ac118ebeea4fc342ece962831666e412587d3bb082323422e7f80640075a3170

Sharing

Copy URL Twitter E-mail

General

Target

ac118ebeea4fc342ece962831666e412587d3bb082323422e7f80640075a3170
Size

2.1MB
MD5

de1682d59d692cc791456cd4ff660e8f
SHA1

62bceb7467bcaf6f975e753d8f9c849a861ae022
SHA256

ac118ebeea4fc342ece962831666e412587d3bb082323422e7f80640075a3170
SHA512

8adfe61af52c8b8216ad692161bb550afccbeb5a8fc358a3292406decd7b0327f50df5c1e70bda062f212ec6d866e05702d470f178a710d1d071a5a9c5902a3b
SSDEEP

49152:tfH0e2H4JaGehSVg4iUrNguBKrXm8SUfxoK:xH0e2H4JaGehSVg4iUrNxKr2t0

Score

N/A

Malware Config

Signatures

Files

ac118ebeea4fc342ece962831666e412587d3bb082323422e7f80640075a3170
.exe windows x86

5def3821ad079e473f15b132d9429292

Code Sign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

09:24:e7:7a:25:e0:d3:e6:9f:34:d7:94:8b:ee:25:5c
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

15/10/2019, 00:00

Not After

14/10/2021, 23:59

Subject

CN=PC Matic\, Inc,O=PC Matic\, Inc,L=Sioux City,ST=Iowa,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

09:24:e7:7a:25:e0:d3:e6:9f:34:d7:94:8b:ee:25:5c
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

15/10/2019, 00:00

Not After

14/10/2021, 23:59

Subject

CN=PC Matic\, Inc,O=PC Matic\, Inc,L=Sioux City,ST=Iowa,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c2:3d:70:8c:1e:ba:71:32:a7:7b:18:73:6a:7f:a0:24:d5:f0:11:dd:c0:e0:b4:e5:8a:68:af:4f:1c:7f:35:86
Signer

Actual PE Digest

c2:3d:70:8c:1e:ba:71:32:a7:7b:18:73:6a:7f:a0:24:d5:f0:11:dd:c0:e0:b4:e5:8a:68:af:4f:1c:7f:35:86

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=PC Matic\, Inc,O=PC Matic\, Inc,L=Sioux City,ST=Iowa,C=US

16/03/2021, 19:13
Valid: false

f4:f0:6b:a2:dc:24:bd:94:3c:da:d9:1e:10:2b:c2:5f:fe:8b:22:45
Signer

Actual PE Digest

f4:f0:6b:a2:dc:24:bd:94:3c:da:d9:1e:10:2b:c2:5f:fe:8b:22:45

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=PC Matic\, Inc,O=PC Matic\, Inc,L=Sioux City,ST=Iowa,C=US

16/03/2021, 19:13
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSAStartup
inet_addr
WSACleanup
WSAGetLastError
gethostbyname

wininet

InternetGetConnectedState

sqliteencrypt

sqlite3_column_blob
sqlite3_column_bytes
sqlite3_column_name
sqlite3_column_decltype
sqlite3_column_type
sqlite3_step
sqlite3_changes
sqlite3_bind_text
sqlite3_bind_int
sqlite3_bind_double
sqlite3_column_text
sqlite3_bind_null
sqlite3_bind_parameter_name
sqlite3_bind_parameter_count
sqlite3_bind_parameter_index
sqlite3_exec
sqlite3_get_table
sqlite3_column_int
sqlite3_column_int64
sqlite3_column_double
sqlite3_prepare_v2
sqlite3_get_autocommit
sqlite3_close
sqlite3_open
sqlite3_reset
sqlite3_finalize
sqlite3_errmsg
sqlite3_busy_timeout
sqlite3_last_insert_rowid
sqlite3_rekey
sqlite3_key
sqlite3_free
sqlite3_free_table
sqlite3_column_count
sqlite3_vmprintf
sqlite3_bind_blob
sqlite3_mprintf

kernel32

InterlockedIncrement
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
InitializeCriticalSectionAndSpinCount
WideCharToMultiByte
MultiByteToWideChar
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
Sleep
GetSystemTimeAsFileTime
ReadFile
WriteFile
lstrlenW
CloseHandle
SetNamedPipeHandleState
WaitNamedPipeW
GetLastError
CreateFileW
OpenEventW
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
CreateThread
GetCurrentProcessId
FileTimeToSystemTime
FileTimeToLocalFileTime
FindClose
FindNextFileW
FindFirstFileW
GlobalFree
GlobalAlloc
DisconnectNamedPipe
TerminateThread
GetExitCodeThread
PeekNamedPipe
InterlockedDecrement
GetNamedPipeHandleStateW
FlushFileBuffers
DecodePointer
CreateNamedPipeA
OpenProcess
GetFileSize
SystemTimeToTzSpecificLocalTime
GetFileAttributesExW
GetModuleFileNameW
CreateMutexW
SystemTimeToFileTime
GetSystemTime
GetLocalTime
DeleteFileW
CompareFileTime
MulDiv
CreateProcessW
FreeLibrary
LoadLibraryW
GetCurrentDirectoryW
SetCurrentDirectoryW
CreateDirectoryW
GetFileAttributesW
GetLongPathNameW
CreateEventW
DeleteCriticalSection
WaitForMultipleObjects
ResetEvent
SetEvent
GetVersionExW
GetVersion
lstrlenA
SetLastError
OutputDebugStringW
GetProcAddress
GetModuleHandleW
RaiseException
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
InterlockedCompareExchange
InterlockedExchange
GetTickCount
EncodePointer
QueryPerformanceCounter
GetStringTypeW
FatalAppExitA
GetUserDefaultLCID
GetLocaleInfoA
RtlUnwind
GetCommandLineA
HeapSetInformation
GetStartupInfoW
LCMapStringW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
TlsAlloc
GetModuleFileNameA
TlsGetValue
TlsSetValue
TlsFree
GetCurrentThreadId
GetCurrentThread
IsProcessorFeaturePresent
GetACP
GetOEMCP
IsValidCodePage
HeapCreate
ExitProcess
GetStdHandle
GetLocaleInfoW
EnumSystemLocalesA
IsValidLocale
SetConsoleCtrlHandler
SetFilePointer
GetConsoleCP
GetConsoleMode
SetStdHandle
CreateFileA
WriteConsoleW

