f81f4e1ea2862ae256d0755c892fc253f94598f37f18bbf5ed22dd02b9728d78

Sharing

Copy URL

Twitter E-mail

General

Target

f81f4e1ea2862ae256d0755c892fc253f94598f37f18bbf5ed22dd02b9728d78
Size

286KB
MD5

283169fcdc06e2d3dbd5d5b3f66192ca
SHA1

3df24a1f8f4d23b826d8fdcafe1c1b3f13fbc5fb
SHA256

f81f4e1ea2862ae256d0755c892fc253f94598f37f18bbf5ed22dd02b9728d78
SHA512

8833b499ccded7ef2c42ce18ae447bf1fa1c2acd531360ed8270b69069cbb0ca45a6f9da15c0c92aefea4ceebb89014b00870b977c9957e6461e739054f72808
SSDEEP

3072:F2Cn3kAfpBwQas8+cEOxugflApsuDkcOYB5ASn+wQxj9pVvS4dyvSPu5ulLuv3EG:Fxh8QaL+ccgtKkcqaQdjuoB6aP7o

Score

1^/10

Malware Config

Signatures

Files

f81f4e1ea2862ae256d0755c892fc253f94598f37f18bbf5ed22dd02b9728d78
.exe windows:6 windows x64

497abf9b11497ac37857d2f53d19e13f

Code Sign

33:00:00:04:13:31:bc:19:88:07:a9:07:74:00:00:00:00:04:13
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03-02-2023 00:05

Not After

01-02-2024 00:05

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1e:2f:b1:7a:0d:7c:fe:04:6e:7f:87:b3:b9:c6:74:6e:d4:fc:8b:7f:99:89:90:71:48:98:50:96:3d:4a:19:72
Signer

Actual PE Digest

1e:2f:b1:7a:0d:7c:fe:04:6e:7f:87:b3:b9:c6:74:6e:d4:fc:8b:7f:99:89:90:71:48:98:50:96:3d:4a:19:72

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

SizeofResource
VirtualProtect
VirtualAlloc
CreateToolhelp32Snapshot
Process32NextW
LoadLibraryA
Process32FirstW
LoadResource
FindResourceW
GetProcAddress
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetModuleHandleW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
RtlCaptureContext

vcruntime140

__C_specific_handler
__current_exception
__current_exception_context
memset
memcpy

api-ms-win-crt-runtime-l1-1-0

terminate
exit
_crt_atexit
_seh_filter_exe
_initialize_onexit_table
_c_exit
_cexit
__p___argv
__p___argc
_set_app_type
_exit
_initterm_e
_initterm
_get_initial_narrow_environment
_initialize_narrow_environment
_configure_narrow_argv
_register_onexit_function
_register_thread_local_exe_atexit_callback

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

_set_new_mode

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 260KB - Virtual size: 260KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

497abf9b11497ac37857d2f53d19e13f

Code Sign

33:00:00:04:13:31:bc:19:88:07:a9:07:74:00:00:00:00:04:13Certificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

1e:2f:b1:7a:0d:7c:fe:04:6e:7f:87:b3:b9:c6:74:6e:d4:fc:8b:7f:99:89:90:71:48:98:50:96:3d:4a:19:72Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 4KB - Virtual size: 3KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 512B - Virtual size: 384B

.rsrc Size: 260KB - Virtual size: 260KB

.reloc Size: 512B - Virtual size: 48B

33:00:00:04:13:31:bc:19:88:07:a9:07:74:00:00:00:00:04:13
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

1e:2f:b1:7a:0d:7c:fe:04:6e:7f:87:b3:b9:c6:74:6e:d4:fc:8b:7f:99:89:90:71:48:98:50:96:3d:4a:19:72
Signer

.text
Size: 4KB - Virtual size: 3KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 512B - Virtual size: 384B

.rsrc
Size: 260KB - Virtual size: 260KB

.reloc
Size: 512B - Virtual size: 48B