a95ce284875645f9a3d03d5df48b51a04f6933b2cf10a[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

a95ce284875645f9a3d03d5df48b51a04f6933b2cf10a.exe
Size

5.8MB
MD5

d00f2fedb3b345812dbeb9931d4806b6
SHA1

361648d679b3c2f8957fa45c2f29fe922204f542
SHA256

a95ce284875645f9a3d03d5df48b51a04f6933b2cf10aff3cb0a094fb1e3f89d
SHA512

be65349f5f85026fe4e1892b90d7f11f3a9e39440fb821391e67c4776aa638cb6086952adb719d223180f1cc345deb6977c882141afc31baab2b47aad539bcda
SSDEEP

98304:omyYbPZoUnM0BznCOKDxRWxnvNWJAq6R+Yxkzi0os:fZMcu0xVWJiVp0os

Score

1^/10

Malware Config

Signatures

Files

a95ce284875645f9a3d03d5df48b51a04f6933b2cf10a.exe
.exe windows x86

c7c88a9f12777d4c1f156ccc8f276fa1

Code Sign

52:8f:25:04:b0:47:de:95:02:dc:96:f5:41:d7:00:fb
Certificate

Issuer

CN=COMODO RSA Extended Validation Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

17-08-2020 00:00

Not After

17-08-2023 23:59

Subject

SERIALNUMBER=J01 /1128 /2004,CN=OPTIMAL PROGRAMS SRL,O=OPTIMAL PROGRAMS SRL,POSTALCODE=515600,STREET=Str. Strandului 5,L=Cugir,ST=Alba,C=RO,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#1302524f

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6d:d4:72:eb:02:ae:04:06:e3:dd:84:3f:5f:e1:45:e1
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03-12-2014 00:00

Not After

02-12-2029 23:59

Subject

CN=COMODO RSA Extended Validation Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

56:5e:ad:d0:3c:16:1c:04:35:c1:3f:71:67:40:bb:40:44:e3:b1:35
Signer

Actual PE Digest

56:5e:ad:d0:3c:16:1c:04:35:c1:3f:71:67:40:bb:40:44:e3:b1:35

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=J01 /1128 /2004,CN=OPTIMAL PROGRAMS SRL,O=OPTIMAL PROGRAMS SRL,POSTALCODE=515600,STREET=Str. Strandului 5,L=Cugir,ST=Alba,C=RO,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#1302524f

01-02-2023 12:01
Valid: true

Chain 1

SERIALNUMBER=J01 /1128 /2004,CN=OPTIMAL PROGRAMS SRL,O=OPTIMAL PROGRAMS SRL,POSTALCODE=515600,STREET=Str. Strandului 5,L=Cugir,ST=Alba,C=RO,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#1302524f

CN=COMODO RSA Extended Validation Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

AcquireSRWLockExclusive
CreateEventA
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

oleaut32

GetErrorInfo

user32

GetForegroundWindow
CharUpperBuffW

bcrypt

BCryptGenRandom

msvcrt

__dllonexit

Sections

.text
Size: - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.-dO
Size: - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.W!D
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.col
Size: 5.7MB - Virtual size: 5.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c7c88a9f12777d4c1f156ccc8f276fa1

Code Sign

52:8f:25:04:b0:47:de:95:02:dc:96:f5:41:d7:00:fbCertificate

Extended Key Usages

Key Usages

6d:d4:72:eb:02:ae:04:06:e3:dd:84:3f:5f:e1:45:e1Certificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

56:5e:ad:d0:3c:16:1c:04:35:c1:3f:71:67:40:bb:40:44:e3:b1:35Signer

Signature Validations

Verification

01-02-2023 12:01 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

oleaut32

user32

bcrypt

msvcrt

Sections

.text Size: - Virtual size: 260KB

.data Size: - Virtual size: 152B

.rdata Size: - Virtual size: 1.2MB

.eh_fram Size: - Virtual size: 23KB

.bss Size: - Virtual size: 1KB

.idata Size: - Virtual size: 4KB

.CRT Size: - Virtual size: 64B

.tls Size: - Virtual size: 32B

.-dO Size: - Virtual size: 2.6MB

.W!D Size: 1KB - Virtual size: 1KB

.col Size: 5.7MB - Virtual size: 5.7MB

.reloc Size: 2KB - Virtual size: 1KB

.rsrc Size: 75KB - Virtual size: 74KB

52:8f:25:04:b0:47:de:95:02:dc:96:f5:41:d7:00:fb
Certificate

6d:d4:72:eb:02:ae:04:06:e3:dd:84:3f:5f:e1:45:e1
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

56:5e:ad:d0:3c:16:1c:04:35:c1:3f:71:67:40:bb:40:44:e3:b1:35
Signer

01-02-2023 12:01
Valid: true

.text
Size: - Virtual size: 260KB

.data
Size: - Virtual size: 152B

.rdata
Size: - Virtual size: 1.2MB

.eh_fram
Size: - Virtual size: 23KB

.bss
Size: - Virtual size: 1KB

.idata
Size: - Virtual size: 4KB

.CRT
Size: - Virtual size: 64B

.tls
Size: - Virtual size: 32B

.-dO
Size: - Virtual size: 2.6MB

.W!D
Size: 1KB - Virtual size: 1KB

.col
Size: 5.7MB - Virtual size: 5.7MB

.reloc
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 75KB - Virtual size: 74KB