Apt4bghcfgghbc1_browsingExe[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

Apt4bghcfgghbc1_browsingExe.exe
Size

9.0MB
MD5

07db6a7c01296be061a04820b0526656
SHA1

8fa2a7fa6e77a498a046df0b5537d9a308e5e45b
SHA256

0a560fa01d6e4eb30fe35be3b07e8024df212840d188bea1b2c047a6f0ffe2af
SHA512

357c3edb5a95628286539ca58a7b56c04846d3f74a0483203aa13487b388bf5fdcfa6cb828adac1847b07d05e670368c7a03535630917c9e98faccfead1351af
SSDEEP

98304:DxWbWjCKci+uyw1qDpsj97nsQ6rpKBFnAac3KaEMfHzjzCbBh+pJzg7hBP+qsIws:lgTwKWpOrYTAadMnzCb/VFV9

Score

1^/10

Malware Config

Signatures

Files

Apt4bghcfgghbc1_browsingExe.exe
.exe windows x86

8bca83196d981bfb8a654bbe4d9af861

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-01-2021 00:00

Not After

06-01-2031 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:32:33:b9:f6:bd:18:a6:db:91:31:c7:ba:ac:5f:e4
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

07-10-2021 00:00

Not After

15-10-2024 23:59

Subject

CN=Jetico Inc. Oy,O=Jetico Inc. Oy,L=Espoo,C=FI

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2a:25:94:f9:8e:06:21:52:3d:ff:14:24:45:f5:58:08:b6:f7:ad:17
Signer

Actual PE Digest

2a:25:94:f9:8e:06:21:52:3d:ff:14:24:45:f5:58:08:b6:f7:ad:17

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

secur32

GetUserNameExW

netapi32

NetApiBufferFree
NetUserModalsGet
NetGetJoinInformation

hid

HidD_SetFeature
HidD_GetAttributes
HidD_GetFeature

kernel32

CreateDirectoryW
LockResource
GlobalAlloc
GlobalLock
GlobalUnlock
LocalAlloc
LocalFree
GetCurrentProcess
GetCurrentProcessId
ExitProcess
GetExitCodeProcess
CreateThread
GetCurrentThread
ReleaseMutex
WaitForSingleObject
LoadResource
SizeofResource
GetFileSizeEx
FlushFileBuffers
DeviceIoControl
GetLocalTime
GetNativeSystemInfo
CreateMutexW
LoadLibraryA
LoadLibraryExW
GetModuleFileNameA
CreateProcessW
FindResourceW
GetDriveTypeW
GetComputerNameW
InterlockedIncrement
InterlockedDecrement
SetFileAttributesW
InterlockedExchange
GlobalFree
lstrcmpiW
ReleaseSemaphore
CreateSemaphoreW
GetExitCodeThread
DeleteFileA
CreateDirectoryA
GetFirmwareEnvironmentVariableW
SetFirmwareEnvironmentVariableW
GetLogicalDrives
GetDiskFreeSpaceW
RemoveDirectoryW
GetSystemDirectoryA
MoveFileW
MoveFileExW
GetComputerNameExW
GetCurrentThreadId
GetTickCount
FormatMessageW
lstrcpynW
lstrcpyW
GetFullPathNameW
GetVolumeInformationW
CreateSemaphoreA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetFileAttributesExA
CopyFileA
GetComputerNameA
QueryPerformanceCounter
QueryPerformanceFrequency
LoadLibraryExA
SetLastError
SetThreadPriority
GetThreadPriority
GetPriorityClass
TerminateThread
SetVolumeLabelW
FindFirstVolumeW
FindNextVolumeW
FindVolumeClose
GetVolumeNameForVolumeMountPointW
WaitNamedPipeW
GetTempPathW
SleepEx
GetWindowsDirectoryW
SetCurrentDirectoryW
OutputDebugStringW
lstrlenW
GetSystemDirectoryW
VirtualAlloc
VirtualFree
QueryDosDeviceW
GetFileAttributesW
FindFirstVolumeMountPointW
FindNextVolumeMountPointW
FindVolumeMountPointClose
GetStdHandle
GetFileType
GetModuleHandleA
GlobalMemoryStatus
FlushConsoleInputBuffer
OutputDebugStringA
EncodePointer
FreeResource
GlobalDeleteAtom
lstrcmpW
GlobalAddAtomW
GlobalFindAtomW
GlobalSize
MulDiv
SetEvent
CreateEventW
CopyFileW
ResumeThread
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
lstrcmpA
CompareStringA
GetFileTime
GetTempFileNameW
SetFileTime
ReplaceFileW
GetUserDefaultLCID
GlobalGetAtomNameW
LockFile
SetEndOfFile
UnlockFile
DuplicateHandle
GetStringTypeExW
GetThreadLocale
FileTimeToLocalFileTime
SystemTimeToTzSpecificLocalTime
GlobalReAlloc
GetAtomNameW
InitializeCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalHandle
LocalReAlloc
CompareStringW
GetLocaleInfoW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GlobalFlags
VirtualProtect
GetCurrentDirectoryW
VerSetConditionMask
VerifyVersionInfoW
LocalFileTimeToFileTime
SetErrorMode
FindResourceExW
SearchPathW
GetProfileIntW
LocalLock
LocalUnlock
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetSystemInfo
WaitForMultipleObjects
SetEnvironmentVariableW
GetEnvironmentVariableW
FormatMessageA
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
SwitchToThread
SignalObjectAndWait
DeleteFileW
GetFileAttributesExW
FileTimeToSystemTime
SystemTimeToFileTime
GetSystemTimeAsFileTime
GetSystemTime
GetDateFormatW
GetDateFormatA
WideCharToMultiByte
MultiByteToWideChar
GetVersionExW
CreateFileW
GetShortPathNameW
GetShortPathNameA
GetVersion
CreateFileA
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
CloseHandle
SetFilePointer
ReadFile
WriteFile
GetFileSize
FindNextFileW
FindFirstFileW
FindClose
GetModuleHandleW
Sleep
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
GetLastError
RaiseException
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
RtlCaptureStackBackTrace
DecodePointer
GetModuleFileNameW
LoadLibraryW
GetProcAddress
FreeLibrary
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
CreateTimerQueue
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExW
FindFirstFileExA
SetFilePointerEx
ReadConsoleW
GetConsoleCP
EnumSystemLocalesW
IsValidLocale
GetTimeFormatW
GetTimeZoneInformation
WriteConsoleW
GetACP
SetStdHandle
HeapQueryInformation
GetFullPathNameA
GetCommandLineW
GetCommandLineA
SetConsoleMode
ReadConsoleInputA
PeekConsoleInputA
GetNumberOfConsoleInputEvents
GetConsoleMode
SetConsoleCtrlHandler
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
PeekNamedPipe
VirtualQuery
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwind
ExpandEnvironmentStringsA
GetCPInfo
LCMapStringW
TryEnterCriticalSection
GetStringTypeW
SetProcessAffinityMask
InterlockedPopEntrySList
QueryDepthSList
UnregisterWaitEx
WaitForMultipleObjectsEx
SuspendThread

