ab4a4e8a62c0d05ee9626b1e8425bd465791f23121ea9c0215b18f863aa6d364

Sharing

Copy URL Twitter E-mail

General

Target

ab4a4e8a62c0d05ee9626b1e8425bd465791f23121ea9c0215b18f863aa6d364
Size

220KB
MD5

892236229a2e5957d0ed552349553b0f
SHA1

030d3d26025bc1f8c2a4c6e6619cc20e0371083d
SHA256

ab4a4e8a62c0d05ee9626b1e8425bd465791f23121ea9c0215b18f863aa6d364
SHA512

47db09fd0485154e97e363433e2f57add491aea5196d0fdc6a49068a3dd8e10b96119ccde5e6d25f0fd45c1fc4dbd5358d2ede391d2a22a17610f1813ad51325
SSDEEP

1536:mrtLEIdYuHZRFnZYFNvogFPkmXswWhF37iK0s9:KGo7FmFNvzrczF37iK0m

Score

N/A

Malware Config

Signatures

Files

ab4a4e8a62c0d05ee9626b1e8425bd465791f23121ea9c0215b18f863aa6d364
.dll windows x64

20f66903fa8abcac500e3191d97590f6

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

19/09/2018, 00:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:0f:70:49:63:4b:d8:fd:7f:77:a5:80
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

14/05/2019, 12:05

Not After

13/06/2021, 12:05

Subject

SERIALNUMBER=155628861,CN=TEFINCOM S.A.,O=TEFINCOM S.A.,STREET=50th Street\, Global Plaza Tower\, 19th Floor\, Suite H,L=Panama,ST=Panama,C=PA,1.2.840.113549.1.9.1=#0c1161646d696e406e6f726476706e2e636f6d,1.3.6.1.4.1.311.60.2.1.3=#13025041,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:a7:cf:5d:07:07:24:ac:89:e7:9a:3a
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

19/02/2018, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign TSA for Advanced - G2

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

29/03/2029, 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

99:21:88:0c:0d:2e:e7:b1:e7:58:be:1f:1c:5f:e9:14:31:c2:df:34:c3:8b:c0:6c:27:f9:14:f6:79:8a:4f:82
Signer

Actual PE Digest

99:21:88:0c:0d:2e:e7:b1:e7:58:be:1f:1c:5f:e9:14:31:c2:df:34:c3:8b:c0:6c:27:f9:14:f6:79:8a:4f:82

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=155628861,CN=TEFINCOM S.A.,O=TEFINCOM S.A.,STREET=50th Street\, Global Plaza Tower\, 19th Floor\, Suite H,L=Panama,ST=Panama,C=PA,1.2.840.113549.1.9.1=#0c1161646d696e406e6f726476706e2e636f6d,1.3.6.1.4.1.311.60.2.1.3=#13025041,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

03/04/2020, 13:32
Valid: true

Chain 1

SERIALNUMBER=155628861,CN=TEFINCOM S.A.,O=TEFINCOM S.A.,STREET=50th Street\, Global Plaza Tower\, 19th Floor\, Suite H,L=Panama,ST=Panama,C=PA,1.2.840.113549.1.9.1=#0c1161646d696e406e6f726476706e2e636f6d,1.3.6.1.4.1.311.60.2.1.3=#13025041,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Chain 2

SERIALNUMBER=155628861,CN=TEFINCOM S.A.,O=TEFINCOM S.A.,STREET=50th Street\, Global Plaza Tower\, 19th Floor\, Suite H,L=Panama,ST=Panama,C=PA,1.2.840.113549.1.9.1=#0c1161646d696e406e6f726476706e2e636f6d,1.3.6.1.4.1.311.60.2.1.3=#13025041,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
QueryPerformanceCounter
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery

msvcrt

__dllonexit
__iob_func
_amsg_exit
_initterm
_lock
_onexit
_unlock
abort
calloc
free
fwrite
malloc
memcmp
memcpy
memmove
memset
signal
strlen
strncmp
vfprintf

