6a95bec23ba32b6c24dfa7e5ed9df42d

Sharing

Copy URL Twitter E-mail

General

Target

6a95bec23ba32b6c24dfa7e5ed9df42d
Size

448KB
MD5

6a95bec23ba32b6c24dfa7e5ed9df42d
SHA1

354ce4d93e1e4dce10177232c172f6cc2e21f719
SHA256

7740fd3f4eff93250ffdca204dcb656ba0d6673ec69ef814e5d18b84306fdc38
SHA512

ba4656891ada97f77c8f25b459ad1b0ab6450d85baec9ac22cf47897b6dca07ef4a31e54b328847fba41cd09133da77bfbbd7d271013ae950b352f713718c2c1
SSDEEP

6144:U49DD9VxvJXYweRJ1aN0dZpT4VuCkw4oPQouwFQ42mqD:UIxXYFfYuE4kwP

Score

1^/10

Malware Config

Signatures

Files

6a95bec23ba32b6c24dfa7e5ed9df42d
.exe windows:6 windows x64 arch:x64

aab20032b9ecc01db4ff5f221cfd2703

Code Sign

33:00:00:b8:98:aa:86:b5:a3:9e:5a:1b:bd:00:02:00:00:b8:98
Certificate

Issuer

CN=Intel External Basic Issuing CA 3B,O=Intel Corporation,L=Santa Clara,ST=CA,C=US

Not Before

07/12/2015, 23:37

Not After

06/12/2016, 23:37

Subject

CN=Intel(R) pGFX,O=Intel Corporation,L=Santa Clara,ST=CA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:2c:ff:88:00:01:00:00:00:10
Certificate

Issuer

CN=Intel External Basic Policy CA,O=Intel Corporation,C=US

Not Before

08/02/2013, 22:21

Not After

08/02/2018, 22:31

Subject

CN=Intel External Basic Issuing CA 3B,O=Intel Corporation,L=Santa Clara,ST=CA,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

79:17:4a:a9:14:17:36:fe:15:a7:ca:9f:2c:ff:45:88
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

01/02/2013, 00:00

Not After

30/05/2020, 10:48

Subject

CN=Intel External Basic Policy CA,O=Intel Corporation,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

69:b2:d1:cc:f0:2e:20:dc:c9:5c:62:89:4f:7f:9e:5f:5f:c0:57:bf
Certificate

Issuer

CN=QuoVadis Root Certification Authority,OU=Root Certification Authority,O=QuoVadis Limited,C=BM

Not Before

30/05/2014, 16:35

Not After

17/03/2021, 18:33

Subject

CN=QuoVadis Issuing CA G4,O=QuoVadis Limited,C=BM

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:5d:cc:ec:5f:e1:4d:39:74:c9:59:1a:3a:b1:c2:ca:ad:18:8c:2d
Certificate

Issuer

CN=QuoVadis Issuing CA G4,O=QuoVadis Limited,C=BM

Not Before

09/12/2014, 21:30

Not After

09/12/2017, 21:30

Subject

CN=Timestamp.intel.com,OU=Authenticode+OU=Thales TSS ESN:A6A7-71B2-73F1,O=Intel Corporation,L=Santa Clara,ST=CA,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

33:00:00:00:35:d8:d5:59:5b:06:71:41:2b:00:00:00:00:00:35
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/08/2013, 20:26

Not After

15/08/2023, 20:36

Subject

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

49:e5:49:fe:ed:fd:cd:88:89:89:9a:2f:88:64:d2:a0:1c:ff:ba:70
Signer

Actual PE Digest

49:e5:49:fe:ed:fd:cd:88:89:89:9a:2f:88:64:d2:a0:1c:ff:ba:70

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

setupapi

SetupDiGetDeviceInterfaceDetailW
SetupDiGetClassDevsW
SetupDiEnumDeviceInterfaces

kernel32

GetModuleHandleW
LoadResource
SizeofResource
LocalFree
lstrcmpiW
FindResourceW
MultiByteToWideChar
WaitForMultipleObjects
ReadConsoleW
GetModuleFileNameW
SetStdHandle
OutputDebugStringW
GetOEMCP
GetACP
IsValidCodePage
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
GetCurrentThread
GetCurrentProcess
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
CloseHandle
GetCommandLineW
InitializeCriticalSection
ExpandEnvironmentStringsW
GetCurrentThreadId
GetCurrentProcessId
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
RaiseException
DecodePointer
OutputDebugStringA
CreateThread
CreateSemaphoreExW
ReleaseSemaphore
SetEvent
LoadLibraryExW
GetProcAddress
FreeLibrary
GetLastError
Sleep
CreateEventW
WaitForSingleObject
QueryPerformanceFrequency
QueryPerformanceCounter
CreateFileW
SetEndOfFile
WriteConsoleW
LCMapStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlCaptureContext
GetStringTypeW
SetFilePointerEx
ReadFile
GetStartupInfoW
GetFileType
GetConsoleMode
GetConsoleCP
FlushFileBuffers
SetLastError
WriteFile
GetStdHandle
WideCharToMultiByte
GetModuleHandleExW
EncodePointer
RtlLookupFunctionEntry
RtlUnwindEx
RtlPcToFileHeader
GetCPInfo
IsDebuggerPresent
IsProcessorFeaturePresent
ExitProcess

