aad0d8084ad577183b6417264bbb630d01fa1c76792b12ad7efbddc9e5a9365f[.]bin[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

aad0d8084ad577183b6417264bbb630d01fa1c76792b12ad7efbddc9e5a9365f.bin.exe
Size

6.6MB
MD5

7724310712cda6afc7e8de332856abaf
SHA1

4ad0b3d2150004b07157b5dc0a02f0e1ff12ecce
SHA256

aad0d8084ad577183b6417264bbb630d01fa1c76792b12ad7efbddc9e5a9365f
SHA512

30ba1aebe8fd93824a33ca251a5baf84709f4132705e50ba5321988c713112ac8690b20aeef6e5f28c352df7cc7524afee81b4af685ed989ee96356e0fb3c7d7
SSDEEP

49152:cMUhJV+145MuXTnoixHZlxhlx4uV0rs+fMLMFBk4tHO+O1Y2LBFZicYUAJ/TUqqO:UHMuXV3Bq4hxY5rhnPGr2DiTYsB4

Score

1^/10

Malware Config

Signatures

Files

aad0d8084ad577183b6417264bbb630d01fa1c76792b12ad7efbddc9e5a9365f.bin.exe
.exe windows x64

a4317b89e1aa249a670caeb44b1690b8

Code Sign

4a:53:8c:28
Certificate

Issuer

CN=Entrust Root Certification Authority - G2,OU=See www.entrust.net/legal-terms+OU=(c) 2009 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Not Before

07/07/2009, 17:25

Not After

07/12/2030, 17:55

Subject

CN=Entrust Root Certification Authority - G2,OU=See www.entrust.net/legal-terms+OU=(c) 2009 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4e:40:e4:37:54:ed:e6:8c:00:00:00:00:51:d3:94:7f
Certificate

Issuer

CN=Entrust Root Certification Authority - G2,OU=See www.entrust.net/legal-terms+OU=(c) 2009 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Not Before

07/05/2021, 15:43

Not After

07/11/2030, 16:13

Subject

CN=Entrust Code Signing Root Certification Authority - CSBR1,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

35:af:b7:7b:9d:34:1f:6a:fc:8f:84:46:ab:31:35:2b
Certificate

Issuer

CN=Entrust Code Signing Root Certification Authority - CSBR1,O=Entrust\, Inc.,C=US

Not Before

07/05/2021, 19:19

Not After

29/12/2040, 23:59

Subject

CN=Entrust Extended Validation Code Signing CA - EVCS2,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:a4:66:cd:fc:68:ed:79:2a:d9:33:e5:6e:a2:d9:d9
Certificate

Issuer

CN=Entrust Extended Validation Code Signing CA - EVCS2,O=Entrust\, Inc.,C=US

Not Before

18/11/2022, 07:19

Not After

01/12/2025, 07:19

Subject

SERIALNUMBER=2637805-2,CN=The Qt Company Oy,O=The Qt Company Oy,L=Espoo,C=FI,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024649

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

38:63:de:f8
Certificate

Issuer

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Not Before

24/12/1999, 17:50

Not After

24/07/2029, 14:15

Subject

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

58:da:13:ff:00:00:00:00:51:ce:0d:f7
Certificate

Issuer

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Not Before

22/07/2015, 19:02

Not After

22/06/2029, 19:32

Subject

CN=Entrust Timestamping CA - TS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

56:ab:95:75:28:9c:a5:9f:0e:17:d4:0b:ea:05:c3:1f
Certificate

Issuer

CN=Entrust Timestamping CA - TS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Not Before

04/10/2022, 17:21

Not After

01/01/2029, 00:00

Subject

CN=Entrust Timestamp Authority - TSA1,O=Entrust\, Inc.,L=Ottawa,ST=Ontario,C=CA

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

de:5d:ee:3c:d7:e1:a2:d8:56:25:32:4a:9a:e9:13:f8:65:dd:d2:17:40:ed:56:33:44:37:66:7d:79:1a:b7:3d
Signer

Actual PE Digest

de:5d:ee:3c:d7:e1:a2:d8:56:25:32:4a:9a:e9:13:f8:65:dd:d2:17:40:ed:56:33:44:37:66:7d:79:1a:b7:3d

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

bcrypt

BCryptGenRandom

shell32

SHGetKnownFolderPath

ole32

CoTaskMemFree

kernel32

SetHandleInformation
GetSystemInfo
DuplicateHandle
CloseHandle
GetCurrentProcess
SetFileCompletionNotificationModes
ReadFile
GetOverlappedResult
CreateIoCompletionPort
GetQueuedCompletionStatusEx
PostQueuedCompletionStatus
GetLastError
Sleep
GetModuleHandleA
GetProcAddress
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockShared
FreeEnvironmentStringsW
ReleaseMutex
FindClose
CompareStringOrdinal
AddVectoredExceptionHandler
SetThreadStackGuarantee
SwitchToThread
GetCurrentThread
RtlCaptureContext
RtlLookupFunctionEntry
SetLastError
GetCurrentDirectoryW
GetEnvironmentStringsW
GetEnvironmentVariableW
AcquireSRWLockShared
GetCurrentThreadId
CreateDirectoryW
GetStdHandle
WriteFileEx
SleepEx
ReadFileEx
WaitForSingleObject
GetExitCodeProcess
QueryPerformanceCounter
QueryPerformanceFrequency
HeapAlloc
GetProcessHeap
HeapFree
InitializeSListHead
HeapReAlloc
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
CreateFileW
GetFileInformationByHandle
GetFileInformationByHandleEx
FindFirstFileW
GetFinalPathNameByHandleW
CreateEventW
CancelIo
GetConsoleMode
RtlVirtualUnwind
GetModuleHandleW
FormatMessageW
GetModuleFileNameW
ExitProcess
GetFullPathNameW
CreateNamedPipeW
WaitForMultipleObjects
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
IsDebuggerPresent
WriteConsoleW
CreateThread
TlsGetValue
TlsSetValue
GetSystemTimeAsFileTime
UnhandledExceptionFilter
lstrlenW
SetUnhandledExceptionFilter
GetCurrentProcessId
TryAcquireSRWLockExclusive
IsProcessorFeaturePresent

