8020465703ff1d358cdd6077a5e99399[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

8020465703ff1d358cdd6077a5e99399.exe
Size

3.8MB
MD5

8020465703ff1d358cdd6077a5e99399
SHA1

de22359c9844319046f75e415fa7eca6729ae729
SHA256

57e6cce4db6e1b8bf4c1384b6caa54578a22e7ed87dabe0307cf0cdbed7357dd
SHA512

0e53f4dd4145bbdf27c186917143c18fe4fc3374fcedf7d546e6c18f1c200cc9eeaca1ef6cfd2b6a1035e61c4ce7e88e90123d08121f54e04999cf250997ff41
SSDEEP

98304:tAwflN1/rA3qMAPUzJqz9q9+O97SuPhAoyWMv07OxCEr/XNBz:qKZ9I/V/A4gWOxTr/XNN

Score

1^/10

Malware Config

Signatures

Files

8020465703ff1d358cdd6077a5e99399.exe
.exe windows x86

6d5c0ee7f417ea5be6a68372eda4ab74

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:89:0a:75:80:5b:2f:ef:a8:d6:92:6a:f4:ff:66:7c
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

21/04/2022, 00:00

Not After

27/04/2024, 23:59

Subject

CN=BlueMoonSoft Co.\,Ltd.,O=BlueMoonSoft Co.\,Ltd.,L=Dongjak-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

ea:1e:3a:8f:15:81:be:e8:26:a2:fc:6e:48:c6:21:1d:f9:24:b3:e5:9f:b3:f8:5a:10:f1:36:1b:35:29:c6:f1
Signer

Actual PE Digest

ea:1e:3a:8f:15:81:be:e8:26:a2:fc:6e:48:c6:21:1d:f9:24:b3:e5:9f:b3:f8:5a:10:f1:36:1b:35:29:c6:f1

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileSizeEx
GetStartupInfoW
HeapFree
HeapAlloc
VirtualProtect
VirtualAlloc
VirtualQuery
GetFileInformationByHandle
PeekNamedPipe
GetFileType
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
ExitProcess
RaiseException
HeapReAlloc
HeapSize
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetStartupInfoA
HeapCreate
HeapDestroy
VirtualFree
GetFileAttributesW
GetACP
GetOEMCP
IsValidCodePage
SetStdHandle
GetConsoleCP
GetConsoleMode
LCMapStringW
InitializeCriticalSectionAndSpinCount
LCMapStringA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
CreateFileA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetCurrentDirectoryA
GetDriveTypeA
GetProcessHeap
SetEnvironmentVariableA
SetErrorMode
GetFullPathNameW
GetVolumeInformationW
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
GetThreadLocale
InterlockedIncrement
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
GlobalFlags
WritePrivateProfileStringW
GlobalFindAtomW
CompareStringW
LoadLibraryA
GetVersionExA
InterlockedDecrement
GlobalAddAtomW
FreeResource
FileTimeToLocalFileTime
SetLastError
GlobalFree
GlobalUnlock
FormatMessageW
MulDiv
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
LoadLibraryExW
CompareStringA
InterlockedExchange
GlobalLock
lstrcmpW
GlobalAlloc
QueryPerformanceCounter
GetModuleHandleA
FindNextFileW
GetCurrentProcessId
GetTimeZoneInformation
SetFilePointer
FileTimeToSystemTime
GetFileTime
LocalAlloc
LocalFree
ProcessIdToSessionId
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
TerminateProcess
GetExitCodeProcess
OpenProcess
WriteFile
VerifyVersionInfoW
VerSetConditionMask
GetSystemWow64DirectoryW
MoveFileW
lstrlenW
DeleteFileW
FindClose
FindFirstFileW
CloseHandle
ReadFile
GetFileSize
CreateFileW
WideCharToMultiByte
FindResourceExW
MultiByteToWideChar
lstrlenA
IsBadWritePtr
IsBadReadPtr
ReleaseMutex
CreateMutexW
OpenMutexW
GetSystemInfo
GetModuleHandleW
GetLastError
CreateDirectoryW
FreeLibrary
GetProcAddress
LoadLibraryW
SetFileAttributesW
WaitForSingleObject
GetSystemDirectoryW
GetCurrentProcess
IsWow64Process
GetSystemDefaultLangID
GetModuleFileNameW
GetVersionExW
Sleep
GetTickCount
FindResourceW
LoadResource
LockResource
SizeofResource
GetCPInfo

