ceed3bfc1f8ab82bebee93db7300cfed5bdc17fddd0401b8addbb55f48bedff3[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

ceed3bfc1f8ab82bebee93db7300cfed5bdc17fddd0401b8addbb55f48bedff3.exe
Size

1.0MB
MD5

fec0717a617d46fc8211ea893478c8e0
SHA1

26fdf09712a7fe567eac5c57702f535a0a5b7955
SHA256

ceed3bfc1f8ab82bebee93db7300cfed5bdc17fddd0401b8addbb55f48bedff3
SHA512

787d9c81adcb5a63671efe203b154fb916ae43b28369d6e72abc7880ba9c5a7671800e39dd99e08fe8e352dde4084177108db2d84a17fbbe11e1aac5f2e05e8c
SSDEEP

24576:xUzrYO5dkMxkKmzTk50aSdjVeszpojB0CAfkmh3U4A2K8ASRNbpMf5o5JWweon:xykM7KTkXSdvzpojZmJUj+g5oWweon

Score

N/A

Malware Config

Signatures

Files

ceed3bfc1f8ab82bebee93db7300cfed5bdc17fddd0401b8addbb55f48bedff3.exe
.exe windows x86

183938668ab3224cfaf4850d7aef7fe5

Code Sign

33:00:00:02:52:8b:33:aa:f8:95:f3:39:db:00:00:00:00:02:52
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:32

Not After

01/09/2022, 18:32

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:46:d4:3c:dd:10:72:e6:5a:f9:34:ad:1a:5c:82:90:84:40:91:6a:b0:0b:91:6d:67:07:e3:f6:eb:de:13:20
Signer

Actual PE Digest

01:46:d4:3c:dd:10:72:e6:5a:f9:34:ad:1a:5c:82:90:84:40:91:6a:b0:0b:91:6d:67:07:e3:f6:eb:de:13:20

Digest Algorithm

sha256

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

01/12/2022, 14:34
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileMappingW
MapViewOfFile
AreFileApisANSI
ReadFile
TryEnterCriticalSection
HeapCreate
HeapFree
EnterCriticalSection
GetFullPathNameW
GetDiskFreeSpaceW
OutputDebugStringA
LockFile
LeaveCriticalSection
InitializeCriticalSection
SetFilePointer
GetFullPathNameA
SetEndOfFile
UnlockFileEx
GetFileAttributesW
GetCurrentThreadId
HeapValidate
HeapSize
MultiByteToWideChar
GetTempPathA
FormatMessageW
GetDiskFreeSpaceA
GetFileAttributesA
GetFileAttributesExW
OutputDebugStringW
FlushViewOfFile
WaitForSingleObjectEx
HeapReAlloc
GetSystemInfo
LoadLibraryW
HeapAlloc
HeapCompact
HeapDestroy
UnlockFile
CreateFileMappingA
LockFileEx
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
SystemTimeToFileTime
FreeLibrary
WideCharToMultiByte
GetSystemTimeAsFileTime
GetSystemTime
GetFileSize
QueryPerformanceCounter
FlushFileBuffers
FindFirstFileW
FindNextFileW
K32GetModuleFileNameExW
InitializeCriticalSectionEx
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
RaiseException
DecodePointer
ExpandEnvironmentStringsW
FindClose
GetDriveTypeW
GetFileTime
SetLastError
QueryPerformanceFrequency
WriteConsoleW
SetStdHandle
FindNextFileA
FindFirstFileExA
SetFileAttributesA
DeleteFileA
SetFileAttributesW
OpenProcess
GetModuleHandleA
DuplicateHandle
CreateMutexW
IsWow64Process
CreateProcessA
GetProcAddress
LoadLibraryA
FileTimeToSystemTime
Sleep
GetTempPathW
VirtualAlloc
GetCurrentProcess
VirtualFree
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
GetTimeZoneInformation
SetFilePointerEx
GetConsoleCP
CreateFileW
UnmapViewOfFile
GetTempFileNameW
CopyFileW
LocalFree
DeleteFileW
CreateFileA
lstrlenA
ExpandEnvironmentStringsA
WriteFile
GetComputerNameW
GetLocalTime
GetLastError
GetTickCount
CreateThread
CloseHandle
TerminateThread
ReleaseMutex
FormatMessageA
WaitForSingleObject
ReadConsoleW
GetConsoleMode
GetFileType
CreatePipe
GetExitCodeProcess
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetACP
GetCommandLineW
GetCommandLineA
GetModuleFileNameA
GetStdHandle
FreeLibraryAndExitThread
ExitThread
CreateProcessW
GetModuleHandleExW
ExitProcess
GetModuleFileNameW
LoadLibraryExW
RtlUnwind
EncodePointer
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
SetEvent
ResetEvent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
InterlockedPushEntrySList

