3cc25a3ca492ffdd52edac3767ca8589a44e60de2c8140b40bb249e17909815b[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

3cc25a3ca492ffdd52edac3767ca8589a44e60de2c8140b40bb249e17909815b.exe
Size

2.0MB
MD5

c6d45b6691e0cdd0f1b8f66dd8cd8db2
SHA1

330b812b04eb30c1cf1ce70523ab2d5736ef0fb0
SHA256

3cc25a3ca492ffdd52edac3767ca8589a44e60de2c8140b40bb249e17909815b
SHA512

f23efa14911418cc39724d894e8f7ea3b27a1a6291c7b64ae74826e77de63c993736ccfc0278eb6e573e0e90856a0a838021e71c6e730e82e017eb30c06c0a50
SSDEEP

49152:Qn5QO54+KdqhIonBSm948am9GBmv54SA/agkg7qbS7qb+Ta:p+KdgIonBSm941m9wmvbfg7qu7qaa

Score

1^/10

Malware Config

Signatures

Files

3cc25a3ca492ffdd52edac3767ca8589a44e60de2c8140b40bb249e17909815b.exe
.exe windows x86

2581812013e8adbe487e35884e1ecf25

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

19/09/2018, 00:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:23:4b:06:fc:13:f9:80:ef:a7:1a:50
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

06/07/2021, 08:32

Not After

30/01/2022, 16:00

Subject

SERIALNUMBER=14761458,CN=MelBit OÜ,O=MelBit OÜ,STREET=Rüütli,L=Ülgase küla,ST=Harju maakond,C=EE,1.2.840.113549.1.9.1=#0c177365726765692e7361616c313540676d61696c2e636f6d,1.3.6.1.4.1.311.60.2.1.3=#13024545,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:a8:f7:25:76:dc:7b:14:7a:18:63:9e:8d:4d:eb:37
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

28/01/2021, 11:08

Not After

01/03/2032, 11:08

Subject

CN=Globalsign TSA for CodeSign1 - R6,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1c:de:d5:fb:a2:91:54:69:82:01:2a:e9:f0:d3:e2:2a:f3:9b:4b:cd
Signer

Actual PE Digest

1c:de:d5:fb:a2:91:54:69:82:01:2a:e9:f0:d3:e2:2a:f3:9b:4b:cd

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentDirectoryW
SystemTimeToFileTime
WideCharToMultiByte
HeapFree
InitializeCriticalSectionEx
HeapSize
GetLastError
GlobalFree
HeapReAlloc
RaiseException
HeapAlloc
DecodePointer
DeleteCriticalSection
GetProcessHeap
SetHandleInformation
CreatePipe
PeekNamedPipe
CreateProcessW
SizeofResource
LockResource
LoadResource
FindResourceW
GetCurrentProcess
GetModuleFileNameW
CloseHandle
IsWow64Process
GetTimeZoneInformation
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
ReadConsoleW
FlushFileBuffers
GetFileType
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetFileSizeEx
GetConsoleMode
GetConsoleCP
LocalFileTimeToFileTime
MultiByteToWideChar
GetFileAttributesW
CreateFileW
SetFileTime
SetFilePointer
WriteFile
ReadFile
SetEnvironmentVariableW
CreateDirectoryW
GetStdHandle
ExitProcess
FreeLibraryAndExitThread
ExitThread
CreateThread
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetLastError
RtlUnwind
OutputDebugStringW
GetCPInfo
CompareStringEx
GetLocaleInfoEx
LCMapStringEx
EncodePointer
GetStringTypeW
GetExitCodeThread
Sleep
InitOnceBeginInitialize
InitOnceComplete
QueryPerformanceFrequency
SleepConditionVariableSRW
SleepConditionVariableCS
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
TryEnterCriticalSection
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
GetModuleHandleExW
CloseThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolWork
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
GetProcAddress
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
LocalFree
FormatMessageA
FindClose
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
SetEndOfFile
SetFileInformationByHandle
SetFilePointerEx
AreFileApisANSI
GetFileInformationByHandleEx
FreeLibraryWhenCallbackReturns
WriteConsoleW

