10b854d66240d9ee1ce4296d2f7857d2b1c6f062ca836d13d777930d678b3ca6

Sharing

Copy URL Twitter E-mail

General

Target

10b854d66240d9ee1ce4296d2f7857d2b1c6f062ca836d13d777930d678b3ca6
Size

389KB
MD5

b70c2a572ed5e7289fa2f5828d6d08e5
SHA1

2174852b44a9ba965fd49a981a0febb656a93c6e
SHA256

10b854d66240d9ee1ce4296d2f7857d2b1c6f062ca836d13d777930d678b3ca6
SHA512

31218143ff29a2d14e965249af4d1061bc9c767df01de3da4cd35e7d5e6f0ab723c45e9f2592c79c66d14f8727600bda6d98a2df0cb17d823761e2bb3914d0ff
SSDEEP

6144:pnypNpfjtU033N+py2aGDzH8+N9JNuyGHMzTy1J:pnar7l33wp3aAcEJfGHfJ

Score

1^/10

Malware Config

Signatures

Files

10b854d66240d9ee1ce4296d2f7857d2b1c6f062ca836d13d777930d678b3ca6
.dll windows x86

3d5032378b9af0771d87f9e00f08f145

Code Sign

33:00:00:02:52:8b:33:aa:f8:95:f3:39:db:00:00:00:00:02:52
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:32

Not After

01/09/2022, 18:32

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

25:5d:76:9f:ec:cc:cb:3c:4c:cc:81:ad:07:36:f2:0f:83:2b:e1:33:2e:86:47:d2:2c:46:a1:1d:f2:d4:66:84
Signer

Actual PE Digest

25:5d:76:9f:ec:cc:cb:3c:4c:cc:81:ad:07:36:f2:0f:83:2b:e1:33:2e:86:47:d2:2c:46:a1:1d:f2:d4:66:84

Digest Algorithm

sha256

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

11/05/2023, 10:11
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

listen
recv
select
getsockname
connect
WSASendTo
WSASend
send
WSASetLastError
getservbyport
gethostbyaddr
htonl
getservbyname
inet_ntoa
inet_addr
htons
recvfrom
ioctlsocket
gethostbyname
WSAStartup
WSACleanup
closesocket
bind
ntohl
WSAGetLastError
socket
shutdown
setsockopt
sendto
accept
ntohs

ntdll

_allmul
strrchr
strchr
sprintf
_itow
atoi
isspace
wcstoul
isdigit
_chkstk
wcschr
_allshl
ZwOpenThread
ZwQueryInformationThread
ZwReadVirtualMemory
ZwWriteVirtualMemory
ZwAllocateVirtualMemory
ZwFreeVirtualMemory
strncmp
wcsncat
mbstowcs
ZwSetInformationProcess
ZwTerminateProcess
ZwGetContextThread
ZwResumeThread
ZwDuplicateObject
ZwSetContextThread
ZwUnmapViewOfSection
wcsncpy
ZwMapViewOfSection
abs
strtol
isalpha
sscanf
ZwCreateSection
ZwCreateFile
RtlInitUnicodeString
wcscat
wcsrchr
ZwTerminateThread
memcmp
_vsnprintf
_stricmp
strcat
strcpy
toupper
strstr
strcmp
strncpy
wcslen
_wcsnicmp
ZwClose
ZwWaitForSingleObject
ZwQueryInformationProcess
wcscpy
RtlQueryRegistryValues
RtlNtStatusToDosError
ZwQuerySystemInformation
strlen
memset
memcpy
RtlUnwind
strtoul

msvcrt

perror
fflush
fprintf
realloc
free
malloc
_strdup
_beginthreadex
setlocale
mbtowc
wctomb
_time64
fclose
vfprintf
fopen
calloc
_fullpath
_unlink
fwrite
fread
rename
_stat
_fmode
_filelength
_fileno
_errno
_fstat
_localtime64
_close
_read
_lseek
_wopen
_write
_wunlink
_wcsdup
_lrotl

