acffceb575266ce8361812b49116c622f72fbf854546185a3201fa8f888508b9

Sharing

Copy URL Twitter E-mail

General

Target

acffceb575266ce8361812b49116c622f72fbf854546185a3201fa8f888508b9
Size

1.0MB
MD5

f72dc82dd543822db9b1868324a8a1bc
SHA1

dbe87323b336bd2c9cbe427514471a85918361dc
SHA256

acffceb575266ce8361812b49116c622f72fbf854546185a3201fa8f888508b9
SHA512

d472a34b896b4e3a607c199900bbbc11cb1096080050094bd359ea91fe9ef526d434c2fa350014a4bd5c8564672215d43840edbc0adc61528a42bd6b2e229e06
SSDEEP

24576:B01sP6z2adHacnDMsUv6y5suEQlr0V+wx3man:B01K67Yp6/VQxOW0

Score

N/A

Malware Config

Signatures

Files

acffceb575266ce8361812b49116c622f72fbf854546185a3201fa8f888508b9
.exe windows x64

d84488732e41a2a51934e05d5e22bbdb

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

19/09/2018, 00:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:0f:70:49:63:4b:d8:fd:7f:77:a5:80
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

14/05/2019, 12:05

Not After

13/06/2021, 12:05

Subject

SERIALNUMBER=155628861,CN=TEFINCOM S.A.,O=TEFINCOM S.A.,STREET=50th Street\, Global Plaza Tower\, 19th Floor\, Suite H,L=Panama,ST=Panama,C=PA,1.2.840.113549.1.9.1=#0c1161646d696e406e6f726476706e2e636f6d,1.3.6.1.4.1.311.60.2.1.3=#13025041,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:a7:cf:5d:07:07:24:ac:89:e7:9a:3a
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

19/02/2018, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign TSA for Advanced - G2

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

29/03/2029, 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2f:ef:5e:0d:57:51:2e:07:13:37:34:76:f6:9c:1c:e6:f5:72:a4:b5:7d:33:68:d1:57:4d:a4:25:62:93:0e:49
Signer

Actual PE Digest

2f:ef:5e:0d:57:51:2e:07:13:37:34:76:f6:9c:1c:e6:f5:72:a4:b5:7d:33:68:d1:57:4d:a4:25:62:93:0e:49

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=155628861,CN=TEFINCOM S.A.,O=TEFINCOM S.A.,STREET=50th Street\, Global Plaza Tower\, 19th Floor\, Suite H,L=Panama,ST=Panama,C=PA,1.2.840.113549.1.9.1=#0c1161646d696e406e6f726476706e2e636f6d,1.3.6.1.4.1.311.60.2.1.3=#13025041,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

31/03/2020, 11:42
Valid: true

Chain 1

SERIALNUMBER=155628861,CN=TEFINCOM S.A.,O=TEFINCOM S.A.,STREET=50th Street\, Global Plaza Tower\, 19th Floor\, Suite H,L=Panama,ST=Panama,C=PA,1.2.840.113549.1.9.1=#0c1161646d696e406e6f726476706e2e636f6d,1.3.6.1.4.1.311.60.2.1.3=#13025041,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Chain 2

SERIALNUMBER=155628861,CN=TEFINCOM S.A.,O=TEFINCOM S.A.,STREET=50th Street\, Global Plaza Tower\, 19th Floor\, Suite H,L=Panama,ST=Panama,C=PA,1.2.840.113549.1.9.1=#0c1161646d696e406e6f726476706e2e636f6d,1.3.6.1.4.1.311.60.2.1.3=#13025041,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

