ab4f710f4717e32c1e98a731181f0fcd8c5458600e1bb211cbe6e1d0ba22d7b7

Sharing

Copy URL Twitter E-mail

General

Target

ab4f710f4717e32c1e98a731181f0fcd8c5458600e1bb211cbe6e1d0ba22d7b7
Size

1.7MB
MD5

45f885032fbb80c2e6ad938ea05cc18f
SHA1

6d2081cf2b9ab93f8a3664650f56ccc8d5c1f2fb
SHA256

ab4f710f4717e32c1e98a731181f0fcd8c5458600e1bb211cbe6e1d0ba22d7b7
SHA512

d8aa51ec711d62e0c00e863e0ee60f3853385934c3db55feba9f63fe368b67c7f6f2b3a04f5054d59d1ee5aeb4570c28947946dc939b8091c8bed4ad82009520
SSDEEP

24576:1p8pijefYjDelXoE22bk5h4puVCI4Pjl4iC:f8oje6/E22orAzI4Pjlo

Score

N/A

Malware Config

Signatures

Files

ab4f710f4717e32c1e98a731181f0fcd8c5458600e1bb211cbe6e1d0ba22d7b7
.exe windows x64

1347ae01c91180247fcb70d8772fd0e1

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:be:51:3a:a6:65:c6:cd:1e:53:34:b8:0e:60:60:97
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/09/2020, 00:00

Not After

08/09/2023, 12:00

Subject

CN=Digital Extremes Ltd.,OU=IT,O=Digital Extremes Ltd.,L=London,ST=Ontario,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

4b:01:71:ca:49:73:da:70:60:46:20:8f:ac:a3:06:57:e1:3d:b0:02
Signer

Actual PE Digest

4b:01:71:ca:49:73:da:70:60:46:20:8f:ac:a3:06:57:e1:3d:b0:02

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Digital Extremes Ltd.,OU=IT,O=Digital Extremes Ltd.,L=London,ST=Ontario,C=CA

25/05/2021, 12:47
Valid: true

Chain 1

CN=Digital Extremes Ltd.,OU=IT,O=Digital Extremes Ltd.,L=London,ST=Ontario,C=CA

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

MulDiv
FreeLibrary
FindFirstFileW
MoveFileExW
FindNextFileW
GetStartupInfoW
SetEnvironmentVariableW
AllocConsole
GetStdHandle
GetConsoleWindow
FreeConsole
GetFileInformationByHandle
ReadFile
CreateMutexW
WriteFile
MultiByteToWideChar
OutputDebugStringW
DeleteFileW
SetFilePointerEx
WideCharToMultiByte
FlushFileBuffers
GetLogicalProcessorInformation
GetSystemInfo
GetDiskFreeSpaceExW
VirtualAlloc
CreateEventW
GetOverlappedResult
VirtualFree
ReplaceFileW
SetEndOfFile
FindClose
RemoveDirectoryW
GetVolumePathNameW
GetVolumeInformationW
ExitProcess
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
VerSetConditionMask
VerifyVersionInfoW
GetExitCodeProcess
GetVersionExW
GlobalMemoryStatusEx
K32EnumPageFilesW
CreatePipe
DuplicateHandle
CreateSemaphoreA
ReleaseSemaphore
WaitForMultipleObjects
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
FormatMessageW
FindResourceW
SizeofResource
LoadResource
LockResource
GetEnvironmentStringsW
FreeEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
TryEnterCriticalSection
CreateTimerQueue
UnregisterWaitEx
QueryDepthSList
GetComputerNameExW
GetModuleHandleA
GetThreadTimes
CreateThread
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
GetExitCodeThread
CreateTimerQueueTimer
GetThreadPriority
SetThreadPriority
SignalObjectAndWait
WriteConsoleW
HeapSize
GetFileSizeEx
HeapReAlloc
GetProcessHeap
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
ReadConsoleW
HeapAlloc
GetConsoleMode
GetConsoleCP
HeapFree
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetFileType
SetStdHandle
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
LoadLibraryExW
InterlockedFlushSList
InterlockedPushEntrySList
RtlPcToFileHeader
RtlUnwindEx
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
DecodePointer
EncodePointer
GetTickCount
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SwitchToThread
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsProcessorFeaturePresent
UnhandledExceptionFilter
RtlVirtualUnwind
EnumSystemLanguageGroupsW
GetUserDefaultLangID
GetCommandLineW
AddVectoredExceptionHandler
SetUnhandledExceptionFilter
SetLastError
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
RtlCaptureContext
GetCurrentThread
IsDebuggerPresent
FormatMessageA
TerminateProcess
Sleep
InterlockedPopEntrySList
CreateProcessW
CloseHandle
CreateFileW
GetProcAddress
LoadLibraryW
GetLastError
CopyFileW
SetFileAttributesW
GetFileAttributesW
CreateDirectoryW
GetLongPathNameW
GetFullPathNameW
GetModuleFileNameW
RtlLookupFunctionEntry
WaitForSingleObjectEx
ResetEvent
SetEvent
LoadLibraryExA
VirtualQuery
VirtualProtect
RaiseException
ChangeTimerQueueTimer
WaitForSingleObject
UnregisterWait
GetModuleHandleW