user32

ReleaseDC
GetDC
GetSystemMetrics

gdi32

BitBlt
CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
DeleteObject

advapi32

RegGetValueA
SystemFunction036
GetSidSubAuthorityCount
GetSidSubAuthority
OpenProcessToken
GetUserNameW
GetTokenInformation
RegDeleteKeyValueW
RegGetValueW

shell32

SHGetSpecialFolderPathW

ole32

CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
CreateStreamOnHGlobal
CoCreateInstance
CoUninitialize

oleaut32

VariantInit
VariantClear

iphlpapi

GetIpAddrTable

crypt32

CryptUnprotectData

esent

JetRetrieveColumn
JetEndSession
JetSetSystemParameterA
JetGetRecordSize
JetCloseDatabase
JetCloseTable
JetBeginSessionA
JetTerm
JetCreateInstanceA
JetDetachDatabaseW
JetOpenDatabaseW
JetGetColumnInfoA
JetOpenTableA
JetAttachDatabaseW
JetInit
JetMove

gdiplus

GdipSaveImageToStream
GdipGetImageEncodersSize
GdipFree
GdipCreateBitmapFromHBITMAP
GdiplusStartup
GdiplusShutdown
GdipGetImageEncoders
GdipCloneImage
GdipDisposeImage
GdipAlloc

wininet

InternetReadFile
InternetOpenUrlA
HttpOpenRequestW
InternetOpenW
InternetQueryOptionW
HttpQueryInfoA
InternetCrackUrlW
InternetCloseHandle
HttpSendRequestW
InternetConnectW
InternetSetOptionW
InternetOpenA

Sections

.text
Size: 838KB - Virtual size: 838KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 155KB - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

183938668ab3224cfaf4850d7aef7fe5

Code Sign

33:00:00:02:52:8b:33:aa:f8:95:f3:39:db:00:00:00:00:02:52Certificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

01:46:d4:3c:dd:10:72:e6:5a:f9:34:ad:1a:5c:82:90:84:40:91:6a:b0:0b:91:6d:67:07:e3:f6:eb:de:13:20Signer

Signature Validations

Verification

01/12/2022, 14:34 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

iphlpapi

crypt32

esent

gdiplus

wininet

Sections

.text Size: 838KB - Virtual size: 838KB

.rdata Size: 155KB - Virtual size: 154KB

.data Size: 15KB - Virtual size: 24KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 34KB - Virtual size: 33KB

33:00:00:02:52:8b:33:aa:f8:95:f3:39:db:00:00:00:00:02:52
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

01:46:d4:3c:dd:10:72:e6:5a:f9:34:ad:1a:5c:82:90:84:40:91:6a:b0:0b:91:6d:67:07:e3:f6:eb:de:13:20
Signer

01/12/2022, 14:34
Valid: false

.text
Size: 838KB - Virtual size: 838KB

.rdata
Size: 155KB - Virtual size: 154KB

.data
Size: 15KB - Virtual size: 24KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 34KB - Virtual size: 33KB