msimg32

TransparentBlt
AlphaBlend

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter
GetJobW

advapi32

LookupAccountSidW
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyW
RegSetValueExW
RegOpenKeyExA
SetFileSecurityW
GetFileSecurityW
RegQueryValueW
RegQueryValueExA
OpenProcessToken
OpenThreadToken
GetTokenInformation
RegEnumKeyW
RegSetValueW
ReportEventA
RegisterEventSourceA
DeregisterEventSource
GetSidSubAuthorityCount
GetSidSubAuthority
GetSidIdentifierAuthority
InitializeSid
GetSidLengthRequired
EqualSid
IsValidSid
QueryServiceStatus
SetNamedSecurityInfoW
GetNamedSecurityInfoW
SetEntriesInAclW
AllocateAndInitializeSid
RegEnumKeyExW
RegEnumValueA
RegFlushKey
RegDeleteKeyA
RegEnumValueW
RegSetValueExA
ConvertSidToStringSidW
StartServiceW
QueryServiceStatusEx
OpenServiceW
OpenSCManagerW
CloseServiceHandle
InitiateSystemShutdownW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCreateKeyExA
LookupPrivilegeValueW
AdjustTokenPrivileges
RegCloseKey

uxtheme

GetThemeSysColor
GetWindowTheme
GetCurrentThemeName
GetThemeColor
DrawThemeText
DrawThemeParentBackground
IsThemeBackgroundPartiallyTransparent
GetThemePartSize
DrawThemeBackground
CloseThemeData
OpenThemeData
IsAppThemed

ole32

CoTaskMemFree
StgCreateDocfile
CLSIDFromProgID
CoRegisterMessageFilter
OleSetMenuDescriptor
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
CoRevokeClassObject
CoRegisterClassObject
CoGetClassObject
OleUninitialize
OleInitialize
CoFreeUnusedLibraries
OleQueryCreateFromData
OleQueryLinkFromData
CoGetMalloc
OleGetClipboard
DoDragDrop
OleIsCurrentClipboard
OleFlushClipboard
OleSetClipboard
CLSIDFromString
StringFromGUID2
CoDisconnectObject
CreateStreamOnHGlobal
PropVariantCopy
CoCreateGuid
SetConvertStg
OleRegGetUserType
ReleaseStgMedium
OleDuplicateData
ReadFmtUserTypeStg
WriteFmtUserTypeStg
WriteClassStg
ReadClassStg
CreateBindCtx
CoTreatAsClass
StringFromCLSID
IIDFromString
OleLockRunning
CoTaskMemAlloc
CoInitialize
CoCreateInstance
CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
CoUninitialize
OleIsRunning
GetRunningObjectTable
CreateOleAdviseHolder
CreateDataAdviseHolder
OleRun
GetHGlobalFromILockBytes
OleGetIconOfClass
OleSetContainedObject
OleSaveToStream
OleSave
OleLoad
OleCreateFromFile
OleCreateLinkToFile
OleCreateStaticFromData
OleCreateLinkFromData
OleCreateFromData
OleCreate
WriteClassStm
CreateItemMoniker
CreateGenericComposite
StgCreateDocfileOnILockBytes
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
OleRegEnumVerbs
OleRegGetMiscStatus
CreateILockBytesOnHGlobal
CreateFileMoniker
StgIsStorageFile
StgOpenStorageOnILockBytes
StgOpenStorage

