ace3c5a4369335debae3c4ed9ada6087f5b781205d60f588dc651ef3f4e9303c

Sharing

Copy URL Twitter E-mail

General

Target

ace3c5a4369335debae3c4ed9ada6087f5b781205d60f588dc651ef3f4e9303c
Size

932KB
MD5

a3b2b0b247bda54f26ad3daa50c1fb76
SHA1

5fea296292091872121d9dda526919f1cec1e85f
SHA256

ace3c5a4369335debae3c4ed9ada6087f5b781205d60f588dc651ef3f4e9303c
SHA512

2a64a5e9c1045e6f4fd9df9a419897b4cf13ffad4d023b6e31a65e153e20a945b5e01b159d0e3417f2e24df1708426d154e443e54d1347bcb358fc40868d35bd
SSDEEP

24576:aYRkdvq87KAUMe0OSxzAi5kBdFuaUduq8UYEbDrQf4:TteDRkvMaUcq8UYE3rH

Score

N/A

Malware Config

Signatures

Files

ace3c5a4369335debae3c4ed9ada6087f5b781205d60f588dc651ef3f4e9303c
.exe windows x64

2b045bba316f5e065196dff94e4d9a78

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:c3:0f:fe:fc:22:bb:28:0f:96:fe:a7:52:51
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

16/03/2016, 00:00

Not After

16/03/2024, 00:00

Subject

CN=GlobalSign CodeSigning CA - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

30:aa:59:dd:71:8c:fb:de:16:3a:b8:21
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G3,O=GlobalSign nv-sa,C=BE

Not Before

26/02/2019, 19:41

Not After

26/02/2022, 19:10

Subject

CN=McAfee\, LLC,O=McAfee\, LLC,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

76:a3:c3:d3:ab:0c:3e:95:36:c5:06:ae
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

26/02/2019, 19:10

Not After

26/02/2022, 19:10

Subject

CN=McAfee\, LLC,O=McAfee\, LLC,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

50:67:fa:46:ce:6c:fe:95:15:a6:9e:b2
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

14/06/2018, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign TSA for Advanced - G3 - 003-02,O=GMO GlobalSign K.K.,C=JP

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

29/03/2029, 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

59:ad:aa:01:f6:ef:d3:4b:f6:d3:de:42:79:d5:15:45:b9:83:95:1f:cf:01:6b:4d:48:06:62:5d:9d:02:a6:bd
Signer

Actual PE Digest

59:ad:aa:01:f6:ef:d3:4b:f6:d3:de:42:79:d5:15:45:b9:83:95:1f:cf:01:6b:4d:48:06:62:5d:9d:02:a6:bd

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=McAfee\, LLC,O=McAfee\, LLC,L=Santa Clara,ST=California,C=US

18/11/2020, 21:35
Valid: true

Chain 1

CN=McAfee\, LLC,O=McAfee\, LLC,L=Santa Clara,ST=California,C=US

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

bc:e1:22:6d:49:1c:c2:db:36:e4:d6:2e:72:96:fb:7f:3b:6d:4b:bd
Signer

Actual PE Digest

bc:e1:22:6d:49:1c:c2:db:36:e4:d6:2e:72:96:fb:7f:3b:6d:4b:bd

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=McAfee\, LLC,O=McAfee\, LLC,L=Santa Clara,ST=California,C=US

18/11/2020, 21:35
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

crypt32

CertGetSubjectCertificateFromStore
CryptMsgGetParam
CryptMsgClose
CryptQueryObject
CertFreeCertificateChain
CertGetNameStringW
CertVerifyCertificateChainPolicy
CertGetCertificateChain
CertGetCertificateContextProperty
CryptDecodeObject
CertFreeCertificateContext
CertCloseStore

kernel32

K32EnumProcesses
QueryFullProcessImageNameW
TerminateProcess
GetCurrentProcess
FindClose
GetModuleFileNameW
GetFileAttributesW
FindNextFileW
CreateDirectoryW
OpenProcess
OutputDebugStringW
WideCharToMultiByte
MultiByteToWideChar
GetCurrentThreadId
GetProcAddress
GetModuleHandleW
LoadLibraryExW
LocalAlloc
lstrlenW
VerSetConditionMask
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
VerifyVersionInfoW
WriteConsoleW
ReadConsoleW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
GetCurrentProcessId
WTSGetActiveConsoleSessionId
LocalFree
FreeLibrary
CreateEventW
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
SetEvent
DecodePointer
DeleteCriticalSection
InitializeCriticalSectionEx
GetLastError
RaiseException
CloseHandle
MoveFileExW
ReadFile
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetFileSizeEx
GetTimeZoneInformation
GetFileType
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetSystemInfo
VirtualProtect
VirtualQuery
LoadLibraryExA
WaitForSingleObjectEx
Sleep
SwitchToThread
FormatMessageA
GetStringTypeW
TryEnterCriticalSection
QueryPerformanceCounter
QueryPerformanceFrequency
InitOnceBeginInitialize
InitOnceComplete
CreateFileW
DeleteFileW
FindFirstFileExW
RemoveDirectoryW
SetEndOfFile
SetFilePointerEx
AreFileApisANSI
SetLastError
RtlPcToFileHeader
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
IsDebuggerPresent
ResetEvent
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetStartupInfoW
InitializeSListHead
CreateTimerQueue
SignalObjectAndWait
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetCurrentThread
GetThreadTimes
FreeLibraryAndExitThread
GetModuleHandleA
GetVersionExW
VirtualAlloc
VirtualFree
DuplicateHandle
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
LoadLibraryW
RtlUnwindEx
ExitThread
GetModuleHandleExW
ExitProcess
GetStdHandle
WriteFile
RtlUnwind

