51621f67a378f84ba9525ee36ad1b0b2c23212aa2f8f2a3e8f11eddaee95544c

Sharing

Copy URL Twitter E-mail

General

Target

51621f67a378f84ba9525ee36ad1b0b2c23212aa2f8f2a3e8f11eddaee95544c
Size

1.3MB
MD5

db3a494eb3e6429b1aa707bc678c8083
SHA1

f04104a37d8312fe6d63b8d7bde4ccbb62ea7276
SHA256

51621f67a378f84ba9525ee36ad1b0b2c23212aa2f8f2a3e8f11eddaee95544c
SHA512

d30df5b450fec9c25d78af24dc32e6b1960cc673ef05c47d08ab6983cec932ae644aebc91172d8133607a818ba608614388a4cafc5022eb6f06dea995ec591bb
SSDEEP

24576:Wuq2tmafPHRCOfLIRT26ULQX+llih7yzs905h0OsYOl9ooM3hGrBswDNge:8aHPixOa9puW

Score

N/A

Malware Config

Signatures

Files

51621f67a378f84ba9525ee36ad1b0b2c23212aa2f8f2a3e8f11eddaee95544c
.exe windows x86

271899255abcac09acc7987d146b367b

Code Sign

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:35:3b:4e:ec:0d:90:2a:13:5e:20:be:e1:a6:68:17
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17/06/2014, 00:00

Not After

17/06/2015, 23:59

Subject

CN=Smart Secure Software S.l.,O=Smart Secure Software S.l.,L=Adeje,ST=Santa Cruz de Tenerife,C=ES

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

cb:d8:25:0e:f3:9e:11:34:40:73:42:7f:cd:64:15:a5:3c:32:34:cd
Signer

Actual PE Digest

cb:d8:25:0e:f3:9e:11:34:40:73:42:7f:cd:64:15:a5:3c:32:34:cd

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Smart Secure Software S.l.,O=Smart Secure Software S.l.,L=Adeje,ST=Santa Cruz de Tenerife,C=ES

17/11/2022, 13:17
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

IsDebuggerPresent
LoadLibraryW
GetModuleFileNameA
GetModuleFileNameW
WideCharToMultiByte
LockResource
VirtualAlloc
TerminateProcess
ReadProcessMemory
WriteProcessMemory
GetThreadContext
LoadResource
SizeofResource
GetModuleHandleW
GetLastError
GetCommandLineA
FindResourceW
FindResourceExW
MultiByteToWideChar
FreeConsole
InitializeCriticalSectionAndSpinCount
RaiseException
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
GetCurrentProcess
GetProcAddress
FreeLibrary
CreateProcessA
InterlockedDecrement
CreateFileW
FlushFileBuffers
WriteConsoleW
SetStdHandle
SetFilePointerEx
GetConsoleMode
GetConsoleCP
CloseHandle
OutputDebugStringW
LoadLibraryExW
GetOEMCP
GetACP
IsValidCodePage
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetFileType
InterlockedIncrement
Sleep
EncodePointer
DecodePointer
GetStringTypeW
LocalFree
GetCommandLineW
RtlUnwind
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
IsProcessorFeaturePresent
LCMapStringW
GetCurrentThreadId
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile

advapi32

RegOpenKeyExW
RegCloseKey
RegQueryValueExW

ole32

CoInitializeEx
CoInitializeSecurity
CoSetProxyBlanket
CoCreateInstance

oleaut32

SysFreeString
VariantClear
SysStringByteLen
SysAllocStringByteLen

shlwapi

PathFindFileNameW

Sections

.text
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 263KB - Virtual size: 263KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 934KB - Virtual size: 934KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

271899255abcac09acc7987d146b367b

Code Sign

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

47:35:3b:4e:ec:0d:90:2a:13:5e:20:be:e1:a6:68:17Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

cb:d8:25:0e:f3:9e:11:34:40:73:42:7f:cd:64:15:a5:3c:32:34:cdSigner

Signature Validations

Verification

17/11/2022, 13:17 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

ole32

oleaut32

shlwapi

Sections

.text Size: 85KB - Virtual size: 84KB

.rdata Size: 263KB - Virtual size: 263KB

.data Size: 6KB - Virtual size: 14KB

.rsrc Size: 934KB - Virtual size: 934KB

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

47:35:3b:4e:ec:0d:90:2a:13:5e:20:be:e1:a6:68:17
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

cb:d8:25:0e:f3:9e:11:34:40:73:42:7f:cd:64:15:a5:3c:32:34:cd
Signer

17/11/2022, 13:17
Valid: false

.text
Size: 85KB - Virtual size: 84KB

.rdata
Size: 263KB - Virtual size: 263KB

.data
Size: 6KB - Virtual size: 14KB

.rsrc
Size: 934KB - Virtual size: 934KB