2cb1eb16d06386cdb9ebb0e97312fd6d4951bf1f36a1ee97ede9cb6c6370f1bf[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

2cb1eb16d06386cdb9ebb0e97312fd6d4951bf1f36a1ee97ede9cb6c6370f1bf.exe
Size

30KB
MD5

b1a9bada63295e97d6775083bd04e857
SHA1

0287cabaa9b814439818093e63bde10ced5f242e
SHA256

2cb1eb16d06386cdb9ebb0e97312fd6d4951bf1f36a1ee97ede9cb6c6370f1bf
SHA512

eb98ce9ffc918f2e9cdf82a6444c9eef6b1ba12aecf79a10ab38b1669e2633672fa9eef655b85fea1792f51ace5841d9b3522eaa251254d41bea5c282bf5d4bf
SSDEEP

768:ypRrAO9YmckVPxIiTAqMwwyg2ulzxAfv5r6wD1Pe3pU:yrnYmckVPxIiTAqMwm2ulzxAfv1Pe6

Score

1^/10

Malware Config

Signatures

Files

2cb1eb16d06386cdb9ebb0e97312fd6d4951bf1f36a1ee97ede9cb6c6370f1bf.exe
.dll windows:10 windows x64

34340c2c4e9aa6ef6ad12bb695fc695b

Code Sign

33:00:00:02:66:bd:15:80:ef:a7:5c:d6:d3:00:00:00:00:02:66
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-03-2020 18:30

Not After

03-03-2021 18:30

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b7:69:dc:f9:7c:99:56:ac:04:c6:7c:77:4f:7d:8d:36:9e:87:2d:a5:99:02:20:5d:62:6c:64:a6:85:6a:df:9c
Signer

Actual PE Digest

b7:69:dc:f9:7c:99:56:ac:04:c6:7c:77:4f:7d:8d:36:9e:87:2d:a5:99:02:20:5d:62:6c:64:a6:85:6a:df:9c

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcrt

__C_specific_handler
_initterm
malloc
free
_amsg_exit
_XcptFilter
_vsnwprintf
_vsnprintf
memcmp

api-ms-win-core-errorhandling-l1-1-0

SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-version-l1-1-0

VerQueryValueW
VerFindFileW
GetFileVersionInfoExW
GetFileVersionInfoSizeExW

api-ms-win-core-localization-l1-2-0

IsDBCSLeadByte

api-ms-win-core-version-l1-1-1

GetFileVersionInfoW
GetFileVersionInfoSizeW

api-ms-win-core-file-l1-1-0

CreateFileW
DeleteFileA
GetFileSize
DeleteFileW
GetFullPathNameA
SetFileTime
GetFileTime
GetFileAttributesW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-processthreads-l1-1-0

TlsFree
GetCurrentProcessId
GetCurrentThreadId
TlsSetValue
TerminateProcess
TlsAlloc
TlsGetValue
GetCurrentProcess

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetProcAddress

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-versionansi-l1-1-0

GetFileVersionInfoExA
VerFindFileA
GetFileVersionInfoSizeExA
VerQueryValueA

api-ms-win-core-versionansi-l1-1-1

GetFileVersionInfoSizeA
GetFileVersionInfoA

api-ms-win-core-version-private-l1-1-0

GetFileVersionInfoByHandle

kernelbase

lstrcmpiA
lstrcmpiW
lstrlenW

ntdll

RtlAllocateHeap
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
RtlUnicodeStringToAnsiString
NlsMbCodePageTag

kernel32

_lwrite
_lread
_lopen
_lclose
_lcreat
_llseek
LZCreateFileW
LZCloseFile
LZInit
LZCopy
LZClose
MoveFileW

Exports

Exports

GetFileVersionInfoA
GetFileVersionInfoByHandle
GetFileVersionInfoExA
GetFileVersionInfoExW
GetFileVersionInfoSizeA
GetFileVersionInfoSizeExA
GetFileVersionInfoSizeExW
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerFindFileA
VerFindFileW
VerInstallFileA
VerInstallFileW
VerLanguageNameA
VerLanguageNameW
VerQueryValueA
VerQueryValueW

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 708B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

34340c2c4e9aa6ef6ad12bb695fc695b

Code Sign

33:00:00:02:66:bd:15:80:ef:a7:5c:d6:d3:00:00:00:00:02:66Certificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

b7:69:dc:f9:7c:99:56:ac:04:c6:7c:77:4f:7d:8d:36:9e:87:2d:a5:99:02:20:5d:62:6c:64:a6:85:6a:df:9cSigner

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-version-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-version-l1-1-1

api-ms-win-core-file-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-string-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-versionansi-l1-1-0

api-ms-win-core-versionansi-l1-1-1

api-ms-win-core-version-private-l1-1-0

kernelbase

ntdll

kernel32

Exports

Exports

Sections

.text Size: 10KB - Virtual size: 10KB

.rdata Size: 7KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 1024B - Virtual size: 708B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 28B

33:00:00:02:66:bd:15:80:ef:a7:5c:d6:d3:00:00:00:00:02:66
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

b7:69:dc:f9:7c:99:56:ac:04:c6:7c:77:4f:7d:8d:36:9e:87:2d:a5:99:02:20:5d:62:6c:64:a6:85:6a:df:9c
Signer

.text
Size: 10KB - Virtual size: 10KB

.rdata
Size: 7KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 1024B - Virtual size: 708B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 28B