libcrypto-1_1-x64

ASN1_BIT_STRING_free
ASN1_BIT_STRING_get_bit
ASN1_INTEGER_to_BN
ASN1_OBJECT_free
ASN1_STRING_to_UTF8
BIO_ctrl
BIO_f_base64
BIO_free
BIO_free_all
BIO_new
BIO_new_file
BIO_new_mem_buf
BIO_push
BIO_read
BIO_s_mem
BIO_test_flags
BIO_write
BN_bn2dec
BN_dup
BN_free
CRYPTO_free
CRYPTO_get_ex_new_index
DES_check_key_parity
DES_ecb_encrypt
DES_is_weak_key
DES_set_key_unchecked
DES_set_odd_parity
DH_free
DH_size
DSA_bits
EC_GROUP_get_curve_name
EC_GROUP_order_bits
EC_KEY_free
EC_KEY_get0_group
EC_KEY_new_by_curve_name
EC_get_builtin_curves
ENGINE_by_id
ENGINE_ctrl_cmd_string
ENGINE_free
ENGINE_get_first
ENGINE_get_id
ENGINE_get_name
ENGINE_get_next
ENGINE_load_builtin_engines
ENGINE_register_all_complete
ENGINE_set_default
ERR_clear_error
ERR_error_string
ERR_get_error
ERR_load_strings
ERR_peek_error
ERR_put_error
EVP_CIPHER_CTX_block_size
EVP_CIPHER_CTX_cipher
EVP_CIPHER_CTX_ctrl
EVP_CIPHER_CTX_free
EVP_CIPHER_CTX_iv_length
EVP_CIPHER_CTX_key_length
EVP_CIPHER_CTX_new
EVP_CIPHER_CTX_reset
EVP_CIPHER_CTX_set_key_length
EVP_CIPHER_block_size
EVP_CIPHER_flags
EVP_CIPHER_iv_length
EVP_CIPHER_key_length
EVP_CIPHER_nid
EVP_CipherFinal
EVP_CipherInit
EVP_CipherInit_ex
EVP_CipherUpdate
EVP_Digest
EVP_DigestFinal
EVP_DigestInit
EVP_DigestUpdate
EVP_MD_CTX_free
EVP_MD_CTX_md
EVP_MD_CTX_new
EVP_MD_CTX_reset
EVP_MD_size
EVP_MD_type
EVP_PKEY_free
EVP_PKEY_get0_DSA
EVP_PKEY_get0_EC_KEY
EVP_PKEY_get0_RSA
EVP_PKEY_id
EVP_get_cipherbyname
EVP_get_digestbyname
EVP_sha1
EVP_sha256
HMAC_CTX_free
HMAC_CTX_new
HMAC_CTX_reset
HMAC_Final
HMAC_Init_ex
HMAC_Update
HMAC_size
OBJ_nid2sn
OBJ_obj2nid
OBJ_obj2txt
OBJ_sn2nid
OBJ_txt2nid
OBJ_txt2obj
OPENSSL_init_crypto
OPENSSL_sk_delete
OPENSSL_sk_find
OPENSSL_sk_new
OPENSSL_sk_num
OPENSSL_sk_pop_free
OPENSSL_sk_push
OPENSSL_sk_value
OpenSSL_version
PEM_X509_INFO_read_bio
PEM_read_bio_DHparams
PEM_read_bio_PrivateKey
PEM_read_bio_X509
PEM_read_bio_X509_CRL
PEM_write_X509
PKCS12_free
PKCS12_parse
RAND_bytes
RSA_bits
RSA_flags
RSA_free
RSA_get0_key
RSA_get_method
RSA_meth_free
RSA_meth_get0_app_data
RSA_meth_new
RSA_meth_set0_app_data
RSA_meth_set_finish
RSA_meth_set_init
RSA_meth_set_priv_dec
RSA_meth_set_priv_enc
RSA_meth_set_pub_dec
RSA_meth_set_pub_enc
RSA_new
RSA_set0_key
RSA_set_flags
RSA_set_method
RSA_size
X509V3_EXT_print
X509_CRL_free
X509_INFO_free
X509_LOOKUP_ctrl
X509_LOOKUP_hash_dir
X509_NAME_ENTRY_get_data
X509_NAME_ENTRY_get_object
X509_NAME_cmp
X509_NAME_dup
X509_NAME_entry_count
X509_NAME_get_entry
X509_NAME_get_index_by_NID
X509_NAME_get_index_by_OBJ
X509_NAME_oneline
X509_NAME_print_ex
X509_OBJECT_free
X509_OBJECT_get_type
X509_STORE_CTX_get_current_cert
X509_STORE_CTX_get_error
X509_STORE_CTX_get_error_depth
X509_STORE_CTX_get_ex_data
X509_STORE_add_cert
X509_STORE_add_crl
X509_STORE_add_lookup
X509_STORE_get0_objects
X509_STORE_set_flags
X509_check_purpose
X509_cmp_time
X509_digest
X509_free
X509_get0_pubkey
X509_get_ext
X509_get_ext_by_NID
X509_get_ext_d2i
X509_get_pubkey
X509_get_serialNumber
X509_get_subject_name
X509_getm_notAfter
X509_getm_notBefore
X509_verify_cert_error_string
d2i_PKCS12_bio
d2i_PKCS12_fp
d2i_X509
i2a_ASN1_INTEGER

