ECA4974EA0[.]tmp

Sharing

Copy URL

Twitter E-mail

General

Target

ECA4974EA0.tmp
Size

17.1MB
MD5

ceaaef6141dec7e3618d677b83a6032c
SHA1

b791b71859a068cc1eab575e922af257a3ad3797
SHA256

372c1e9aaef0984a7bbfa4f4639a00071d4c9fb27181c7374c6d8ba4fd36b0a2
SHA512

5f8385d27d560b40199dcf8845465a72ddf81a70c53e1eb2ab0761fbb4b4572640ace98cf8c77354cba910b670e4ec836d72f3c3a700e286b9ec86fbba665482
SSDEEP

196608:wDLUUeVRKsMcsBMJ6VAVMC43aZRWRpuc2dkjwSiAKZ:SG4BMJoaMkWRpuc2dkjwSiAKZ

Score

1^/10

Malware Config

Signatures

Files

ECA4974EA0.tmp
.exe windows x86

013bcdc531af904012881d715891d31a

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:be:cc:39:a7:53:8b:ec:e2:d5:05:5b:16:c2:8d:47
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

03/05/2023, 00:00

Not After

04/06/2025, 23:59

Subject

CN=Zepetto Co.,O=Zepetto Co.,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11/05/2022, 00:00

Not After

10/08/2033, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c9:13:59:bf:52:ff:66:eb:6d:37:62:e3:af:0f:83:0f:7d:f0:19:0d:e1:e9:d7:8f:32:ac:7d:11:d1:2f:22:86
Signer

Actual PE Digest

c9:13:59:bf:52:ff:66:eb:6d:37:62:e3:af:0f:83:0f:7d:f0:19:0d:e1:e9:d7:8f:32:ac:7d:11:d1:2f:22:86

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetCanonicalizeUrlA
InternetCrackUrlA
HttpQueryInfoA
HttpSendRequestA
HttpOpenRequestA
InternetGetLastResponseInfoA
InternetQueryDataAvailable
InternetReadFile
InternetOpenA
InternetCloseHandle
DeleteUrlCacheEntry
InternetConnectA

iphlpapi

GetAdaptersInfo

kernel32

FreeEnvironmentStringsW
GetEnvironmentStringsW
IsValidCodePage
FindFirstFileExA
GetDriveTypeW
GetTimeZoneInformation
ReadConsoleW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
EnumSystemLocalesW
IsValidLocale
GetStdHandle
ExitProcess
IsDebuggerPresent
GetCommandLineW
GetCommandLineA
GetFileType
SetStdHandle
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
VirtualQuery
VirtualAlloc
GetSystemInfo
InterlockedPushEntrySList
RtlUnwind
GetStringTypeW
LCMapStringW
OutputDebugStringW
SetEnvironmentVariableA
CreateEventW
WaitForSingleObjectEx
ResetEvent
InitializeSListHead
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SearchPathA
GetProfileIntA
GetTempPathA
VerifyVersionInfoA
VerSetConditionMask
GetWindowsDirectoryA
FindResourceExW
GetUserDefaultLCID
GetTempFileNameA
GetACP
SetErrorMode
GetCPInfo
GetOEMCP
VirtualProtect
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
CompareStringW
GlobalFlags
LocalReAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSection
FindNextFileA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
ResumeThread
SetThreadPriority
CreateMutexA
ReleaseMutex
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetFileSizeEx
GetFileAttributesExA
GetSystemTimeAsFileTime
GetThreadLocale
DuplicateHandle
UnlockFile
SetFilePointer
SetEndOfFile
ReadFile
LockFile
GetFileSize
FlushFileBuffers
GetCurrentProcessId
CompareStringA
GlobalGetAtomNameA
GlobalFindAtomA
GlobalAddAtomA
FindResourceA
LoadLibraryW
LoadLibraryA
lstrcmpW
GlobalDeleteAtom
LoadLibraryExW
GetProcAddress
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameW
FreeResource
FreeLibrary
GetSystemDirectoryW
GetCurrentThreadId
EncodePointer
OutputDebugStringA
lstrcmpA
GlobalFree
GlobalUnlock
GlobalLock
GlobalSize
GlobalAlloc
CreateEventA
SetEvent
LocalSize
LocalAlloc
GetFileAttributesA
GetFullPathNameA
lstrlenA
lstrcpyA
lstrcmpiA
DosDateTimeToFileTime
WriteFile
WaitForSingleObject
GetVolumeInformationA
RemoveDirectoryA
CreateDirectoryA
LocalFileTimeToFileTime
CompareFileTime
FindClose
FindFirstFileA
SetFileTime
GetFileTime
CreateFileA
QueryPerformanceFrequency
QueryPerformanceCounter
GetCurrentThread
SetLastError
GetVersionExA
MoveFileExA
MoveFileA
CopyFileA
DeleteFileA
GetDiskFreeSpaceExA
GetCurrentDirectoryA
FileTimeToLocalFileTime
CloseHandle
GetCurrentProcess
RaiseException
GetProcessHeap
GetCurrentDirectoryW
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
DecodePointer
InterlockedExchange
MultiByteToWideChar
FormatMessageA
GetTickCount
Sleep
LocalFree
WideCharToMultiByte
FindResourceW
GetLocalTime
SizeofResource
LoadResource
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
GetLastError
LockResource
MulDiv
GetModuleFileNameA
GetStartupInfoW
WriteConsoleW
CreateFileW
HeapQueryInformation