user32

UpdateWindow
PostQuitMessage
TranslateMessage
DispatchMessageW
ShowWindow
RegisterClassExW
GetSystemMetrics
CreateWindowExW
DefWindowProcW
GetMessageW
LoadCursorW
LoadIconW
LoadStringW
ReleaseDC
KillTimer
GetDC
GetWindowRect
PostMessageW
SetTimer
wsprintfW
UpdateLayeredWindow

gdi32

SelectObject
CreateCompatibleDC
DeleteDC
DeleteObject
CreateCompatibleBitmap

advapi32

RegOpenKeyExW
RegDeleteValueW
RegCloseKey

shell32

SHGetKnownFolderPath

ole32

CoTaskMemFree

winhttp

WinHttpConnect
WinHttpSetTimeouts
WinHttpSendRequest
WinHttpWriteData
WinHttpCrackUrl
WinHttpGetIEProxyConfigForCurrentUser
WinHttpCloseHandle
WinHttpSetOption
WinHttpOpenRequest
WinHttpGetProxyForUrl
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpReceiveResponse
WinHttpOpen
WinHttpAddRequestHeaders
WinHttpQueryHeaders

shlwapi

ord12

gdiplus

GdipDeletePen
GdipDeleteFont
GdipCloneBrush
GdipFree
GdipDrawImageRectI
GdipAlloc
GdipDeleteBrush
GdipDeleteFontFamily
GdiplusShutdown
GdiplusStartup
GdipPrivateAddMemoryFont
GdipDrawString
GdipMeasureString
GdipDeletePrivateFontCollection
GdipCloneFontFamily
GdipNewPrivateFontCollection
GdipGetFontCollectionFamilyCount
GdipCreatePen2
GdipGetFontCollectionFamilyList
GdipCreateSolidFill
GdipCreateFont
GdipDisposeImage
GdipCreateBitmapFromStream
GdipCloneImage
GdipCreateBitmapFromScan0
GdipTranslateWorldTransform
GdipGetImageWidth
GdipDeleteGraphics
GdipDrawImage
GdipGetImageGraphicsContext
GdipRotateWorldTransform
GdipCreateFromHDC
GdipGetImageHeight
GdipDrawLineI
GdipDrawImageI
GdipSetSmoothingMode

Sections

.text
Size: 388KB - Virtual size: 387KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2581812013e8adbe487e35884e1ecf25

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6aCertificate

Key Usages

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54Certificate

Extended Key Usages

Key Usages

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

62:23:4b:06:fc:13:f9:80:ef:a7:1a:50Certificate

Extended Key Usages

Key Usages

01:a8:f7:25:76:dc:7b:14:7a:18:63:9e:8d:4d:eb:37Certificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51Certificate

Key Usages

1c:de:d5:fb:a2:91:54:69:82:01:2a:e9:f0:d3:e2:2a:f3:9b:4b:cdSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

winhttp

shlwapi

gdiplus

Sections

.text Size: 388KB - Virtual size: 387KB

.rdata Size: 99KB - Virtual size: 98KB

.data Size: 10KB - Virtual size: 14KB

.rsrc Size: 1.4MB - Virtual size: 1.4MB

.reloc Size: 18KB - Virtual size: 17KB

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

62:23:4b:06:fc:13:f9:80:ef:a7:1a:50
Certificate

01:a8:f7:25:76:dc:7b:14:7a:18:63:9e:8d:4d:eb:37
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

1c:de:d5:fb:a2:91:54:69:82:01:2a:e9:f0:d3:e2:2a:f3:9b:4b:cd
Signer

.text
Size: 388KB - Virtual size: 387KB

.rdata
Size: 99KB - Virtual size: 98KB

.data
Size: 10KB - Virtual size: 14KB

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

.reloc
Size: 18KB - Virtual size: 17KB