liblzo2-2

__lzo_init_v2
lzo1x_1_15_compress
lzo1x_decompress_safe
lzo_version_string

libpkcs11-helper-1

pkcs11h_addProvider
pkcs11h_certificate_create
pkcs11h_certificate_deserializeCertificateId
pkcs11h_certificate_enumCertificateIds
pkcs11h_certificate_freeCertificate
pkcs11h_certificate_freeCertificateId
pkcs11h_certificate_freeCertificateIdList
pkcs11h_certificate_getCertificateBlob
pkcs11h_certificate_serializeCertificateId
pkcs11h_engine_setSystem
pkcs11h_getMessage
pkcs11h_initialize
pkcs11h_logout
pkcs11h_openssl_createSession
pkcs11h_openssl_freeSession
pkcs11h_openssl_getX509
pkcs11h_openssl_session_getEVP
pkcs11h_openssl_session_getX509
pkcs11h_setForkMode
pkcs11h_setLogHook
pkcs11h_setLogLevel
pkcs11h_setPINCachePeriod
pkcs11h_setPINPromptHook
pkcs11h_setProtectedAuthentication
pkcs11h_setTokenPromptHook
pkcs11h_terminate

libssl-1_1-x64

BIO_f_ssl
OPENSSL_init_ssl
SSL_CIPHER_get_name
SSL_CIPHER_get_version
SSL_CTX_add_client_CA
SSL_CTX_check_private_key
SSL_CTX_ctrl
SSL_CTX_free
SSL_CTX_get0_certificate
SSL_CTX_get_cert_store
SSL_CTX_get_default_passwd_cb
SSL_CTX_get_default_passwd_cb_userdata
SSL_CTX_new
SSL_CTX_set_cipher_list
SSL_CTX_set_client_CA_list
SSL_CTX_set_default_passwd_cb
SSL_CTX_set_info_callback
SSL_CTX_set_options
SSL_CTX_set_security_level
SSL_CTX_set_verify
SSL_CTX_use_PrivateKey
SSL_CTX_use_RSAPrivateKey
SSL_CTX_use_certificate
SSL_alert_desc_string_long
SSL_alert_type_string_long
SSL_export_keying_material
SSL_free
SSL_get_cipher_list
SSL_get_current_cipher
SSL_get_ex_data
SSL_get_ex_data_X509_STORE_CTX_idx
SSL_get_peer_certificate
SSL_get_version
SSL_new
SSL_set_accept_state
SSL_set_bio
SSL_set_connect_state
SSL_set_ex_data
SSL_state_string_long
TLS_client_method
TLS_method
TLS_server_method

advapi32

CryptCreateHash
CryptDestroyHash
CryptGetHashParam
CryptReleaseContext
CryptSetHashParam
CryptSignHashA
InitializeSecurityDescriptor
RegCloseKey
RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExA
RegQueryValueExW
SetKernelObjectSecurity
SetSecurityDescriptorDacl

crypt32

CertCloseStore
CertFindCertificateInStore
CertFreeCertificateContext
CertOpenStore
CryptAcquireCertificatePrivateKey

fwpuclnt

FwpmEngineClose0
FwpmEngineOpen0
FwpmFilterAdd0
FwpmFreeMemory0
FwpmGetAppIdFromFileName0
FwpmSubLayerAdd0
FwpmSubLayerGetByKey0

iphlpapi

AddIPAddress
ConvertInterfaceIndexToLuid
CreateIpForwardEntry
DeleteIPAddress
DeleteIpForwardEntry
FlushIpNetTable
GetAdapterIndex
GetAdaptersInfo
GetBestInterfaceEx
GetBestRoute2
GetInterfaceInfo
GetIpForwardTable
GetIpInterfaceEntry
GetPerAdapterInfo
InitializeIpInterfaceEntry
IpReleaseAddress
IpRenewAddress
SetIpInterfaceEntry

kernel32

CancelIo
CloseHandle
CreateEventA
CreateFileA
CreateFileW
CreateProcessA
CreateProcessW
CreateSemaphoreA
DeleteCriticalSection
DeleteFileW
DeviceIoControl
DuplicateHandle
EnterCriticalSection
FormatMessageA
FormatMessageW
FreeLibrary
GetConsoleMode
GetConsoleTitleA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentVariableA
GetExitCodeProcess
GetFileType
GetLastError
GetModuleFileNameA
GetModuleFileNameW
GetNumberOfConsoleInputEvents
GetOverlappedResult
GetProcAddress
GetStartupInfoA
GetStartupInfoW
GetStdHandle
GetSystemTimeAsFileTime
GetTempPathW
GetTickCount
GetTimeZoneInformation
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryW
LocalFree
MultiByteToWideChar
QueryPerformanceCounter
ReadConsoleInputA
ReadConsoleW
ReadFile
ReleaseSemaphore
ResetEvent
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetConsoleCtrlHandler
SetConsoleMode
SetConsoleOutputCP
SetConsoleTitleA
SetEvent
SetFilePointer
SetLastError
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VerSetConditionMask
VerifyVersionInfoW
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WriteConsoleInputA
WriteFile

