1129470e1c1289989071d79977abdcfb2af06db038fdfc4baca44c6d7e6f5769

Sharing

Copy URL Twitter E-mail

General

Target

1129470e1c1289989071d79977abdcfb2af06db038fdfc4baca44c6d7e6f5769
Size

10.6MB
MD5

5f6cf0522cc73498e9eca7abb2b487d0
SHA1

a6d99ffbee840ee0cf148ce3e7e3336387cddce3
SHA256

1129470e1c1289989071d79977abdcfb2af06db038fdfc4baca44c6d7e6f5769
SHA512

9cc67f1bd207a0be940a8c4d708666f71d89770186da3fa924cf98c739027312cb006fd0e9405d871a07f9bf9e11fedbfd271b5d7d31409af8ce99a47acec3f6
SSDEEP

98304:NxlpF4p/FlFqMMwKWvY6C+r9PBAUZL3sQWtL61v39o7aI3k:7D+p/Fl0MMwKWvY6C+pPV7sre3c0

Score

1^/10

Malware Config

Signatures

Files

1129470e1c1289989071d79977abdcfb2af06db038fdfc4baca44c6d7e6f5769
.exe windows:5 windows x64 arch:x64

8999870d4025705488adad27e3931e82

Code Sign

53:ff:64:c3:c5:82:1d:e7:5d:b0:c7:95:be:01:d3:60
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

13/01/2021, 00:00

Not After

13/01/2024, 23:59

Subject

CN=Siber Systems,O=Siber Systems,POSTALCODE=22030,STREET=Suite 400+STREET=3701 Pender Dr STE 400,L=Fairfax,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/03/2019, 00:00

Not After

31/12/2028, 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

FindClose
SetFileTime
ExpandEnvironmentStringsW
GetTempPathW
GetCurrentDirectoryW
CreateDirectoryW
RemoveDirectoryW
SetFileAttributesW
GetFileAttributesW
SetEndOfFile
DeleteFileW
FindFirstFileW
FindNextFileW
CopyFileExW
MoveFileExW
GetConsoleMode
SetConsoleMode
LocalFree
GetVersion
GlobalMemoryStatusEx
GetModuleHandleA
GetVersionExW
lstrlenA
GetLogicalDrives
LoadLibraryW
GetDriveTypeW
GetWindowsDirectoryW
GetFullPathNameW
GetVolumeInformationW
LocalAlloc
GetLocalTime
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetProcessTimes
OpenProcess
LoadLibraryA
SystemTimeToFileTime
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
GetACP
GetSystemDirectoryA
GetDateFormatA
FreeResource
LockResource
LoadResource
SizeofResource
MulDiv
FindResourceW
GetVersionExA
EnumSystemLanguageGroupsW
EnumLanguageGroupLocalesW
SetFileValidData
CancelIo
ReadDirectoryChangesW
IsDebuggerPresent
OutputDebugStringW
EncodePointer
HeapAlloc
HeapFree
GetProcessHeap
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
VirtualAlloc
VirtualFree
LoadLibraryExA
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
WaitForSingleObjectEx
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetFileType
SwitchToFiber
DeleteFiber
CreateFiber
GetEnvironmentVariableW
ReadConsoleA
ReadConsoleW
ConvertFiberToThread
ConvertThreadToFiber
RtlUnwindEx
RtlPcToFileHeader
SetConsoleCtrlHandler
CreateThread
ExitThread
FreeLibraryAndExitThread
QueryPerformanceFrequency
GetCPInfo
SetFilePointerEx
SetStdHandle
GetSystemInfo
VirtualProtect
ExitProcess
GetCommandLineA
GetCommandLineW
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
LCMapStringW
GetStringTypeW
HeapReAlloc
FlushFileBuffers
GetConsoleCP
HeapSize
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW
WriteConsoleW
DeviceIoControl
ReadFile
WriteFile
GetStdHandle
GetFileSize
GetFileInformationByHandle
GetExitCodeProcess
GetLongPathNameW
FreeLibrary
CreateEventW
OpenMutexW
CreateMutexW
WaitForMultipleObjects
ReleaseMutex
ResetEvent
SetEvent
TryEnterCriticalSection
InitializeCriticalSection
GetDateFormatW
GetTimeFormatW
CancelWaitableTimer
SetWaitableTimer
CreateWaitableTimerW
SleepEx
GetTickCount
GetTimeZoneInformation
Sleep
WaitForSingleObject
ResumeThread
SetThreadExecutionState
SetThreadPriority
RemoveVectoredExceptionHandler
AddVectoredExceptionHandler
GetModuleHandleExW
GetModuleFileNameW
SetErrorMode
GetCurrentThread
VirtualQuery
GetLocaleInfoW
WideCharToMultiByte
MultiByteToWideChar
FormatMessageW
CompareStringW
CreateFileW
GetModuleHandleW
LoadLibraryExW
lstrlenW
lstrcpynW
lstrcmpiW
GetSystemTime
CloseHandle
LeaveCriticalSection
EnterCriticalSection
SetLastError
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
GlobalFree
GlobalUnlock
GlobalLock
GlobalReAlloc
GlobalAlloc
GetProcAddress
SetFilePointer
CreateFileMappingA
GlobalMemoryStatus
GetThreadTimes
GetSystemTimeAdjustment
RtlUnwind
OpenFileMappingW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
RaiseException
GetFileAttributesExW
DecodePointer