user32

MsgWaitForMultipleObjects
DispatchMessageW
TranslateMessage
PeekMessageW

advapi32

RegDeleteKeyW
RegNotifyChangeKeyValue
RegOpenKeyExW
RegCloseKey
RegEnumKeyExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegSetValueExW
RegSetKeySecurity
RegGetKeySecurity
RegFlushKey
RegDeleteValueW
RegCreateKeyExW
FreeSid
RegQueryValueExW

shell32

SHGetSpecialFolderPathW
SHGetKnownFolderPath

ole32

CLSIDFromString
CoTaskMemFree
StringFromGUID2

shlwapi

PathFileExistsW
SHDeleteKeyW
StrRChrW

Sections

.text
Size: 668KB - Virtual size: 667KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2b045bba316f5e065196dff94e4d9a78

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

47:c3:0f:fe:fc:22:bb:28:0f:96:fe:a7:52:51Certificate

Extended Key Usages

Key Usages

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14Certificate

Extended Key Usages

Key Usages

30:aa:59:dd:71:8c:fb:de:16:3a:b8:21Certificate

Extended Key Usages

Key Usages

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cdCertificate

Extended Key Usages

Key Usages

76:a3:c3:d3:ab:0c:3e:95:36:c5:06:aeCertificate

Extended Key Usages

Key Usages

50:67:fa:46:ce:6c:fe:95:15:a6:9e:b2Certificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:31:89:c6:50:04Certificate

Key Usages

04:00:00:00:00:01:21:58:53:08:a2Certificate

Key Usages

59:ad:aa:01:f6:ef:d3:4b:f6:d3:de:42:79:d5:15:45:b9:83:95:1f:cf:01:6b:4d:48:06:62:5d:9d:02:a6:bdSigner

Signature Validations

Verification

18/11/2020, 21:35 Valid: true

Chain 1

bc:e1:22:6d:49:1c:c2:db:36:e4:d6:2e:72:96:fb:7f:3b:6d:4b:bdSigner

Signature Validations

Verification

18/11/2020, 21:35 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

crypt32

kernel32

user32

advapi32

shell32

ole32

shlwapi

Sections

.text Size: 668KB - Virtual size: 667KB

.rdata Size: 160KB - Virtual size: 159KB

.data Size: 29KB - Virtual size: 37KB

.pdata Size: 39KB - Virtual size: 38KB

_RDATA Size: 512B - Virtual size: 148B

.rsrc Size: 1024B - Virtual size: 840B

.reloc Size: 7KB - Virtual size: 6KB

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

47:c3:0f:fe:fc:22:bb:28:0f:96:fe:a7:52:51
Certificate

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

30:aa:59:dd:71:8c:fb:de:16:3a:b8:21
Certificate

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

76:a3:c3:d3:ab:0c:3e:95:36:c5:06:ae
Certificate

50:67:fa:46:ce:6c:fe:95:15:a6:9e:b2
Certificate

04:00:00:00:00:01:31:89:c6:50:04
Certificate

04:00:00:00:00:01:21:58:53:08:a2
Certificate

59:ad:aa:01:f6:ef:d3:4b:f6:d3:de:42:79:d5:15:45:b9:83:95:1f:cf:01:6b:4d:48:06:62:5d:9d:02:a6:bd
Signer

18/11/2020, 21:35
Valid: true

bc:e1:22:6d:49:1c:c2:db:36:e4:d6:2e:72:96:fb:7f:3b:6d:4b:bd
Signer

18/11/2020, 21:35
Valid: false

.text
Size: 668KB - Virtual size: 667KB

.rdata
Size: 160KB - Virtual size: 159KB

.data
Size: 29KB - Virtual size: 37KB

.pdata
Size: 39KB - Virtual size: 38KB

_RDATA
Size: 512B - Virtual size: 148B

.rsrc
Size: 1024B - Virtual size: 840B

.reloc
Size: 7KB - Virtual size: 6KB