afc0f80d1bc8bc52d02665d0926371fc95da59acfa309cd612ff3e3023151226

Sharing

Copy URL Twitter E-mail

General

Target

afc0f80d1bc8bc52d02665d0926371fc95da59acfa309cd612ff3e3023151226
Size

3.0MB
MD5

36e5516f7b67ea92789fe5764bf885db
SHA1

6a64cc236433be3c40aeedc6408f0c6206be07f1
SHA256

afc0f80d1bc8bc52d02665d0926371fc95da59acfa309cd612ff3e3023151226
SHA512

52b5d348954ca53edf59ef4b07f53abb4aa00f7e5a8709aba8f81486185b37a53622eb55db5d439ecf407cd89a2f023fff7969673a6b857d7f8f70c8e15ed017
SSDEEP

49152:Dy3TeqYKC5as8SdkvX1IZeUqIeAnB78I+J0c1yr0FpgAS/zyG4v6:YpC5QAo1IZeUqIeAdD

Score

N/A

Malware Config

Signatures

Files

afc0f80d1bc8bc52d02665d0926371fc95da59acfa309cd612ff3e3023151226
.exe windows x86

db3a530af3ace1917643ebd939081e9b

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:34:99:e1:10:4f:5e:75:e7:21:a7:f1:54:73:bb:1f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

16/10/2019, 00:00

Not After

20/10/2022, 12:00

Subject

CN=AVG Technologies USA\, LLC,OU=RE 999,O=AVG Technologies USA\, LLC,L=Newton,ST=North Carolina,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

87:f4:d1:16:e3:bf:4f:d0:f3:df:91:ae:30:15:e2:e7:77:0b:e2:00:16:74:2d:1a:c1:03:e9:14:66:f0:d5:02
Signer

Actual PE Digest

87:f4:d1:16:e3:bf:4f:d0:f3:df:91:ae:30:15:e2:e7:77:0b:e2:00:16:74:2d:1a:c1:03:e9:14:66:f0:d5:02

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=AVG Technologies USA\, LLC,OU=RE 999,O=AVG Technologies USA\, LLC,L=Newton,ST=North Carolina,C=US

14/06/2021, 14:26
Valid: true

Chain 1

CN=AVG Technologies USA\, LLC,OU=RE 999,O=AVG Technologies USA\, LLC,L=Newton,ST=North Carolina,C=US

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

rpcrt4

RpcStringBindingComposeW
RpcSsDestroyClientContext
UuidToStringW
RpcBindingFromStringBindingW
RpcStringFreeW
RpcStringBindingParseW
NdrClientCall2
NdrAsyncServerCall
NdrServerCall2
NdrAsyncClientCall
RpcAsyncCancelCall
UuidFromStringW
RpcBindingFree
RpcMgmtEpEltInqDone
RpcIfInqId
RpcMgmtEpEltInqBegin
RpcMgmtEpEltInqNextW
RpcAsyncInitializeHandle
RpcAsyncCompleteCall
UuidCreate
I_RpcBindingInqLocalClientPID
RpcRevertToSelf
RpcImpersonateClient
RpcServerUnregisterIf
RpcServerRegisterIf2
RpcObjectSetType
RpcServerUseProtseqEpW
RpcEpRegisterW
RpcEpUnregister
RpcBindingToStringBindingW

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

ntdll

NtClose
NtSystemDebugControl
RtlDllShutdownInProgress
RtlUnwind
VerSetConditionMask
RtlNtStatusToDosError
NtSetInformationThread

