34f09a2bec838eb5d2781712a6d6722e721c533a5968a36ab824ea865050092d

Sharing

Copy URL Twitter E-mail

General

Target

34f09a2bec838eb5d2781712a6d6722e721c533a5968a36ab824ea865050092d
Size

954KB
MD5

122cc320ce3d3d04ee2af0ae613b7499
SHA1

ad127d50e65ea3d99d2d913a761cffcab07af92a
SHA256

34f09a2bec838eb5d2781712a6d6722e721c533a5968a36ab824ea865050092d
SHA512

8fcb8a0a96a51ae8ccf21dd141abbbca62ce9941446b36e7d758cf67e526ae4c972b1cf48d5dd87bc75e0c0fa5c42c2d65aebfd37811b879c99b6a08b1ba9797
SSDEEP

24576:nNdzODVp2kEaCWWPQr9Wu9WOr0re79oKmb:nNs2WWPQpWcWKt79oLb

Score

1^/10

Malware Config

Signatures

Files

34f09a2bec838eb5d2781712a6d6722e721c533a5968a36ab824ea865050092d
.dll windows x86

77b883a3669bf74a9dbbb1c54444edc9

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:92:61:fa:48:6b:16:10:71:3a:4c:b9:ec:7e:6c:42
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

01/03/2022, 00:00

Not After

23/04/2025, 23:59

Subject

CN=STARDOCK SYSTEMS\, INC.,O=STARDOCK SYSTEMS\, INC.,L=Plymouth,ST=Michigan,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:92:61:fa:48:6b:16:10:71:3a:4c:b9:ec:7e:6c:42
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

01/03/2022, 00:00

Not After

23/04/2025, 23:59

Subject

CN=STARDOCK SYSTEMS\, INC.,O=STARDOCK SYSTEMS\, INC.,L=Plymouth,ST=Michigan,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

9d:47:07:4f:4f:17:a7:bc:8e:e8:25:c7:38:fa:4e:13:d2:49:bc:5c:d9:a0:d5:47:5e:c1:ba:52:44:f3:3a:12
Signer

Actual PE Digest

9d:47:07:4f:4f:17:a7:bc:8e:e8:25:c7:38:fa:4e:13:d2:49:bc:5c:d9:a0:d5:47:5e:c1:ba:52:44:f3:3a:12

Digest Algorithm

sha256

PE Digest Matches

false

78:6e:04:af:b8:87:eb:74:44:57:45:6d:1c:7b:20:b1:17:52:a4:7e
Signer

Actual PE Digest

78:6e:04:af:b8:87:eb:74:44:57:45:6d:1c:7b:20:b1:17:52:a4:7e

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetLastError
LoadLibraryA
LockResource
HeapReAlloc
RaiseException
FindResourceExW
LoadResource
FindResourceW
HeapAlloc
DecodePointer
HeapDestroy
DeleteCriticalSection
GetProcessHeap
GetModuleFileNameA
WriteProcessMemory
IsBadWritePtr
VirtualProtect
SetLastError
EnterCriticalSection
VirtualFree
GetCurrentProcess
VirtualAlloc
GetModuleFileNameW
WaitForMultipleObjects
SetThreadPriority
LeaveCriticalSection
InitializeCriticalSection
FreeLibraryAndExitThread
IsBadCodePtr
GlobalDeleteAtom
GlobalAddAtomW
CreateEventW
Sleep
GetTickCount64
SetEvent
GetCurrentThread
LoadLibraryW
GlobalFindAtomW
GetProcAddress
GetCurrentProcessId
GetModuleHandleW
FlushInstructionCache
IsBadReadPtr
GetTickCount
VirtualQuery
SetEndOfFile
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
SetStdHandle
GetPrivateProfileStringW
GetTimeZoneInformation
ReadConsoleW
GetFileSizeEx
SetFilePointerEx
GetConsoleMode
GetConsoleCP
WriteFile
FlushFileBuffers
DeleteFileW
GetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
ExitProcess
GetFileType
CreateFileW
GetModuleHandleExW
ResumeThread
ExitThread
CreateThread
LoadLibraryExW
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwind
OutputDebugStringW
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
GetCPInfo
EncodePointer
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SwitchToThread
GetSystemTimeAsFileTime
GetCurrentThreadId
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
WriteConsoleW
UnhandledExceptionFilter
WaitForSingleObjectEx
InitializeCriticalSectionAndSpinCount
QueryPerformanceFrequency
HeapSize
GetModuleHandleA
GetUserPreferredUILanguages
InitializeCriticalSectionEx
GetPrivateProfileIntW
HeapFree
SizeofResource
GetSystemInfo
FreeLibrary
LoadLibraryExA
CreatePipe
SetHandleInformation
CreateProcessA
WaitForSingleObject
CloseHandle
ReadFile
GetFileAttributesA
CreateDirectoryW
GetModuleHandleExA
LocalAlloc
LocalFree
FindFirstFileW
FindClose
FileTimeToSystemTime
WideCharToMultiByte
MultiByteToWideChar
GlobalFree
CreateMutexW
ReleaseMutex
AddAtomA
GetComputerNameW
ResetEvent
GetComputerNameA
lstrcmpA
lstrlenA
QueryPerformanceCounter

