cfaa965d4a0a0bafeeac69291511284e29747c0f67bdfbb264528f47fe0bca1a

Sharing

Copy URL Twitter E-mail

General

Target

cfaa965d4a0a0bafeeac69291511284e29747c0f67bdfbb264528f47fe0bca1a
Size

3.7MB
MD5

9120afde816a0172af6bc617b775ba0d
SHA1

f349ba0090dbf1e1d15d07a3c644df57a7c31447
SHA256

cfaa965d4a0a0bafeeac69291511284e29747c0f67bdfbb264528f47fe0bca1a
SHA512

45caa50cc9c98e863f626bf32d0892d645b3e84c6f7e9583c537b09446bf45926772d3e1205ebec23677e077590c9887b3aa1d6f309b5a6e06770677d0e472f5
SSDEEP

98304:ZTzGLaqc+U2IeoBkWoQP2UI2EZ2NpAtW6ENB:dWc+U25yJoQPlI2E0mE68

Score

1^/10

Malware Config

Signatures

Files

cfaa965d4a0a0bafeeac69291511284e29747c0f67bdfbb264528f47fe0bca1a
.exe windows x86

8d2cd9dce0359e2ab71ef91998c4cb76

Code Sign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

77:00:6a:fb:54:16:03:51:95:78:42:49
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

29/10/2018, 16:49

Not After

29/01/2022, 16:49

Subject

SERIALNUMBER=HRB 4920,CN=JAM Software GmbH,O=JAM Software GmbH,STREET=Am Wissenschaftspark 26,L=Trier,ST=Rheinland-Pfalz,C=DE,1.3.6.1.4.1.311.60.2.1.1=#1308576974746c696368,1.3.6.1.4.1.311.60.2.1.2=#130f526865696e6c616e642d5066616c7a,1.3.6.1.4.1.311.60.2.1.3=#13024445,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:a8:f7:25:76:dc:7b:14:7a:18:63:9e:8d:4d:eb:37
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

28/01/2021, 11:08

Not After

01/03/2032, 11:08

Subject

CN=Globalsign TSA for CodeSign1 - R6,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

9e:b4:89:16:01:20:f6:62:41:a4:cc:1c:c7:09:db:9d:67:23:df:d3:88:b5:39:0a:da:8c:73:dc:38:13:76:eb
Signer

Actual PE Digest

9e:b4:89:16:01:20:f6:62:41:a4:cc:1c:c7:09:db:9d:67:23:df:d3:88:b5:39:0a:da:8c:73:dc:38:13:76:eb

Digest Algorithm

sha256

PE Digest Matches

false

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=HRB 4920,CN=JAM Software GmbH,O=JAM Software GmbH,STREET=Am Wissenschaftspark 26,L=Trier,ST=Rheinland-Pfalz,C=DE,1.3.6.1.4.1.311.60.2.1.1=#1308576974746c696368,1.3.6.1.4.1.311.60.2.1.2=#130f526865696e6c616e642d5066616c7a,1.3.6.1.4.1.311.60.2.1.3=#13024445,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

29/11/2021, 11:26
Valid: true

Chain 1

SERIALNUMBER=HRB 4920,CN=JAM Software GmbH,O=JAM Software GmbH,STREET=Am Wissenschaftspark 26,L=Trier,ST=Rheinland-Pfalz,C=DE,1.3.6.1.4.1.311.60.2.1.1=#1308576974746c696368,1.3.6.1.4.1.311.60.2.1.2=#130f526865696e6c616e642d5066616c7a,1.3.6.1.4.1.311.60.2.1.3=#13024445,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

ole32

CoInitializeEx

oleaut32

SysFreeString

crypt32

CryptStringToBinaryA

user32

GetProcessWindowStation

Sections

.MPRESS1
Size: 3.6MB - Virtual size: 7.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8d2cd9dce0359e2ab71ef91998c4cb76

Code Sign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0fCertificate

Extended Key Usages

Key Usages

77:00:6a:fb:54:16:03:51:95:78:42:49Certificate

Extended Key Usages

Key Usages

01:a8:f7:25:76:dc:7b:14:7a:18:63:9e:8d:4d:eb:37Certificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51Certificate

Key Usages

9e:b4:89:16:01:20:f6:62:41:a4:cc:1c:c7:09:db:9d:67:23:df:d3:88:b5:39:0a:da:8c:73:dc:38:13:76:ebSigner

Signature Validations

Verification

29/11/2021, 11:26 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ole32

oleaut32

crypt32

user32

Sections

.MPRESS1 Size: 3.6MB - Virtual size: 7.1MB

.MPRESS2 Size: 3KB - Virtual size: 3KB

.rsrc Size: 82KB - Virtual size: 82KB

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

77:00:6a:fb:54:16:03:51:95:78:42:49
Certificate

01:a8:f7:25:76:dc:7b:14:7a:18:63:9e:8d:4d:eb:37
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

9e:b4:89:16:01:20:f6:62:41:a4:cc:1c:c7:09:db:9d:67:23:df:d3:88:b5:39:0a:da:8c:73:dc:38:13:76:eb
Signer

29/11/2021, 11:26
Valid: true

.MPRESS1
Size: 3.6MB - Virtual size: 7.1MB

.MPRESS2
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 82KB - Virtual size: 82KB