kernel32

LoadLibraryA
SetLastError
LocalFree
FormatMessageA
CancelIo
SetNamedPipeHandleState
WaitNamedPipeA
GetOverlappedResult
WaitForMultipleObjects
TransactNamedPipe
CreateNamedPipeA
ConnectNamedPipe
CallNamedPipeA
GetCurrentThread
LoadLibraryW
GetSystemDirectoryW
GetModuleHandleA
CreatePipe
CreateProcessW
GetTempPathW
GetTempFileNameW
CreateFileW
ResumeThread
DeleteFileW
lstrcpyW
PeekNamedPipe
GetComputerNameW
lstrlenW
TerminateProcess
OpenProcess
GetTempFileNameA
FreeLibrary
GetProcAddress
GetModuleHandleW
WinExec
GetTickCount
ResetEvent
GetLocaleInfoA
WriteFile
ReadFile
SetFilePointer
SetEndOfFile
GetCurrentProcessId
GetModuleFileNameA
GetCurrentProcess
OpenEventA
GetSystemDirectoryA
GetTempPathA
GetCommandLineA
DisableThreadLibraryCalls
SetErrorMode
TerminateThread
GetExitCodeThread
InterlockedCompareExchange
InterlockedDecrement
InterlockedIncrement
InterlockedExchange
GetVersionExA
ReleaseSemaphore
GetCurrentThreadId
CreateSemaphoreW
GetVersionExW
ReleaseMutex
OpenMutexA
CreateMutexA
GetLastError
LeaveCriticalSection
TryEnterCriticalSection
EnterCriticalSection
DeleteCriticalSection
Sleep
CreateEventA
CloseHandle
SetEvent
WaitForSingleObject
CreateFileA
GetFileSize
InitializeCriticalSection

user32

CharToOemA
OemToCharBuffA
CloseDesktop
CreateDesktopW
ExitWindowsEx
GetDesktopWindow
GetMessageW
TranslateMessage
DispatchMessageW
wsprintfW

advapi32

CryptReleaseContext
CryptAcquireContextA
LookupAccountNameA
OpenThreadToken
AddAccessAllowedAce
RegEnumKeyExA
RegOpenKeyExA
RegCloseKey
RegQueryValueExA
RegQueryInfoKeyA
ImpersonateNamedPipeClient
RevertToSelf
CryptGenRandom
SetSecurityDescriptorSacl
GetSidSubAuthority
InitializeSid
InitializeAcl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetSidLengthRequired
FreeSid
EqualSid
CryptAcquireContextW
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
GetUserNameA
LookupPrivilegeValueW
AdjustTokenPrivileges

wininet

InternetConnectA
InternetErrorDlg
InternetSetOptionA
InternetSetStatusCallback
InternetReadFile
HttpQueryInfoA
InternetQueryDataAvailable
HttpSendRequestA
InternetCloseHandle
InternetOpenA
HttpOpenRequestA

Exports

Exports

ModuleStart
ModuleStartEx
ModuleStop
_EntryPoint@16
code_result_tbl
config_read
config_read_uint32
config_write
config_write_uint32
local_queue_read
local_queue_write
qm_create
qm_enum
qm_find_first
qm_free
qm_move
qm_pop
qm_push
qm_read
qm_read_hdr
qm_reset_len
qm_rm
qm_rm_list
qm_set_dates
qm_set_param
qm_write
rk_pcap_cmd
rk_pcap_send
snake_alloc
snake_free
snake_log
snake_modules_command
t_close
t_getoptbin
t_getoptlist
t_setoptbin
t_setoptlist
t_strerr
tc_cancel
tc_free_data
tc_get_reply
tc_read_request_pipe
tc_send_request
tc_send_request_bufs
tc_socket
tc_transact
tc_transact_bufs
tc_write_request_pipe
tc_write_request_pipe_bufs
tm_free
tm_init
tr_alloc
tr_alloc_tbuf
tr_clear_tbufs
tr_free
tr_get_callbacks
tr_read_pipe
tr_write_pipe
tr_write_pipe_bufs
ts_socket
ts_start

Sections

.text
Size: 176KB - Virtual size: 173KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 76KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 84KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3d5032378b9af0771d87f9e00f08f145

Code Sign

33:00:00:02:52:8b:33:aa:f8:95:f3:39:db:00:00:00:00:02:52Certificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

25:5d:76:9f:ec:cc:cb:3c:4c:cc:81:ad:07:36:f2:0f:83:2b:e1:33:2e:86:47:d2:2c:46:a1:1d:f2:d4:66:84Signer

Signature Validations

Verification

11/05/2023, 10:11 Valid: false

Headers

File Characteristics

Imports

ws2_32

ntdll

msvcrt

kernel32

user32

advapi32

wininet

Exports

Exports

Sections

.text Size: 176KB - Virtual size: 173KB

.rdata Size: 28KB - Virtual size: 27KB

.data Size: 76KB - Virtual size: 77KB

.rsrc Size: 84KB - Virtual size: 81KB

.reloc Size: 12KB - Virtual size: 8KB

33:00:00:02:52:8b:33:aa:f8:95:f3:39:db:00:00:00:00:02:52
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

25:5d:76:9f:ec:cc:cb:3c:4c:cc:81:ad:07:36:f2:0f:83:2b:e1:33:2e:86:47:d2:2c:46:a1:1d:f2:d4:66:84
Signer

11/05/2023, 10:11
Valid: false

.text
Size: 176KB - Virtual size: 173KB

.rdata
Size: 28KB - Virtual size: 27KB

.data
Size: 76KB - Virtual size: 77KB

.rsrc
Size: 84KB - Virtual size: 81KB

.reloc
Size: 12KB - Virtual size: 8KB