Issuer
Not Before
31-05-2018 02:17
Not After
28-05-2028 02:17
Subject
Static task
static1
Behavioral task
behavioral1
Sample
b06e80c592478fcd240edfe7ff03a424237644ca0b3d9782f23a1e6dec0ed2b9.exe
Resource
win7-20221111-en
windows7-x64
7 signatures
150 seconds
Behavioral task
behavioral2
Sample
b06e80c592478fcd240edfe7ff03a424237644ca0b3d9782f23a1e6dec0ed2b9.exe
Resource
win10v2004-20220901-en
windows10-2004-x64
7 signatures
150 seconds
General
-
Target
b06e80c592478fcd240edfe7ff03a424237644ca0b3d9782f23a1e6dec0ed2b9
-
Size
710KB
-
MD5
ed69f75d301d5a8a809bc3c74eb7f5e8
-
SHA1
e2d6c9bbdfe23b299a424bbcba43e0d9a491e751
-
SHA256
b06e80c592478fcd240edfe7ff03a424237644ca0b3d9782f23a1e6dec0ed2b9
-
SHA512
33a62537c650c7c28e427f018df63a3191fc5843af911cb7faeee3a43ca5cff70f61e2b70d93c0c2687ff0eebf3d02ab7f192c3bcdd5a60762b5803bcc8ff1dd
-
SSDEEP
12288:zqjmCWSjYYrLo4sCONwJ61p4SHqbn3OAelodAbqYAauT:Ojw8olC/WpbHqbn34QGuT
Score
N/A
Malware Config
Signatures
Files
-
b06e80c592478fcd240edfe7ff03a424237644ca0b3d9782f23a1e6dec0ed2b9.exe windows x64
00b10074e1d24db844ebe3a9a091eca3
Code Sign
8d:06:bf:01:f8:21:b6:70Certificate
42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate
IssuerCN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SENot Before07-06-2005 08:09Not After30-05-2020 10:48SubjectCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USKey Usages
KeyUsageCertSign
KeyUsageCRLSign
62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19Certificate
IssuerCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USNot Before27-04-2011 00:00Not After30-05-2020 10:48SubjectCN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49Certificate
IssuerCN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GBNot Before02-05-2019 00:00Not After30-05-2020 10:48SubjectCN=Sectigo SHA-1 Time Stamping Signer,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
8d:06:bf:01:f8:21:b6:70Certificate
IssuerNot Before31-05-2018 02:17Not After28-05-2028 02:17Subject3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08Certificate
IssuerCN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBNot Before02-05-2019 00:00Not After01-08-2030 23:59SubjectCN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate
IssuerCN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=USNot Before02-05-2019 00:00Not After18-01-2038 23:59SubjectCN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
15:75:7c:34:cc:47:cc:0d:7e:09:ab:a7:76:16:cc:84:3b:44:b1:6c:c5:ba:0b:fb:6d:2e:ff:1a:28:c1:d5:e2Signer
Actual PE Digest15:75:7c:34:cc:47:cc:0d:7e:09:ab:a7:76:16:cc:84:3b:44:b1:6c:c5:ba:0b:fb:6d:2e:ff:1a:28:c1:d5:e2Digest Algorithmsha256PE Digest MatchestrueSignature Validations
TrustedfalseVerification
Signing Certificate28-09-2019 10:31 Valid: false
d9:13:0b:39:7c:f4:44:e8:a4:03:55:93:f9:a8:9f:52:ba:78:5a:01Signer
Actual PE Digestd9:13:0b:39:7c:f4:44:e8:a4:03:55:93:f9:a8:9f:52:ba:78:5a:01Digest Algorithmsha1PE Digest MatchestrueSignature Validations
TrustedfalseVerification
Signing Certificate28-09-2019 10:31 Valid: false
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
advapi32
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
OpenProcessToken
GetTokenInformation
RegCreateKeyExW
RegDeleteValueW
RegSetValueExW
comdlg32
GetOpenFileNameW
GetSaveFileNameW
ChooseColorW
psapi
GetProcessImageFileNameW
shlwapi
SHDeleteKeyW
kernel32
DeleteFileW
VerSetConditionMask
GetProcAddress
OpenProcess
GetCurrentProcess
GetCurrentProcessId
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
Sleep
MulDiv
lstrcpyW
LoadLibraryW
GetModuleFileNameW
SetPriorityClass
VerifyVersionInfoW
GetModuleHandleW
lstrlenW
GlobalReAlloc
GetLastError
lstrcpyA
lstrlenA
WideCharToMultiByte
ReleaseMutex
CreateMutexW
GetTempPathW
GetVersionExW
MultiByteToWideChar
CreateFileW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
FindClose
SetStdHandle
SetFilePointerEx
ReadFile
GetConsoleMode
GetConsoleCP
GetFileType
GetACP
WriteFile
GetStdHandle
GetModuleFileNameA
GetModuleHandleExW
ExitProcess
HeapFree
HeapReAlloc
HeapAlloc
MoveFileExW
GetFileAttributesExW
LoadLibraryExW
FreeLibrary
RtlUnwindEx
RaiseException
RtlPcToFileHeader
InitializeSListHead
GetCurrentThreadId
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WaitForSingleObjectEx
ResetEvent
GetCPInfo
LCMapStringW
CompareStringW
GetStringTypeW
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
SetLastError
DecodePointer
EncodePointer
SetEndOfFile
WritePrivateProfileSectionW
GetPrivateProfileSectionW
WritePrivateProfileStringW
GetPrivateProfileIntW
CreateEventW
GetTickCount
CloseHandle
WaitForSingleObject
SetEvent
CreateThread
GlobalFree
GlobalUnlock
GlobalLock
GlobalSize
GlobalAlloc
FindResourceW
SizeofResource
LoadResource
LockResource
FlushFileBuffers
WriteConsoleW
ReadConsoleW
HeapSize
GetProcessHeap
user32
FindWindowW
GetMenuDefaultItem
RegisterClassExW
PostQuitMessage
DispatchMessageW
TranslateMessage
GetMessageW
RegisterWindowMessageW
CallNextHookEx
SetForegroundWindow
RegisterShellHookWindow
BringWindowToTop
TrackPopupMenu
GetSubMenu
DestroyMenu
LoadMenuW
GetSystemMetrics
CallWindowProcW
SetWindowLongPtrW
GetWindowLongPtrW
GetSysColor
CreateDialogParamW
SetWindowsHookExW
UnhookWindowsHookEx
LoadStringW
RegisterRawInputDevices
GetRawInputData
ToAsciiEx
IsDialogMessageW
DrawTextA
GetDC
ReleaseDC
DefWindowProcW
SetMenuDefaultItem
CheckMenuItem
IsClipboardFormatAvailable
GetClipboardOwner
LockWindowUpdate
GetTabbedTextExtentW
GetWindowTextA
SetWindowTextA
SendMessageA
LoadIconW
LoadCursorW
SetCursor
RedrawWindow
GetWindowDC
UpdateWindow
KillTimer
SetTimer
ReleaseCapture
SetCapture
SetFocus
GetWindowTextW
DrawTextW
MoveWindow
ShowWindow
SetWindowPos
DestroyWindow
CreateWindowExW
DrawIconEx
PtInRect
FillRect
GetWindowRect
InvalidateRect
EnableWindow
EndDialog
SetWindowTextW
SendDlgItemMessageW
GetDlgItem
LoadImageW
FindWindowExW
WindowFromPoint
ScreenToClient
GetCursorPos
MessageBeep
MessageBoxW
GetClientRect
GetForegroundWindow
IsWindowUnicode
IsWindow
SendMessageW
GetGUIThreadInfo
GetWindowThreadProcessId
MapVirtualKeyExW
GetKeyboardLayout
GetKeyboardLayoutNameA
LoadKeyboardLayoutW
SendInput
VkKeyScanW
GetKeyboardState
GetAsyncKeyState
GetKeyState
PostMessageW
EmptyClipboard
GetClipboardFormatNameW
RegisterClipboardFormatW
GetClipboardData
SetClipboardData
CloseClipboard
OpenClipboard
CreateIconIndirect
DestroyIcon
DialogBoxParamW
gdi32
CreateFontW
DeleteDC
DeleteObject
AddFontMemResourceEx
SelectObject
SetBkMode
SetTextColor
CreateDIBSection
GetDeviceCaps
CreateSolidBrush
GetTextExtentPoint32W
SetBkColor
TextOutW
BitBlt
CreateCompatibleBitmap
CreatePen
GetStockObject
LineTo
Rectangle
MoveToEx
GetObjectW
GetTextExtentPoint32A
CreateCompatibleDC
shell32
Shell_NotifyIconW
ShellExecuteW
ole32
CoTaskMemFree
CoTaskMemAlloc
version
GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW
Sections
.text Size: 373KB - Virtual size: 373KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 155KB - Virtual size: 155KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 26KB - Virtual size: 71KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 21KB - Virtual size: 21KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.gfids Size: 512B - Virtual size: 316B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.tls Size: 512B - Virtual size: 9B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 115KB - Virtual size: 115KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