dca8a5bca4bdc3f389857a0c62c9bfe0420beb94f2feb71a08c0210fea390886

Sharing

Copy URL Twitter E-mail

General

Target

dca8a5bca4bdc3f389857a0c62c9bfe0420beb94f2feb71a08c0210fea390886
Size

86KB
MD5

36c156c33f623be18c41070245fcc945
SHA1

bacd41d0a669cb81187e589416ee809ca516366d
SHA256

dca8a5bca4bdc3f389857a0c62c9bfe0420beb94f2feb71a08c0210fea390886
SHA512

d0dde58e9d97deceba41d7aaa5502969ffc47b68e6eb80dc9555918a8691c773b16568c815e6a0db97b3792073d97dc25f8327e46b30f03b79a3854c095c8d8c
SSDEEP

1536:aYpMSZhUbtCGSKrTgkWr6cd6MQOiyQBSQlLKG8z4P8:bM8IwG4k7bBSQlLF8zM8

Score

N/A

Malware Config

Signatures

Files

dca8a5bca4bdc3f389857a0c62c9bfe0420beb94f2feb71a08c0210fea390886
.exe windows x86

e197f08762bd4eae1cb8dc5d6c3ec8a7

Code Sign

01:00:00:00:00:01:1c:51:f3:66:9d
Certificate

Issuer

CN=Cybertrust Educational CA,OU=Educational CA,O=Cybertrust,C=BE

Not Before

11/09/2008, 15:06

Not After

11/09/2011, 15:06

Subject

CN=ad-idmapp.cityofbristol.ac.uk,OU=ICLT,O=City of Bristol College,L=Bristol,ST=Bristol,C=GB

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment

04:00:03:fb
Certificate

Issuer

CN=GTE CyberTrust Global Root,OU=GTE CyberTrust Solutions\, Inc.,O=GTE Corporation,C=US

Not Before

14/03/2006, 20:30

Not After

14/03/2013, 23:59

Subject

CN=Cybertrust Educational CA,OU=Educational CA,O=Cybertrust,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

a4:d5:2b:f6:60:be:06:46:b7:ca:3d:04:76:ab:8c:22:8d:26:90:2a
Signer

Actual PE Digest

a4:d5:2b:f6:60:be:06:46:b7:ca:3d:04:76:ab:8c:22:8d:26:90:2a

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=ad-idmapp.cityofbristol.ac.uk,OU=ICLT,O=City of Bristol College,L=Bristol,ST=Bristol,C=GB

01/12/2022, 14:34
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateProcessA
SetCurrentDirectoryA
GetModuleFileNameA
GetSystemDirectoryA
Sleep
GetLastError
CreateMutexA
SetPriorityClass
GetThreadContext
GetCurrentThread
SetThreadPriority
WriteFile
lstrlenA
CreateFileA
lstrcatA
lstrcpyA
MoveFileExA
TerminateProcess
ReadProcessMemory
LoadLibraryA
FreeLibrary
VirtualAllocEx
WriteProcessMemory
VirtualProtectEx
SetThreadContext
ResumeThread
GetSystemDefaultLangID
CreateToolhelp32Snapshot
Process32First
Process32Next
CloseHandle
GetVersionExA
GetModuleHandleA
GetProcAddress
GetCurrentProcess
GetSystemInfo
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
SetStdHandle
GetStringTypeW
GetStringTypeA
GetOEMCP
GetACP
GetCPInfo
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
SetFilePointer
GetFileType
GetStdHandle
SetHandleCount
ReadFile
GetFileAttributesA
FlushFileBuffers
GetWindowsDirectoryA
GetModuleHandleW
GetCurrentProcessId
Process32NextW
Process32FirstW
ExitProcess
VirtualFree
VirtualAlloc
HeapFree
HeapAlloc
InterlockedDecrement
InterlockedIncrement
GetTimeZoneInformation
GetSystemTime
GetLocalTime
HeapReAlloc
GetStartupInfoA
GetCommandLineA
GetVersion
RtlUnwind
GetCurrentThreadId
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
GetEnvironmentVariableA
HeapDestroy
HeapCreate
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW

user32

wsprintfA
PostQuitMessage
GetSystemMetrics

advapi32

RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

ws2_32

closesocket
WSAStartup
inet_addr
send
connect
htons
socket
gethostbyname
recv

iphlpapi

GetAdaptersInfo

wininet

InternetOpenA
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
InternetReadFile
HttpQueryInfoA
InternetCloseHandle

shlwapi

PathRemoveFileSpecA

setupapi

SetupDiGetClassDevsA
SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceRegistryPropertyA
SetupDiDestroyDeviceInfoList

Sections

.text
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e197f08762bd4eae1cb8dc5d6c3ec8a7

Code Sign

01:00:00:00:00:01:1c:51:f3:66:9dCertificate

Key Usages

04:00:03:fbCertificate

Key Usages

a4:d5:2b:f6:60:be:06:46:b7:ca:3d:04:76:ab:8c:22:8d:26:90:2aSigner

Signature Validations

Verification

01/12/2022, 14:34 Valid: false

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ws2_32

iphlpapi

wininet

shlwapi

setupapi

Sections

.text Size: 52KB - Virtual size: 48KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 16KB - Virtual size: 24KB

.rsrc Size: 4KB - Virtual size: 2KB

01:00:00:00:00:01:1c:51:f3:66:9d
Certificate

04:00:03:fb
Certificate

a4:d5:2b:f6:60:be:06:46:b7:ca:3d:04:76:ab:8c:22:8d:26:90:2a
Signer

01/12/2022, 14:34
Valid: false

.text
Size: 52KB - Virtual size: 48KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 16KB - Virtual size: 24KB

.rsrc
Size: 4KB - Virtual size: 2KB