user32

GetProcessWindowStation
MsgWaitForMultipleObjects
PeekMessageW
DispatchMessageW
TranslateMessage
GetMonitorInfoW
MonitorFromWindow
LoadCursorW
GetWindow
GetClassNameW
GetParent
SetWindowLongPtrW
GetWindowLongPtrW
SetWindowLongW
GetWindowLongW
PtInRect
OffsetRect
SetRectEmpty
FillRect
DrawFocusRect
GetSysColor
MapWindowPoints
ScreenToClient
GetCursorPos
SetCursor
GetWindowRect
GetClientRect
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
InvalidateRect
EndPaint
BeginPaint
ReleaseDC
GetDC
UpdateWindow
DrawTextW
IsWindowEnabled
SetDlgItemTextW
SetCapture
GetCapture
GetFocus
SetFocus
CharNextW
GetDlgCtrlID
IsDlgButtonChecked
KillTimer
GetDlgItem
EndDialog
CreateDialogIndirectParamW
SetWindowPos
DestroyWindow
CreateWindowExW
DefWindowProcW
SendMessageW
MessageBoxW
PostThreadMessageW
MessageBoxA
SystemParametersInfoW
LoadImageW
LoadIconW
InflateRect
CopyRect
AdjustWindowRectEx
GetCursor
SetForegroundWindow
GetForegroundWindow
CreateCaret
DestroyCaret
HideCaret
ShowCaret
GetSystemMetrics
ReleaseCapture
WindowFromPoint
LoadCursorFromFileW
DestroyCursor
DrawIconEx
IsDialogMessageW
GetScrollInfo
NotifyWinEvent
IsWinEventHookInstalled
GetGUIThreadInfo
IsCharAlphaW
SetTimer
RegisterDeviceNotificationW
UnregisterDeviceNotification
GetWindowThreadProcessId
PostMessageW
GetActiveWindow
EnumChildWindows
CheckDlgButton
RealChildWindowFromPoint
GetAncestor
SystemParametersInfoA
GetIconInfo
DestroyIcon
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
EqualRect
FindWindowA
GetDesktopWindow
GetUserObjectInformationW
RedrawWindow
InvalidateRgn
GetClassInfoExW
IsWindow
RegisterClassExW
ShowScrollBar
DrawStateW
DrawIcon
AnimateWindow
PostQuitMessage
DrawFrameControl
DrawEdge
IsRectEmpty
SetRect
IntersectRect
SetWindowRgn
GetWindowDC
EnableWindow
MapVirtualKeyW
SendInput
GetAsyncKeyState
GetKeyState
IsIconic
IsWindowVisible
GetWindowPlacement
ShowWindow
CallWindowProcW
IsChild
GetClipboardOwner
UnregisterClassW
IsWindowUnicode
AttachThreadInput
PeekMessageA
DialogBoxIndirectParamW
DispatchMessageA
GetQueueStatus