user32

MessageBoxW
LoadStringW
GetMessageW
TranslateMessage
DispatchMessageW
PostThreadMessageW
CharUpperW
CharNextW
EnumDisplayDevicesW

advapi32

EventRegister
ConvertStringSecurityDescriptorToSecurityDescriptorW
EventUnregister
StartServiceCtrlDispatcherW
SetServiceStatus
RegisterServiceCtrlHandlerExW
QueryServiceConfigW
OpenServiceW
OpenSCManagerW
DeleteService
CreateServiceW
ControlService
CloseServiceHandle
ChangeServiceConfigW
RegSetValueExW
RegSetValueExA
RegQueryValueExW
RegQueryValueExA
RegQueryInfoKeyW
RegOpenKeyExW
RegOpenKeyW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
MakeAbsoluteSD
IsValidSid
InitializeSecurityDescriptor
GetTokenInformation
GetSecurityDescriptorLength
GetLengthSid
CopySid
OpenThreadToken
OpenProcessToken
EventWrite

ole32

CoInitializeEx
CoInitializeSecurity
StringFromGUID2
CoSetProxyBlanket
CoCreateInstance
CoRegisterClassObject
CoRevokeClassObject
CoResumeClassObjects
CoAddRefServerProcess
CoTaskMemAlloc
CoUninitialize
CoTaskMemRealloc
CoTaskMemFree
CoReleaseServerProcess

oleaut32

LoadRegTypeLi
UnRegisterTypeLi
RegisterTypeLi
LoadTypeLi
VarUI4FromStr
SysStringLen
SysFreeString
SysAllocString
VariantClear
VariantInit
SafeArrayGetVartype
SafeArrayCopy
SafeArrayUnlock
SafeArrayLock
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayRedim
SafeArrayDestroy
SafeArrayCreate

Sections

.text
Size: 288KB - Virtual size: 288KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 113KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

aab20032b9ecc01db4ff5f221cfd2703

Code Sign

33:00:00:b8:98:aa:86:b5:a3:9e:5a:1b:bd:00:02:00:00:b8:98Certificate

Extended Key Usages

Key Usages

61:2c:ff:88:00:01:00:00:00:10Certificate

Key Usages

79:17:4a:a9:14:17:36:fe:15:a7:ca:9f:2c:ff:45:88Certificate

Extended Key Usages

Key Usages

69:b2:d1:cc:f0:2e:20:dc:c9:5c:62:89:4f:7f:9e:5f:5f:c0:57:bfCertificate

Key Usages

38:5d:cc:ec:5f:e1:4d:39:74:c9:59:1a:3a:b1:c2:ca:ad:18:8c:2dCertificate

Extended Key Usages

Key Usages

33:00:00:00:35:d8:d5:59:5b:06:71:41:2b:00:00:00:00:00:35Certificate

Extended Key Usages

Key Usages

49:e5:49:fe:ed:fd:cd:88:89:89:9a:2f:88:64:d2:a0:1c:ff:ba:70Signer

Headers

DLL Characteristics

File Characteristics

Imports

setupapi

kernel32

user32

advapi32

ole32

oleaut32

Sections

.text Size: 288KB - Virtual size: 288KB

.rdata Size: 113KB - Virtual size: 113KB

.data Size: 12KB - Virtual size: 23KB

.pdata Size: 14KB - Virtual size: 13KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 3KB - Virtual size: 3KB

33:00:00:b8:98:aa:86:b5:a3:9e:5a:1b:bd:00:02:00:00:b8:98
Certificate

61:2c:ff:88:00:01:00:00:00:10
Certificate

79:17:4a:a9:14:17:36:fe:15:a7:ca:9f:2c:ff:45:88
Certificate

69:b2:d1:cc:f0:2e:20:dc:c9:5c:62:89:4f:7f:9e:5f:5f:c0:57:bf
Certificate

38:5d:cc:ec:5f:e1:4d:39:74:c9:59:1a:3a:b1:c2:ca:ad:18:8c:2d
Certificate

33:00:00:00:35:d8:d5:59:5b:06:71:41:2b:00:00:00:00:00:35
Certificate

49:e5:49:fe:ed:fd:cd:88:89:89:9a:2f:88:64:d2:a0:1c:ff:ba:70
Signer

.text
Size: 288KB - Virtual size: 288KB

.rdata
Size: 113KB - Virtual size: 113KB

.data
Size: 12KB - Virtual size: 23KB

.pdata
Size: 14KB - Virtual size: 13KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 3KB - Virtual size: 3KB