user32

GetSysColorBrush
ShowOwnedPopups
PostQuitMessage
TranslateMessage
GetMessageA
WaitMessage
ReuseDDElParam
UnpackDDElParam
DestroyIcon
InsertMenuItemA
DestroyMenu
CreatePopupMenu
LoadMenuA
TranslateAcceleratorA
LoadAcceleratorsA
BringWindowToTop
IntersectRect
InflateRect
SystemParametersInfoA
LoadCursorW
IsRectEmpty
SetWindowRgn
ReleaseCapture
SetCapture
GetDesktopWindow
GetActiveWindow
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamA
SetRectEmpty
WindowFromPoint
GetCursorPos
OffsetRect
CharNextA
MapVirtualKeyA
GetKeyNameTextA
CharUpperA
LoadBitmapA
GetWindowThreadProcessId
IsDialogMessageA
SetWindowTextA
IsWindowEnabled
SendDlgItemMessageA
CheckDlgButton
SetDlgItemTextA
MoveWindow
ShowWindow
GetMonitorInfoA
MonitorFromWindow
WinHelpA
GetScrollInfo
SetScrollInfo
LoadIconA
CallNextHookEx
SetWindowsHookExA
GetWindow
GetLastActivePopup
GetTopWindow
GetClassNameA
GetClassLongA
SetWindowLongA
RealChildWindowFromPoint
PtInRect
EqualRect
MapWindowPoints
MessageBoxA
AdjustWindowRectEx
GetWindowTextLengthA
GetWindowTextA
RemovePropA
GetPropA
SetPropA
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
SetLayeredWindowAttributes
ValidateRect
SetForegroundWindow
GetForegroundWindow
SetActiveWindow
UpdateWindow
TrackPopupMenu
SetMenu
GetMenu
GetCapture
GetKeyState
SetFocus
GetDlgCtrlID
GetDlgItem
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
SetWindowPos
EnumDisplayMonitors
SetClassLongA
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
TrackMouseEvent
EnableWindow
DestroyWindow
IsChild
IsMenu
IsWindow
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
CallWindowProcA
DefWindowProcA
GetMessageTime
GetMessagePos
PeekMessageA
DispatchMessageA
RegisterWindowMessageA
SetMenuItemInfoA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
GetFocus
ScreenToClient
ClientToScreen
EndPaint
GetMenuItemInfoA
CopyImage
GetAsyncKeyState
MapDialogRect
CopyAcceleratorTableA
InvalidateRgn
LoadImageW
SetWindowContextHelpId
UnionRect
GetSystemMenu
DeleteMenu
SetParent
RegisterClipboardFormatA
GetNextDlgGroupItem
DrawFocusRect
DrawIconEx
GetIconInfo
MessageBeep
EnableScrollBar
HideCaret
InvertRect
NotifyWinEvent
GetWindowLongA
GetMenuDefaultItem
BeginPaint
ReleaseDC
DrawStateA
DrawEdge
DrawFrameControl
IsZoomed
LoadMenuW
SetCursorPos
DestroyCursor
GetWindowRgn
DrawTextW
InvalidateRect
GetClientRect
CopyRect
LoadBitmapW
SendMessageA
SetCursor
GetSysColor
LoadCursorA
PostMessageA
GetWindowRect
SetRect
GetParent
LoadImageA
SetDlgItemTextW
UnregisterClassA
MessageBoxW
IsWindowVisible
IsIconic
SetTimer
GetSystemMetrics
DrawIcon
FillRect
LoadIconW
wsprintfA
KillTimer
GetMenuStringA
GetMenuState
GetSubMenu
GetMenuItemID
GetMenuItemCount
InsertMenuA
AppendMenuA
RemoveMenu
UnhookWindowsHookEx
DrawTextA
DrawTextExA
GrayStringA
TabbedTextOutA
CreateMenu
SubtractRect
TranslateMDISysAccel
DefMDIChildProcA
DefFrameProcA
DrawMenuBar
GetUpdateRect
IsClipboardFormatAvailable
CharUpperBuffA
ModifyMenuA
GetDoubleClickTime
SetMenuDefaultItem
DestroyAcceleratorTable
CreateAcceleratorTableA
ToAsciiEx
GetKeyboardState
MapVirtualKeyExA
IsCharLowerA
GetKeyboardLayout
GetComboBoxInfo
MonitorFromPoint
UpdateLayeredWindow
PostThreadMessageA
LockWindowUpdate
LoadAcceleratorsW
FrameRect
RedrawWindow
GetWindowDC
GetDC
CopyIcon