user32

IsChild
GetCapture
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
SetFocus
GetWindowTextW
GetForegroundWindow
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
UpdateWindow
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
EqualRect
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
PtInRect
GetMenu
SetWindowLongW
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
GetSysColor
DestroyMenu
CopyRect
UnhookWindowsHookEx
GetDesktopWindow
WinHelpW
CreateDialogIndirectParamW
DestroyWindow
IsWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
SetCursor
SetWindowsHookExW
CallNextHookEx
GetMessageW
GetActiveWindow
FindWindowW
SendDlgItemMessageA
SendDlgItemMessageW
IsWindowVisible
GetKeyState
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
ModifyMenuW
EnableMenuItem
CheckMenuItem
GetWindow
SetWindowContextHelpId
MapDialogRect
SetWindowPos
GetParent
GetWindowLongW
GetLastActivePopup
IsWindowEnabled
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
PostQuitMessage
GetWindowThreadProcessId
DispatchMessageW
TranslateMessage
PeekMessageW
EnableWindow
DrawIcon
GetClientRect
GetSystemMetrics
IsIconic
SendMessageW
AppendMenuW
GetSystemMenu
LoadIconW
LoadStringW
TabbedTextOutW
DrawTextW
DrawTextExW
GrayStringW
ClientToScreen
GetDC
ReleaseDC
GetWindowDC
BeginPaint
EndPaint
MessageBoxW
PostMessageW
IsDialogMessageW
PostThreadMessageW
RegisterClipboardFormatW
UnregisterClassW
CharUpperW
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
InvalidateRect
SetRect
IsRectEmpty
CopyAcceleratorTableW
CharNextW
GetSysColorBrush
ReleaseCapture
LoadCursorW
SetCapture
ShowWindow
MoveWindow
SetActiveWindow
SetWindowTextW
RegisterWindowMessageW

gdi32

SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
GetStockObject
Escape
GetBkColor
GetTextColor
CreateRectRgnIndirect
GetRgnBox
GetMapMode
RectVisible
TextOutW
PtVisible
GetWindowExtEx
GetViewportExtEx
DeleteObject
SetMapMode
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetClipBox
ExtTextOutW
GetObjectW
CreateBitmap
GetDeviceCaps

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegOpenKeyExW
RegQueryValueW
RegOpenKeyW
RegEnumKeyW
RegDeleteKeyW
RegQueryValueExW
OpenSCManagerW
CryptDecrypt
CryptReleaseContext
CryptDestroyHash
CryptDestroyKey
CryptEncrypt
CryptSetKeyParam
CryptDeriveKey
CryptHashData
CryptCreateHash
CryptAcquireContextW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegCloseKey
RegSetValueExW
RegCreateKeyExW
CreateServiceW
StartServiceW
CloseServiceHandle
ControlService
OpenServiceW

shell32

ShellExecuteExW

comctl32

InitCommonControlsEx

shlwapi

StrCmpW
PathFindFileNameW
PathFindExtensionW
PathIsUNCW
PathStripToRootW

oledlg

OleUIBusyW

ole32

StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CoTaskMemAlloc
StgCreateDocfileOnILockBytes
CoTaskMemFree
CoUninitialize
CoCreateInstance
CoInitialize
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter

oleaut32

SysAllocStringLen
SysFreeString
SysStringLen
VariantClear
VariantChangeType
VariantInit
VariantCopy
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
OleCreateFontIndirect
SysAllocString

Sections

.text
Size: 301KB - Virtual size: 301KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.4MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6d5c0ee7f417ea5be6a68372eda4ab74

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0a:89:0a:75:80:5b:2f:ef:a8:d6:92:6a:f4:ff:66:7cCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

ea:1e:3a:8f:15:81:be:e8:26:a2:fc:6e:48:c6:21:1d:f9:24:b3:e5:9f:b3:f8:5a:10:f1:36:1b:35:29:c6:f1Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

Sections

.text Size: 301KB - Virtual size: 301KB

.rdata Size: 98KB - Virtual size: 98KB

.data Size: 11KB - Virtual size: 26KB

.rsrc Size: 3.4MB - Virtual size: 3.3MB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0a:89:0a:75:80:5b:2f:ef:a8:d6:92:6a:f4:ff:66:7c
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

ea:1e:3a:8f:15:81:be:e8:26:a2:fc:6e:48:c6:21:1d:f9:24:b3:e5:9f:b3:f8:5a:10:f1:36:1b:35:29:c6:f1
Signer

.text
Size: 301KB - Virtual size: 301KB

.rdata
Size: 98KB - Virtual size: 98KB

.data
Size: 11KB - Virtual size: 26KB

.rsrc
Size: 3.4MB - Virtual size: 3.3MB