oleaut32

OleLoadPicture
SysAllocStringLen
VariantChangeType
VariantClear
VariantInit
SysStringLen
SysAllocString
SysFreeString
VariantTimeToSystemTime
SystemTimeToVariantTime
OleLoadPictureFile
SafeArrayCreateVector
SafeArrayPutElement

wsock32

htonl
htons
ioctlsocket
ntohs
__WSAFDIsSet
accept
bind
closesocket
connect
inet_ntoa
getsockname
shutdown
getsockopt
inet_addr
listen
recv
recvfrom
select
WSASetLastError
getservbyname
getservbyport
gethostname
gethostbyname
gethostbyaddr
send
ntohl
WSAGetLastError
WSACleanup
WSAStartup
socket
getpeername
setsockopt
sendto

shlwapi

StrStrW
StrCmpW
StrCmpIW
PathIsNetworkPathW
PathStripToRootW
StrRetToStrW

comctl32

ImageList_DrawIndirect
_TrackMouseEvent
ImageList_GetIconSize

msimg32

AlphaBlend
GradientFill

crypt32

CertCloseStore
CryptUnprotectData
CertFindCertificateInStore
CertGetCertificateContextProperty
CryptProtectData
CertFreeCertificateContext
CertDuplicateCertificateContext
CertGetNameStringA
CertGetValidUsages
CertEnumCertificatesInStore
CertOpenStore
CertOpenSystemStoreW
CertNameToStrW

ws2_32

freeaddrinfo
getaddrinfo
WSAAddressToStringA
getnameinfo

wininet

InternetOpenA
InternetCloseHandle
InternetConnectA
InternetReadFile
HttpQueryInfoW
InternetQueryOptionW
InternetSetOptionW
InternetSetOptionExW
InternetGetLastResponseInfoA
HttpOpenRequestA
HttpAddRequestHeadersA
HttpSendRequestA
HttpQueryInfoA
HttpEndRequestW
InternetWriteFile
HttpSendRequestExA

secur32

GetUserNameExW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

netapi32

NetApiBufferFree
NetShareEnum

userenv

UnloadUserProfile

iphlpapi

GetBestInterfaceEx
GetAdaptersInfo
GetAdaptersAddresses

mpr

WNetEnumResourceW
WNetGetLastErrorW
WNetOpenEnumW
WNetGetConnectionW
WNetCancelConnection2W
WNetAddConnection2W
WNetCloseEnum

gdi32

GetTextExtentPoint32W
GetTextMetricsW
CreateDIBSection
GetViewportExtEx
CreateBitmap
CreateCompatibleBitmap
CreateRectRgn
CreateRectRgnIndirect
EnumFontFamiliesExW
GetClipBox
GetDIBits
TranslateCharsetInfo
SetDIBits
StretchBlt
SetStretchBltMode
GdiFlush
GetTextExtentExPointW
GetWindowExtEx
SelectObject
GetStockObject
DeleteObject
DeleteDC
GetDeviceCaps
OffsetRgn
CombineRgn
IntersectClipRect
GetTextExtentPointW
GetStretchBltMode
GetPixel
GetMapMode
GetClipRgn
ExcludeClipRect
BitBlt
RectVisible
Rectangle
SelectClipRgn
SetBkColor
SetMapMode
SetLayout
GetLayout
SetRectRgn
ExtTextOutW
LPtoDP
SetWindowOrgEx
OffsetWindowOrgEx
CreateSolidBrush
CreatePen
CreateCompatibleDC
GetObjectW
CreateDIBitmap
SetTextColor
SetBkMode
CreateFontIndirectW