user32

GetWindowLongW
GetWindowThreadProcessId
GetMessageW
DefWindowProcW
GetKeyState
RemovePropA
SetPropA
AllowSetForegroundWindow
CallWindowProcW
PostMessageW
GetWindow
FindWindowExW
GetWindowRect
SendMessageTimeoutW
DestroyWindow
IsWindowVisible
SetWindowPos
EqualRect
GetPropW
MonitorFromRect
MonitorFromWindow
EnumChildWindows
SetWindowRgn
CreateWindowExW
SendMessageW
CallNextHookEx
RemovePropW
GetSystemMetrics
GetClassNameA
GetWindowPlacement
ShowWindow
ReplyMessage
IsWindow
DispatchMessageW
SetTimer
IsHungAppWindow
GetWindowInfo
GetMonitorInfoW
SetWindowLongA
SwitchToThisWindow
GetLayeredWindowAttributes
MapWindowPoints
SetWindowPlacement
GetForegroundWindow
GetPropA
EnumWindows
ChangeWindowMessageFilter
GetWindowRgnBox
SetLayeredWindowAttributes
BroadcastSystemMessageW
SendNotifyMessageW
SetPropW
TranslateMessage
FindWindowW
wsprintfW
SetWindowLongW
GetClientRect
IsZoomed
KillTimer
GetParent
RegisterWindowMessageW
ReleaseCapture
GetAncestor
IsIconic
BeginPaint
EndPaint
SendInput
GetMenuItemCount
CreatePopupMenu
LoadStringW
DestroyMenu
GetMenuStringW
GetMenuItemInfoA
FindWindowA
CallMsgFilterW
AdjustWindowRectEx
EnableWindow
MsgWaitForMultipleObjects
PeekMessageW
PostQuitMessage
GetLastInputInfo

gdi32

StretchDIBits
CreateRectRgn

Exports

Exports

Ver116
Ver200
XHook
_NBString2@4
_NBString@4

Sections

.text
Size: 700KB - Virtual size: 700KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 158KB - Virtual size: 158KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

77b883a3669bf74a9dbbb1c54444edc9

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

02:92:61:fa:48:6b:16:10:71:3a:4c:b9:ec:7e:6c:42Certificate

Extended Key Usages

Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

02:92:61:fa:48:6b:16:10:71:3a:4c:b9:ec:7e:6c:42Certificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

9d:47:07:4f:4f:17:a7:bc:8e:e8:25:c7:38:fa:4e:13:d2:49:bc:5c:d9:a0:d5:47:5e:c1:ba:52:44:f3:3a:12Signer

78:6e:04:af:b8:87:eb:74:44:57:45:6d:1c:7b:20:b1:17:52:a4:7eSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

Exports

Exports

Sections

.text Size: 700KB - Virtual size: 700KB

.rdata Size: 158KB - Virtual size: 158KB

.data Size: 22KB - Virtual size: 30KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 40KB - Virtual size: 40KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

02:92:61:fa:48:6b:16:10:71:3a:4c:b9:ec:7e:6c:42
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

02:92:61:fa:48:6b:16:10:71:3a:4c:b9:ec:7e:6c:42
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

9d:47:07:4f:4f:17:a7:bc:8e:e8:25:c7:38:fa:4e:13:d2:49:bc:5c:d9:a0:d5:47:5e:c1:ba:52:44:f3:3a:12
Signer

78:6e:04:af:b8:87:eb:74:44:57:45:6d:1c:7b:20:b1:17:52:a4:7e
Signer

.text
Size: 700KB - Virtual size: 700KB

.rdata
Size: 158KB - Virtual size: 158KB

.data
Size: 22KB - Virtual size: 30KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 40KB - Virtual size: 40KB