b7d62d4dbd6b05d4f35c641de52eaf79538d1aa82a0dff1b3f46d5863584bc19

Sharing

Copy URL Twitter E-mail

General

Target

b7d62d4dbd6b05d4f35c641de52eaf79538d1aa82a0dff1b3f46d5863584bc19
Size

4.2MB
MD5

227131d06f162ef63c4a019c19609011
SHA1

945b7b0082882a287a09340541dae5182c2c0814
SHA256

b7d62d4dbd6b05d4f35c641de52eaf79538d1aa82a0dff1b3f46d5863584bc19
SHA512

598828817a9265d4ea29e77932a4333ee3c86bd8d620328967f4178579dc0803d683663b7fdd374dee9c6f33fa261341f95b5476103bb1c382f17d5ea5ddc2e2
SSDEEP

98304:61oF4bh42SzvSEE2WdLTN4+QvI+UymaBBHWQvpr:MF4lvSn32TUyjBMi

Score

1^/10

Malware Config

Signatures

Files

b7d62d4dbd6b05d4f35c641de52eaf79538d1aa82a0dff1b3f46d5863584bc19
.exe windows x86

ee884255cd12252de5cb60241fb1daa8

Code Sign

7f:ef:f5:b1:22:e3:85:8a:6f:c1:e7:9b:da:49:90:5f
Certificate

Issuer

CN=522303292b2005041027200a5d5d12051031230d161c143d24542553452740323d28,POSTALCODE=10305,ST=0b1c1115005f5c4e16070b061d170a03165d111c0016+ST=0b1c1115494a5c11101704105c1f07410b17550d0e1c0c5a070a090e025212541c510f17091909155406121d141b0850180d0a16140e53100100171b1d12055b0c0b0a070b

Not Before

10/05/2023, 23:48

Not After

09/05/2024, 23:48

Subject

CN=522303292b2005041027200a5d5d12051031230d161c143d24542553452740323d28,POSTALCODE=10305,ST=0b1c1115005f5c4e16070b061d170a03165d111c0016+ST=0b1c1115494a5c11101704105c1f07410b17550d0e1c0c5a070a090e025212541c510f17091909155406121d141b0850180d0a16140e53100100171b1d12055b0c0b0a070b

8a:ed:30:d3:37:82:4f:65:bd:52:1a:66:da:74:b0:37:ad:df:ad:5c:dd:fa:9a:44:02:65:7f:b8:5c:87:11:e3
Signer

Actual PE Digest

8a:ed:30:d3:37:82:4f:65:bd:52:1a:66:da:74:b0:37:ad:df:ad:5c:dd:fa:9a:44:02:65:7f:b8:5c:87:11:e3

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=522303292b2005041027200a5d5d12051031230d161c143d24542553452740323d28,POSTALCODE=10305,ST=0b1c1115005f5c4e16070b061d170a03165d111c0016+ST=0b1c1115494a5c11101704105c1f07410b17550d0e1c0c5a070a090e025212541c510f17091909155406121d141b0850180d0a16140e53100100171b1d12055b0c0b0a070b

03/05/2023, 12:01
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetDefaultCommConfigA
SetLocaleInfoA
EnumCalendarInfoA
AllocConsole
GetConsoleAliasExesLengthA
InterlockedIncrement
GetProfileSectionA
GetUserDefaultLCID
GetModuleHandleW
GetTickCount
ReadConsoleW
TzSpecificLocalTimeToSystemTime
GetDriveTypeA
SetHandleCount
AllocateUserPhysicalPages
GlobalAlloc
GetPrivateProfileIntA
AddRefActCtx
SetFileShortNameW
LoadLibraryW
GetCalendarInfoW
SetVolumeMountPointA
GetFileAttributesA
GetFileAttributesW
WriteConsoleW
GetModuleFileNameW
CreateFileW
GetVolumePathNameA
FindNextVolumeMountPointW
GetStringTypeExA
GlobalFix
ReleaseActCtx
SetLastError
GetProcAddress
CreateJobSet
MoveFileW
RemoveDirectoryA
SetComputerNameA
SearchPathA
GetTempFileNameA
LoadLibraryA
SetCalendarInfoW
FindFirstVolumeMountPointW
BeginUpdateResourceA
AddAtomA
GlobalWire
FindNextFileA
CreateIoCompletionPort
lstrcatW
FreeEnvironmentStringsW
GetConsoleTitleW
GetCurrentDirectoryA
EnumDateFormatsW
CompareStringA
SetThreadAffinityMask
FileTimeToLocalFileTime
MoveFileWithProgressW
DebugBreak
EnumSystemLocalesW
AreFileApisANSI
DeleteFileA
GetVolumeNameForVolumeMountPointA
GetProfileIntA
InterlockedDecrement
EncodePointer
DecodePointer
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
HeapFree
ExitProcess
GetCommandLineA
HeapSetInformation
GetStartupInfoW
RaiseException
RtlUnwind
HeapAlloc
WideCharToMultiByte
LCMapStringW
MultiByteToWideChar
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
IsProcessorFeaturePresent
HeapCreate
HeapSize
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetCurrentThreadId
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW
WriteFile
GetStdHandle
GetModuleFileNameA
GetEnvironmentStringsW
GetFileType
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeW
HeapReAlloc
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetFilePointer
CloseHandle
SetStdHandle

advapi32

ReadEventLogW

Sections

.text
Size: 106KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4.0MB - Virtual size: 4.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sarapuc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 104KB - Virtual size: 4.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ee884255cd12252de5cb60241fb1daa8

Code Sign

7f:ef:f5:b1:22:e3:85:8a:6f:c1:e7:9b:da:49:90:5fCertificate

8a:ed:30:d3:37:82:4f:65:bd:52:1a:66:da:74:b0:37:ad:df:ad:5c:dd:fa:9a:44:02:65:7f:b8:5c:87:11:e3Signer

Signature Validations

Verification

03/05/2023, 12:01 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

Sections

.text Size: 106KB - Virtual size: 106KB

.data Size: 4.0MB - Virtual size: 4.2MB

.sarapuc Size: 6KB - Virtual size: 5KB

.rsrc Size: 104KB - Virtual size: 4.8MB

7f:ef:f5:b1:22:e3:85:8a:6f:c1:e7:9b:da:49:90:5f
Certificate

8a:ed:30:d3:37:82:4f:65:bd:52:1a:66:da:74:b0:37:ad:df:ad:5c:dd:fa:9a:44:02:65:7f:b8:5c:87:11:e3
Signer

03/05/2023, 12:01
Valid: false

.text
Size: 106KB - Virtual size: 106KB

.data
Size: 4.0MB - Virtual size: 4.2MB

.sarapuc
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 104KB - Virtual size: 4.8MB