advapi32

SetSecurityDescriptorOwner
RegCreateKeyExW
StartServiceW
StartServiceCtrlDispatcherW
SetServiceStatus
RegisterServiceCtrlHandlerExW
QueryServiceStatus
OpenServiceW
CryptEnumProvidersW
OpenSCManagerW
DeleteService
CryptSignHashW
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
ReportEventW
RegisterEventSourceW
DeregisterEventSource
DecryptFileW
EncryptFileW
RegQueryValueA
RegOpenKeyExA
SetSecurityInfo
LookupSecurityDescriptorPartsW
ControlService
CloseServiceHandle
ImpersonateLoggedOnUser
GetUserNameW
GetTokenInformation
OpenThreadToken
RevertToSelf
CryptDestroyHash
CryptHashData
CryptCreateHash
GetSidSubAuthorityCount
GetSidSubAuthority
SetNamedSecurityInfoW
GetNamedSecurityInfoW
SetEntriesInAclW
ConvertSecurityDescriptorToStringSecurityDescriptorW
CryptDecrypt
CryptEncrypt
CryptGenRandom
CryptDestroyKey
CryptDeriveKey
CryptReleaseContext
CryptAcquireContextW
SetSecurityDescriptorDacl
ConvertStringSidToSidW
ConvertSidToStringSidW
InitializeSecurityDescriptor
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegDeleteValueW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetKeySecurity
RegSetValueExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
ImpersonateSelf
SetThreadToken
OpenProcessToken
AdjustTokenPrivileges
IsValidSid
EqualSid
AllocateAndInitializeSid
FreeSid
GetLengthSid
CopySid
InitializeAcl
GetAclInformation
AddAce
GetAce
GetSecurityDescriptorLength
LookupPrivilegeValueW
LookupAccountNameW
LookupAccountSidW
SetFileSecurityW
MakeSelfRelativeSD
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
RegDeleteKeyW
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorControl

shell32

ShellExecuteW
SHGetDesktopFolder
SHIsFileAvailableOffline
SHGetSpecialFolderPathW
ShellExecuteExW
SHGetDiskFreeSpaceExW
SHGetFolderLocation

ole32

RegisterDragDrop
RevokeDragDrop
ReleaseStgMedium
DoDragDrop
OleDuplicateData
CoDisconnectObject
CreateStreamOnHGlobal
CoTaskMemAlloc
PropVariantClear
CoTaskMemFree
CLSIDFromString
CoCreateInstance
OleUninitialize
OleInitialize
CoCreateGuid
StringFromGUID2

oleacc

CreateStdAccessibleProxyW
CreateStdAccessibleObject
LresultFromObject

Sections

.text
Size: 6.7MB - Virtual size: 6.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 101KB - Virtual size: 683KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 242KB - Virtual size: 241KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8999870d4025705488adad27e3931e82

Code Sign

53:ff:64:c3:c5:82:1d:e7:5d:b0:c7:95:be:01:d3:60Certificate

Extended Key Usages

Key Usages

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95Certificate

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

oleaut32

wsock32

shlwapi

comctl32

msimg32

crypt32

ws2_32

wininet

secur32

version

netapi32

userenv

iphlpapi

mpr

gdi32

advapi32

shell32

ole32

oleacc

Sections

.text Size: 6.7MB - Virtual size: 6.7MB

.rdata Size: 3.6MB - Virtual size: 3.6MB

.data Size: 101KB - Virtual size: 683KB

.pdata Size: 242KB - Virtual size: 241KB

.rsrc Size: 3KB - Virtual size: 2KB

53:ff:64:c3:c5:82:1d:e7:5d:b0:c7:95:be:01:d3:60
Certificate

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

.text
Size: 6.7MB - Virtual size: 6.7MB

.rdata
Size: 3.6MB - Virtual size: 3.6MB

.data
Size: 101KB - Virtual size: 683KB

.pdata
Size: 242KB - Virtual size: 241KB

.rsrc
Size: 3KB - Virtual size: 2KB