bc33872c0ab402100b3a7e7f7769c04a97c9a0c781f3e1545981accdc5d9b44b

Sharing

Copy URL Twitter E-mail

General

Target

bc33872c0ab402100b3a7e7f7769c04a97c9a0c781f3e1545981accdc5d9b44b
Size

13.2MB
MD5

1238aff8ad47a5eafcdcbce2a7a0f0b6
SHA1

6da175922b0d89d353dbdcc9c54e058709376b8b
SHA256

bc33872c0ab402100b3a7e7f7769c04a97c9a0c781f3e1545981accdc5d9b44b
SHA512

57e4a16320f423fc757c1f5dd17b33475c93658549e7ba8e9d569ce6c89ccdd7137d719c6cc8bf94838e903130d55eed7455ac88eebb5ed9e39e75dc2b91f881
SSDEEP

393216:bdmgrb1yyEDTdrARSggL/t3ofR6GdtnFnGk:bdmgF2z392/b

Score

1^/10

Malware Config

Signatures

Files

bc33872c0ab402100b3a7e7f7769c04a97c9a0c781f3e1545981accdc5d9b44b
.exe windows x86

b8d488f9268c663448a18b362409c110

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

18:39:af:85:74:aa:0e:80:c3:71:d9:80:34:61:dd:7b
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

13/01/2022, 00:00

Not After

12/01/2025, 23:59

Subject

CN=ADLICE,O=ADLICE,ST=Loire-Atlantique,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e2:03:1b:1d:74:ba:ff:cc:1f:57:f0:d4:d3:c0:4f:bb:81:5d:fb:74
Signer

Actual PE Digest

e2:03:1b:1d:74:ba:ff:cc:1f:57:f0:d4:d3:c0:4f:bb:81:5d:fb:74

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ConnectNamedPipe
DisconnectNamedPipe
SetNamedPipeHandleState
PeekNamedPipe
CreateNamedPipeW
WaitNamedPipeW
CancelIo
lstrcmpA
lstrcpyW
GetTickCount
HeapAlloc
HeapFree
GetProcessHeap
GetFileType
SetFilePointerEx
lstrcmpiW
lstrlenW
GetDriveTypeW
GetDiskFreeSpaceW
IsBadReadPtr
IsBadWritePtr
GetVolumeNameForVolumeMountPointW
GetVolumePathNameW
SetFilePointer
QueueUserWorkItem
GlobalAlloc
GlobalFree
LoadLibraryExW
GetCurrentThreadId
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleExW
SetHandleInformation
SwitchToFiber
DeleteFiber
CreateFiber
QueryPerformanceCounter
GetSystemTimeAsFileTime
ConvertFiberToThread
ConvertThreadToFiber
LoadLibraryA
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
FormatMessageA
InitializeCriticalSection
SleepEx
QueryPerformanceFrequency
GetSystemDirectoryA
ReadFile
ExpandEnvironmentStringsA
CreateFileMappingA
SwitchToThread
WriteFile
GetOverlappedResult
QueryDosDeviceW
DefineDosDeviceW
DeviceIoControl
InterlockedDecrement
Module32NextW
Module32FirstW
CreateRemoteThread
WriteProcessMemory
VirtualFreeEx
VirtualAllocEx
OpenThread
CreateThread
RaiseException
GetVolumeInformationW
FormatMessageW
GetSystemTimes
GetSystemInfo
GetStdHandle
FlushFileBuffers
Sleep
SetErrorMode
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
MoveFileExW
MoveFileW
FindNextFileW
FindFirstFileW
GetFileAttributesExW
SetFileAttributesW
CreateFileW
RemoveDirectoryW
CreateDirectoryW
GetFileTime
FindClose
GetDateFormatW
GetTimeFormatW
CompareFileTime
FileTimeToSystemTime
SystemTimeToFileTime
TzSpecificLocalTimeToSystemTime
SetEvent
SystemTimeToTzSpecificLocalTime
GetStringTypeW
EncodePointer
GetSystemTime
DeleteCriticalSection
TryEnterCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
GetVersionExA
GetFileAttributesW
OutputDebugStringA
GetEnvironmentVariableW
GetModuleFileNameW
GetModuleFileNameA
LoadLibraryW
FreeLibrary
LocalAlloc
CopyFileW
DeleteFileW
GetThreadLocale
GetUserGeoID
GetGeoInfoW
GetLocaleInfoW
WideCharToMultiByte
MultiByteToWideChar
GetComputerNameW
GetTempFileNameW
GetTempPathW
GetSystemDirectoryW
GetVersionExW
GetModuleHandleW
VerSetConditionMask
Thread32Next
Thread32First
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
TerminateJobObject
AssignProcessToJobObject
CreateJobObjectW
CreateProcessW
GetModuleHandleA
ReadProcessMemory
SetLastError
GetLastError
TerminateThread
GetProcessId
GetExitCodeProcess
TerminateProcess
OpenProcess
GetProcessTimes
GetProcAddress
GetCurrentProcessId
GetCurrentProcess
GetFullPathNameW
GetCurrentDirectoryW
ExpandEnvironmentStringsW
GetLongPathNameW
GetShortPathNameW
GetCommandLineW
DecodePointer
GetCPInfo
CompareStringW
LCMapStringW
WaitForSingleObjectEx
UnhandledExceptionFilter
LocalFree
CreateEventW
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlUnwind
InterlockedPushEntrySList
ExitProcess
SetConsoleCtrlHandler
ExitThread
FreeLibraryAndExitThread
HeapReAlloc
GetCommandLineA
GetACP
GetConsoleCP
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetStdHandle
GetFullPathNameA
SetEndOfFile
HeapSize
GetTimeZoneInformation
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
OutputDebugStringW
WriteConsoleW
CreateMutexW
OpenMutexW
CreateIoCompletionPort
GetQueuedCompletionStatus
GetFileSizeEx
LockResource
LoadResource
SizeofResource
CloseHandle
WaitForMultipleObjects
WaitForSingleObject
ResetEvent
VerifyVersionInfoA
LockFileEx
FindResourceW
InterlockedIncrement
UnlockFile
HeapCompact
DeleteFileA
FlushViewOfFile
GetFileAttributesA
GetDiskFreeSpaceA
GetTempPathA
HeapValidate
UnlockFileEx
LockFile
AreFileApisANSI
VirtualQueryEx
CreateFileA
HeapCreate
GetFileSize
HeapDestroy

