63d20b8e38579f41044054946c1cbabfc23ae8e71a9f6582fb96a7c0016af6f8

Sharing

Copy URL Twitter E-mail

General

Target

63d20b8e38579f41044054946c1cbabfc23ae8e71a9f6582fb96a7c0016af6f8
Size

1.7MB
MD5

4c4293ccdf4ef979c4a6e175d6333281
SHA1

ec423e890ef031e2dc4f50afee95db58ed098f5c
SHA256

63d20b8e38579f41044054946c1cbabfc23ae8e71a9f6582fb96a7c0016af6f8
SHA512

f6e99116e3438716cad602fd919b1a027302847e6850b791be7be01f6c53a8c949908f6356e7b55873240c1aa898ef3dc5107ee7f03cdb6d6b1ea29ee11dc079
SSDEEP

49152:NCwxvspjqrqoM1VRYHen664meWLoKDuEDouqejOfXWTH:0wp2jYY1Vy+n664mKIuDupjIWTH

Score

N/A

Malware Config

Signatures

Files

63d20b8e38579f41044054946c1cbabfc23ae8e71a9f6582fb96a7c0016af6f8
.exe windows x86

04ec58ca6e9e3d9d68a83fa2a6d431e3

Code Sign

dd:57:5f:84:af:be:e7:7c
Certificate

Issuer

CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

12/04/2022, 02:48

Not After

12/04/2023, 02:48

Subject

CN=devlearn.com

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

c2:ec:16:d1:f7:b5:48:96:ad:22:2e:6c:6b:4f:db:8a:6f:a9:85:8e:79:9b:db:30:9e:2b:45:06:7c:01:95:32
Signer

Actual PE Digest

c2:ec:16:d1:f7:b5:48:96:ad:22:2e:6c:6b:4f:db:8a:6f:a9:85:8e:79:9b:db:30:9e:2b:45:06:7c:01:95:32

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=devlearn.com

25/10/2022, 14:30
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStdHandle
SetConsoleTitleW
GetLastError
Sleep
VirtualAlloc
ResetWriteWatch
ResetEvent
HeapDestroy
ZombifyActCtx
SetTapeParameters
SwitchToThread
DeleteFileW
SetThreadLocale
AcquireSRWLockShared
FreeLibrary
CloseHandle
GetCommState
GetConsoleTitleW
SetConsoleActiveScreenBuffer
FindClose
GetErrorMode
GetPrivateProfileIntW
GlobalAddAtomW
GetProcessHandleCount
GetLocalTime
CancelWaitableTimer
CreateWaitableTimerW
TlsGetValue
FreeResource
SizeofResource
LockResource
LoadResource
LockFile
LocalUnlock
HeapWalk
GetLongPathNameW
CompareFileTime
QueryPerformanceFrequency
GetProcessHeap
SetEndOfFile
WriteConsoleW
GlobalDeleteAtom
GetProcAddress
LoadLibraryW
GetConsoleAliasesLengthW
LocalAlloc
HeapReAlloc
HeapAlloc
GetModuleHandleW
ExitProcess
GetStartupInfoW
HeapFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
ReadFile
DeleteCriticalSection
HeapCreate
VirtualFree
GetModuleHandleA
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
WriteFile
GetModuleFileNameA
LoadLibraryA
InitializeCriticalSectionAndSpinCount
RtlUnwind
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetStdHandle
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetFilePointer
MultiByteToWideChar
RaiseException
HeapSize
GetLocaleInfoA
CreateFileA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
WriteConsoleA
GetConsoleOutputCP

user32

ReleaseDC
GetSysColor
GetSysColorBrush
CloseClipboard
GetDC

gdi32

GetPixel
DeleteObject

comdlg32

PrintDlgW

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 155KB - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

04ec58ca6e9e3d9d68a83fa2a6d431e3

Code Sign

dd:57:5f:84:af:be:e7:7cCertificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

c2:ec:16:d1:f7:b5:48:96:ad:22:2e:6c:6b:4f:db:8a:6f:a9:85:8e:79:9b:db:30:9e:2b:45:06:7c:01:95:32Signer

Signature Validations

Verification

25/10/2022, 14:30 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.data Size: 5KB - Virtual size: 13KB

.rsrc Size: 155KB - Virtual size: 154KB

dd:57:5f:84:af:be:e7:7c
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

c2:ec:16:d1:f7:b5:48:96:ad:22:2e:6c:6b:4f:db:8a:6f:a9:85:8e:79:9b:db:30:9e:2b:45:06:7c:01:95:32
Signer

25/10/2022, 14:30
Valid: false

.text
Size: 1.5MB - Virtual size: 1.5MB

.data
Size: 5KB - Virtual size: 13KB

.rsrc
Size: 155KB - Virtual size: 154KB