c4b108cb0a764c61f425e3c38d886b166cce2d6ddd8e2c2e78269bc42ebf3713

Sharing

Copy URL Twitter E-mail

General

Target

c4b108cb0a764c61f425e3c38d886b166cce2d6ddd8e2c2e78269bc42ebf3713
Size

516KB
MD5

bfdc3ee1144549fda0b145ada28ff7fc
SHA1

56acd98ef2143c7ee1fd79bf2695bb0e63394a7a
SHA256

c4b108cb0a764c61f425e3c38d886b166cce2d6ddd8e2c2e78269bc42ebf3713
SHA512

e111675d5e13753d2d815f288e104d793aae5c1ce4218dc18d637680c73027a94b6f7bce7c96e0353a449d50e290e5f075d3a1d39bae29b638367bf423fbcdb5
SSDEEP

12288:Ee6+1aFSTuFYxPJ7wHbl1Y/UHR8VQpbuMD28O5IzuIRsjhX6Ae:Eet1oSiihJ7wHY/UyabRD2H5KmK

Score

N/A

Malware Config

Signatures

Files

c4b108cb0a764c61f425e3c38d886b166cce2d6ddd8e2c2e78269bc42ebf3713
.exe windows x86

b1bb642a84be0967b8322e2d5ad437c7

Code Sign

62:60:a3:5c:a2:ed:3b:8c:b8:f2:de:ab:47:40:eb:36
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

25/01/2013, 00:00

Not After

26/03/2014, 23:59

Subject

CN=Source Medical Solutions Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Source Medical Solutions Inc.,L=Birmingham,ST=Alabama,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

a2:5d:87:39:8d:f3:8c:d1:9f:05:28:b1:6a:ed:33:61:fa:c1:a1:2f
Signer

Actual PE Digest

a2:5d:87:39:8d:f3:8c:d1:9f:05:28:b1:6a:ed:33:61:fa:c1:a1:2f

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Source Medical Solutions Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Source Medical Solutions Inc.,L=Birmingham,ST=Alabama,C=US

01/12/2022, 14:34
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_DEBUG_STRIPPED

Imports

user32

GetPropA
IsWinEventHookInstalled
GetSysColor
GetQueueStatus
IsWindowInDestroy
IsWindowUnicode
IsWindowVisible
LockWindowUpdate
BuildReasonArray
CascadeWindows
OpenClipboard
OemToCharW
GetTabbedTextExtentA
GetTabbedTextExtentW
OffsetRect
OpenInputDesktop
MonitorFromRect
TranslateMessage
MoveWindow
HideCaret
SetRectEmpty
IntersectRect
GetCaretPos
GetWindowWord
FlashWindow
ReleaseDC
GetAncestor
InsertMenuW
GetWindowRgn
IsWindowVisible
ShowCursor
GetWindowDC
GetWindowInfo
GetUpdateRect
GetUpdateRgn

polstore

IPSecCreateNFAData

esent

JetAddColumn
JetAttachDatabase
JetAttachDatabase2
JetEscrowUpdate
JetExternalRestore
JetExternalRestore2
JetGetColumnInfo
JetBackupInstance
JetBeginExternalBackup

kernel32

GetLastError
CreateFileA
GetWindowsDirectoryA
GetTickCount
IsValidLocale
EnterCriticalSection
InitializeCriticalSection
VirtualFree
VirtualAlloc
LocalFree
LocalAlloc
GetTickCount
_lread
GetVersion
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLastError
GetCommandLineA
FreeLibrary
FindFirstFileA
SearchPathA
ExitProcess
ExitThread
CreateThread
GetTempPathW
OpenThread
SetConsoleFont
SetCalendarInfoW
SetConsoleIcon
LeaveCriticalSection
MoveFileA
MoveFileExA

Sections

.text
Size: 15KB - Virtual size: 19KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 290KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 489KB - Virtual size: 496KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b1bb642a84be0967b8322e2d5ad437c7

Code Sign

62:60:a3:5c:a2:ed:3b:8c:b8:f2:de:ab:47:40:eb:36Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

a2:5d:87:39:8d:f3:8c:d1:9f:05:28:b1:6a:ed:33:61:fa:c1:a1:2fSigner

Signature Validations

Verification

01/12/2022, 14:34 Valid: false

Headers

File Characteristics

Imports

user32

polstore

esent

kernel32

Sections

.text Size: 15KB - Virtual size: 19KB

.data Size: 6KB - Virtual size: 290KB

.rsrc Size: 489KB - Virtual size: 496KB

62:60:a3:5c:a2:ed:3b:8c:b8:f2:de:ab:47:40:eb:36
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

a2:5d:87:39:8d:f3:8c:d1:9f:05:28:b1:6a:ed:33:61:fa:c1:a1:2f
Signer

01/12/2022, 14:34
Valid: false

.text
Size: 15KB - Virtual size: 19KB

.data
Size: 6KB - Virtual size: 290KB

.rsrc
Size: 489KB - Virtual size: 496KB