e779f0a53dea9bf2766201c4b23cc47524c1fd53

Sharing

Copy URL Twitter E-mail

General

Target

e779f0a53dea9bf2766201c4b23cc47524c1fd53
Size

1.1MB
MD5

af9fb71d21f2644eb505abaed20d5ff7
SHA1

e779f0a53dea9bf2766201c4b23cc47524c1fd53
SHA256

1c2872b03a665e5d2d44718925c6cd528f653e181790af14a8c19ff6f4cba99c
SHA512

c3c2f6e5ba4143c2a0e95abd7f38fdfa6262c6b191f37697489baed7f94fa1e928d65a93ba21105100587b5b1b46abc01c5c5e5ca035e03be1f44c6ddbb64bbb
SSDEEP

24576:DOvBMFuWyph0ebYKe7Bdq+Aqyh9AUSiKDQxeS8EgMkFkG1WpG+8JWkN:DOpm61MKeYqw9AViKDPS8EgMkFSpGHN

Score

1^/10

Malware Config

Signatures

Files

e779f0a53dea9bf2766201c4b23cc47524c1fd53
.exe windows x64

7b27eb7c3ed395769fef5917c515cdbf

Code Sign

36:00:00:01:a8:53:2b:d6:50:ab:ac:b9:53:00:02:00:00:01:a8
Certificate

Issuer

CN=AME CS CA 01,0.9.2342.19200300.100.1.25=#1303414d45,0.9.2342.19200300.100.1.25=#130347424c

Not Before

10/06/2022, 18:27

Not After

10/06/2023, 18:27

Subject

CN=Microsoft Azure Code Sign

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1f:00:00:00:51:ea:8f:f6:9c:73:0c:a8:3b:00:00:00:00:00:51
Certificate

Issuer

CN=ameroot,0.9.2342.19200300.100.1.25=#1303414d45,0.9.2342.19200300.100.1.25=#130347424c

Not Before

21/05/2021, 18:44

Not After

21/05/2026, 18:54

Subject

CN=AME CS CA 01,0.9.2342.19200300.100.1.25=#1303414d45,0.9.2342.19200300.100.1.25=#130347424c

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageOCSPSigning
ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

99:39:b0:3b:47:e4:0f:a0:e6:66:94:59:b4:76:8f:d6:e9:08:e5:d5:d4:6d:db:06:ea:2e:1e:b0:5c:74:24:7b
Signer

Actual PE Digest

99:39:b0:3b:47:e4:0f:a0:e6:66:94:59:b4:76:8f:d6:e9:08:e5:d5:d4:6d:db:06:ea:2e:1e:b0:5c:74:24:7b

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Azure Code Sign

16/03/2023, 15:35
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ws2_32

__WSAFDIsSet
WSACleanup
WSAStartup
WSAIoctl
WSASetLastError
socket
accept
setsockopt
ntohs
htons
htonl
listen
getaddrinfo
getsockopt
getsockname
getpeername
connect
recvfrom
bind
recv
WSAGetLastError
closesocket
WSAWaitForMultipleEvents
WSAResetEvent
WSAEventSelect
sendto
ioctlsocket
gethostname
WSAEnumNetworkEvents
WSACreateEvent
send
WSACloseEvent
select
freeaddrinfo

crypt32

CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertFindExtension
CertAddCertificateContextToStore
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryA
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore

normaliz

IdnToAscii

advapi32

CryptHashData
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptAcquireContextA
CryptCreateHash
CryptGetHashParam
CryptReleaseContext

kernel32

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
MoveFileExW
GetModuleHandleW
AreFileApisANSI
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
RemoveDirectoryW
GetFileInformationByHandle
GetFileAttributesExW
IsProcessorFeaturePresent
IsDebuggerPresent
GetCurrentThreadId
GetSystemTimeAsFileTime
FindNextFileW
FindFirstFileExW
FindClose
DeleteFileW
CreateFileW
CreateDirectoryW
GetCurrentProcessId
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
GetLastError
SetLastError
FormatMessageW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
SleepEx
QueryPerformanceFrequency
GetSystemDirectoryA
FreeLibrary
GetModuleHandleA
GetProcAddress
LoadLibraryA
QueryPerformanceCounter
GetTickCount
Sleep
MultiByteToWideChar
WideCharToMultiByte
MoveFileExA
CloseHandle
WaitForSingleObjectEx
GetEnvironmentVariableA
GetStdHandle
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
VerSetConditionMask
VerifyVersionInfoW
CreateFileA
GetFileSizeEx
InitializeSListHead

