37F4B4C133F242CE403B6EA6D66182FF[.]fil

Sharing

Copy URL Twitter E-mail

General

Target

37F4B4C133F242CE403B6EA6D66182FF.fil
Size

5.4MB
MD5

37f4b4c133f242ce403b6ea6d66182ff
SHA1

6f3964526e54d50f7110e650c1b7562e9aac06a1
SHA256

ebc3d6aa442f33990c9e98783f7d8932fc2ff7129c731524988049361b5f82db
SHA512

d4eafc982fa9328ef8f37acbcd6c979a2deef9a8eb813485bc3cba0e46dfffad01e168e30d086687dc7cabfa9b546a584d2f9db8e4a9506854980eecabf27ab1
SSDEEP

49152:1CYxUxwWhKJDww+TeiYQ/qIZQQSYh3eEvP/Qyk3ejX2+DF9u1NHMH95QDa83smvo:VUTbXIszbQMC73sD2u0SE8x6bI

Score

N/A

Malware Config

Signatures

Files

37F4B4C133F242CE403B6EA6D66182FF.fil
.dll regsvr32 windows x64

295e77ae8c0fdb0897f095334cb54d8c

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:cf:d0:8a:3c:ee:97:36:73:d5:22:54:d4:32:ba:db
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

20/04/2022, 00:00

Not After

11/05/2023, 23:59

Subject

CN=Veriato\, Inc.,O=Veriato\, Inc.,L=Palm Beach Gardens,ST=Florida,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11/05/2022, 00:00

Not After

10/08/2033, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

0b:3d:eb:35:ba:0c:b7:65:41:42:ed:72:2e:23:b2:b9:41:db:23:8b
Signer

Actual PE Digest

0b:3d:eb:35:ba:0c:b7:65:41:42:ed:72:2e:23:b2:b9:41:db:23:8b

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Veriato\, Inc.,O=Veriato\, Inc.,L=Palm Beach Gardens,ST=Florida,C=US

15/12/2022, 13:55
Valid: true

Chain 1

CN=Veriato\, Inc.,O=Veriato\, Inc.,L=Palm Beach Gardens,ST=Florida,C=US

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

netapi32

DsRoleGetPrimaryDomainInformation

advapi32

RegEnumValueA
LookupAccountNameW
ConvertSidToStringSidW
AllocateAndInitializeSid
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetSecurityDescriptorSacl
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
LookupAccountSidA
GetTokenInformation
GetUserNameA
RegCreateKeyExA
RegDeleteValueA
GetSidLengthRequired
InitiateSystemShutdownA
CryptGenRandom
DuplicateToken
ImpersonateLoggedOnUser
SetEntriesInAclW
SetSecurityDescriptorGroup
MakeSelfRelativeSD
GetSecurityDescriptorLength
FreeSid
IsValidSecurityDescriptor
GetSecurityDescriptorControl
ConvertStringSecurityDescriptorToSecurityDescriptorA
SetSecurityDescriptorOwner
GetSecurityDescriptorSacl
RegQueryValueExW
RegEnumValueW
RegGetValueW
RegOpenKeyExW
RegDeleteKeyW
RegQueryInfoKeyW
RegSetValueExA
RegEnumKeyExA
RegDeleteKeyA
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
CryptCreateHash
CryptDestroyHash
CryptSignHashW
CryptEnumProvidersW

shlwapi

PathFileExistsA

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

psapi

GetModuleFileNameExA

gdi32

CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
GetStockObject
CreateDCA
DeleteDC
DeleteObject
GetDeviceCaps
SelectObject
CreateDIBSection
GdiFlush

wtsapi32

WTSRegisterSessionNotification
WTSQuerySessionInformationW
WTSFreeMemory

urlmon

CreateUri

user32

SetProcessWindowStation
CloseWindowStation
OpenWindowStationA
UnregisterClassA
wsprintfA
wsprintfW
PostThreadMessageA
GetSystemMetrics
GetForegroundWindow
EnumDisplaySettingsA
GetWindowTextLengthA
CharNextW
GetThreadDesktop
SetThreadDesktop
OpenInputDesktop
OpenDesktopA
EnumDisplayMonitors
GetWindowTextA
MapVirtualKeyExA
CloseDesktop
LoadStringA
ShutdownBlockReasonDestroy
ShutdownBlockReasonCreate
MsgWaitForMultipleObjects
UnregisterHotKey
RegisterHotKey
PeekMessageA
GetUserObjectInformationA
GetProcessWindowStation
LoadImageA
TrackPopupMenu
AppendMenuA
DestroyMenu
GetDC
ReleaseDC
GetWindowRect
GetUserObjectInformationW
MessageBoxW
CreatePopupMenu
ToAsciiEx
RegisterClassA
GetKeyboardLayout
EnumWindows
GetParent
GetKeyNameTextA
GetKeyState
GetKeyboardLayoutNameA
FindWindowA
DestroyIcon
LoadIconA
SetWindowLongPtrA
GetWindowLongPtrA
DestroyWindow
CreateWindowExA
RegisterClassExA
DefWindowProcA
DispatchMessageA
TranslateMessage
GetMessageA
SendMessageA
SetWindowTextA
SetPropA
SetForegroundWindow
SetDlgItemTextA
EndDialog
DialogBoxParamA
MapVirtualKeyA
IsWindow
PostMessageA
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExA
GetWindowThreadProcessId
KillTimer
SetTimer
LoadCursorA
SetCursor
MessageBoxA
GetCursorPos
GetClassNameA
GetDesktopWindow
CharPrevW

ws2_32

WSAStringToAddressA
closesocket
getaddrinfo
recv
send
shutdown
WSAGetLastError
inet_pton
inet_ntoa
freeaddrinfo
WSASetLastError
htonl

kernel32

UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
VirtualFree
VirtualAlloc
LoadLibraryExW
FreeLibraryAndExitThread
GetThreadTimes
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
SwitchToThread
SignalObjectAndWait
RtlPcToFileHeader
RtlUnwindEx
ExitThread
GetModuleHandleExW
GetDriveTypeW
GetFileInformationByHandle
GetFileType
ExitProcess
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetStdHandle
GetCurrentDirectoryW
SetStdHandle
SetConsoleCtrlHandler
FindFirstFileExA
IsValidCodePage
GetOEMCP
GetCommandLineW
FreeEnvironmentStringsW
SetEnvironmentVariableA
GetConsoleCP
GetConsoleMode
ReadConsoleW
WriteConsoleW
CreateDirectoryW
FlushConsoleInputBuffer
GlobalMemoryStatus
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
TlsFree
TlsSetValue
TlsGetValue
SetFileAttributesW
CreateTimerQueue
ReadConsoleInputA
GetEnvironmentStringsW
TlsAlloc
EncodePointer
GetExitCodeThread
GetCurrentThread
WaitNamedPipeA
GetFileAttributesA
LocalReAlloc
lstrlenA
TryEnterCriticalSection
AreFileApisANSI
HeapCreate
GetFullPathNameW
GetDiskFreeSpaceW
LockFile
GetLastError
SetLastError
GetComputerNameExA
GetComputerNameA
LocalFree
DecodePointer
RaiseException
InitializeCriticalSectionEx
DeleteCriticalSection
MultiByteToWideChar
WideCharToMultiByte
VerSetConditionMask
FlushFileBuffers
ReadFile
WriteFile
CloseHandle
ConnectNamedPipe
DisconnectNamedPipe
PeekNamedPipe
GetOverlappedResult
SetEvent
WaitForSingleObject
CreateEventA
WaitForMultipleObjects
GetTickCount
FreeLibrary
GetModuleFileNameA
GetProcAddress
LoadLibraryA
LocalAlloc
CallNamedPipeA
VerifyVersionInfoW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
ResetEvent
Sleep
GetCurrentThreadId
GetVersionExA
GetModuleHandleA
CreateFileA
DeviceIoControl
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
OpenFileMappingA
DeleteFileA
OutputDebugStringA
SetCurrentDirectoryA
GetCurrentDirectoryA
FindClose
FindFirstFileA
FindNextFileA
SetConsoleMode
GetFileSize
GetFileTime
SetEndOfFile
SetFileAttributesA
SetFilePointer
SetFileTime
SetThreadPriority
TerminateThread
ResumeThread
GetSystemDirectoryA
CopyFileA
MoveFileA
RemoveDirectoryA
TerminateProcess
OpenProcess
GetWindowsDirectoryA
ReleaseMutex
CreateMutexA
OpenMutexA
GetFileAttributesExA
GetCurrentProcessId
DisableThreadLibraryCalls
GetCommandLineA
CreateThread
InitializeCriticalSectionAndSpinCount
GetTempPathA
GetThreadId
GetSystemTimes
ProcessIdToSessionId
RegisterWaitForSingleObject
UnregisterWait
GetACP
GetLocalTime
FormatMessageA
CreateSemaphoreA
ExpandEnvironmentStringsA
CreateMutexW
CreateEventW
GetFileAttributesW
GetFileAttributesExW
DeleteFileW
GetCurrentProcess
GetProcessId
Process32NextW
CreateProcessW
SetWaitableTimer
CreateWaitableTimerW
CancelWaitableTimer
SetNamedPipeHandleState
CreateFileW
WaitNamedPipeW
SetFilePointerEx
CreateToolhelp32Snapshot
Process32FirstW
CreateNamedPipeW
DuplicateHandle
GetModuleFileNameW
GetModuleHandleW
CreateDirectoryA
GetDiskFreeSpaceA
GetDriveTypeA
GetFullPathNameA
HeapAlloc
HeapFree
GetProcessHeap
GetThreadPriority
GetSystemInfo
GetComputerNameW
VirtualProtect
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
SystemTimeToFileTime
GetTimeZoneInformation
GetSystemWow64DirectoryA
GetVersionExW
QueryPerformanceCounter
CreateFileMappingW
GetSystemTime
GetSystemTimeAsFileTime
LockFileEx
UnlockFile
HeapDestroy
HeapCompact
LoadLibraryW
HeapReAlloc
WaitForSingleObjectEx
FlushViewOfFile
OutputDebugStringW
FormatMessageW
HeapSize
HeapValidate
GetTempPathW
UnlockFileEx