oleaut32

VarBstrFromDec
VarDecFromStr
GetErrorInfo
SetErrorInfo
VarBstrFromDate
VarBstrFromCy
VarCyFromStr
VarDateFromStr
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayGetElement
CreateErrorInfo
SafeArrayAccessData
SafeArrayUnlock
SafeArrayLock
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayRedim
SafeArrayDestroyData
SafeArrayDestroyDescriptor
SafeArrayCreate
SafeArrayAllocData
SafeArrayAllocDescriptor
VariantTimeToSystemTime
SystemTimeToVariantTime
SysStringLen
SysReAllocStringLen
RegisterTypeLi
LoadRegTypeLi
LoadTypeLi
SysAllocStringLen
SafeArrayUnaccessData
SysAllocString
SysFreeString
SysStringByteLen
SysAllocStringByteLen
SafeArrayDestroy
SafeArrayCopy
SafeArrayGetVartype
SafeArrayCreateVector
VariantInit
VariantClear
VariantCopy
VariantChangeType
VarBstrCmp

oledlg

OleUIBusyW

gdiplus

GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePalette
GdipGetImagePaletteSize
GdipCreateBitmapFromFile
GdipSaveImageToFile
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipDeleteGraphics
GdipDrawImageI
GdipGetImageDecodersSize
GdipGetImageDecoders
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipCreateFromHDC
GdipSetInterpolationMode
GdipDrawImageRectI
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromScan0
GdipSaveImageToStream
GdipCloneImage
GdiplusStartup
GdipFree
GdipAlloc
GdiplusShutdown
GdipCreateBitmapFromFileICM
GdipDisposeImage

ws2_32

shutdown
send
recv
socket
gethostbyname
htons
connect
closesocket
WSACleanup
WSAStartup

oleacc

CreateStdAccessibleObject
AccessibleObjectFromWindow
LresultFromObject

winmm

PlaySoundW

imm32

ImmReleaseContext
ImmGetOpenStatus
ImmGetContext

setupapi

SetupDiGetDeviceInterfaceDetailA
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsA
SetupDiEnumDeviceInterfaces

rpcrt4

UuidCreateSequential
UuidToStringW
RpcStringFreeW

crypt32

CryptStringToBinaryW

Sections

.text
Size: 5.0MB - Virtual size: 5.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 108KB - Virtual size: 491KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 140KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.giats
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8bca83196d981bfb8a654bbe4d9af861

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

06:32:33:b9:f6:bd:18:a6:db:91:31:c7:ba:ac:5f:e4Certificate

Extended Key Usages

Key Usages

2a:25:94:f9:8e:06:21:52:3d:ff:14:24:45:f5:58:08:b6:f7:ad:17Signer

Headers

DLL Characteristics

File Characteristics

Imports

version

secur32

netapi32

hid

kernel32

msimg32

winspool.drv

advapi32

uxtheme

ole32

oleaut32

oledlg

gdiplus

ws2_32

oleacc

winmm

imm32

setupapi

rpcrt4

crypt32

Sections

.text Size: 5.0MB - Virtual size: 5.0MB

.rdata Size: 2.7MB - Virtual size: 2.7MB

.data Size: 108KB - Virtual size: 491KB

.gfids Size: 140KB - Virtual size: 140KB

.giats Size: 512B - Virtual size: 28B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 1.1MB - Virtual size: 1.1MB

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

06:32:33:b9:f6:bd:18:a6:db:91:31:c7:ba:ac:5f:e4
Certificate

2a:25:94:f9:8e:06:21:52:3d:ff:14:24:45:f5:58:08:b6:f7:ad:17
Signer

.text
Size: 5.0MB - Virtual size: 5.0MB

.rdata
Size: 2.7MB - Virtual size: 2.7MB

.data
Size: 108KB - Virtual size: 491KB

.gfids
Size: 140KB - Virtual size: 140KB

.giats
Size: 512B - Virtual size: 28B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 1.1MB - Virtual size: 1.1MB