secur32

EncryptMessage
ApplyControlToken
AcquireCredentialsHandleA
DecryptMessage
FreeContextBuffer
AcceptSecurityContext
InitializeSecurityContextW
DeleteSecurityContext
QueryContextAttributesW
FreeCredentialsHandle

crypt32

CertGetCertificateChain
CertVerifyCertificateChainPolicy
CertDuplicateCertificateChain
CertFreeCertificateChain
CertCloseStore
CertDuplicateStore
CertOpenStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertEnumCertificatesInStore
CertAddCertificateContextToStore

advapi32

SystemFunction036
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

ws2_32

WSASend
send
getsockopt
recv
shutdown
getpeername
getsockname
connect
bind
WSASocketW
closesocket
setsockopt
ioctlsocket
WSAGetLastError
WSAStartup
WSACleanup
freeaddrinfo
getaddrinfo
WSAIoctl

ntdll

NtCancelIoFileEx
NtCreateFile
RtlNtStatusToDosError
NtDeviceIoControlFile

vcruntime140

memcpy
__current_exception_context
__CxxFrameHandler3
memset
memcmp
memmove
__current_exception
_CxxThrowException
__C_specific_handler

api-ms-win-crt-runtime-l1-1-0

terminate
_configure_narrow_argv
_initialize_narrow_environment
_get_initial_narrow_environment
_initterm
_initterm_e
_set_app_type
_exit
_crt_atexit
__p___argc
__p___argv
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_register_onexit_function
_seh_filter_exe
exit
_initialize_onexit_table

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

_set_new_mode
free

Sections

.text
Size: 4.6MB - Virtual size: 4.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 341KB - Virtual size: 340KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 157KB - Virtual size: 157KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a4317b89e1aa249a670caeb44b1690b8

Code Sign

4a:53:8c:28Certificate

Key Usages

4e:40:e4:37:54:ed:e6:8c:00:00:00:00:51:d3:94:7fCertificate

Extended Key Usages

Key Usages

35:af:b7:7b:9d:34:1f:6a:fc:8f:84:46:ab:31:35:2bCertificate

Extended Key Usages

Key Usages

61:a4:66:cd:fc:68:ed:79:2a:d9:33:e5:6e:a2:d9:d9Certificate

Extended Key Usages

Key Usages

38:63:de:f8Certificate

Key Usages

58:da:13:ff:00:00:00:00:51:ce:0d:f7Certificate

Extended Key Usages

Key Usages

56:ab:95:75:28:9c:a5:9f:0e:17:d4:0b:ea:05:c3:1fCertificate

Extended Key Usages

Key Usages

de:5d:ee:3c:d7:e1:a2:d8:56:25:32:4a:9a:e9:13:f8:65:dd:d2:17:40:ed:56:33:44:37:66:7d:79:1a:b7:3dSigner

Headers

DLL Characteristics

File Characteristics

Imports

bcrypt

shell32

ole32

kernel32

secur32

crypt32

advapi32

ws2_32

ntdll

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 4.6MB - Virtual size: 4.6MB

.rdata Size: 1.4MB - Virtual size: 1.4MB

.data Size: 12KB - Virtual size: 12KB

.pdata Size: 341KB - Virtual size: 340KB

.rsrc Size: 157KB - Virtual size: 157KB

.reloc Size: 25KB - Virtual size: 25KB

4a:53:8c:28
Certificate

4e:40:e4:37:54:ed:e6:8c:00:00:00:00:51:d3:94:7f
Certificate

35:af:b7:7b:9d:34:1f:6a:fc:8f:84:46:ab:31:35:2b
Certificate

61:a4:66:cd:fc:68:ed:79:2a:d9:33:e5:6e:a2:d9:d9
Certificate

38:63:de:f8
Certificate

58:da:13:ff:00:00:00:00:51:ce:0d:f7
Certificate

56:ab:95:75:28:9c:a5:9f:0e:17:d4:0b:ea:05:c3:1f
Certificate

de:5d:ee:3c:d7:e1:a2:d8:56:25:32:4a:9a:e9:13:f8:65:dd:d2:17:40:ed:56:33:44:37:66:7d:79:1a:b7:3d
Signer

.text
Size: 4.6MB - Virtual size: 4.6MB

.rdata
Size: 1.4MB - Virtual size: 1.4MB

.data
Size: 12KB - Virtual size: 12KB

.pdata
Size: 341KB - Virtual size: 340KB

.rsrc
Size: 157KB - Virtual size: 157KB

.reloc
Size: 25KB - Virtual size: 25KB