ole32

CoInitializeEx
CoCreateInstance
CoInitialize
CoUninitialize
StringFromCLSID
CoTaskMemFree

shell32

Shell_NotifyIconA
SHGetMalloc
SHGetPathFromIDListA
ShellExecuteA
SHLoadInProc
SHGetSpecialFolderLocation
SHGetFolderPathA

oleaut32

VariantInit
SysAllocStringLen
SysAllocString
VariantClear
SysFreeString

crypt32

CertDuplicateCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertOpenStore
CertFreeCertificateContext
CertGetCertificateContextProperty
CertCloseStore

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
IAlloc
QueueMemory
WriteUserActivity

Sections

.text
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 360KB - Virtual size: 412KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 202KB - Virtual size: 201KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.shared
Size: 512B - Virtual size: 204B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

295e77ae8c0fdb0897f095334cb54d8c

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

03:cf:d0:8a:3c:ee:97:36:73:d5:22:54:d4:32:ba:dbCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43Certificate

Extended Key Usages

Key Usages

0b:3d:eb:35:ba:0c:b7:65:41:42:ed:72:2e:23:b2:b9:41:db:23:8bSigner

Signature Validations

Verification

15/12/2022, 13:55 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

netapi32

advapi32

shlwapi

version

psapi

gdi32

wtsapi32

urlmon

user32

ws2_32

kernel32

ole32

shell32

oleaut32

crypt32

Exports

Exports

Sections

.text Size: 3.4MB - Virtual size: 3.4MB

.rdata Size: 1.3MB - Virtual size: 1.3MB

.data Size: 360KB - Virtual size: 412KB

.pdata Size: 202KB - Virtual size: 201KB

.shared Size: 512B - Virtual size: 204B

.gfids Size: 3KB - Virtual size: 2KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 6KB - Virtual size: 6KB

.reloc Size: 38KB - Virtual size: 38KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

03:cf:d0:8a:3c:ee:97:36:73:d5:22:54:d4:32:ba:db
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

0b:3d:eb:35:ba:0c:b7:65:41:42:ed:72:2e:23:b2:b9:41:db:23:8b
Signer

15/12/2022, 13:55
Valid: true

.text
Size: 3.4MB - Virtual size: 3.4MB

.rdata
Size: 1.3MB - Virtual size: 1.3MB

.data
Size: 360KB - Virtual size: 412KB

.pdata
Size: 202KB - Virtual size: 201KB

.shared
Size: 512B - Virtual size: 204B

.gfids
Size: 3KB - Virtual size: 2KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 6KB - Virtual size: 6KB

.reloc
Size: 38KB - Virtual size: 38KB