849a0eece9aa9033041f6e855510d8fd88f1125057a8740f408622c43cfc5df7

Sharing

Copy URL Twitter E-mail

General

Target

849a0eece9aa9033041f6e855510d8fd88f1125057a8740f408622c43cfc5df7
Size

339KB
MD5

bb1cccb5654937345a33f9dbc9d93edc
SHA1

b120f02913bc731a0036cb6f361e790626f8b5e5
SHA256

849a0eece9aa9033041f6e855510d8fd88f1125057a8740f408622c43cfc5df7
SHA512

b31bbe4971a6c0c74ed2183f9e11a55f173a28c281f52dd1a4ac141fefac96539157fe2fb46c57143b3589b0201c36e020ba34da271c4da20a4b814920cf0b2b
SSDEEP

6144:GVeaRFShnNyuVcWYzoLuo+LfgWE84qhGqCNvRf1:GQaXyVVYv9kWq6qNpf1

Score

N/A

Malware Config

Signatures

Files

849a0eece9aa9033041f6e855510d8fd88f1125057a8740f408622c43cfc5df7
.exe windows x86

a34d730dfaee01c0d6dbc7623856b5b3

Code Sign

bf:f3:78:52:6b:73:05:c0
Certificate

Issuer

CN=Being the bosom lover of my lord

Not Before

07/12/2010, 13:23

Not After

02/09/2013, 13:23

Subject

CN=Being the bosom lover of my lord

6b:2e:43:cb:f9:fd:5e:9e:d2:04:45:40:fb:88:6b:8a:74:31:9f:72
Signer

Actual PE Digest

6b:2e:43:cb:f9:fd:5e:9e:d2:04:45:40:fb:88:6b:8a:74:31:9f:72

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Being the bosom lover of my lord

28/11/2022, 11:52
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpyW
OpenProcess
GetCurrentProcess
GetProcessVersion
GetSystemTime
OpenJobObjectW
GetProcessPriorityBoost
GetFileSize
LoadLibraryA
CreateEventA
GetModuleFileNameW
GetCurrentThread
GetCurrentThreadId
GetCurrentProcessId
VirtualAlloc
WaitForSingleObject
GetProcAddress
IsBadReadPtr
VirtualProtectEx
VirtualFree
GetModuleHandleA
Sleep
SystemTimeToFileTime

user32

DestroyWindow
GetProcessWindowStation
IsWindow
GetMessageExtraInfo
GetShellWindow
DispatchMessageA
TranslateMessage
GetMessageA
UpdateWindow
ShowWindow
MessageBoxA
CreateWindowExA
RegisterClassExA
LoadCursorA
LoadIconA

Sections

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 335KB - Virtual size: 334KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a34d730dfaee01c0d6dbc7623856b5b3

Code Sign

bf:f3:78:52:6b:73:05:c0Certificate

6b:2e:43:cb:f9:fd:5e:9e:d2:04:45:40:fb:88:6b:8a:74:31:9f:72Signer

Signature Validations

Verification

28/11/2022, 11:52 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

Sections

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 1.0MB

.text Size: 335KB - Virtual size: 334KB

.rsrc Size: 512B - Virtual size: 436B

bf:f3:78:52:6b:73:05:c0
Certificate

6b:2e:43:cb:f9:fd:5e:9e:d2:04:45:40:fb:88:6b:8a:74:31:9f:72
Signer

28/11/2022, 11:52
Valid: false

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 1.0MB

.text
Size: 335KB - Virtual size: 334KB

.rsrc
Size: 512B - Virtual size: 436B