c0d8b6972d8cfacefb4e2cd8150277024cad35d3e42e8851a32c7a3ee755ce8b

Sharing

Copy URL Twitter E-mail

General

Target

c0d8b6972d8cfacefb4e2cd8150277024cad35d3e42e8851a32c7a3ee755ce8b
Size

307KB
MD5

736a902840d08ed8207407f3b837cc2e
SHA1

ce99711b0c51b21a20fdfff402c422afbb421b62
SHA256

c0d8b6972d8cfacefb4e2cd8150277024cad35d3e42e8851a32c7a3ee755ce8b
SHA512

f5fa028185586c0fe8645471edc4393110a1676c1cf45a5f7617a2b5bc30e7716bd1adbd446d660c42f1c9360aca68f82e43af1278b138581db6bd9f8a906591
SSDEEP

6144:me+XgeE7sJ+iBoSlNeQvrLUdeGe4DQ1TpEX2IsIbxabs:le5JhoCHUcD1iXo0aI

Score

N/A

Malware Config

Signatures

Files

c0d8b6972d8cfacefb4e2cd8150277024cad35d3e42e8851a32c7a3ee755ce8b
.dll windows x86

685225e9c41ea29893dcc7c58dbc66b0

Code Sign

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

10:6f:03:49:d2:1f:37:5a:cf:79:31:91
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

24/04/2020, 09:56

Not After

25/04/2023, 09:56

Subject

CN=Biz Secure Labs Pvt. Ltd,O=Biz Secure Labs Pvt. Ltd,L=Pune,ST=Maharashtra,C=IN,1.2.840.113549.1.9.1=#0c1a737570706f727440696e646961616e746976697275732e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11/05/2022, 00:00

Not After

10/08/2033, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

a3:1d:38:bd:79:44:21:04:01:99:88:2b:02:4c:9d:c9:bc:b2:40:8e
Signer

Actual PE Digest

a3:1d:38:bd:79:44:21:04:01:99:88:2b:02:4c:9d:c9:bc:b2:40:8e

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Biz Secure Labs Pvt. Ltd,O=Biz Secure Labs Pvt. Ltd,L=Pune,ST=Maharashtra,C=IN,1.2.840.113549.1.9.1=#0c1a737570706f727440696e646961616e746976697275732e636f6d

27/10/2022, 14:10
Valid: true

Chain 1

CN=Biz Secure Labs Pvt. Ltd,O=Biz Secure Labs Pvt. Ltd,L=Pune,ST=Maharashtra,C=IN,1.2.840.113549.1.9.1=#0c1a737570706f727440696e646961616e746976697275732e636f6d

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetOEMCP
GetCurrentDirectoryA
WriteFile
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
MoveFileA
FindClose
GetVolumeInformationA
GetFullPathNameA
GetStringTypeExA
GetThreadLocale
LocalFileTimeToFileTime
SetFileTime
RtlUnwind
HeapReAlloc
GetCommandLineA
RaiseException
GetTimeZoneInformation
GetACP
ExitThread
HeapSize
ExitProcess
HeapDestroy
HeapCreate
VirtualFree
FatalAppExitA
GetCPInfo
IsBadWritePtr
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
LCMapStringA
LCMapStringW
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
UnhandledExceptionFilter
IsBadCodePtr
SetStdHandle
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
SetConsoleCtrlHandler
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetCurrentThread
GlobalFlags
MulDiv
GetProcessVersion
FindResourceA
LoadResource
LockResource
GlobalGetAtomNameA
lstrcmpiA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpA
lstrcpyA
lstrcatA
SetErrorMode
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalAlloc
GlobalReAlloc
GlobalLock
TlsFree
GlobalHandle
GlobalUnlock
GlobalFree
TlsAlloc
LocalAlloc
GetCurrentThreadId
SetThreadPriority
ResumeThread
FormatMessageA
LocalFree
lstrcpynA
MultiByteToWideChar
lstrlenA
InterlockedDecrement
InterlockedIncrement
GetProcessHeap
HeapAlloc
GetFileAttributesA
HeapFree
GetDriveTypeA
GetFileTime
SystemTimeToTzSpecificLocalTime
GetLongPathNameA
GetShortPathNameA
InterlockedExchange
DeleteFileA
ReadProcessMemory
WideCharToMultiByte
TerminateProcess
VirtualQueryEx
TerminateThread
DuplicateHandle
SetLastError
GetVersion
Thread32First
SuspendThread
Thread32Next
FindFirstFileA
GetModuleHandleA
GetWindowsDirectoryA
GetVersionExA
GetCurrentProcess
GetSystemTime
SystemTimeToFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
GetSystemDirectoryA
WritePrivateProfileStringA
CreateFileMappingA
MapViewOfFile
FlushViewOfFile
UnmapViewOfFile
IsBadReadPtr
SetFilePointer
GetPrivateProfileSectionA
GetPrivateProfileStringA
GetPrivateProfileIntA
GetTickCount
Sleep
CreateProcessA
GetLocalTime
CreateFileA
GetFileSize
ReadFile
CreateDirectoryA
GetModuleFileNameA
LoadLibraryA
GetProcAddress
FreeLibrary
GetLastError
CreateToolhelp32Snapshot
Process32First
Process32Next
OpenProcess
SetFileAttributesA
MoveFileExA
WaitForSingleObject
CreateThread
EnterCriticalSection
LeaveCriticalSection
SetEvent
DeleteCriticalSection
CloseHandle
CreateEventA
VirtualAlloc
InitializeCriticalSection