user32

CharNextW
GetClassNameW
EnumChildWindows
GetWindowTextW
IsWindowVisible
SendMessageW
EnumWindows
GetWindowThreadProcessId
GetSystemMetrics
SystemParametersInfoW
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxW
SendMessageA
FindWindowA

shell32

CommandLineToArgvW
ShellExecuteExW
SHGetFolderPathW
ord51

ole32

CoUninitialize
CoInitializeEx
CoInitializeSecurity
CoCreateInstance
StringFromCLSID
CoTaskMemFree
CoSetProxyBlanket
CoTaskMemRealloc
CoTaskMemAlloc

oleaut32

SysStringLen
SysFreeString
VariantInit
VariantClear
VarUI4FromStr
SysAllocString

advapi32

StartServiceCtrlDispatcherW
RegQueryValueExW
RegisterServiceCtrlHandlerW
QueryServiceStatus
GetSecurityInfo
LookupPrivilegeValueA
ChangeServiceConfig2W
CryptGenRandom
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
LookupAccountNameW
CopySid
GetLengthSid
CheckTokenMembership
FreeSid
GetTokenInformation
ConvertStringSidToSidW
ConvertSidToStringSidW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
GetExplicitEntriesFromAclW
SetEntriesInAclW
RegSetKeySecurity
RegGetKeySecurity
LookupAccountSidW
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
IsValidSecurityDescriptor
InitializeSecurityDescriptor
GetAce
InitializeAcl
AllocateAndInitializeSid
IsValidSid
RegSetValueExW
OpenServiceW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
GetUserNameW
DuplicateTokenEx
CreateProcessAsUserW
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
StartServiceW
SetServiceObjectSecurity
QueryServiceStatusEx
QueryServiceConfig2W
QueryServiceConfigW
EnumServicesStatusW
EnumDependentServicesW
ChangeServiceConfigW
CloseServiceHandle
ControlService
CreateServiceW
DeleteService
OpenSCManagerW
SetServiceStatus