gdi32

CreateRectRgn
Escape
ExcludeClipRect
GetClipBox
GetObjectType
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
LineTo
PtVisible
RectVisible
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectPalette
SetBkColor
SetBkMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetTextColor
SetTextAlign
MoveToEx
TextOutA
ExtTextOutA
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CreateRectRgnIndirect
CreatePatternBrush
GetBkColor
CreateEllipticRgn
Ellipse
CreateDIBSection
DPtoLP
LPtoDP
CombineRgn
GetMapMode
SetRectRgn
GetTextExtentPoint32A
GetRgnBox
GetTextMetricsA
EnumFontFamiliesExA
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
RealizePalette
CreateDIBitmap
EnumFontFamiliesA
GetTextCharsetInfo
SetPixel
SetDIBColorTable
CreatePolygonRgn
Polygon
Polyline
CreateRoundRectRgn
Rectangle
OffsetRgn
RoundRect
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
ExtFloodFill
SetPaletteEntries
SetPixelV
GetWindowOrgEx
GetViewportOrgEx
GetTextFaceA
CreatePen
CreateHatchBrush
CreateBitmap
CreateDCA
CopyMetaFileA
CreateSolidBrush
GetCurrentObject
GetDIBColorTable
StretchBlt
SelectObject
GetTextColor
GetStockObject
DeleteDC
CreateFontA
GetObjectA
GetDeviceCaps
DeleteObject
CreateFontIndirectA
CreateCompatibleDC
CreateCompatibleBitmap
PatBlt
GetPixel
BitBlt

msimg32

AlphaBlend
TransparentBlt

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegEnumValueA
RegQueryValueA
RegEnumKeyA
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
CryptGenRandom
CryptReleaseContext
CryptAcquireContextA
CheckTokenMembership
CreateWellKnownSid
GetTokenInformation
OpenProcessToken
RegEnumKeyExA

shell32

SHGetDesktopFolder
ShellExecuteExA
ord680
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
DragQueryFileA
DragFinish
SHAppBarMessage
ShellExecuteA
SHGetSpecialFolderLocation

