15ffe14a177ee7b6327370e89b027cbb[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

15ffe14a177ee7b6327370e89b027cbb.bin
Size

1.3MB
MD5

3f597b67228b44de1362abbd3d7576c0
SHA1

4c0a51573bd55b9ac6c5c25fd87c737ffce1c34c
SHA256

e9df1b2c28b0b540b85feddd147ecf62c65b206c9c3d412bba51ded80c300724
SHA512

a1257e3c781c79ed10bb8f23cf22a3b1b78d422186dd2d148936065b394e7a6cd47ccd959a5e0e5cc34dcd51b2b0891c2103f4855f166b077713eb3108048d47
SSDEEP

24576:Jh49WB4kZhJyq6v1R21tlolLDNmgSWrdlRR0TyGrw/qQSIHZjQUXnu:Jh49WJIQ8rg96qQlHBQUXnu

Score

1^/10

Malware Config

Signatures

Files

15ffe14a177ee7b6327370e89b027cbb.bin
.zip

Password: infected
962a02875f258d0d8d85dea9b0679eeef8b7cc4b3aeee0851e2dc74b1a3ed712.exe
.exe windows x86

Password: infected

43d2bdd88951e231d546e7575c90c7f4

Code Sign

56:b6:29:cd:34:bc:78:f6
Certificate

Issuer

CN=SSL.com EV Root Certification Authority RSA R2,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

31/05/2017, 18:14

Not After

30/05/2042, 18:14

Subject

CN=SSL.com EV Root Certification Authority RSA R2,O=SSL Corporation,L=Houston,ST=Texas,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

14:e1:57:d0:ac:b8:73:60:36:db:2d:99:fc:92:64:11
Certificate

Issuer

CN=SSL.com EV Code Signing Intermediate CA RSA R3,O=SSL Corp,L=Houston,ST=Texas,C=US

Not Before

27/06/2023, 11:00

Not After

26/06/2024, 11:00

Subject

SERIALNUMBER=16757194,CN=Light Motion Development OÜ,O=Light Motion Development OÜ,L=Tallinn,ST=Harju County,C=EE,1.3.6.1.4.1.311.60.2.1.3=#13024545,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

42:4b:6a:53:ce:c7:66:14:1c:2a:63:b1:a5:1c:41:04
Certificate

Issuer

CN=SSL.com EV Root Certification Authority RSA R2,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

26/03/2019, 17:44

Not After

22/03/2034, 17:44

Subject

CN=SSL.com EV Code Signing Intermediate CA RSA R3,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1a:d6:08:a7:d6:34:b5:cd:de:97:cb:a3:cc:f0:d0:4b
Certificate

Issuer

CN=SSL.com Timestamping Issuing RSA CA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Not Before

09/12/2022, 18:30

Not After

06/12/2032, 18:30

Subject

CN=SSL.com Timestamping Unit 2022,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e4:27:04:95:f6:8c:91:d6:d0:ec:7b:49:4e:a4:df:1c
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

11/09/2018, 09:26

Not After

11/09/2023, 09:26

Subject

CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56
Certificate

Issuer

CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

13/11/2019, 18:50

Not After

12/11/2034, 18:50

Subject

CN=SSL.com Timestamping Issuing RSA CA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9a:e8:3e:88:f4:b9:de:d7:ab:fa:2b:7e:5f:4d:3b:7f:e5:cf:4f:9b:21:64:95:c8:81:7b:b0:57:05:60:dd:8c
Signer

Actual PE Digest

9a:e8:3e:88:f4:b9:de:d7:ab:fa:2b:7e:5f:4d:3b:7f:e5:cf:4f:9b:21:64:95:c8:81:7b:b0:57:05:60:dd:8c

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17
ImageList_Create
ImageList_Add

setupapi

SetupOpenInfFileA
SetupInstallFromInfSectionA
SetupCloseInfFile
SetupDiOpenClassRegKey