user32

CopyRect
GetWindowRect
GetDesktopWindow
GetParent
OffsetRect
SetWindowPos
SetTimer
SetFocus
wsprintfW
SetDlgItemTextW
GetDlgItem
LoadBitmapW
MessageBoxW
BringWindowToTop
UpdateWindow
ShowWindow
CreateWindowExW
DialogBoxParamW
SetWindowTextW
GetSystemMetrics
KillTimer
EndDialog
SetWindowLongW
GetClientRect
GetWindowLongW
PostQuitMessage
FindWindowW
PostMessageW
LoadStringW
SendMessageW
GetWindowTextW
DefWindowProcW
ReleaseDC
DialogBoxIndirectParamW
SystemParametersInfoW
GetDC
DestroyWindow
RegisterClassExW
LoadCursorW
DispatchMessageW
TranslateMessage
TranslateAcceleratorW
GetMessageW
LoadAcceleratorsW
DestroyIcon
LoadImageW
CreateIconIndirect
RegisterWindowMessageW
GetMenuItemID
RemoveMenu
GetCursorPos
TrackPopupMenu
RedrawWindow
SetActiveWindow
SetForegroundWindow
DrawAnimatedRects
SetParent
EnumChildWindows
GetClassNameW
LoadMenuW
GetSubMenu
DestroyMenu
SetMenuDefaultItem
CheckMenuItem
GetDlgCtrlID
IsWindow
LoadIconW

gdi32

CreateCompatibleBitmap
PatBlt
CreateFontW
TextOutW
GetDeviceCaps
CreateFontIndirectW
SetMapMode
GetTextExtentPoint32W
GetObjectW
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
CreateSolidBrush
DeleteObject

advapi32

SetSecurityDescriptorDacl
OpenSCManagerW
OpenServiceW
QueryServiceStatus
StartServiceW
ControlService
CloseServiceHandle
RegEnumValueW
RegEnumKeyExW
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
OpenProcessToken
GetTokenInformation
LookupAccountSidW
RegCloseKey
InitializeSecurityDescriptor

shell32

SHAppBarMessage
Shell_NotifyIconW
ShellExecuteW
SHGetFolderPathW

ole32

OleInitialize
OleUninitialize
OleSetContainedObject
CoGetClassObject

oleaut32

SafeArrayAccessData
SysStringLen
VariantInit
SysAllocString
SysFreeString
SafeArrayDestroy
SafeArrayCreate
VariantClear

shlwapi

PathRemoveFileSpecW

icmp

IcmpCloseHandle
IcmpCreateFile
IcmpSendEcho

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

Sections

.text
Size: 374KB - Virtual size: 373KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5def3821ad079e473f15b132d9429292

Code Sign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cbCertificate

Extended Key Usages

Key Usages

09:24:e7:7a:25:e0:d3:e6:9f:34:d7:94:8b:ee:25:5cCertificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cbCertificate

Extended Key Usages

Key Usages

09:24:e7:7a:25:e0:d3:e6:9f:34:d7:94:8b:ee:25:5cCertificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

c2:3d:70:8c:1e:ba:71:32:a7:7b:18:73:6a:7f:a0:24:d5:f0:11:dd:c0:e0:b4:e5:8a:68:af:4f:1c:7f:35:86Signer

Signature Validations

Verification

16/03/2021, 19:13 Valid: false

f4:f0:6b:a2:dc:24:bd:94:3c:da:d9:1e:10:2b:c2:5f:fe:8b:22:45Signer

Signature Validations

Verification

16/03/2021, 19:13 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

wininet

sqliteencrypt

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

icmp

version

Sections

.text Size: 374KB - Virtual size: 373KB

.rdata Size: 86KB - Virtual size: 85KB

.data Size: 7KB - Virtual size: 26KB

.rsrc Size: 1.6MB - Virtual size: 1.6MB

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

09:24:e7:7a:25:e0:d3:e6:9f:34:d7:94:8b:ee:25:5c
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

09:24:e7:7a:25:e0:d3:e6:9f:34:d7:94:8b:ee:25:5c
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

c2:3d:70:8c:1e:ba:71:32:a7:7b:18:73:6a:7f:a0:24:d5:f0:11:dd:c0:e0:b4:e5:8a:68:af:4f:1c:7f:35:86
Signer

16/03/2021, 19:13
Valid: false

f4:f0:6b:a2:dc:24:bd:94:3c:da:d9:1e:10:2b:c2:5f:fe:8b:22:45
Signer

16/03/2021, 19:13
Valid: false

.text
Size: 374KB - Virtual size: 373KB

.rdata
Size: 86KB - Virtual size: 85KB

.data
Size: 7KB - Virtual size: 26KB

.rsrc
Size: 1.6MB - Virtual size: 1.6MB