dbe83f19bc7de8b183f31b5918cbf309c1e06bc6469fe29342b6a77fad252a34

Sharing

Copy URL

Twitter E-mail

General

Target

dbe83f19bc7de8b183f31b5918cbf309c1e06bc6469fe29342b6a77fad252a34
Size

1.2MB
MD5

658253bc6b6cb50196e67d8b4d74f318
SHA1

f7bd340b5301bc2aad42dd2542318f29f3d5ac2b
SHA256

dbe83f19bc7de8b183f31b5918cbf309c1e06bc6469fe29342b6a77fad252a34
SHA512

1c8c60c44267ff6ce1525c664f776988e24e093f667f78990dd0775faf53936cd927943791daa6e93675ac51c23aab36db1565707d3e4b5806e4d8fbbfed983e
SSDEEP

24576:JUU5abkNsN3jCR7sihX95OGkJX6+Axf3/cW0O:JXabkN/R7FhNkB6dnc

Score

N/A

Malware Config

Signatures

Files

dbe83f19bc7de8b183f31b5918cbf309c1e06bc6469fe29342b6a77fad252a34
.exe windows x64

b1d4a38145c85bd8dc3d851b81919b8b

Code Sign

31:fd:a3:15:df:1e:99:65:13:32:c7:13:bd:3e:7b:6f
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

26-06-2012 00:00

Not After

26-06-2014 23:59

Subject

CN=Torch Media Inc.,OU=DEV,O=Torch Media Inc.,L=Panama,ST=Panama,C=PA

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f9:6b:fa:da:a0:57:63:66:41:c6:1e:8e:9a:48:a5:ba:8c:c6:41:6f
Signer

Actual PE Digest

f9:6b:fa:da:a0:57:63:66:41:c6:1e:8e:9a:48:a5:ba:8c:c6:41:6f

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Torch Media Inc.,OU=DEV,O=Torch Media Inc.,L=Panama,ST=Panama,C=PA

06-10-2022 18:34
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

LoadLibraryA
ResumeThread
GetModuleHandleW
GetCurrentProcessId
OpenProcess
GetModuleHandleExW
DuplicateHandle
IsProcessInJob
QueryInformationJobObject
GetLongPathNameW
GetModuleFileNameW
GetTempPathW
GetEnvironmentVariableW
GetCommandLineW
CreateProcessW
CloseHandle
GetLastError
SetUnhandledExceptionFilter
GetCurrentProcess
GetFileInformationByHandle
GetExitCodeProcess
WaitForSingleObject
SizeofResource
LockResource
LoadResource
FindResourceW
DebugActiveProcess
GetProcessId
GetUserDefaultLCID
GetUserDefaultLangID
ReleaseSemaphore
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
VirtualQueryEx
CreateFileW
DeleteCriticalSection
FreeLibrary
RtlCaptureContext
LoadLibraryW
CreateThread
CreateSemaphoreW
InitializeCriticalSection
GetThreadContext
SuspendThread
WaitNamedPipeW
WaitForMultipleObjects
SetEvent
ResetEvent
WriteFile
TransactNamedPipe
SetNamedPipeHandleState
GetTickCount
ReleaseMutex
SetLastError
CreateMutexW
SetFilePointer
OutputDebugStringA
FormatMessageA
MultiByteToWideChar
WideCharToMultiByte
CreateEventW
ExpandEnvironmentStringsW
SetEnvironmentVariableW
lstrlenW
LocalFree
FileTimeToSystemTime
FileTimeToLocalFileTime
UnmapViewOfFile
GetFileAttributesW
SetCurrentDirectoryW
CreateDirectoryW
FindClose
FindNextFileW
FindFirstFileW
GetCurrentDirectoryW
QueryDosDeviceW
ReadFile
TerminateProcess
CreateFileMappingW
RaiseException
SetThreadPriority
IsDebuggerPresent
SetInformationJobObject
HeapSetInformation
GetModuleHandleExA
AssignProcessToJobObject
GetStdHandle
SetHandleInformation
GetSystemTimeAsFileTime
GetNativeSystemInfo
GetVersionExW
VirtualProtect
lstrcmpiA
QueryPerformanceCounter
QueryPerformanceFrequency
SystemTimeToFileTime
LocalAlloc
GetLocaleInfoW
GetUserDefaultUILanguage
InitializeCriticalSectionAndSpinCount
TlsGetValue
TlsFree
TlsSetValue
TlsAlloc
GetQueuedCompletionStatus
CreateIoCompletionPort
PostQueuedCompletionStatus
GetSystemPowerStatus
UnregisterWaitEx
RegisterWaitForSingleObject
GetSystemDirectoryW
GetWindowsDirectoryW
RtlCaptureStackBackTrace
SetEndOfFile
FlushFileBuffers
ConnectNamedPipe
CancelIo
CreateNamedPipeW
GetNamedPipeInfo
WriteProcessMemory
VirtualProtectEx
TerminateJobObject
SignalObjectAndWait
GetProcessHandleCount
VirtualFree
VirtualFreeEx
VirtualAllocEx
CreateJobObjectW
OpenEventW
SearchPathW
DebugBreak
ReadProcessMemory
SetThreadContext
ContinueDebugEvent
WaitForDebugEvent
VirtualAlloc
GetCurrentThread
FlushInstructionCache
ExitProcess
SwitchToThread
MapViewOfFileEx
GetSystemTime
PeekNamedPipe
DisconnectNamedPipe
GetNamedPipeHandleStateW
EncodePointer
DecodePointer
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlUnwindEx
HeapFree
GetStartupInfoW
SetStdHandle
GetFileType
HeapAlloc
GetConsoleCP
GetConsoleMode
HeapReAlloc
GetProcessHeap
ExitThread
CreateFileA
GetDriveTypeA
FindFirstFileExA
RtlPcToFileHeader
LCMapStringW
GetCPInfo
GetVersion
HeapCreate
FlsGetValue
FlsSetValue
FlsFree
FlsAlloc
GetACP
GetOEMCP
IsValidCodePage
HeapSize
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetTimeZoneInformation
WriteConsoleW
GetStringTypeW
GetFullPathNameA
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetDriveTypeW
CompareStringW
SetEnvironmentVariableA
Sleep
CreateRemoteThread
GetModuleHandleA
GetProcAddress
GetSystemInfo
MapViewOfFile
VirtualQuery