kernel32

GetVolumeInformationA
GetVolumePathNameA
FindNextVolumeW
QueryDosDeviceW
FindFirstVolumeW
WriteFile
LocalFree
VirtualUnlock
DefineDosDeviceA
GetCurrentProcessId
ExitProcess
FormatMessageW
ReleaseMutex
OpenMutexA
GetVolumeInformationW
QueryPerformanceCounter
QueryPerformanceFrequency
FlushFileBuffers
GetFileSize
GetCurrentProcess
GetModuleHandleA
GetVersionExA
GetCurrentDirectoryA
LockResource
SizeofResource
LoadResource
FindResourceA
GetFileAttributesA
SetFilePointer
GetModuleFileNameW
SetErrorMode
SetCurrentDirectoryA
GetDiskFreeSpaceA
InterlockedExchangeAdd
InterlockedExchange
SetEvent
WaitForSingleObject
ResetEvent
CreateEventA
GetFileAttributesExA
FindNextFileW
CreateFileW
FindFirstFileW
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetStartupInfoA
GetProcessWorkingSetSize
GetProcessTimes
GetThreadTimes
GlobalMemoryStatus
GetProcessHeap
GetCurrentThread
GetShortPathNameA
GetStringTypeA
GetLocaleInfoA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
PeekNamedPipe
GetFileInformationByHandle
GetFullPathNameA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetHandleCount
IsValidCodePage
GetOEMCP
GetACP
InitializeCriticalSectionAndSpinCount
HeapSize
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStdHandle
GetStringTypeW
GetCPInfo
LCMapStringW
LCMapStringA
FileTimeToLocalFileTime
FileTimeToSystemTime
CreateThread
ExitThread
GetFileType
SetStdHandle
GetSystemTimeAsFileTime
GetFileAttributesW
GetConsoleMode
GetConsoleCP
HeapAlloc
GetModuleHandleW
HeapFree
RtlUnwind
RaiseException
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
InterlockedCompareExchange
GetDriveTypeA
GetTempPathA
CopyFileA
VirtualLock
GetVolumeNameForVolumeMountPointA
DeleteVolumeMountPointA
SetVolumeMountPointA
GetSystemInfo
FindFirstFileA
LoadLibraryA
GetProcAddress
FreeLibrary
FindNextFileA
FindClose
SetFilePointerEx
CreateFileA
GetFileSizeEx
GetFileTime
ReadFile
SetFileTime
SetEnvironmentVariableA
SetLastError
GetLogicalDrives
GetCommandLineA
GetCommandLineW
GetTickCount
CreateMutexA
Sleep
GetSystemDirectoryA
CreateDirectoryA
GetModuleFileNameA
CreateProcessA
CloseHandle
SetProcessShutdownParameters
GetCurrentThreadId
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
InterlockedIncrement
GetLastError
InterlockedDecrement
DeviceIoControl
FindFirstVolumeA
QueryDosDeviceA
FindNextVolumeA
FindVolumeClose
DeleteFileA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoW
SetEndOfFile
GetTimeZoneInformation
CompareStringA
CompareStringW
InitializeCriticalSection

user32

GetKeyState
EnumChildWindows
GetDlgCtrlID
GetClassNameA
LoadCursorA
SetCursor
DefDlgProcA
UnregisterClassA
LoadIconA
RegisterClassA
GetUpdateRect
BeginPaint
DefWindowProcA
GetDialogBaseUnits
EndPaint
PeekMessageA
GetSystemMenu
GetOpenClipboardWindow
SetWindowsHookExA
MoveWindow
GetDC
ReleaseDC
MessageBoxA
GetActiveWindow
GetMessagePos
EnumWindows
RegisterWindowMessageA
IsWindowEnabled
SystemParametersInfoA
DrawMenuBar
PostMessageA
GetCursorPos
MessageBeep
SetMenuItemInfoW
GetSubMenu
SetLayeredWindowAttributes
CreateWindowExA
RegisterClassExA
TrackMouseEvent
SystemParametersInfoW
SendMessageTimeoutA
wsprintfA
GetClassInfoA
DrawTextA
UnhookWindowsHookEx
CallNextHookEx
GetCaretPos
GetQueueStatus
GetWindowTextW
GetProcessWindowStation
DestroyWindow
GetMessageTime
GetInputState
GetFocus
GetSystemMetrics
EnableWindow
GetDlgItem
GetCapture
GetClipboardOwner
GetClipboardViewer
GetWindowInfo
GetDesktopWindow
LoadBitmapA
FlashWindowEx
GetDlgItemInt
CreatePopupMenu
TrackPopupMenu
DestroyMenu
SetDlgItemInt
GetMenu
EnableMenuItem
SetWindowLongA
GetWindowLongA
CallWindowProcA
GetWindowRect
SetForegroundWindow
LoadImageA
GetDlgItemTextA
SetDlgItemTextA
SendDlgItemMessageA
SetFocus
SendDlgItemMessageW
GetKeyboardLayout
LoadKeyboardLayoutA
MessageBoxW
GetWindowTextA
SetWindowTextA
GetWindowTextLengthA
GetMessageA
TranslateMessage
DispatchMessageA
PostThreadMessageA
GetParent
SetTimer
GetWindowTextLengthW
KillTimer
GetAsyncKeyState
RegisterHotKey
UnregisterHotKey
wsprintfW
DialogBoxParamW
ShowWindow
SetWindowTextW
GetClientRect
SetWindowPos
InvalidateRect
SendMessageW
EndDialog
SendMessageA
DeleteMenu
AppendMenuA
AppendMenuW
GetDlgItemTextW
IsDlgButtonChecked
SetDlgItemTextW
CheckDlgButton

