62ab6542b5ba793cf02a065c0ad0bfb9f87d1b90684b800ea824c39b9cd059fa

Sharing

Copy URL Twitter E-mail

General

Target

62ab6542b5ba793cf02a065c0ad0bfb9f87d1b90684b800ea824c39b9cd059fa
Size

12.1MB
MD5

d77e03b8b135322cd37035d107e34f37
SHA1

1fd2be8cb8c4eb1bb625f230a3fa178d928ab93b
SHA256

62ab6542b5ba793cf02a065c0ad0bfb9f87d1b90684b800ea824c39b9cd059fa
SHA512

3e2ad5720c4336459abbb50743b85e62dd61bd9274b5c10dd4d2100ee842d4eaf71eee20ee1e19a426ec04fb19c5498262464f68d350100f0dd000eb5b468ea2
SSDEEP

98304:8WnDOzP2qFX9VB1IAT81brCEiXFxl8bTYrz3RQShN53vWvMhGIXYvOXZlhWA7tGe:NYPVVBdkbmbFAo/5uvM7eatGBwsi

Score

1^/10

Malware Config

Signatures

Files

62ab6542b5ba793cf02a065c0ad0bfb9f87d1b90684b800ea824c39b9cd059fa
.dll regsvr32 windows x64

a765680655b90b380a6c17102de0e95a

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

57:1c:ab:20:64:57:cf:e5:97:5c:82:0e
Certificate

Issuer

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

19/04/2023, 01:53

Not After

19/04/2026, 01:53

Subject

CN=Shenzhen Excelsecu Data Technology Co.\,Ltd.,O=Shenzhen Excelsecu Data Technology Co.\,Ltd.,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

57:1c:ab:20:64:57:cf:e5:97:5c:82:0e
Certificate

Issuer

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

19/04/2023, 01:53

Not After

19/04/2026, 01:53

Subject

CN=Shenzhen Excelsecu Data Technology Co.\,Ltd.,O=Shenzhen Excelsecu Data Technology Co.\,Ltd.,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

ac:81:48:2f:37:3a:46:4e:93:87:b6:02:ee:a8:51:6d:81:9f:a9:d8:1c:62:d7:9e:3b:d7:9a:91:4a:01:fc:64
Signer

Actual PE Digest

ac:81:48:2f:37:3a:46:4e:93:87:b6:02:ee:a8:51:6d:81:9f:a9:d8:1c:62:d7:9e:3b:d7:9a:91:4a:01:fc:64

Digest Algorithm

sha256

PE Digest Matches

false

25:34:46:88:0e:fa:7f:46:a7:73:f0:04:31:15:d7:da:d3:15:c6:b5
Signer

Actual PE Digest

25:34:46:88:0e:fa:7f:46:a7:73:f0:04:31:15:d7:da:d3:15:c6:b5

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetProcessHeap
TerminateThread
GetExitCodeThread
Sleep
CreateMutexW
VirtualQuery
WaitForSingleObject
ReleaseMutex
GetTickCount
QueryPerformanceCounter
SystemTimeToFileTime
GetSystemTime
GetCurrentThreadId
GetCurrentProcessId
LocalFree
UnmapViewOfFile
MapViewOfFile
OpenFileMappingA
OpenMutexA
CreateFileMappingA
CreateMutexA
HeapAlloc
lstrcmpiA
CreateEventA
OpenEventA
SetEvent
ResetEvent
GetVersion
GetFileType
GetStdHandle
GlobalMemoryStatus
VirtualProtect
GetCurrentProcess
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
CreateFileA
HeapFree
GetVersionExW
GetModuleHandleA
LoadLibraryExA
FindResourceA
LoadResource
SizeofResource
IsDBCSLeadByte
DisableThreadLibraryCalls
GetModuleHandleW
GetLastError
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
lstrlenW
CreateFileW
GetFileSize
CloseHandle
MultiByteToWideChar
VirtualAlloc
VirtualFree
GetModuleFileNameA
WideCharToMultiByte
lstrlenA
FreeLibrary
GetSystemDirectoryW
LoadLibraryW
GetProcAddress
GetHandleInformation
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
SetFilePointer
SetStdHandle
FlushFileBuffers
InitializeCriticalSectionAndSpinCount
LoadLibraryA
LCMapStringW
LCMapStringA
GetConsoleMode
GetConsoleCP
ReadFile
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
SetHandleCount
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapSize
RtlPcToFileHeader
GetSystemInfo
RtlUnwindEx
RtlLookupFunctionEntry
FlsSetValue
GetCommandLineA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
ExitProcess
GetSystemTimeAsFileTime
HeapReAlloc
WriteFile
HeapSetInformation
HeapCreate
HeapDestroy
EncodePointer
DecodePointer
FlsGetValue
FlsFree
SetLastError
FlsAlloc
SetEndOfFile

