0EFB141D4C3D0EFC7204FC381BAB79C677BB63BAA2C59[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

0EFB141D4C3D0EFC7204FC381BAB79C677BB63BAA2C59.exe
Size

2.9MB
MD5

eea013a166a4dcf40eb31d5adf412b6e
SHA1

4b2c682ac1803916326d62216ca451c789137bfb
SHA256

0efb141d4c3d0efc7204fc381bab79c677bb63baa2c5965b377985692499befb
SHA512

b3ce21c1629fda07aaf234bc6a479eaaf8b27b70fc377ddba1dbf947b209a854faa9ac5569a0df371b6312f29cc76cf35dd4fbadabe9078c08443186d94a3af7
SSDEEP

49152:tw+jJwyfN0BK+OiULmmSi/EhfzoVnsg8qpg1YT1fJYzs10ItyX:thjTN0BK+Omm5/qqvrT1RFtyX

Score

N/A

Malware Config

Signatures

Files

0EFB141D4C3D0EFC7204FC381BAB79C677BB63BAA2C59.exe
.exe windows x86

140094f13383e9ae168c4b35b6af3356

Code Sign

0e:9a:86:d7:74:54:a2:f7:c5:59:09:cb:f5:f8:5d:d3
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04/11/2020, 00:00

Not After

02/01/2024, 23:59

Subject

CN=Doctor Web Ltd.,O=Doctor Web Ltd.,L=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6f:f9:ba:d0:03:9e:5f:8d:01:23:d9:29:5c:d1:52:89:62:9a:61:d4:dc:53:3b:56:59:09:15:60:f3:a7:04:cd
Signer

Actual PE Digest

6f:f9:ba:d0:03:9e:5f:8d:01:23:d9:29:5c:d1:52:89:62:9a:61:d4:dc:53:3b:56:59:09:15:60:f3:a7:04:cd

Digest Algorithm

sha256

PE Digest Matches

false

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Doctor Web Ltd.,O=Doctor Web Ltd.,L=Moscow,C=RU

28/10/2022, 15:10
Valid: true

Chain 1

CN=Doctor Web Ltd.,O=Doctor Web Ltd.,L=Moscow,C=RU

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateThread
ExitProcess
GetComputerNameA
GetModuleFileNameA
GetModuleHandleW
GetProcAddress
SetErrorMode
Sleep
VirtualAllocExNuma

shlwapi

PathFindFileNameA

msvcrt

malloc
free
memset
strcmp
_strcmpi
strcpy

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 508B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

140094f13383e9ae168c4b35b6af3356

Code Sign

0e:9a:86:d7:74:54:a2:f7:c5:59:09:cb:f5:f8:5d:d3Certificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

6f:f9:ba:d0:03:9e:5f:8d:01:23:d9:29:5c:d1:52:89:62:9a:61:d4:dc:53:3b:56:59:09:15:60:f3:a7:04:cdSigner

Signature Validations

Verification

28/10/2022, 15:10 Valid: true

Chain 1

Headers

File Characteristics

Imports

kernel32

shlwapi

msvcrt

Sections

.text Size: 2.9MB - Virtual size: 2.9MB

.idata Size: 512B - Virtual size: 508B

.rsrc Size: 24KB - Virtual size: 24KB

0e:9a:86:d7:74:54:a2:f7:c5:59:09:cb:f5:f8:5d:d3
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

6f:f9:ba:d0:03:9e:5f:8d:01:23:d9:29:5c:d1:52:89:62:9a:61:d4:dc:53:3b:56:59:09:15:60:f3:a7:04:cd
Signer

28/10/2022, 15:10
Valid: true

.text
Size: 2.9MB - Virtual size: 2.9MB

.idata
Size: 512B - Virtual size: 508B

.rsrc
Size: 24KB - Virtual size: 24KB