user32

DestroyMenu
GetWindowDC
BeginPaint
EndPaint
TabbedTextOutA
DrawTextA
GrayStringA
ShowOwnedPopups
SetCursor
InsertMenuA
DeleteMenu
GetMenuStringA
CharUpperA
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
ScrollWindowEx
IsDlgButtonChecked
SetDlgItemTextA
SetDlgItemInt
GetDlgItemTextA
GetDlgItemInt
CheckRadioButton
CheckDlgButton
LoadIconA
PostMessageA
UpdateWindow
SendDlgItemMessageA
MapWindowPoints
GetSysColor
SetActiveWindow
IsWindow
SetFocus
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
GetClientRect
BeginDeferWindowPos
PostQuitMessage
EndDeferWindowPos
ScrollWindow
GetScrollInfo
SetScrollInfo
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
GetTopWindow
IsChild
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetClassNameA
TrackPopupMenu
SetWindowPlacement
GetDlgItem
GetWindowTextLengthA
GetWindowTextA
GetDlgCtrlID
DefWindowProcA
DestroyWindow
CreateWindowExA
GetClassLongA
SetPropA
GetPropA
CallWindowProcA
RemovePropA
GetMessagePos
GetForegroundWindow
SetForegroundWindow
GetWindow
SetWindowLongA
SetWindowPos
wsprintfA
CharToOemA
GetDesktopWindow
ClientToScreen
CopyRect
PtInRect
RegisterWindowMessageA
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetSystemMetrics
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
MessageBoxA
EnableWindow
LoadStringA
UnregisterClassA
UnhookWindowsHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
SendMessageA
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
PeekMessageA
GetCursorPos
SetWindowsHookExA
OemToCharA
GetDC
ReleaseDC
GetSysColorBrush
GetMenuItemID
LoadCursorA
GetMessageTime

gdi32

PolylineTo
SetColorAdjustment
PolyBezierTo
GetClipRgn
CreateRectRgn
SelectClipPath
ExtSelectClipRgn
PlayMetaFileRecord
GetObjectType
EnumMetaFile
PlayMetaFile
GetViewportExtEx
PolyDraw
CreatePen
ExtCreatePen
CreateSolidBrush
CreateHatchBrush
CreatePatternBrush
CreateDIBPatternBrushPt
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SetArcDirection
ArcTo
GetCurrentPositionEx
SetMapperFlags
SetTextCharacterExtra
SetTextJustification
SetTextAlign
LineTo
MoveToEx
OffsetClipRgn
IntersectClipRect
ExcludeClipRect
SelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
SelectPalette
GetStockObject
SelectObject
RestoreDC
SaveDC
StartDocA
DeleteDC
DeleteObject
GetDeviceCaps
GetObjectA
SetBkColor
SetTextColor
GetClipBox
GetWindowExtEx
CreateBitmap
GetDCOrgEx

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

comdlg32

GetFileTitleA

advapi32

GetAce
RegCreateKeyExA
DeleteService
CreateServiceA
QueryServiceConfigA
ControlService
StartServiceA
ChangeServiceConfigA
QueryServiceStatus
OpenSCManagerA
OpenServiceA
CloseServiceHandle
LookupAccountNameA
GetFileSecurityA
InitializeSecurityDescriptor
GetSecurityDescriptorDacl
GetAclInformation
InitializeAcl
AddAce
RegCloseKey
EqualSid
AddAccessAllowedAce
SetSecurityDescriptorDacl
SetFileSecurityA
RegDeleteKeyA
GetTokenInformation
LookupAccountSidA
RegCreateKeyA
RegSetValueExA
LookupPrivilegeValueA
AdjustTokenPrivileges
RegQueryValueExA
CreateProcessAsUserA
OpenProcessToken
DuplicateTokenEx
RegOpenKeyExA
RegOpenKeyA
RegDeleteValueA

shell32

DragAcceptFiles
SHGetSpecialFolderPathA
StrStrIA
SHGetFileInfoA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

shlwapi

PathFileExistsA
PathRemoveFileSpecA
PathFindExtensionA

comctl32

ord17

Exports

Exports

CSUBHandler
Init
Scan
ScanCrypScr
ScanCrypScrP
ScanMClZ
ScanP

Sections

.text
Size: 220KB - Virtual size: 217KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

685225e9c41ea29893dcc7c58dbc66b0

Code Sign

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cdCertificate

Extended Key Usages

Key Usages

10:6f:03:49:d2:1f:37:5a:cf:79:31:91Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43Certificate

Extended Key Usages

Key Usages

a3:1d:38:bd:79:44:21:04:01:99:88:2b:02:4c:9d:c9:bc:b2:40:8eSigner

Signature Validations

Verification

27/10/2022, 14:10 Valid: true

Chain 1

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

comdlg32

advapi32

shell32

version

shlwapi

comctl32

Exports

Exports

Sections

.text Size: 220KB - Virtual size: 217KB

.rdata Size: 32KB - Virtual size: 30KB

.data Size: 20KB - Virtual size: 78KB

.rsrc Size: 4KB - Virtual size: 1024B

.reloc Size: 20KB - Virtual size: 16KB

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

10:6f:03:49:d2:1f:37:5a:cf:79:31:91
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

a3:1d:38:bd:79:44:21:04:01:99:88:2b:02:4c:9d:c9:bc:b2:40:8e
Signer

27/10/2022, 14:10
Valid: true

.text
Size: 220KB - Virtual size: 217KB

.rdata
Size: 32KB - Virtual size: 30KB

.data
Size: 20KB - Virtual size: 78KB

.rsrc
Size: 4KB - Virtual size: 1024B

.reloc
Size: 20KB - Virtual size: 16KB