e48a4651f9f691d1f0c115f50f8e2e2baf18107cc766a0cf0a1c17ef8f6e82db

Sharing

Copy URL Twitter E-mail

General

Target

e48a4651f9f691d1f0c115f50f8e2e2baf18107cc766a0cf0a1c17ef8f6e82db
Size

691KB
MD5

4d96beff088ba6ab48fd3775f87c3438
SHA1

e70a93f2f4045e650643e9691e61f38c4ce910fa
SHA256

e48a4651f9f691d1f0c115f50f8e2e2baf18107cc766a0cf0a1c17ef8f6e82db
SHA512

7cbd4a89769e2608fc3a4d59e5afb0e55b636087736340eacefefb11513e0692ef6a2f49ca405f4a6bc5f67abf0f3a6a437662e6c76a64f79f749b4adad87cf9
SSDEEP

12288:4UTTsjKKkybPzVKtskjbxeV50hCSXDWkEupXMMhogeb0ORUtp2Z5UpHK74r:xTQ2KkybLVanjFhCSX3EUX9hPy0IUtkK

Score

N/A

Malware Config

Signatures

Files

e48a4651f9f691d1f0c115f50f8e2e2baf18107cc766a0cf0a1c17ef8f6e82db
.dll windows x64

42f707d18af554175b66d74f89875cf3

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:0b:6c:41:00:00:00:00:00:05
Certificate

Issuer

CN=Microsoft Windows Verification PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/09/2006, 02:41

Not After

07/11/2007, 02:51

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

79:ad:16:a1:4a:a0:a5:ad:4c:73:58:f4:07:13:2e:65
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

09/05/2001, 23:19

Not After

09/05/2021, 23:28

Subject

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:07:02:dc:00:00:00:00:00:0b
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

15/09/2005, 21:55

Not After

15/03/2016, 22:05

Subject

CN=Microsoft Windows Verification PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

7f:23:6a:06:9d:84:6e:a0:b0:c4:86:40:ef:9d:2b:e0:f8:6f:33:2b
Signer

Actual PE Digest

7f:23:6a:06:9d:84:6e:a0:b0:c4:86:40:ef:9d:2b:e0:f8:6f:33:2b

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

24/11/2022, 14:54
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

setupapi

SetupLogErrorW
SetupOpenLog
SetupCloseLog

kernel32

HeapCreate
FlushFileBuffers
VirtualQuery
GetLocalTime
GetLastError
LockResource
GetTempFileNameW
FindResourceW
CloseHandle
LoadResource
CreateProcessW
GetWindowsDirectoryW
DeleteFileW
CreateDirectoryW
WaitForSingleObject
ExpandEnvironmentStringsW
WriteFile
SizeofResource
GetExitCodeProcess
CreateFileW
VerSetConditionMask
VerifyVersionInfoW
FormatMessageW
GetVersionExW
LocalFree
FlsSetValue
GetCommandLineA
GetProcAddress
GetModuleHandleW
ExitProcess
EncodePointer
DecodePointer
FlsFree
SetLastError
FlsGetValue
GetCurrentThreadId
FlsAlloc
HeapFree
HeapAlloc
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapSetInformation
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
RtlUnwindEx
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
OutputDebugStringA
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetACP
GetOEMCP
Sleep
SetFilePointer
GetConsoleCP
GetConsoleMode
MultiByteToWideChar
LoadLibraryW
GetStringTypeW
LCMapStringW
SetStdHandle
WriteConsoleW
VirtualProtect
VirtualAlloc
SetThreadStackGuarantee
GetSystemInfo

Exports

Exports

CoDeviceInstall
UpdateWinusb

Sections

.text
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 624KB - Virtual size: 623KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 678B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

42f707d18af554175b66d74f89875cf3

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

61:0b:6c:41:00:00:00:00:00:05Certificate

Extended Key Usages

Key Usages

79:ad:16:a1:4a:a0:a5:ad:4c:73:58:f4:07:13:2e:65Certificate

Key Usages

61:07:02:dc:00:00:00:00:00:0bCertificate

Extended Key Usages

Key Usages

7f:23:6a:06:9d:84:6e:a0:b0:c4:86:40:ef:9d:2b:e0:f8:6f:33:2bSigner

Signature Validations

Verification

24/11/2022, 14:54 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

setupapi

kernel32

Exports

Exports

Sections

.text Size: 50KB - Virtual size: 50KB

.data Size: 5KB - Virtual size: 14KB

.pdata Size: 2KB - Virtual size: 1KB

.rsrc Size: 624KB - Virtual size: 623KB

.reloc Size: 1024B - Virtual size: 678B

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

61:0b:6c:41:00:00:00:00:00:05
Certificate

79:ad:16:a1:4a:a0:a5:ad:4c:73:58:f4:07:13:2e:65
Certificate

61:07:02:dc:00:00:00:00:00:0b
Certificate

7f:23:6a:06:9d:84:6e:a0:b0:c4:86:40:ef:9d:2b:e0:f8:6f:33:2b
Signer

24/11/2022, 14:54
Valid: false

.text
Size: 50KB - Virtual size: 50KB

.data
Size: 5KB - Virtual size: 14KB

.pdata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 624KB - Virtual size: 623KB

.reloc
Size: 1024B - Virtual size: 678B