b8df94ce84201b17684e0d368ed38024

Sharing

Copy URL Twitter E-mail

General

Target

b8df94ce84201b17684e0d368ed38024
Size

111KB
MD5

b8df94ce84201b17684e0d368ed38024
SHA1

a9b253479a1723875711ea68059d890154119459
SHA256

0c69fd9be0cc9fadacff2c0bacf59dab6d935b02b5b8d2c9cb049e9545bb55ce
SHA512

2eaffe17d83289a2ca431736516cdba7cb4bc3de48d1abd591def6987a8c2b19745332bdd011fde0429966fb1ea2136a47f4f4dde9f7195e247d982055577c20
SSDEEP

3072:El75L8SybTMAu9PO3mAIthrslnSXIy9qxJVVhs54EJ:8eSATMAu9m3mAIthrsdzpJRHU

Score

1^/10

Malware Config

Signatures

Files

b8df94ce84201b17684e0d368ed38024
.exe windows x64

a4552be67139c60ab336f67a72cd6784

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

81:86:31:11:0b:5d:14:33:1d:ac:7e:6a:d9:98:b9:02
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

21/10/2019, 00:00

Not After

20/10/2020, 23:59

Subject

CN=2 TOY GUYS LLC,O=2 TOY GUYS LLC,POSTALCODE=33314,STREET=4735 Orange Drive,L=Davie,ST=Florida,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d6:33:13:7d:13:26:13:d1:55:9c:3e:28:cb:1a:8e:2a:52:4e:de:b9
Signer

Actual PE Digest

d6:33:13:7d:13:26:13:d1:55:9c:3e:28:cb:1a:8e:2a:52:4e:de:b9

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=2 TOY GUYS LLC,O=2 TOY GUYS LLC,POSTALCODE=33314,STREET=4735 Orange Drive,L=Davie,ST=Florida,C=US

21/08/2020, 00:59
Valid: true

Chain 1

CN=2 TOY GUYS LLC,O=2 TOY GUYS LLC,POSTALCODE=33314,STREET=4735 Orange Drive,L=Davie,ST=Florida,C=US

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

CreateFileA
GetFileSize
WriteFile
ReadFile
SetLastError
CloseHandle
LocalAlloc
LocalFree
GetTickCount
WaitForSingleObject
GetLogicalDrives
GetFileAttributesA
GetLastError
GetLocalTime
GetTempPathA
VirtualAlloc
CreateFileW
LCMapStringW
MultiByteToWideChar
WriteConsoleW
SetStdHandle
HeapReAlloc
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetConsoleMode
VirtualFree
DeleteCriticalSection
GlobalFree
EnterCriticalSection
LeaveCriticalSection
Sleep
GlobalAlloc
CreateThread
GetConsoleCP
WideCharToMultiByte
SetFilePointer
HeapSize
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
HeapCreate
GetVersion
HeapSetInformation
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameW
GetStdHandle
RtlUnwindEx
FlushFileBuffers
GetProcAddress
GetModuleHandleW
ExitProcess
DecodePointer
GetCommandLineW
GetStartupInfoW
RaiseException
RtlPcToFileHeader
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
HeapAlloc
HeapFree
EncodePointer
GetStringTypeW
FlsGetValue
FlsSetValue
FlsFree
GetCurrentThreadId
FlsAlloc
InitializeCriticalSectionAndSpinCount
LoadLibraryW

user32

DefWindowProcW
UpdateWindow
CreateWindowExW
ShowWindow
RegisterClassExW
LoadAcceleratorsW
DispatchMessageW
wsprintfW
SendMessageA
PostQuitMessage
GetMessageW
TranslateAcceleratorW
TranslateMessage
wsprintfA

advapi32

CryptDestroyHash
CryptDecrypt
CryptCreateHash
CryptEncrypt
CryptReleaseContext
CryptDeriveKey
CryptAcquireContextW
CryptHashData

oleaut32

SystemTimeToVariantTime

wininet

InternetOpenW
HttpSendRequestExA
DeleteUrlCacheEntryW
InternetQueryDataAvailable
InternetCrackUrlW
InternetReadFile
InternetConnectW
InternetWriteFile
InternetSetOptionW
HttpQueryInfoW
HttpOpenRequestW
HttpAddRequestHeadersA
InternetCanonicalizeUrlW
HttpEndRequestW
InternetCloseHandle

wtsapi32

WTSEnumerateSessionsW

Sections

.text
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a4552be67139c60ab336f67a72cd6784

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

81:86:31:11:0b:5d:14:33:1d:ac:7e:6a:d9:98:b9:02Certificate

Extended Key Usages

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

d6:33:13:7d:13:26:13:d1:55:9c:3e:28:cb:1a:8e:2a:52:4e:de:b9Signer

Signature Validations

Verification

21/08/2020, 00:59 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

oleaut32

wininet

wtsapi32

Sections

.text Size: 69KB - Virtual size: 69KB

.rdata Size: 21KB - Virtual size: 21KB

.data Size: 6KB - Virtual size: 15KB

.pdata Size: 4KB - Virtual size: 3KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

81:86:31:11:0b:5d:14:33:1d:ac:7e:6a:d9:98:b9:02
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

d6:33:13:7d:13:26:13:d1:55:9c:3e:28:cb:1a:8e:2a:52:4e:de:b9
Signer

21/08/2020, 00:59
Valid: true

.text
Size: 69KB - Virtual size: 69KB

.rdata
Size: 21KB - Virtual size: 21KB

.data
Size: 6KB - Virtual size: 15KB

.pdata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB