6e27c39025c57c74283f868d3a16568618ff3a32a0b7f23c4407cf637f70b65d

Sharing

Copy URL Twitter E-mail

General

Target

6e27c39025c57c74283f868d3a16568618ff3a32a0b7f23c4407cf637f70b65d
Size

143KB
MD5

1864ae9daff8319bd0af4056fcf2100d
SHA1

79c228b0a0885d387de0b54e68544a5773002180
SHA256

6e27c39025c57c74283f868d3a16568618ff3a32a0b7f23c4407cf637f70b65d
SHA512

15789dfcdff2012c20ada96d738ce9b108d923be1a39b1934abe8dc8cbdc80363f44619c4ebaba3c2fe16eae69789c43cff1a6a535c95f923da70706675ef87d
SSDEEP

3072:e/9mkC9Ch3G14DSwFwaD0m3aOQiwwPjS1PDm23dJRjrNhTyqsgx:mmNCh3GMJqOQiwwPjS1PtNJBNhGqsg

Score

N/A

Malware Config

Signatures

Files

6e27c39025c57c74283f868d3a16568618ff3a32a0b7f23c4407cf637f70b65d
.exe windows x64

ad274ca8c6107a7f80387c4fe4528e61

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

55:34:37:e0:01:24:58:16:fc:90:53:d9:1f:14:fa:d7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

05/12/2006, 00:00

Not After

16/12/2008, 23:59

Subject

CN=Samsung Electronics CO.\, LTD.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Computer System,O=Samsung Electronics CO.\, LTD.,L=Suwon,ST=Kyungki-Do,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

60:89:6a:94:c9:20:06:ae:19:3a:44:28:a7:f3:88:d3:f2:11:39:3b
Signer

Actual PE Digest

60:89:6a:94:c9:20:06:ae:19:3a:44:28:a7:f3:88:d3:f2:11:39:3b

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Samsung Electronics CO.\, LTD.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Computer System,O=Samsung Electronics CO.\, LTD.,L=Suwon,ST=Kyungki-Do,C=KR

28/11/2022, 11:52
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA
RegCreateKeyExA
RegCloseKey
GetTokenInformation
FreeSid
RegSetValueExA
EqualSid
RegDeleteValueA
AllocateAndInitializeSid
RegOpenKeyExA
RegEnumValueA
RegQueryValueExA
AddAccessAllowedAce
RegSetKeySecurity
GetLengthSid
RegDeleteKeyA
InitializeSecurityDescriptor
RegEnumKeyExA
SetSecurityDescriptorDacl
RegGetKeySecurity
InitializeAcl

kernel32

SetUnhandledExceptionFilter
GetProcAddress
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
EncodePointer
DecodePointer
FlsFree
SetLastError
FlsSetValue
FlsGetValue
GetLastError
GetCurrentThreadId
FlsAlloc
HeapSetInformation
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
LeaveCriticalSection
GetStartupInfoW
OutputDebugStringA
RtlUnwindEx
FreeLibrary
LoadLibraryA
InitializeCriticalSectionAndSpinCount
LoadLibraryW
GetCPInfo
GetACP
GetOEMCP
HeapFree
HeapAlloc
Sleep
LCMapStringW
MultiByteToWideChar
GetStringTypeW
HeapReAlloc
VirtualProtect
VirtualAlloc
SetThreadStackGuarantee
GetSystemInfo
VirtualQuery
CreateMutexA
CloseHandle
FindClose
GetFileAttributesA
DeleteFileA
FindFirstFileA
RemoveDirectoryA
FindNextFileA
GetModuleHandleA
SetFileAttributesA
MoveFileExA
WritePrivateProfileStringA
GetShortPathNameA
GetWindowsDirectoryA
CreateFileA
GetVersionExA
GetSystemDirectoryA
CreateFileW
WriteConsoleW
FlushFileBuffers
SetStdHandle
ReadFile
GetVersionExW
GetCommandLineA
EnterCriticalSection
GetConsoleMode
GetConsoleCP
SetFilePointer

user32

DialogBoxParamA
MessageBoxA
SetDlgItemTextA
GetDlgItem
EndDialog
ShowWindow
ExitWindowsEx
SetWindowTextA

setupapi

SetupFindNextLine
SetupCloseInfFile
SetupGetStringFieldA
SetupFindFirstLineA
SetupDiGetDeviceInstallParamsA
SetupDiGetDeviceRegistryPropertyA
SetupDiOpenClassRegKeyExA
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsA
SetupDiSetClassInstallParamsA
SetupDiCallClassInstaller
SetupOpenInfFileA
SetupDiEnumDeviceInfo
SetupPromptReboot
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailA

Sections

.text
Size: 86KB - Virtual size: 86KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ad274ca8c6107a7f80387c4fe4528e61

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bfCertificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

55:34:37:e0:01:24:58:16:fc:90:53:d9:1f:14:fa:d7Certificate

Extended Key Usages

Key Usages

60:89:6a:94:c9:20:06:ae:19:3a:44:28:a7:f3:88:d3:f2:11:39:3bSigner

Signature Validations

Verification

28/11/2022, 11:52 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

user32

setupapi

Sections

.text Size: 86KB - Virtual size: 86KB

.data Size: 6KB - Virtual size: 14KB

.pdata Size: 3KB - Virtual size: 2KB

.rsrc Size: 2KB - Virtual size: 2KB

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

55:34:37:e0:01:24:58:16:fc:90:53:d9:1f:14:fa:d7
Certificate

60:89:6a:94:c9:20:06:ae:19:3a:44:28:a7:f3:88:d3:f2:11:39:3b
Signer

28/11/2022, 11:52
Valid: false

.text
Size: 86KB - Virtual size: 86KB

.data
Size: 6KB - Virtual size: 14KB

.pdata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 2KB - Virtual size: 2KB