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

wininet

InternetGetConnectedState

shlwapi

PathRemoveBlanksW
PathFindExtensionW
PathFileExistsW
PathCommonPrefixW
PathAppendW
PathAddBackslashW
PathRemoveExtensionW
PathRemoveFileSpecW
PathSearchAndQualifyW
PathUnExpandEnvStringsW
StrDupW
StrCmpIW
PathIsNetworkPathW
PathQuoteSpacesW
PathRemoveArgsW
PathGetArgsW
PathGetDriveNumberW
PathIsDirectoryW
PathIsPrefixW
PathIsRelativeW
PathUnquoteSpacesW
PathRemoveBackslashW
PathFindFileNameW

psapi

GetProcessImageFileNameW
GetModuleFileNameExW
GetModuleBaseNameW
GetModuleInformation

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock
GetProfilesDirectoryW

ntdll

strtol
strpbrk
wcstombs
isupper
_strnicmp
islower
strtoul
strstr
strncmp
strcmp
memmove
atoi
strrchr
strncpy
qsort
NtQuerySystemInformation
isalnum
strchr
NtQueryKey
_stricmp
strspn
wcsstr
NtCreateKey
NtSetValueKey
NtDeleteValueKey
NtQueryVirtualMemory
towupper
NtDeleteKey
NtOpenKey
_wtoi64
strcspn
_wcsicmp
memchr
tolower
toupper
isspace
floor
memset
memcpy
memcmp
wcsrchr
wcschr
RtlInitUnicodeString
NtLoadDriver
NtUnloadDriver

wsock32

shutdown
htonl
select
__WSAFDIsSet
htons
getpeername
socket
setsockopt
listen
connect
closesocket
bind
accept
sendto
gethostname
WSASetLastError
send
recv
WSAGetLastError
WSACleanup
WSAStartup
ntohs
getsockopt
getsockname
inet_ntoa
recvfrom

mpr

WNetGetConnectionW

wtsapi32

WTSEnumerateSessionsW

wintrust

CryptCATCatalogInfoFromContext
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminEnumCatalogFromHash
CryptCATAdminReleaseCatalogContext
CryptCATAdminReleaseContext
WinVerifyTrust
CryptCATAdminAcquireContext

ws2_32

getaddrinfo
freeaddrinfo
WSAIoctl
getnameinfo

crypt32

CertGetNameStringW
CertNameToStrW
CertFreeCertificateContext
CertFindCertificateInStore
CertCloseStore
CryptQueryObject
CertOpenStore
CertEnumCertificatesInStore
CertDuplicateCertificateContext
CertGetCertificateContextProperty
CryptMsgClose
CryptDecodeObject
CryptMsgGetParam

fltlib

FilterReplyMessage
FilterConnectCommunicationPort
FilterGetMessage
FilterSendMessage

Sections

.text
Size: 5.6MB - Virtual size: 5.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 127KB - Virtual size: 215KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 552B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6.0MB - Virtual size: 6.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 318KB - Virtual size: 317KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b8d488f9268c663448a18b362409c110

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

18:39:af:85:74:aa:0e:80:c3:71:d9:80:34:61:dd:7bCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

e2:03:1b:1d:74:ba:ff:cc:1f:57:f0:d4:d3:c0:4f:bb:81:5d:fb:74Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

ole32

oleaut32

advapi32

version

wininet

shlwapi

psapi

userenv

ntdll

wsock32

mpr

wtsapi32

wintrust

ws2_32

crypt32

fltlib

Sections

.text Size: 5.6MB - Virtual size: 5.6MB

.rdata Size: 1.2MB - Virtual size: 1.2MB

.data Size: 127KB - Virtual size: 215KB

.gfids Size: 1024B - Virtual size: 552B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 6.0MB - Virtual size: 6.0MB

.reloc Size: 318KB - Virtual size: 317KB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

18:39:af:85:74:aa:0e:80:c3:71:d9:80:34:61:dd:7b
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

e2:03:1b:1d:74:ba:ff:cc:1f:57:f0:d4:d3:c0:4f:bb:81:5d:fb:74
Signer

.text
Size: 5.6MB - Virtual size: 5.6MB

.rdata
Size: 1.2MB - Virtual size: 1.2MB

.data
Size: 127KB - Virtual size: 215KB

.gfids
Size: 1024B - Virtual size: 552B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 6.0MB - Virtual size: 6.0MB

.reloc
Size: 318KB - Virtual size: 317KB