Malicious_1b33da9a4afb0ff1f964ee957a712b7d250bd45f64bce0f8d339a2118fab1ac9[.]dontrunthis

Sharing

Copy URL Twitter E-mail

General

Target

Malicious_1b33da9a4afb0ff1f964ee957a712b7d250bd45f64bce0f8d339a2118fab1ac9.dontrunthis
Size

2.8MB
MD5

583d26e3effa68773141fc697d5e5519
SHA1

a97b463e53406f42e420055b83723b83bba20458
SHA256

77bcca9c2bcc7360bc067eca17f607f9ce1b5ea23d18316efa7fb0cb14921f9b
SHA512

f417310ee58fa89f3c937c613b96bd28d55d0cc4e57034ca5fd702e0f6a06602923713c63543aa9f132b2761fc4eebc4cf638d7e877d6197a8dc27302926d801
SSDEEP

49152:wN0XJTRkacV1OFBCQhcdpMv+P+e/JoN64XqVuvjzxQ0oh:wSXJTRdcXOoIv+P+e/JoNVXE

Score

1^/10

Malware Config

Signatures

Files

Malicious_1b33da9a4afb0ff1f964ee957a712b7d250bd45f64bce0f8d339a2118fab1ac9.dontrunthis
.exe windows x86

10ebe887ccaf68d1367db1af6ef9bc7f

Code Sign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1d:da:30:fe:32:06:c2:3d:83:cb:db:76:38:c0:90:51
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

01/09/2020, 00:00

Not After

01/09/2023, 23:59

Subject

CN=Global Microtrading PTE. LTD,OU=IT,O=Global Microtrading PTE. LTD,L=Singapore,C=SG

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1d:da:30:fe:32:06:c2:3d:83:cb:db:76:38:c0:90:51
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

01/09/2020, 00:00

Not After

01/09/2023, 23:59

Subject

CN=Global Microtrading PTE. LTD,OU=IT,O=Global Microtrading PTE. LTD,L=Singapore,C=SG

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4c:bf:08:53:82:86:c0:da:26:45:fe:03:68:ce:e7:9a:7e:d5:9b:06:86:f9:20:75:d9:7a:f4:16:53:47:94:2d
Signer

Actual PE Digest

4c:bf:08:53:82:86:c0:da:26:45:fe:03:68:ce:e7:9a:7e:d5:9b:06:86:f9:20:75:d9:7a:f4:16:53:47:94:2d

Digest Algorithm

sha256

PE Digest Matches

false

e2:c9:3c:37:52:4a:af:31:94:ff:c7:8a:35:0f:c7:f4:2f:93:80:3d
Signer

Actual PE Digest

e2:c9:3c:37:52:4a:af:31:94:ff:c7:8a:35:0f:c7:f4:2f:93:80:3d

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

recv
WSAIoctl
setsockopt
getsockname
ntohs
bind
htons
getsockopt
getpeername
socket
connect
WSASetLastError
freeaddrinfo
getaddrinfo
accept
listen
htonl
sendto
recvfrom
select
__WSAFDIsSet
ioctlsocket
inet_ntoa
getnameinfo
WSACleanup
WSAGetLastError
send
closesocket
WSAStartup
gethostbyname
gethostname
shutdown

wldap32

ord79
ord33
ord301
ord35
ord46
ord60
ord143
ord32
ord200
ord30
ord26
ord217
ord211
ord22
ord27
ord50
ord41

kernel32

SizeofResource
FindResourceW
SetFileAttributesW
WriteFile
CloseHandle
DisconnectNamedPipe
GetLastError
CreateNamedPipeW
SetEvent
ReadFile
ResetEvent
CreateEventW
ConnectNamedPipe
CreateFileW
RaiseException
EnterCriticalSection
LeaveCriticalSection
GetModuleFileNameW
InitializeCriticalSection
DeleteCriticalSection
lstrcmpW
MulDiv
SetLastError
GlobalUnlock
GlobalLock
GlobalAlloc
lstrcmpiW
FreeLibrary
LoadLibraryExW
GetModuleHandleW
GlobalFree
GlobalHandle
CreateMutexW
SetEndOfFile
SetFilePointer
WideCharToMultiByte
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
CreateProcessW
GetFileAttributesW
RemoveDirectoryW
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
GetTempPathW
TerminateProcess
LocalFree
FormatMessageW
CreateDirectoryW
OpenProcess
GetCurrentProcessId
SetErrorMode
GetFileSizeEx
lstrlenA
GetDiskFreeSpaceExW
GetCommandLineW
ReleaseSemaphore
WaitNamedPipeW
WaitForMultipleObjects
TransactNamedPipe
VirtualQuery
SetNamedPipeHandleState
ExitProcess
SetUnhandledExceptionFilter
GetProcAddress
LoadLibraryW
CreateSemaphoreW
GetSystemDefaultUILanguage
VerifyVersionInfoA
VerSetConditionMask
GetSystemDirectoryA
LoadLibraryA
GetModuleHandleA
QueryPerformanceFrequency
SleepEx
QueryPerformanceCounter
GetEnvironmentVariableA
PeekNamedPipe
GetFileType
GetStdHandle
FormatMessageA
MoveFileExA
GetEnvironmentVariableW
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
GetSystemTimeAsFileTime
GetVersion
DeleteFiber
SwitchToFiber
CreateFiber
GlobalMemoryStatus
ConvertFiberToThread
ConvertThreadToFiber
SystemTimeToFileTime
HeapFree
GetProcessHeap
HeapAlloc
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
InterlockedExchange
GetStartupInfoW
UnhandledExceptionFilter
IsDebuggerPresent
Sleep
GetTickCount
CreateThread
GetVersionExW
GetExitCodeProcess
WaitForSingleObject
GetSystemTime
InterlockedDecrement
lstrlenW
FlushInstructionCache
GetCurrentProcess
GetCurrentThreadId
InterlockedIncrement
IsBadWritePtr
MultiByteToWideChar
TerminateThread
LockResource
LoadResource
InterlockedCompareExchange

