ca:f6:0f:6f:1f:ea:6b:cb:e9:58:83:8a
Signer

03/10/2022, 12:43
Valid: false

.text
Size: 116KB - Virtual size: 114KB

.rdata
Size: 72KB - Virtual size: 69KB

.data
Size: 4KB - Virtual size: 8KB

.rsrc
Size: 29KB - Virtual size: 29KB