0b7ec561a745486540cc64a1a0fc7999c81d020473ee8a807f3a80a0c8798988

Sharing

Copy URL Twitter E-mail

General

Target

0b7ec561a745486540cc64a1a0fc7999c81d020473ee8a807f3a80a0c8798988
Size

283KB
MD5

ae9166733ff30c11ed6822dce0025661
SHA1

4a95c237acfb8f507facdd370b629aafc143c149
SHA256

0b7ec561a745486540cc64a1a0fc7999c81d020473ee8a807f3a80a0c8798988
SHA512

b05ba44261e96f9503607ca4e97cbdacbef2e56453da8df1954b005a18417fe0930e250e54641f7f74683669b762041d958e2fd1cfd8bbc1aa9d3e76a58bd0b3
SSDEEP

3072:J+x3Yrfrhwe4/Q/8LkIK31UrKxzwddCusaasEooikO3Xq14x0TAcD6uug+n/Ontj:AarGefIbrKxsddlsakikKw4Wn6uug39

Score

N/A

Malware Config

Signatures

Files

0b7ec561a745486540cc64a1a0fc7999c81d020473ee8a807f3a80a0c8798988
.exe windows x86

4c93e418cf3d41ab92f1781897409aa5

Code Sign

67:a7:bd:2b:7b:2f:c7:b9:f9:9f:56:83:6c:f5:ea:b6
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

13/12/2012, 00:00

Not After

03/01/2015, 23:59

Subject

CN=Georgia SoftWorks,OU=SECURE APPLICATION DEVELOPMENT,O=Georgia SoftWorks,L=Dawsonville,ST=Georgia,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

39:cb:ee:ed:b6:9a:ba:59:79:55:66:59:22:6b:ca:ad:ad:8c:d5:18
Signer

Actual PE Digest

39:cb:ee:ed:b6:9a:ba:59:79:55:66:59:22:6b:ca:ad:ad:8c:d5:18

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Georgia SoftWorks,OU=SECURE APPLICATION DEVELOPMENT,O=Georgia SoftWorks,L=Dawsonville,ST=Georgia,C=US

24/11/2022, 14:54
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

ntdll

_memccpy
_ltoa
memmove
towlower
_itoa

kernel32

RaiseException
LoadLibraryA
GetLastError
InterlockedExchange
FreeLibrary
GetProcAddress
_lclose
GetCurrentProcess
GetModuleFileNameA
GetExitCodeThread
_lclose
FindClose
EnumResourceTypesA
SetLastError
SetVolumeLabelA
GetPrivateProfileStructW
ReadDirectoryChangesW
FoldStringA
LoadModule
GetFileType
GetPrivateProfileStructA
LocalSize
GetCPInfoExA
GetModuleHandleW
PostQueuedCompletionStatus
SwitchToFiber
HeapFree
SetTapeParameters
GetProcessIoCounters
GetDiskFreeSpaceA
IsDebuggerPresent
lstrcpynW
GetStringTypeExA
SuspendThread
GlobalReAlloc
GetLocalTime
FindNextChangeNotification
UnhandledExceptionFilter
SetUnhandledExceptionFilter
LocalAlloc
TerminateProcess

msvcrt

_lock
_onexit
_except_handler3
_unlock
_wcsrev
_mbstrlen
fgets
__dllonexit

ole32

StringFromIID
OleCreateEx
HWND_UserUnmarshal
HGLOBAL_UserSize
OleRegEnumVerbs
OleGetIconOfFile
HGLOBAL_UserUnmarshal
CoCreateInstance
OleCreateFromDataEx
CLSIDFromString
CoFreeAllLibraries
CreateItemMoniker
OleCreateLinkFromData
StgCreatePropStg
StgGetIFillLockBytesOnILockBytes
CoMarshalInterThreadInterfaceInStream
StgCreateDocfile
STGMEDIUM_UserSize

Sections

.text
Size: 155KB - Virtual size: 154KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_Interlo
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qwsx
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4c93e418cf3d41ab92f1781897409aa5

Code Sign

67:a7:bd:2b:7b:2f:c7:b9:f9:9f:56:83:6c:f5:ea:b6Certificate

Extended Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

39:cb:ee:ed:b6:9a:ba:59:79:55:66:59:22:6b:ca:ad:ad:8c:d5:18Signer

Signature Validations

Verification

24/11/2022, 14:54 Valid: false

Headers

File Characteristics

Imports

ntdll

kernel32

msvcrt

ole32

Sections

.text Size: 155KB - Virtual size: 154KB

.data Size: 16KB - Virtual size: 15KB

.reloc Size: 38KB - Virtual size: 37KB

_Interlo Size: 11KB - Virtual size: 10KB

.tls Size: 10KB - Virtual size: 9KB

.qwsx Size: 2KB - Virtual size: 1KB

.rsrc Size: 48KB - Virtual size: 47KB

67:a7:bd:2b:7b:2f:c7:b9:f9:9f:56:83:6c:f5:ea:b6
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

39:cb:ee:ed:b6:9a:ba:59:79:55:66:59:22:6b:ca:ad:ad:8c:d5:18
Signer

24/11/2022, 14:54
Valid: false

.text
Size: 155KB - Virtual size: 154KB

.data
Size: 16KB - Virtual size: 15KB

.reloc
Size: 38KB - Virtual size: 37KB

_Interlo
Size: 11KB - Virtual size: 10KB

.tls
Size: 10KB - Virtual size: 9KB

.qwsx
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 48KB - Virtual size: 47KB