user32

FillRect
SetCursor
OffsetRect
FrameRect
CopyRect
PeekMessageW
SendMessageW
SetForegroundWindow
AllowSetForegroundWindow
InflateRect
UnregisterClassA
DrawStateW
DrawFocusRect
DrawTextW
CallWindowProcW
SetWindowLongW
GetWindowLongW
CreateWindowExW
GetWindowTextW
GetWindowTextLengthW
GetWindowRect
GetClientRect
ClientToScreen
ScreenToClient
InvalidateRect
RedrawWindow
SetCapture
GetParent
GetProcessWindowStation
GetUserObjectInformationW
EnumWindows
GetWindowThreadProcessId
MessageBoxW
CreateDialogIndirectParamW
GetMessageW
TranslateMessage
DispatchMessageW
MapDialogRect
SetWindowContextHelpId
RegisterWindowMessageW
CreateAcceleratorTableW
DrawIconEx
RegisterClassExW
LoadCursorW
GetClassInfoExW
GetFocus
SetFocus
DestroyAcceleratorTable
GetDesktopWindow
GetClassNameW
IsChild
InvalidateRgn
MoveWindow
CharNextW
EndPaint
BeginPaint
TrackPopupMenu
PostQuitMessage
MonitorFromPoint
DestroyMenu
GetWindow
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
SetWindowRgn
AppendMenuW
CreatePopupMenu
IsDialogMessageW
GetDlgItem
DestroyWindow
KillTimer
ShowWindow
SetWindowTextW
LoadBitmapW
PostThreadMessageW
ReleaseDC
GetDC
GetCursorPos
GetActiveWindow
GetCapture
WindowFromPoint
DefWindowProcW
ReleaseCapture
DestroyCursor
LoadImageW
GetSysColor
LoadStringW
SetWindowPos
IsWindow
GetDlgCtrlID

gdi32

GetObjectW
ChoosePixelFormat
SetPixelFormat
CreateFontW
GetDeviceCaps
StretchBlt
CreateRoundRectRgn
GetStockObject
CreateCompatibleBitmap
ExtTextOutW
DeleteObject
CreatePen
CreateSolidBrush
LineTo
MoveToEx
SetBkMode
CreateBitmap
CreateCompatibleDC
SelectObject
SetBkColor
BitBlt
SetTextColor
DeleteDC

advapi32

RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegQueryValueExW
CryptGenRandom
CryptDecrypt
CryptSetHashParam
CryptSignHashW
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptDestroyKey
CryptEnumProvidersW
RegisterEventSourceW
ReportEventW
DeregisterEventSource
CryptAcquireContextW
CryptCreateHash
CryptReleaseContext
CryptHashData
CryptDestroyHash
CryptGetHashParam
RegEnumValueW
RegEnumKeyW
RegDeleteKeyW

shell32

SHGetPathFromIDListW
SHGetSpecialFolderPathW
ShellExecuteExW
ord680
ShellExecuteW
SHBrowseForFolderW
SHGetSpecialFolderLocation
CommandLineToArgvW
Shell_NotifyIconW

ole32

OleRun
CoTaskMemFree
CoTaskMemRealloc
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CoTaskMemAlloc
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleLockRunning
StringFromGUID2
CoInitialize
CoUninitialize

oleaut32

LoadTypeLi
SysFreeString
VariantInit
VariantClear
VariantChangeType
SysAllocStringLen
SysAllocStringByteLen
SysStringByteLen
SysStringLen
SysAllocString
DispCallFunc
LoadRegTypeLi
OleCreateFontIndirect
VarUI4FromStr
GetErrorInfo

