ff7f120764885be745e43d117cd6524069b1557a2a9a1d2ae2c02c07f2cca261

Sharing

Copy URL

Twitter E-mail

General

Target

ff7f120764885be745e43d117cd6524069b1557a2a9a1d2ae2c02c07f2cca261
Size

1.3MB
MD5

f9f477d5dc35bc6967b9ef7c3bca3501
SHA1

962a33f3fca8f8196268f32eee481d06770468ed
SHA256

ff7f120764885be745e43d117cd6524069b1557a2a9a1d2ae2c02c07f2cca261
SHA512

ede4f76c2937979ed690f70d1e122fc162360051d928ab1130be3ecdf08e089baa77ef196061c1e4d67a6d153b5373150f9d60585fe1f652f282c587101ff4aa
SSDEEP

24576:muq2tmafPHRCOfLIRT26ULQX+llih7yzs905h0OsYOl9ooM3hGrBswDNgp:saHPixOa9puB

Score

N/A

Malware Config

Signatures

Files

ff7f120764885be745e43d117cd6524069b1557a2a9a1d2ae2c02c07f2cca261
.exe windows x86

271899255abcac09acc7987d146b367b

Code Sign

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:35:3b:4e:ec:0d:90:2a:13:5e:20:be:e1:a6:68:17
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17/06/2014, 00:00

Not After

17/06/2015, 23:59

Subject

CN=Smart Secure Software S.l.,O=Smart Secure Software S.l.,L=Adeje,ST=Santa Cruz de Tenerife,C=ES

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1d:82:c3:8f:8d:c2:dd:62:92:ec:c8:29:6a:12:c2:77:64:44:a2:ac
Signer

Actual PE Digest

1d:82:c3:8f:8d:c2:dd:62:92:ec:c8:29:6a:12:c2:77:64:44:a2:ac

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Smart Secure Software S.l.,O=Smart Secure Software S.l.,L=Adeje,ST=Santa Cruz de Tenerife,C=ES

17/11/2022, 13:22
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

IsDebuggerPresent
LoadLibraryW
GetModuleFileNameA
GetModuleFileNameW
WideCharToMultiByte
LockResource
VirtualAlloc
TerminateProcess
ReadProcessMemory
WriteProcessMemory
GetThreadContext
LoadResource
SizeofResource
GetModuleHandleW
GetLastError
GetCommandLineA
FindResourceW
FindResourceExW
MultiByteToWideChar
FreeConsole
InitializeCriticalSectionAndSpinCount
RaiseException
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
GetCurrentProcess
GetProcAddress
FreeLibrary
CreateProcessA
InterlockedDecrement
CreateFileW
FlushFileBuffers
WriteConsoleW
SetStdHandle
SetFilePointerEx
GetConsoleMode
GetConsoleCP
CloseHandle
OutputDebugStringW
LoadLibraryExW
GetOEMCP
GetACP
IsValidCodePage
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetFileType
InterlockedIncrement
Sleep
EncodePointer
DecodePointer
GetStringTypeW
LocalFree
GetCommandLineW
RtlUnwind
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
IsProcessorFeaturePresent
LCMapStringW
GetCurrentThreadId
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile

advapi32

RegOpenKeyExW
RegCloseKey
RegQueryValueExW

ole32

CoInitializeEx
CoInitializeSecurity
CoSetProxyBlanket
CoCreateInstance

oleaut32

SysFreeString
VariantClear
SysStringByteLen
SysAllocStringByteLen

shlwapi

PathFindFileNameW

Sections

.text
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 263KB - Virtual size: 263KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 934KB - Virtual size: 934KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

271899255abcac09acc7987d146b367b

Code Sign

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

47:35:3b:4e:ec:0d:90:2a:13:5e:20:be:e1:a6:68:17Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

1d:82:c3:8f:8d:c2:dd:62:92:ec:c8:29:6a:12:c2:77:64:44:a2:acSigner

Signature Validations

Verification

17/11/2022, 13:22 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

ole32

oleaut32

shlwapi

Sections

.text Size: 85KB - Virtual size: 84KB

.rdata Size: 263KB - Virtual size: 263KB

.data Size: 6KB - Virtual size: 14KB

.rsrc Size: 934KB - Virtual size: 934KB

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

47:35:3b:4e:ec:0d:90:2a:13:5e:20:be:e1:a6:68:17
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

1d:82:c3:8f:8d:c2:dd:62:92:ec:c8:29:6a:12:c2:77:64:44:a2:ac
Signer

17/11/2022, 13:22
Valid: false

.text
Size: 85KB - Virtual size: 84KB

.rdata
Size: 263KB - Virtual size: 263KB

.data
Size: 6KB - Virtual size: 14KB

.rsrc
Size: 934KB - Virtual size: 934KB