msvcp140

?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
_Xtime_get_ticks
_Query_perf_frequency
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
_Thrd_sleep
_Query_perf_counter
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
?_Execute_once@std@@YAHAEAUonce_flag@1@P6AHPEAX1PEAPEAX@Z1@Z
?id@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@2V0locale@2@A
?uncaught_exception@std@@YA_NXZ
?_Winerror_message@std@@YAKKPEADK@Z
?_Winerror_map@std@@YAHH@Z
?_Throw_C_error@std@@YAXH@Z
?_Syserror_map@std@@YAPEBDH@Z
_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_init_in_situ
_Mtx_unlock
?_Getcat@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?id@?$ctype@D@std@@2V0locale@2@A
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?tolower@?$ctype@D@std@@QEBADD@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAN@Z
_Strxfrm
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?id@?$collate@D@std@@2V0locale@2@A
_Strcoll
?tolower@?$ctype@D@std@@QEBAPEBDPEADPEBD@Z
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
??1_Locinfo@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?put@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEBA?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@AEAVios_base@2@DPEBUtm@@PEBD3@Z

bcrypt

BCryptGenRandom
BCryptOpenAlgorithmProvider
BCryptCloseAlgorithmProvider

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__std_exception_copy
_purecall
__std_terminate
strchr
memcpy
memset
strrchr
memmove
strstr
memcmp
memchr
__std_exception_destroy
__CxxFrameHandler3
__C_specific_handler
__current_exception
__current_exception_context
_CxxThrowException
__std_type_info_compare

api-ms-win-crt-heap-l1-1-0

calloc
free
realloc
_callnewh
malloc
_set_new_mode

api-ms-win-crt-time-l1-1-0

_localtime64_s
_time64
_gmtime64
_gmtime64_s
strftime

api-ms-win-crt-runtime-l1-1-0

strerror
_register_thread_local_exe_atexit_callback
__sys_errlist
_errno
_c_exit
__p___argv
_wassert
terminate
_invalid_parameter_noinfo_noreturn
__p___argc
_initialize_onexit_table
signal
exit
_beginthreadex
_exit
_initterm_e
_initterm
_get_initial_narrow_environment
_set_app_type
_seh_filter_exe
_cexit
_crt_atexit
_register_onexit_function
__sys_nerr
_initialize_narrow_environment
_configure_narrow_argv
_getpid

api-ms-win-crt-stdio-l1-1-0

_lseeki64
fflush
fwrite
fgetpos
setvbuf
ungetc
fsetpos
fread
_fseeki64
_get_stream_buffer_pointers
_set_fmode
__acrt_iob_func
__stdio_common_vfprintf
fputc
fgetc
__stdio_common_vsprintf
_close
__stdio_common_vsprintf_s
_write
_read
__p__commode
fputs
__stdio_common_vsscanf
feof
fseek
ftell
fopen
_open
fgets
fclose

api-ms-win-crt-filesystem-l1-1-0

_access
_stat64
_unlink
_fstat64
_unlock_file
_lock_file

api-ms-win-crt-math-l1-1-0

ceilf
_fdopen
_dclass
modf
__setusermatherr
pow

api-ms-win-crt-string-l1-1-0

strcpy
_strdup
strncmp
tolower
strlen
strcspn
isgraph
strncpy
strpbrk
strspn
strcmp

api-ms-win-crt-convert-l1-1-0

strtoll
wcstombs
atoi
strtol
strtoul

api-ms-win-crt-utility-l1-1-0

qsort
rand

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
_configthreadlocale

wldap32

ord301
ord45
ord211
ord60
ord217
ord143
ord50
ord200
ord41
ord22
ord30
ord79
ord35
ord46
ord33
ord32
ord27
ord26

