b06ca47eee5e35d0e3c2e672e3d7bff0454fa248094b84da93c253e4b089bfdd

Sharing

Copy URL Twitter E-mail

General

Target

b06ca47eee5e35d0e3c2e672e3d7bff0454fa248094b84da93c253e4b089bfdd
Size

551KB
MD5

af82309a5c58d2bef4f8f6f79d9f9994
SHA1

455694702a35fbc7d0287e48dfde0a1f5dc0ef47
SHA256

b06ca47eee5e35d0e3c2e672e3d7bff0454fa248094b84da93c253e4b089bfdd
SHA512

4d17dd56ab3dc1eaf6dd9cc6859eb392c61ad6b5a3d66f9f10385c6bd34f3ff3968f49a6f349b4179aab589261e4f46f6efaea0c7476fceabf37edac2c9da78f
SSDEEP

6144:eRaqOGcC3rV3dcDj7IRiCTJRqfWkslsohykWeA/4/vaeTTBCHg:eRaqOyViD4R5wFs2or2g

Score

N/A

Malware Config

Signatures

Files

b06ca47eee5e35d0e3c2e672e3d7bff0454fa248094b84da93c253e4b089bfdd
.exe windows x64

ae5f7ea0bee146558dd83f2e5ca24968

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:eb:5e:56:05:63:c1:06:7e:c4:9f:ed:35:26:9b:bd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

09/08/2017, 00:00

Not After

13/08/2020, 12:00

Subject

CN=Wargaming.net Limited,O=Wargaming.net Limited,L=Nicosia,C=CY,1.2.840.113549.1.9.1=#0c14646f6d61696e4077617267616d696e672e6e6574

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

9d:58:1c:50:bd:ff:b8:c5:8b:68:89:72:9f:2c:7c:c8:07:7c:1a:cf
Signer

Actual PE Digest

9d:58:1c:50:bd:ff:b8:c5:8b:68:89:72:9f:2c:7c:c8:07:7c:1a:cf

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Wargaming.net Limited,O=Wargaming.net Limited,L=Nicosia,C=CY,1.2.840.113549.1.9.1=#0c14646f6d61696e4077617267616d696e672e6e6574

28/05/2020, 17:29
Valid: true

Chain 1

CN=Wargaming.net Limited,O=Wargaming.net Limited,L=Nicosia,C=CY,1.2.840.113549.1.9.1=#0c14646f6d61696e4077617267616d696e672e6e6574

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

libcef

cef_v8context_get_current_context
cef_string_multimap_alloc
cef_string_multimap_free
cef_string_multimap_value
cef_string_multimap_key
cef_string_multimap_size
cef_string_map_append
cef_string_map_value
cef_string_multimap_append
cef_string_map_key
cef_string_map_size
cef_string_list_append
cef_string_list_value
cef_string_list_size
cef_string_map_free
cef_string_map_alloc
cef_v8value_create_function
cef_v8value_create_string
cef_v8value_create_int
cef_v8value_create_bool
cef_v8value_create_null
cef_process_message_create
cef_log
cef_api_hash
cef_execute_process
cef_post_task
cef_string_list_free
cef_string_list_alloc
cef_string_userfree_utf16_free
cef_string_utf16_to_utf8
cef_string_utf8_to_utf16
cef_string_utf16_cmp
cef_string_utf16_clear
cef_string_utf8_clear
cef_string_utf16_set

kernel32

CreateFileW
CloseHandle
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
HeapSize
GetProcessHeap
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
HeapReAlloc
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetFileType
HeapFree
HeapAlloc
GetACP
GetModuleHandleExW
ExitProcess
GetModuleFileNameW
WriteFile
GetStdHandle
LoadLibraryExW
FreeLibrary
RaiseException
RtlPcToFileHeader
RtlUnwindEx
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCPInfo
GetLocaleInfoW
LCMapStringW
GetProcAddress
GetModuleHandleW
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SwitchToThread
InitializeCriticalSectionAndSpinCount
DecodePointer
EncodePointer
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetStringTypeW
MultiByteToWideChar
WideCharToMultiByte
SetLastError
GetLastError
WriteConsoleW

Exports

Exports

AmdPowerXpressRequestHighPerformance
NvOptimusEnablement

Sections

.text
Size: 342KB - Virtual size: 341KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 168KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ae5f7ea0bee146558dd83f2e5ca24968

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

04:eb:5e:56:05:63:c1:06:7e:c4:9f:ed:35:26:9b:bdCertificate

Extended Key Usages

Key Usages

9d:58:1c:50:bd:ff:b8:c5:8b:68:89:72:9f:2c:7c:c8:07:7c:1a:cfSigner

Signature Validations

Verification

28/05/2020, 17:29 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

libcef

kernel32

Exports

Exports

Sections

.text Size: 342KB - Virtual size: 341KB

.rdata Size: 168KB - Virtual size: 168KB

.data Size: 6KB - Virtual size: 12KB

.pdata Size: 20KB - Virtual size: 19KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 6KB - Virtual size: 6KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

04:eb:5e:56:05:63:c1:06:7e:c4:9f:ed:35:26:9b:bd
Certificate

9d:58:1c:50:bd:ff:b8:c5:8b:68:89:72:9f:2c:7c:c8:07:7c:1a:cf
Signer

28/05/2020, 17:29
Valid: true

.text
Size: 342KB - Virtual size: 341KB

.rdata
Size: 168KB - Virtual size: 168KB

.data
Size: 6KB - Virtual size: 12KB

.pdata
Size: 20KB - Virtual size: 19KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 6KB - Virtual size: 6KB