msvcrt

__C_specific_handler
__dllonexit
__iob_func
__lconv_init
__set_app_type
__setusermatherr
__wgetmainargs
__winitenv
_amsg_exit
_cexit
_chsize
_dup2
_errno
_exit
_fdopen
_fmode
_initterm
_lock
_onexit
_open_osfhandle
_snwprintf
_stricmp
_strnicmp
_unlock
_vsnprintf
_vsnwprintf
_waccess
_wchdir
_wcmdln
_wfopen
_wopen
abort
atoi
calloc
ctime
exit
fclose
fflush
fgetc
fgets
fopen
fprintf
fputc
free
fwprintf
fwrite
isalnum
isalpha
iscntrl
isprint
ispunct
isspace
isxdigit
malloc
mbstowcs
memcmp
memcpy
memmove
memset
printf
putchar
puts
qsort
raise
rand
realloc
setlocale
signal
srand
sscanf
strcat
strchr
strcmp
strcpy
strcspn
strerror
strlen
strncmp
strncpy
strrchr
strstr
strtok
strtol
tolower
toupper
vfprintf
wcscpy
wcstombs
_time64
_wstat64
_write
_strdup
_read
_open
_lseek
_dup2
_dup
_close

ncrypt

NCryptFreeObject
NCryptSignHash

user32

MessageBoxW

ws2_32

WSACleanup
WSAEnumNetworkEvents
WSAEventSelect
WSAGetLastError
WSAGetOverlappedResult
WSARecv
WSARecvFrom
WSASend
WSASendTo
WSASetLastError
WSAStartup
WSAWaitForMultipleEvents
accept
bind
closesocket
connect
freeaddrinfo
getaddrinfo
getnameinfo
getservbyname
getsockname
getsockopt
htonl
htons
inet_ntoa
inet_ntop
inet_pton
ioctlsocket
listen
ntohl
ntohs
recv
select
send
setsockopt
socket

Sections

.text
Size: 740KB - Virtual size: 739KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 182KB - Virtual size: 182KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 31KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d84488732e41a2a51934e05d5e22bbdb

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6aCertificate

Key Usages

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0fCertificate

Extended Key Usages

Key Usages

7b:0f:70:49:63:4b:d8:fd:7f:77:a5:80Certificate

Extended Key Usages

Key Usages

0c:a7:cf:5d:07:07:24:ac:89:e7:9a:3aCertificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:31:89:c6:50:04Certificate

Key Usages

2f:ef:5e:0d:57:51:2e:07:13:37:34:76:f6:9c:1c:e6:f5:72:a4:b5:7d:33:68:d1:57:4d:a4:25:62:93:0e:49Signer

Signature Validations

Verification

31/03/2020, 11:42 Valid: true

Chain 1

Chain 2

Headers

DLL Characteristics

File Characteristics

Imports

libcrypto-1_1-x64

liblzo2-2

libpkcs11-helper-1

libssl-1_1-x64

advapi32

crypt32

fwpuclnt

iphlpapi

kernel32

msvcrt

ncrypt

user32

ws2_32

Sections

.text Size: 740KB - Virtual size: 739KB

.data Size: 1024B - Virtual size: 784B

.rdata Size: 182KB - Virtual size: 182KB

.pdata Size: 35KB - Virtual size: 35KB

.xdata Size: 34KB - Virtual size: 34KB

.bss Size: - Virtual size: 31KB

.idata Size: 20KB - Virtual size: 20KB

.CRT Size: 512B - Virtual size: 104B

.tls Size: 512B - Virtual size: 104B

.rsrc Size: 1024B - Virtual size: 816B

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

7b:0f:70:49:63:4b:d8:fd:7f:77:a5:80
Certificate

0c:a7:cf:5d:07:07:24:ac:89:e7:9a:3a
Certificate

04:00:00:00:00:01:31:89:c6:50:04
Certificate

2f:ef:5e:0d:57:51:2e:07:13:37:34:76:f6:9c:1c:e6:f5:72:a4:b5:7d:33:68:d1:57:4d:a4:25:62:93:0e:49
Signer

31/03/2020, 11:42
Valid: true

.text
Size: 740KB - Virtual size: 739KB

.data
Size: 1024B - Virtual size: 784B

.rdata
Size: 182KB - Virtual size: 182KB

.pdata
Size: 35KB - Virtual size: 35KB

.xdata
Size: 34KB - Virtual size: 34KB

.bss
Size: - Virtual size: 31KB

.idata
Size: 20KB - Virtual size: 20KB

.CRT
Size: 512B - Virtual size: 104B

.tls
Size: 512B - Virtual size: 104B

.rsrc
Size: 1024B - Virtual size: 816B