07d4adb40183a4d7826d4efa267bf6b3db6fac83f50d14fa9c5c3bb1c53567da

Sharing

Copy URL

Twitter E-mail

General

Target

07d4adb40183a4d7826d4efa267bf6b3db6fac83f50d14fa9c5c3bb1c53567da
Size

283KB
MD5

a55bcf2921b05d06dfaafdaf0ca7902b
SHA1

f4e704c4aae67d3b9012ecb5454995210bf8ac69
SHA256

07d4adb40183a4d7826d4efa267bf6b3db6fac83f50d14fa9c5c3bb1c53567da
SHA512

468d0745962ce78006a961f7d6ab9cb5b6af36cc118256d5bb34134a64860d5a2c3191727e9385c2385a37147078a66d72423272dd8f7eb9c17ff311c647785f
SSDEEP

6144:r0Zs/0ixtYBFHLJcQWdjb/9tQnWY6gILsqcskug3e:Yc1xu3lcQYjb/kHILsLug3e

Score

N/A

Malware Config

Signatures

Files

07d4adb40183a4d7826d4efa267bf6b3db6fac83f50d14fa9c5c3bb1c53567da
.exe windows x86

6c5106260418c91c6920f6d9fa5c672c

Code Sign

67:a7:bd:2b:7b:2f:c7:b9:f9:9f:56:83:6c:f5:ea:b6
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

13-12-2012 00:00

Not After

03-01-2015 23:59

Subject

CN=Georgia SoftWorks,OU=SECURE APPLICATION DEVELOPMENT,O=Georgia SoftWorks,L=Dawsonville,ST=Georgia,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

c0:6a:4e:a2:e7:3b:87:d4:e9:b2:b1:d0:a0:33:31:a8:9a:1b:fe:c8
Signer

Actual PE Digest

c0:6a:4e:a2:e7:3b:87:d4:e9:b2:b1:d0:a0:33:31:a8:9a:1b:fe:c8

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Georgia SoftWorks,OU=SECURE APPLICATION DEVELOPMENT,O=Georgia SoftWorks,L=Dawsonville,ST=Georgia,C=US

24-11-2022 14:54
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

ntdll

_strcmpi
wcstol
vsprintf
mbstowcs
_wcsicmp
memcpy
_i64tow

kernel32

RaiseException
LoadLibraryA
GetLastError
InterlockedExchange
FreeLibrary
GetProcAddress
LocalAlloc
WaitForSingleObjectEx
GetCurrentProcess
GetModuleFileNameA
OpenEventW
GetPrivateProfileSectionW
WaitForSingleObjectEx
GetEnvironmentStrings
FindNextVolumeW
GetBinaryTypeA
DeleteFileW
SystemTimeToTzSpecificLocalTime
EnumResourceNamesW
SetFileApisToANSI
GetCurrentDirectoryW
FindFirstVolumeW
_lclose
GetConsoleTitleA
FlushFileBuffers
GetAtomNameA
CreateTimerQueueTimer
EnumResourceLanguagesW
CreateDirectoryA
GetLocalTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess

msvcrt

_unlink
_msize
isleadbyte
fgets
_wchmod
fgetpos
_unlock
__dllonexit
_lock
_onexit
_except_handler3
_wperror
fflush
iswcntrl

ole32

HWND_UserUnmarshal
CoTreatAsClass
OleRegGetMiscStatus
OleLoad
CoInitializeSecurity
OleConvertIStorageToOLESTREAM
StgGetIFillLockBytesOnFile
OleDestroyMenuDescriptor
OleRegEnumVerbs
StgCreatePropStg

Sections

.text
Size: 156KB - Virtual size: 155KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_Interlo
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qwsx
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6c5106260418c91c6920f6d9fa5c672c

Code Sign

67:a7:bd:2b:7b:2f:c7:b9:f9:9f:56:83:6c:f5:ea:b6Certificate

Extended Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

c0:6a:4e:a2:e7:3b:87:d4:e9:b2:b1:d0:a0:33:31:a8:9a:1b:fe:c8Signer

Signature Validations

Verification

24-11-2022 14:54 Valid: false

Headers

File Characteristics

Imports

ntdll

kernel32

msvcrt

ole32

Sections

.text Size: 156KB - Virtual size: 155KB

.data Size: 15KB - Virtual size: 15KB

.reloc Size: 39KB - Virtual size: 38KB

_Interlo Size: 10KB - Virtual size: 9KB

.tls Size: 10KB - Virtual size: 9KB

.qwsx Size: 2KB - Virtual size: 1KB

.rsrc Size: 48KB - Virtual size: 47KB

67:a7:bd:2b:7b:2f:c7:b9:f9:9f:56:83:6c:f5:ea:b6
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

c0:6a:4e:a2:e7:3b:87:d4:e9:b2:b1:d0:a0:33:31:a8:9a:1b:fe:c8
Signer

24-11-2022 14:54
Valid: false

.text
Size: 156KB - Virtual size: 155KB

.data
Size: 15KB - Virtual size: 15KB

.reloc
Size: 39KB - Virtual size: 38KB

_Interlo
Size: 10KB - Virtual size: 9KB

.tls
Size: 10KB - Virtual size: 9KB

.qwsx
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 48KB - Virtual size: 47KB