user32

CallMsgFilterW
PostQuitMessage
GetQueueStatus
DefWindowProcW
RegisterClassExW
PostMessageW
SetTimer
WaitMessage
MsgWaitForMultipleObjectsEx
UnregisterClassW
CloseWindowStation
CloseDesktop
TranslateMessage
WaitForInputIdle
GetProcessWindowStation
CreateDesktopW
SetProcessWindowStation
GetThreadDesktop
GetUserObjectInformationW
DestroyWindow
CreateWindowExW
DispatchMessageW
KillTimer
PeekMessageW
MessageBoxW
wsprintfW
CharUpperW
CreateWindowStationW

advapi32

RegQueryInfoKeyW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegCreateKeyExW
RegQueryValueExW
ConvertSidToStringSidW
CreateProcessAsUserW
GetTraceEnableLevel
GetTraceEnableFlags
GetTraceLoggerHandle
UnregisterTraceGuids
TraceEvent
RegisterTraceGuidsW
CryptDestroyKey
CryptReleaseContext
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptSetHashParam
CryptCreateHash
SetEntriesInAclW
GetTokenInformation
OpenProcessToken
GetSecurityInfo
CreateWellKnownSid
CopySid
LookupPrivilegeValueW
EqualSid
DuplicateToken
DuplicateTokenEx
CreateRestrictedToken
SetThreadToken
ConvertStringSidToSidW
GetLengthSid
SetTokenInformation
RevertToSelf
RegDisablePredefinedCache
CryptAcquireContextW
CryptImportKey

userenv

DestroyEnvironmentBlock
GetProfileType
CreateEnvironmentBlock

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

ws2_32

accept
recv
closesocket
shutdown
select
gethostbyname
WSAGetLastError
ntohs
listen
bind
setsockopt
htons
htonl
socket
WSACleanup
WSAStartup
send

winmm

timeBeginPeriod
timeEndPeriod
timeGetDevCaps
timeGetTime

ole32

CoUninitialize
CoTaskMemFree
CoInitializeEx

Exports

Exports

CrashForException
DumpProcess
DumpProcessWithoutCrash
InjectDumpForHangDebugging
InjectDumpProcessWithoutCrash
SetActiveURL
SetClientId
SetCommandLine2
SetExtensionID
SetGpuInfo
SetNumberOfExtensions
SetNumberOfViews
SetPrinterInfo
_ovly_debug_event
nacl_global_xlate_base
nacl_thread_ids
nacl_user

Sections

.text
Size: 824KB - Virtual size: 824KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 291KB - Virtual size: 290KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 223KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 29B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE

data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

��
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b1d4a38145c85bd8dc3d851b81919b8b

Code Sign

31:fd:a3:15:df:1e:99:65:13:32:c7:13:bd:3e:7b:6fCertificate

Extended Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

f9:6b:fa:da:a0:57:63:66:41:c6:1e:8e:9a:48:a5:ba:8c:c6:41:6fSigner

Signature Validations

Verification

06-10-2022 18:34 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

userenv

version

ws2_32

winmm

ole32

Exports

Exports

Sections

.text Size: 824KB - Virtual size: 824KB

.rdata Size: 291KB - Virtual size: 290KB

.data Size: 12KB - Virtual size: 223KB

.pdata Size: 55KB - Virtual size: 54KB

.tls Size: 512B - Virtual size: 29B

text Size: 1KB - Virtual size: 1KB

data Size: 8KB - Virtual size: 8KB

.rsrc Size: 1KB - Virtual size: 1KB

�� Size: 13KB - Virtual size: 13KB

31:fd:a3:15:df:1e:99:65:13:32:c7:13:bd:3e:7b:6f
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

f9:6b:fa:da:a0:57:63:66:41:c6:1e:8e:9a:48:a5:ba:8c:c6:41:6f
Signer

06-10-2022 18:34
Valid: false

.text
Size: 824KB - Virtual size: 824KB

.rdata
Size: 291KB - Virtual size: 290KB

.data
Size: 12KB - Virtual size: 223KB

.pdata
Size: 55KB - Virtual size: 54KB

.tls
Size: 512B - Virtual size: 29B

text
Size: 1KB - Virtual size: 1KB

data
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 1KB - Virtual size: 1KB

��
Size: 13KB - Virtual size: 13KB