shlwapi

PathRemoveFileSpecA
PathIsUNCA
PathStripToRootA
PathFindExtensionA
PathFindFileNameA
UrlUnescapeA
StrFormatKBSizeA
PathRemoveFileSpecW

uxtheme

DrawThemeBackground
IsThemeBackgroundPartiallyTransparent
DrawThemeParentBackground
OpenThemeData
CloseThemeData
GetThemeColor
GetCurrentThemeName
GetThemePartSize
IsAppThemed
GetWindowTheme
GetThemeSysColor
DrawThemeText

ole32

IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
OleLockRunning
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
OleGetClipboard
DoDragDrop
CoRegisterMessageFilter
OleIsCurrentClipboard
OleFlushClipboard
CoRevokeClassObject
CoInitializeEx
CoFreeUnusedLibraries
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
CoDisconnectObject
CoInitialize
CoCreateInstance
CoCreateGuid
CoUninitialize
OleDraw
CreateStreamOnHGlobal
ReleaseStgMedium
OleDuplicateData
CoTaskMemAlloc
OleUninitialize
OleInitialize
CoTaskMemFree

oleaut32

SysAllocStringLen
OleCreateFontIndirect
LoadTypeLi
SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayCreate
SafeArrayDestroy
SafeArrayGetDim
SafeArrayGetElemsize
SysAllocStringByteLen
SafeArrayGetLBound
SafeArrayAccessData
SafeArrayUnaccessData
VariantCopy
VarBstrFromDate
VariantChangeType
VariantClear
VariantInit
SysFreeString
SafeArrayGetUBound
SysAllocString

gdiplus

GdipCreateBitmapFromStream
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipGetImagePaletteSize
GdipGetImagePalette
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipFree
GdipAlloc
GdiplusShutdown
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext

ws2_32

inet_ntoa
WSASetLastError
WSACleanup
WSAStartup
WSAGetLastError
closesocket
connect
htons
inet_addr
recv
send
shutdown
socket
WSACloseEvent
WSAEnumNetworkEvents
WSAEventSelect
WSACreateEvent
gethostbyname

oledlg

ord8

oleacc

AccessibleObjectFromWindow
CreateStdAccessibleObject
LresultFromObject

imm32

ImmGetOpenStatus
ImmGetContext
ImmReleaseContext

winmm

PlaySoundA

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 438KB - Virtual size: 438KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 43KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 107KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.giats
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14.5MB - Virtual size: 14.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

013bcdc531af904012881d715891d31a

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

01:be:cc:39:a7:53:8b:ec:e2:d5:05:5b:16:c2:8d:47Certificate

Extended Key Usages

Key Usages

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

c9:13:59:bf:52:ff:66:eb:6d:37:62:e3:af:0f:83:0f:7d:f0:19:0d:e1:e9:d7:8f:32:ac:7d:11:d1:2f:22:86Signer

Headers

DLL Characteristics

File Characteristics

Imports

wininet

iphlpapi

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

shlwapi

uxtheme

ole32

oleaut32

gdiplus

ws2_32

oledlg

oleacc

imm32

winmm

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.rdata Size: 438KB - Virtual size: 438KB

.data Size: 43KB - Virtual size: 81KB

.gfids Size: 107KB - Virtual size: 106KB

.giats Size: 512B - Virtual size: 16B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 14.5MB - Virtual size: 14.5MB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

01:be:cc:39:a7:53:8b:ec:e2:d5:05:5b:16:c2:8d:47
Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

c9:13:59:bf:52:ff:66:eb:6d:37:62:e3:af:0f:83:0f:7d:f0:19:0d:e1:e9:d7:8f:32:ac:7d:11:d1:2f:22:86
Signer

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 438KB - Virtual size: 438KB

.data
Size: 43KB - Virtual size: 81KB

.gfids
Size: 107KB - Virtual size: 106KB

.giats
Size: 512B - Virtual size: 16B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 14.5MB - Virtual size: 14.5MB