7b712f43c302040a1d898d9b4200b5c0

Sharing

Copy URL

Twitter E-mail

General

Target

7b712f43c302040a1d898d9b4200b5c0
Size

3.7MB
MD5

7b712f43c302040a1d898d9b4200b5c0
SHA1

a6b46fe6b8b8665b5db9ccf6690fdd6038b04c4e
SHA256

916219705ed787728156d95eb7f0104a2659a992c45fb0b97302cbe18b6e4642
SHA512

043cb6eab41f8d49acf2781eaf908eab3a6b9ea3340965a1c98b4165a27f87697eec4787adb3644739baee8c9fdf1dff9e0e66854f34cbd30a870ef335d44931
SSDEEP

24576:NigFtxwKT5c2ZVNDn/suNtL2ZKNTla7RNGaSWXGx0fkH8qrcGifUPfVypu:NZW/2ZV/Tla7RJVG6f5CcGKU3/

Score

1^/10

Malware Config

Signatures

Files

7b712f43c302040a1d898d9b4200b5c0
.exe windows:6 windows x64 arch:x64

ca7dda4c44b98a6829b1379b99a74854

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:03:8d:f2:6b:c7:e1:04:4b:36:97:1a:ec:ee:d4:14
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

14-01-2020 00:00

Not After

03-01-2022 12:00

Subject

CN=MariaDB Corporation Ab,O=MariaDB Corporation Ab,L=Espoo,C=FI

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c9:20:5e:81:dd:e7:ef:42:23:23:40:48:b2:73:ab:0b:9e:fa:07:37
Signer

Actual PE Digest

c9:20:5e:81:dd:e7:ef:42:23:23:40:48:b2:73:ab:0b:9e:fa:07:37

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

iphlpapi

GetAdaptersInfo

kernel32

GetLocaleInfoA
TlsAlloc
TlsGetValue
TlsSetValue
CreateFileA
DeleteFileA
GetFileAttributesA
CloseHandle
GetLastError
MoveFileA
MoveFileExA
TlsFree
GetWindowsDirectoryA
GetSystemWindowsDirectoryA
GetModuleFileNameA
GetLogicalDrives
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
GetModuleHandleA
GetProcAddress
GetFullPathNameA
MapViewOfFile
Sleep
CreateFileMappingA
GetSystemTimeAsFileTime
QueryPerformanceCounter
QueryPerformanceFrequency
InitOnceExecuteOnce
WaitForSingleObject
OpenThread
GetExitCodeThread
LockFileEx
UnlockFileEx
SetLastError
GetStdHandle
FlushFileBuffers
GetFileAttributesExA
ReadFile
SetEndOfFile
SetFilePointerEx
WriteFile
GetCurrentProcess
GetTempPathA
GetTempFileNameA
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
UnmapViewOfFile
IsDebuggerPresent
InitializeSListHead
GetCurrentProcessId
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetModuleHandleW

advapi32

CryptGenRandom
CryptReleaseContext
CryptAcquireContextA
RegOpenKeyExA
RegEnumValueA
RegCloseKey

ws2_32

WSACleanup
WSAStartup

vcruntime140

__current_exception
__current_exception_context
strchr
memset
strrchr
__C_specific_handler
memmove
memcpy
memcmp
strstr

api-ms-win-crt-runtime-l1-1-0

_crt_atexit
_beginthreadex
_register_onexit_function
abort
_errno
_initialize_onexit_table
_set_invalid_parameter_handler
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
__p___argv
__p___argc
_exit
signal
strerror_s
_initterm_e
__fpe_flt_rounds
_initterm
_get_initial_narrow_environment
_initialize_narrow_environment
_configure_narrow_argv
_set_abort_behavior
_set_app_type
exit
terminate
_seh_filter_exe

api-ms-win-crt-stdio-l1-1-0

_commit
__acrt_iob_func
fgets
__stdio_common_vfprintf
puts
_set_fmode
_fileno
__p__commode
fflush
fputc
fopen
fclose
_get_osfhandle
_isatty
fputs
_getcwd
putchar
__stdio_common_vsprintf

api-ms-win-crt-time-l1-1-0

_tzset
_time64
_utime64
_localtime64_s
_gmtime64_s

api-ms-win-crt-string-l1-1-0

isspace
iscntrl
strcmp
toupper
strnlen
strncmp
strcat_s
_strdup
_strnicmp

api-ms-win-crt-utility-l1-1-0

qsort
rand

api-ms-win-crt-heap-l1-1-0

calloc
realloc
free
_set_new_mode
malloc

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-environment-l1-1-0

getenv
_putenv

api-ms-win-crt-convert-l1-1-0

_strtoi64
strtol
strtoul
_strtoui64

api-ms-win-crt-filesystem-l1-1-0

_access
_findclose
_chmod
_findfirst64i32
_findnext64i32
_stat64
_umask

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 513KB - Virtual size: 512KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.7MB - Virtual size: 10.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ca7dda4c44b98a6829b1379b99a74854

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

07:03:8d:f2:6b:c7:e1:04:4b:36:97:1a:ec:ee:d4:14Certificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

c9:20:5e:81:dd:e7:ef:42:23:23:40:48:b2:73:ab:0b:9e:fa:07:37Signer

Headers

DLL Characteristics

File Characteristics

Imports

iphlpapi

kernel32

advapi32

ws2_32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 513KB - Virtual size: 512KB

.rdata Size: 1.4MB - Virtual size: 1.4MB

.data Size: 1.7MB - Virtual size: 10.2MB

.pdata Size: 25KB - Virtual size: 25KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 14KB - Virtual size: 14KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

07:03:8d:f2:6b:c7:e1:04:4b:36:97:1a:ec:ee:d4:14
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

c9:20:5e:81:dd:e7:ef:42:23:23:40:48:b2:73:ab:0b:9e:fa:07:37
Signer

.text
Size: 513KB - Virtual size: 512KB

.rdata
Size: 1.4MB - Virtual size: 1.4MB

.data
Size: 1.7MB - Virtual size: 10.2MB

.pdata
Size: 25KB - Virtual size: 25KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 14KB - Virtual size: 14KB