user32

EnableWindow
PostMessageW
GetKeyState
IsWindowEnabled
SetWindowTextW
EndDialog
GetWindowLongPtrW
SetWindowLongPtrW
DestroyWindow
PostQuitMessage
TrackMouseEvent
InvalidateRect
GetWindowLongW
CallWindowProcW
SetCapture
BeginPaint
IntersectRect
DrawTextExW
OffsetRect
EndPaint
DialogBoxParamW
MoveWindow
GetParent
GetWindowRect
SendMessageW
GetDlgItem
ShowWindow
IsIconic
DefWindowProcW
MapWindowPoints
MessageBoxExW
EnumThreadWindows
GetAncestor
CreateDialogParamW
EnumWindows
IsChild
GetWindow
SetWindowsHookExW
GetWindowThreadProcessId
CallNextHookEx
UnhookWindowsHookEx
UnregisterClassW
GetDesktopWindow
SetForegroundWindow
DispatchMessageW
TranslateMessage
IsWindow
IsDialogMessageW
GetMessageW
PeekMessageW
AdjustWindowRectEx
SystemParametersInfoW
RegisterClassW
LoadCursorW
IsRectEmpty
ReleaseCapture
SetWindowPos
ClientToScreen
SetScrollInfo
GetScrollInfo
SetFocus
ScreenToClient
SetTimer
LoadIconW
GetWindowTextW
GetSystemMetrics
CreateWindowExW
GetClassInfoExW
GetClientRect
LoadImageW
ReleaseDC
GetDC

gdi32

GetStockObject
CreateFontW
GetDeviceCaps
GetObjectA
SetBitmapDimensionEx
DeleteObject
Rectangle
CreateSolidBrush
CreateCompatibleBitmap
DeleteDC
SetBkMode
StretchBlt
SetStretchBltMode
SetTextColor
SelectObject
CreateCompatibleDC

advapi32

CryptAcquireContextW
RegQueryValueExW
GetSecurityInfo
GetUserNameW
LookupAccountSidW
CryptReleaseContext
RegOpenKeyExW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegCloseKey

shell32

SHCreateDirectoryExW
SHGetPathFromIDListW
SHBrowseForFolderW
ShellExecuteW
SHFileOperationW
SHChangeNotify
SHGetFolderPathW

ole32

CoCreateInstance
StringFromGUID2
CoInitializeEx
CoTaskMemFree
CoGetObject

oleaut32

VariantInit
VariantClear
VariantChangeType
SysFreeString
SysAllocString

winmm

joySetCapture
timeGetTime

comctl32

ord17

crypt32

CryptBinaryToStringW

msimg32

AlphaBlend

uxtheme

SetWindowTheme

wininet

InternetCrackUrlW
HttpOpenRequestW
InternetConnectW
InternetReadFileExA
InternetReadFile
InternetCloseHandle
InternetSetOptionW
InternetQueryOptionW
InternetOpenW
InternetAttemptConnect
HttpQueryInfoW
InternetCanonicalizeUrlW
HttpSendRequestW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

Sections

.text
Size: 787KB - Virtual size: 787KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 318KB - Virtual size: 318KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.shr
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 582KB - Virtual size: 582KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1347ae01c91180247fcb70d8772fd0e1

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

0c:be:51:3a:a6:65:c6:cd:1e:53:34:b8:0e:60:60:97Certificate

Extended Key Usages

Key Usages

4b:01:71:ca:49:73:da:70:60:46:20:8f:ac:a3:06:57:e1:3d:b0:02Signer

Signature Validations

Verification

25/05/2021, 12:47 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

winmm

comctl32

crypt32

msimg32

uxtheme

wininet

version

Sections

.text Size: 787KB - Virtual size: 787KB

.rdata Size: 318KB - Virtual size: 318KB

.data Size: 14KB - Virtual size: 104KB

.pdata Size: 41KB - Virtual size: 41KB

.shr Size: 512B - Virtual size: 8B

.rsrc Size: 582KB - Virtual size: 582KB

.reloc Size: 10KB - Virtual size: 9KB

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

0c:be:51:3a:a6:65:c6:cd:1e:53:34:b8:0e:60:60:97
Certificate

4b:01:71:ca:49:73:da:70:60:46:20:8f:ac:a3:06:57:e1:3d:b0:02
Signer

25/05/2021, 12:47
Valid: true

.text
Size: 787KB - Virtual size: 787KB

.rdata
Size: 318KB - Virtual size: 318KB

.data
Size: 14KB - Virtual size: 104KB

.pdata
Size: 41KB - Virtual size: 41KB

.shr
Size: 512B - Virtual size: 8B

.rsrc
Size: 582KB - Virtual size: 582KB

.reloc
Size: 10KB - Virtual size: 9KB