e3bdfbcf97e47dddf4b8003bc0fdb0f4

Sharing

Copy URL Twitter E-mail

General

Target

e3bdfbcf97e47dddf4b8003bc0fdb0f4
Size

103KB
MD5

e3bdfbcf97e47dddf4b8003bc0fdb0f4
SHA1

5fec70e9eaa56413b1f8ff17e1bc434db14fbd3d
SHA256

6f16ae45d8f1dce5be8403ad7f4aa97471a9dbe3af39f9883b3c2059c3bfac74
SHA512

3ed9d6c9e162f094807fc57313fd62dc8906d110fbfc77ea7be5e943628deee932ec26d9ce300fcdbacf4d4839c79d0aee87dc4434160ba9bb345ae71f9d342a
SSDEEP

1536:slQ+P04wsmEJoI+XHuYbw4gM35meeL3J8BZyPA:Or8Un/6XgMJm97+BZkA

Score

1^/10

Malware Config

Signatures

Files

e3bdfbcf97e47dddf4b8003bc0fdb0f4
.exe windows:10 windows x64 arch:x64

a26cb263b9dc97b5627f1e68caac6231

Code Sign

33:00:00:04:6f:7c:54:91:be:81:f6:ba:a1:00:00:00:00:04:6f
Certificate

Issuer

CN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20/02/2019, 22:41

Not After

31/07/2020, 22:41

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:03:c6:f9:b4:c3:ae:be:59:4b:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Development Root Certificate Authority 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/05/2014, 17:33

Not After

28/05/2029, 17:43

Subject

CN=Microsoft Development PCA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d2:31:23:84:59:c0:a0:7b:e9:3a:4f:f2:8b:0d:52:81:68:d8:b1:18:bf:79:8b:c1:f1:97:33:93:17:f3:eb:b7
Signer

Actual PE Digest

d2:31:23:84:59:c0:a0:7b:e9:3a:4f:f2:8b:0d:52:81:68:d8:b1:18:bf:79:8b:c1:f1:97:33:93:17:f3:eb:b7

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

EventUnregister
EventRegister
EventWriteTransfer
RegOpenKeyExW
RegCloseKey
RegQueryValueExW

kernel32

GetModuleHandleExW
SetFilePointer
GetLastError
GetProcAddress
FreeLibrary
GetConsoleOutputCP
GetStdHandle
GetModuleFileNameW
LocalAlloc
GetConsoleMode
FormatMessageW
QueryDosDeviceW
LocalFree
WideCharToMultiByte
GetFileType
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
Sleep
ReadFile
WriteFile
WriteConsoleW
SetLastError
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetLocaleInfoW
CreateFileW
GetVersionExW
SearchPathW
UnmapViewOfFile
CloseHandle
FindResourceExW
LoadResource
CreateFileMappingW
MapViewOfFile
LoadLibraryExW

msvcrt

_snwscanf_s
bsearch
wcsncmp
wcsstr
wcsnlen
memcpy
?terminate@@YAXXZ
_fmode
__C_specific_handler
_initterm
memset
__setusermatherr
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
iswxdigit
_vsnwprintf
_wcsnicmp
_stricmp
swprintf_s
isalpha
wcscpy_s
_wcsicmp
_wcslwr
_commode

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
NtWaitForSingleObject
RtlFreeHeap
NtQueryDirectoryObject
NtCreateEvent
NtOpenDirectoryObject
NtDeviceIoControlFile
NtQuerySymbolicLinkObject
RtlAllocateHeap
NtOpenSymbolicLinkObject
NtResetEvent
NtOpenFile
NtQueryVolumeInformationFile
RtlNtStatusToDosError
NtFsControlFile
NtClose
RtlInitUnicodeString
NtQuerySystemInformation
RtlCaptureContext
NtQueryValueKey
NtQueryBootEntryOrder
NtQueryBootOptions
NtTranslateFilePath
NtEnumerateBootEntries
NtAdjustPrivilegesToken
NtOpenProcessTokenEx
NtSetInformationThread
NtOpenThreadTokenEx
RtlImpersonateSelf
NtOpenKey

Sections

.text
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a26cb263b9dc97b5627f1e68caac6231

Code Sign

33:00:00:04:6f:7c:54:91:be:81:f6:ba:a1:00:00:00:00:04:6fCertificate

Extended Key Usages

33:00:00:00:03:c6:f9:b4:c3:ae:be:59:4b:00:00:00:00:00:03Certificate

Key Usages

d2:31:23:84:59:c0:a0:7b:e9:3a:4f:f2:8b:0d:52:81:68:d8:b1:18:bf:79:8b:c1:f1:97:33:93:17:f3:eb:b7Signer

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

ntdll

Sections

.text Size: 29KB - Virtual size: 28KB

.rdata Size: 27KB - Virtual size: 26KB

.data Size: 23KB - Virtual size: 28KB

.pdata Size: 1KB - Virtual size: 1KB

.rsrc Size: 16KB - Virtual size: 15KB

.reloc Size: 2KB - Virtual size: 1KB

33:00:00:04:6f:7c:54:91:be:81:f6:ba:a1:00:00:00:00:04:6f
Certificate

33:00:00:00:03:c6:f9:b4:c3:ae:be:59:4b:00:00:00:00:00:03
Certificate

d2:31:23:84:59:c0:a0:7b:e9:3a:4f:f2:8b:0d:52:81:68:d8:b1:18:bf:79:8b:c1:f1:97:33:93:17:f3:eb:b7
Signer

.text
Size: 29KB - Virtual size: 28KB

.rdata
Size: 27KB - Virtual size: 26KB

.data
Size: 23KB - Virtual size: 28KB

.pdata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 16KB - Virtual size: 15KB

.reloc
Size: 2KB - Virtual size: 1KB