libcrypto-1_1-x64

BN_set_word
CRYPTO_malloc
EVP_PKEY_new
EVP_PKEY_set1_RSA
RSA_pkey_ctx_ctrl
CRYPTO_strdup
EVP_PKEY_CTX_ctrl
BN_free
EC_GROUP_new_by_curve_name
EC_KEY_new
EC_KEY_set_group
EC_KEY_generate_key
EC_KEY_get0_public_key
EC_POINT_is_on_curve
EC_POINT_get_affine_coordinates
EC_KEY_get0_private_key
EC_POINT_new
EC_POINT_mul
EC_POINT_free
EC_GROUP_free
EC_KEY_free
EVP_aes_128_cfb128
EVP_aes_192_cfb128
EVP_aes_256_cfb128
EVP_EncryptInit_ex
EVP_EncryptUpdate
EVP_EncryptFinal_ex
ENGINE_load_builtin_engines
RAND_bytes
BN_num_bits
BN_bn2bin
EC_POINT_set_affine_coordinates
CRYPTO_free
EVP_PKEY_encrypt
EVP_PKEY_CTX_new
RAND_OpenSSL
RSA_set0_key
BN_bin2bn
EVP_CIPHER_CTX_new
RAND_set_rand_method
EVP_DecryptUpdate
EVP_aes_192_gcm
RAND_get_rand_method
EVP_DigestSignFinal
EVP_DecryptFinal_ex
ERR_get_error
EVP_PKEY_free
EVP_DecryptInit_ex
ERR_error_string
EVP_DigestSignInit
EVP_CIPHER_CTX_ctrl
EVP_aes_256_gcm
EVP_aes_128_gcm
EVP_PKEY_new_mac_key
EVP_CIPHER_CTX_free
X509_get_issuer_name
X509_getm_notAfter
PEM_read_bio_X509
BIO_write
X509_free
X509_NAME_oneline
ASN1_TIME_diff
BIO_new
BIO_s_mem
BIO_free
EVP_sha384
EVP_MD_size
EVP_MD_CTX_new
EVP_sha256
EVP_DigestUpdate
EVP_MD_CTX_free
EVP_DigestInit_ex
EVP_sha1
EVP_sha512
EVP_DigestFinal_ex
BN_new
EVP_PKEY_encrypt_init
EVP_PKEY_CTX_free
RSA_new
RSA_free
PEM_read_bio_PUBKEY
OPENSSL_init_crypto
PEM_write_bio_RSA_PUBKEY
RSA_generate_key_ex

api-ms-win-crt-environment-l1-1-0

getenv

tbs

Tbsip_Cancel_Commands
Tbsi_GetDeviceInfo
Tbsip_Context_Close
Tbsip_Submit_Command
Tbsi_Get_TCG_Log
Tbsi_Context_Create

Sections

.text
Size: 835KB - Virtual size: 835KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 171KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7b27eb7c3ed395769fef5917c515cdbf

Code Sign

36:00:00:01:a8:53:2b:d6:50:ab:ac:b9:53:00:02:00:00:01:a8Certificate

Extended Key Usages

Key Usages

1f:00:00:00:51:ea:8f:f6:9c:73:0c:a8:3b:00:00:00:00:00:51Certificate

Extended Key Usages

Key Usages

99:39:b0:3b:47:e4:0f:a0:e6:66:94:59:b4:76:8f:d6:e9:08:e5:d5:d4:6d:db:06:ea:2e:1e:b0:5c:74:24:7bSigner

Signature Validations

Verification

16/03/2023, 15:35 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

crypt32

normaliz

advapi32

kernel32

msvcp140

bcrypt

vcruntime140_1

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-locale-l1-1-0

wldap32

libcrypto-1_1-x64

api-ms-win-crt-environment-l1-1-0

tbs

Sections

.text Size: 835KB - Virtual size: 835KB

.rdata Size: 171KB - Virtual size: 171KB

.data Size: 25KB - Virtual size: 27KB

.pdata Size: 35KB - Virtual size: 34KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 2KB - Virtual size: 2KB

36:00:00:01:a8:53:2b:d6:50:ab:ac:b9:53:00:02:00:00:01:a8
Certificate

1f:00:00:00:51:ea:8f:f6:9c:73:0c:a8:3b:00:00:00:00:00:51
Certificate

99:39:b0:3b:47:e4:0f:a0:e6:66:94:59:b4:76:8f:d6:e9:08:e5:d5:d4:6d:db:06:ea:2e:1e:b0:5c:74:24:7b
Signer

16/03/2023, 15:35
Valid: false

.text
Size: 835KB - Virtual size: 835KB

.rdata
Size: 171KB - Virtual size: 171KB

.data
Size: 25KB - Virtual size: 27KB

.pdata
Size: 35KB - Virtual size: 34KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 2KB - Virtual size: 2KB