gdi32

MoveToEx
LineTo
GetCurrentObject
GetObjectA
CreateCompatibleBitmap
SetStretchBltMode
CreatePen
DeleteDC
BitBlt
CreateCompatibleDC
SetMapMode
GetDeviceCaps
SelectObject
GetTextExtentPoint32W
GetTextMetricsA
GetStockObject
CreateFontIndirectW
StretchBlt
DeleteObject

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

RegisterEventSourceA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
GetTokenInformation
IsWellKnownSid
QueryServiceStatus
ControlService
StartServiceA
OpenProcessToken
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
ChangeServiceConfigA
OpenSCManagerA
CreateServiceA
ChangeServiceConfig2A
OpenServiceA
DeleteService
RegCloseKey
SetServiceStatus
DeregisterEventSource
ReportEventA
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
CloseServiceHandle

shell32

ord680
SHGetFileInfoA
ShellExecuteA
SHGetMalloc
SHBrowseForFolderW
SHGetPathFromIDListA
CommandLineToArgvW
SHChangeNotify
SHGetFolderPathA
DragAcceptFiles
DragQueryFileA
DragFinish
Shell_NotifyIconA
Shell_NotifyIconW
ShellExecuteW

ole32

CoCreateInstance
StringFromGUID2
CoGetObject
CoInitialize
CoUninitialize
CoRegisterClassObject
CoRevokeClassObject

oleaut32

SysStringByteLen
SysAllocStringLen
SysFreeString
SysAllocStringByteLen

Sections

.text
Size: 559KB - Virtual size: 559KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 209KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

43d2bdd88951e231d546e7575c90c7f4

Code Sign

56:b6:29:cd:34:bc:78:f6Certificate

Key Usages

14:e1:57:d0:ac:b8:73:60:36:db:2d:99:fc:92:64:11Certificate

Extended Key Usages

Key Usages

42:4b:6a:53:ce:c7:66:14:1c:2a:63:b1:a5:1c:41:04Certificate

Extended Key Usages

Key Usages

1a:d6:08:a7:d6:34:b5:cd:de:97:cb:a3:cc:f0:d0:4bCertificate

Extended Key Usages

Key Usages

e4:27:04:95:f6:8c:91:d6:d0:ec:7b:49:4e:a4:df:1cCertificate

Key Usages

6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56Certificate

Extended Key Usages

Key Usages

9a:e8:3e:88:f4:b9:de:d7:ab:fa:2b:7e:5f:4d:3b:7f:e5:cf:4f:9b:21:64:95:c8:81:7b:b0:57:05:60:dd:8cSigner

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

setupapi

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 559KB - Virtual size: 559KB

.rdata Size: 136KB - Virtual size: 136KB

.data Size: 19KB - Virtual size: 209KB

.rsrc Size: 2.8MB - Virtual size: 2.8MB

56:b6:29:cd:34:bc:78:f6
Certificate

14:e1:57:d0:ac:b8:73:60:36:db:2d:99:fc:92:64:11
Certificate

42:4b:6a:53:ce:c7:66:14:1c:2a:63:b1:a5:1c:41:04
Certificate

1a:d6:08:a7:d6:34:b5:cd:de:97:cb:a3:cc:f0:d0:4b
Certificate

e4:27:04:95:f6:8c:91:d6:d0:ec:7b:49:4e:a4:df:1c
Certificate

6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56
Certificate

9a:e8:3e:88:f4:b9:de:d7:ab:fa:2b:7e:5f:4d:3b:7f:e5:cf:4f:9b:21:64:95:c8:81:7b:b0:57:05:60:dd:8c
Signer

.text
Size: 559KB - Virtual size: 559KB

.rdata
Size: 136KB - Virtual size: 136KB

.data
Size: 19KB - Virtual size: 209KB

.rsrc
Size: 2.8MB - Virtual size: 2.8MB