user32

GetUserObjectInformationW
MessageBoxA
GetProcessWindowStation
GetDesktopWindow
LoadStringA
CharNextA
CharNextW
MessageBoxW

advapi32

AddAccessAllowedAce
RegisterEventSourceW
ReportEventW
DeregisterEventSource
GetSecurityDescriptorSacl
SetSecurityInfo
InitializeSecurityDescriptor
AllocateAndInitializeSid
GetLengthSid
InitializeAcl
SetSecurityDescriptorDacl
FreeSid
RegEnumKeyExA
RegQueryInfoKeyA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA

ole32

ProgIDFromCLSID
CoTaskMemRealloc
CoCreateInstance
StringFromGUID2
CoTaskMemAlloc
CoTaskMemFree

oleaut32

SysFreeString
SysAllocStringLen
SysAllocString
SetErrorInfo
CreateErrorInfo
SysStringLen
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr
LoadRegTypeLi

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoA
VerQueryValueA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 283KB - Virtual size: 283KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 63KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a765680655b90b380a6c17102de0e95a

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54Certificate

Extended Key Usages

Key Usages

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

57:1c:ab:20:64:57:cf:e5:97:5c:82:0eCertificate

Extended Key Usages

Key Usages

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54Certificate

Extended Key Usages

Key Usages

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47Certificate

Extended Key Usages

Key Usages

57:1c:ab:20:64:57:cf:e5:97:5c:82:0eCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

ac:81:48:2f:37:3a:46:4e:93:87:b6:02:ee:a8:51:6d:81:9f:a9:d8:1c:62:d7:9e:3b:d7:9a:91:4a:01:fc:64Signer

25:34:46:88:0e:fa:7f:46:a7:73:f0:04:31:15:d7:da:d3:15:c6:b5Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

version

Exports

Exports

Sections

.text Size: 283KB - Virtual size: 283KB

.rdata Size: 77KB - Virtual size: 77KB

.data Size: 63KB - Virtual size: 120KB

.pdata Size: 14KB - Virtual size: 14KB

.rsrc Size: 8KB - Virtual size: 8KB

.reloc Size: 12KB - Virtual size: 11KB

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

57:1c:ab:20:64:57:cf:e5:97:5c:82:0e
Certificate

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

57:1c:ab:20:64:57:cf:e5:97:5c:82:0e
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

ac:81:48:2f:37:3a:46:4e:93:87:b6:02:ee:a8:51:6d:81:9f:a9:d8:1c:62:d7:9e:3b:d7:9a:91:4a:01:fc:64
Signer

25:34:46:88:0e:fa:7f:46:a7:73:f0:04:31:15:d7:da:d3:15:c6:b5
Signer

.text
Size: 283KB - Virtual size: 283KB

.rdata
Size: 77KB - Virtual size: 77KB

.data
Size: 63KB - Virtual size: 120KB

.pdata
Size: 14KB - Virtual size: 14KB

.rsrc
Size: 8KB - Virtual size: 8KB

.reloc
Size: 12KB - Virtual size: 11KB