shlwapi

AssocQueryStringW

comctl32

InitCommonControlsEx

opengl32

wglDeleteContext
wglCreateContext
wglMakeCurrent
glGetString

wininet

InternetCloseHandle
HttpQueryInfoW
HttpSendRequestW
InternetSetOptionW
InternetQueryOptionW
HttpOpenRequestW
InternetConnectW
InternetOpenW
InternetReadFile

psapi

GetProcessImageFileNameW
GetModuleBaseNameW
EnumProcesses
GetModuleFileNameExW

msvcr90

strerror_s
_setmode
isxdigit
getenv
_wfopen
signal
_stat64i32
_fileno
_fstat64i32
setbuf
_gmtime64
__sys_nerr
fgets
strspn
_lseeki64
_fstat64
_getpid
strpbrk
fflush
setvbuf
_beginthreadex
fputc
fputs
qsort
feof
_stat64
strrchr
strchr
strerror
strncpy
fopen
fseek
ftell
fclose
strstr
_mbspbrk
fwrite
fread
calloc
strncmp
_strtoi64
strtoul
_errno
isspace
isdigit
strcat_s
sscanf
atoi
memmove
_snwprintf_s
exit
_set_invalid_parameter_handler
_set_purecall_handler
__iob_func
fprintf
mbstowcs
sprintf
_strdup
_vsnwprintf
_vsnprintf
_exit
raise
_strnicmp
_stricmp
isupper
abort
__crtLCMapStringA
__pctype_func
___lc_codepage_func
___lc_handle_func
_calloc_crt
setlocale
rand
islower
__uncaught_exception
wcsncpy
btowc
wcscmp
_controlfp_s
tolower
strtol
wcstombs
strcmp
wcslen
wcsncpy_s
wcsstr
wcscpy
_except_handler4_common
malloc
swprintf_s
_invoke_watson
_recalloc
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
_XcptFilter
_cexit
__wgetmainargs
_amsg_exit
_decode_pointer
_onexit
wcscat
memcpy
_time64
srand
sprintf_s
strcspn
??0bad_cast@std@@QAE@ABV01@@Z
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@PBD@Z
??0exception@std@@QAE@XZ
memchr
localeconv
memset
_invalid_parameter_noinfo
??_V@YAXPAX@Z
_free_locale
_access
_read
_write
_unlink
_close
_open
?terminate@@YAXXZ
ferror
_lock
??0exception@std@@QAE@ABV01@@Z
_CxxThrowException
??2@YAPAXI@Z
__CxxFrameHandler3
free
realloc
__RTDynamicCast
_purecall
memmove_s
memcpy_s
strlen
memcmp
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
??3@YAXPAX@Z
_unlock
__dllonexit
_encode_pointer

crypt32

CertFreeCertificateContext
CertGetCertificateContextProperty
CertOpenStore
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertDuplicateCertificateContext

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 464KB - Virtual size: 464KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 37KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 831KB - Virtual size: 830KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

10ebe887ccaf68d1367db1af6ef9bc7f

Code Sign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cbCertificate

Extended Key Usages

Key Usages

1d:da:30:fe:32:06:c2:3d:83:cb:db:76:38:c0:90:51Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6bCertificate

Extended Key Usages

Key Usages

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cbCertificate

Extended Key Usages

Key Usages

1d:da:30:fe:32:06:c2:3d:83:cb:db:76:38:c0:90:51Certificate

Extended Key Usages

Key Usages

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6bCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

4c:bf:08:53:82:86:c0:da:26:45:fe:03:68:ce:e7:9a:7e:d5:9b:06:86:f9:20:75:d9:7a:f4:16:53:47:94:2dSigner

e2:c9:3c:37:52:4a:af:31:94:ff:c7:8a:35:0f:c7:f4:2f:93:80:3dSigner

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

wldap32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

opengl32

wininet

psapi

msvcr90

crypt32

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 464KB - Virtual size: 464KB

.data Size: 37KB - Virtual size: 61KB

.rsrc Size: 831KB - Virtual size: 830KB

.reloc Size: 88KB - Virtual size: 87KB

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

1d:da:30:fe:32:06:c2:3d:83:cb:db:76:38:c0:90:51
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

1d:da:30:fe:32:06:c2:3d:83:cb:db:76:38:c0:90:51
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

4c:bf:08:53:82:86:c0:da:26:45:fe:03:68:ce:e7:9a:7e:d5:9b:06:86:f9:20:75:d9:7a:f4:16:53:47:94:2d
Signer

e2:c9:3c:37:52:4a:af:31:94:ff:c7:8a:35:0f:c7:f4:2f:93:80:3d
Signer

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 464KB - Virtual size: 464KB

.data
Size: 37KB - Virtual size: 61KB

.rsrc
Size: 831KB - Virtual size: 830KB

.reloc
Size: 88KB - Virtual size: 87KB