kernel32

CreateFileW
DeviceIoControl
GetProcessHeap
SetDllDirectoryW
GetCommandLineW
GetCurrentProcessId
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapFree
HeapAlloc
GetProcessId
GetCurrentProcess
GetEnvironmentVariableW
SetEnvironmentVariableW
CreateThread
VerifyVersionInfoW
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
GetSystemDirectoryW
LoadLibraryW
GetFileAttributesW
GetModuleFileNameW
GetSystemTimeAsFileTime
GetCurrentThreadId
OutputDebugStringW
DeleteFileW
CreateProcessW
WaitForSingleObject
GetExitCodeProcess
FindFirstFileW
ReadProcessMemory
GetModuleHandleExW
CheckRemoteDebuggerPresent
VirtualProtect
FlushInstructionCache
RaiseException
FindClose
MultiByteToWideChar
Sleep
SetEvent
SetErrorMode
SetUnhandledExceptionFilter
AddVectoredExceptionHandler
RemoveVectoredExceptionHandler
VirtualQuery
GetTickCount
CreateEventW
QueryFullProcessImageNameW
K32GetProcessMemoryInfo
OpenThread
GetThreadPriority
GetThreadTimes
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetProcessHandleCount
TerminateProcess
TlsFree
TlsAlloc
TlsSetValue
TlsGetValue
GetNativeSystemInfo
DuplicateHandle
GetSystemTimes
GetProcessTimes
InitializeCriticalSectionEx
HeapSize
HeapReAlloc
DecodePointer
HeapDestroy
GetModuleFileNameA
SizeofResource
LockResource
LoadResource
FindResourceExW
FindResourceW
ResetEvent
ProcessIdToSessionId
SetLastError
WaitForMultipleObjects
GetCurrentThread
UnregisterWaitEx
CancelIoEx
ReadDirectoryChangesW
WriteConsoleW
IsDebuggerPresent
RegisterWaitForSingleObject
SetThreadPriority
GetTickCount64
InitializeCriticalSectionAndSpinCount
TerminateThread
ResumeThread
LocalFree
QueryPerformanceFrequency
QueryPerformanceCounter
QueryThreadCycleTime
CompareStringW
LockFileEx
SetFilePointerEx
UnlockFileEx
GetFileSizeEx
CloseHandle
WriteFile
SetEndOfFile
OpenProcess
FlushFileBuffers
GetFileInformationByHandle
GetFullPathNameW
OutputDebugStringA
FileTimeToSystemTime
CreateDirectoryW
FindNextFileW
ExpandEnvironmentStringsW
SetFileAttributesW
SetFileInformationByHandle
MoveFileExW
SetFilePointer
GetDriveTypeW
GetDiskFreeSpaceExW
K32GetMappedFileNameW
GetCurrentDirectoryW
GetWindowsDirectoryW
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
GetVolumePathNameW
GetVolumeNameForVolumeMountPointW
FindFirstVolumeW
QueryDosDeviceW
FindNextVolumeW
GetVolumePathNamesForVolumeNameW
FindVolumeClose
GlobalMemoryStatusEx
SystemTimeToTzSpecificLocalTime
GetSystemInfo
GetVersionExW
GetProcessAffinityMask
GetLongPathNameW
VirtualAlloc
VirtualFree
GetExitCodeThread
GetFileSize
SetFileTime
FindFirstFileExW
LCMapStringEx
EncodePointer
SleepConditionVariableCS
WakeConditionVariable
InitializeConditionVariable
GetProcAddress
FreeLibrary
GetModuleHandleW
GetLastError
LoadLibraryExW
WideCharToMultiByte
GetCPInfo
InitializeSListHead
UnhandledExceptionFilter
IsProcessorFeaturePresent
GetStartupInfoW
InterlockedPushEntrySList
ExitThread
FreeLibraryAndExitThread
SetStdHandle
GetFileType
GetStdHandle
ExitProcess
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetConsoleOutputCP
GetConsoleMode
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetTimeZoneInformation
ReadConsoleW
GetVersion
PeekNamedPipe
ReadFile
TryEnterCriticalSection
InitializeSRWLock
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockShared
ReleaseSRWLockExclusive
WaitForSingleObjectEx
FormatMessageA
GetStringTypeW

user32

GetGUIThreadInfo
IsHungAppWindow
RegisterClassExW
GetClassInfoExW
SetWindowLongW
SendMessageW
GetSystemMetrics
LoadStringW
RegisterWindowMessageW
PostMessageW

advapi32

CryptReleaseContext
CryptGenRandom
CryptAcquireContextW
RegEnumKeyW
RegQueryInfoKeyW
RegDeleteKeyW
RegEnumKeyExW
RegSetValueExW
RegDeleteValueW
RegEnumValueW
FreeSid
AddAce
InitializeAcl
GetLengthSid
AllocateAndInitializeSid
ImpersonateSelf
AdjustTokenPrivileges
LookupPrivilegeValueW
CheckTokenMembership
DuplicateToken
EqualSid
OpenProcessToken
GetTokenInformation
RegNotifyChangeKeyValue
RegQueryMultipleValuesW
RegCloseKey
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
OpenThreadToken
RevertToSelf

shell32

SHGetFolderPathW
ord165

ole32

OleInitialize
OleUninitialize
CoCreateGuid

powrprof

CallNtPowerInformation

shlwapi

PathFindFileNameW
PathAppendW
PathRemoveFileSpecW

Exports

Exports

asw_process_storage_allocate_connector
asw_process_storage_deallocate_connector
on_avast_dll_unload
onexit_register_connector_avast_2

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 563KB - Virtual size: 563KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 397KB - Virtual size: 409KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 125KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

db3a530af3ace1917643ebd939081e9b

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

07:34:99:e1:10:4f:5e:75:e7:21:a7:f1:54:73:bb:1fCertificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

87:f4:d1:16:e3:bf:4f:d0:f3:df:91:ae:30:15:e2:e7:77:0b:e2:00:16:74:2d:1a:c1:03:e9:14:66:f0:d5:02Signer

Signature Validations

Verification

14/06/2021, 14:26 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

rpcrt4

wtsapi32

ntdll

kernel32

user32

advapi32

shell32

ole32

powrprof

shlwapi

Exports

Exports

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rdata Size: 563KB - Virtual size: 563KB

.data Size: 397KB - Virtual size: 409KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 125KB - Virtual size: 125KB

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

07:34:99:e1:10:4f:5e:75:e7:21:a7:f1:54:73:bb:1f
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

87:f4:d1:16:e3:bf:4f:d0:f3:df:91:ae:30:15:e2:e7:77:0b:e2:00:16:74:2d:1a:c1:03:e9:14:66:f0:d5:02
Signer

14/06/2021, 14:26
Valid: true

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 563KB - Virtual size: 563KB

.data
Size: 397KB - Virtual size: 409KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 125KB - Virtual size: 125KB