Exports

Exports

__lzo_align_gap
__lzo_init_v2
__lzo_ptr_linear
_lzo1b_1_compress_func
_lzo1b_2_compress_func
_lzo1b_3_compress_func
_lzo1b_4_compress_func
_lzo1b_5_compress_func
_lzo1b_6_compress_func
_lzo1b_7_compress_func
_lzo1b_8_compress_func
_lzo1b_99_compress_func
_lzo1b_9_compress_func
_lzo1b_do_compress
_lzo1b_store_run
_lzo1c_1_compress_func
_lzo1c_2_compress_func
_lzo1c_3_compress_func
_lzo1c_4_compress_func
_lzo1c_5_compress_func
_lzo1c_6_compress_func
_lzo1c_7_compress_func
_lzo1c_8_compress_func
_lzo1c_99_compress_func
_lzo1c_9_compress_func
_lzo1c_do_compress
_lzo1c_store_run
_lzo_config_check
_lzo_version_date
_lzo_version_string
lzo1_99_compress
lzo1_compress
lzo1_decompress
lzo1_info
lzo1a_99_compress
lzo1a_compress
lzo1a_decompress
lzo1a_info
lzo1b_1_compress
lzo1b_2_compress
lzo1b_3_compress
lzo1b_4_compress
lzo1b_5_compress
lzo1b_6_compress
lzo1b_7_compress
lzo1b_8_compress
lzo1b_999_compress
lzo1b_999_compress_callback
lzo1b_99_compress
lzo1b_9_compress
lzo1b_compress
lzo1b_decompress
lzo1b_decompress_safe
lzo1c_1_compress
lzo1c_2_compress
lzo1c_3_compress
lzo1c_4_compress
lzo1c_5_compress
lzo1c_6_compress
lzo1c_7_compress
lzo1c_8_compress
lzo1c_999_compress
lzo1c_999_compress_callback
lzo1c_99_compress
lzo1c_9_compress
lzo1c_compress
lzo1c_decompress
lzo1c_decompress_safe
lzo1f_1_compress
lzo1f_999_compress
lzo1f_999_compress_callback
lzo1f_decompress
lzo1f_decompress_safe
lzo1x_1_11_compress
lzo1x_1_12_compress
lzo1x_1_15_compress
lzo1x_1_compress
lzo1x_999_compress
lzo1x_999_compress_dict
lzo1x_999_compress_internal
lzo1x_999_compress_level
lzo1x_decompress
lzo1x_decompress_dict_safe
lzo1x_decompress_safe
lzo1x_optimize
lzo1y_1_compress
lzo1y_999_compress
lzo1y_999_compress_dict
lzo1y_999_compress_internal
lzo1y_999_compress_level
lzo1y_decompress
lzo1y_decompress_dict_safe
lzo1y_decompress_safe
lzo1y_optimize
lzo1z_999_compress
lzo1z_999_compress_dict
lzo1z_999_compress_internal
lzo1z_999_compress_level
lzo1z_decompress
lzo1z_decompress_dict_safe
lzo1z_decompress_safe
lzo2a_999_compress
lzo2a_999_compress_callback
lzo2a_decompress
lzo2a_decompress_safe
lzo_adler32
lzo_copyright
lzo_crc32
lzo_get_crc32_table
lzo_memcmp
lzo_memcpy
lzo_memmove
lzo_memset
lzo_version
lzo_version_date
lzo_version_string

Sections

.text
Size: 186KB - Virtual size: 186KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

20f66903fa8abcac500e3191d97590f6

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6aCertificate

Key Usages

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0fCertificate

Extended Key Usages

Key Usages

7b:0f:70:49:63:4b:d8:fd:7f:77:a5:80Certificate

Extended Key Usages

Key Usages

0c:a7:cf:5d:07:07:24:ac:89:e7:9a:3aCertificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:31:89:c6:50:04Certificate

Key Usages

99:21:88:0c:0d:2e:e7:b1:e7:58:be:1f:1c:5f:e9:14:31:c2:df:34:c3:8b:c0:6c:27:f9:14:f6:79:8a:4f:82Signer

Signature Validations

Verification

03/04/2020, 13:32 Valid: true

Chain 1

Chain 2

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

Exports

Exports

Sections

.text Size: 186KB - Virtual size: 186KB

.data Size: 512B - Virtual size: 80B

.rdata Size: 6KB - Virtual size: 6KB

.pdata Size: 5KB - Virtual size: 4KB

.xdata Size: 4KB - Virtual size: 4KB

.bss Size: - Virtual size: 2KB

.edata Size: 3KB - Virtual size: 3KB

.idata Size: 2KB - Virtual size: 1KB

.CRT Size: 512B - Virtual size: 88B

.tls Size: 512B - Virtual size: 104B

.reloc Size: 512B - Virtual size: 168B

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

7b:0f:70:49:63:4b:d8:fd:7f:77:a5:80
Certificate

0c:a7:cf:5d:07:07:24:ac:89:e7:9a:3a
Certificate

04:00:00:00:00:01:31:89:c6:50:04
Certificate

99:21:88:0c:0d:2e:e7:b1:e7:58:be:1f:1c:5f:e9:14:31:c2:df:34:c3:8b:c0:6c:27:f9:14:f6:79:8a:4f:82
Signer

03/04/2020, 13:32
Valid: true

.text
Size: 186KB - Virtual size: 186KB

.data
Size: 512B - Virtual size: 80B

.rdata
Size: 6KB - Virtual size: 6KB

.pdata
Size: 5KB - Virtual size: 4KB

.xdata
Size: 4KB - Virtual size: 4KB

.bss
Size: - Virtual size: 2KB

.edata
Size: 3KB - Virtual size: 3KB

.idata
Size: 2KB - Virtual size: 1KB

.CRT
Size: 512B - Virtual size: 88B

.tls
Size: 512B - Virtual size: 104B

.reloc
Size: 512B - Virtual size: 168B