1ea855fa125549b8ab1b9a2af86db88d

Sharing

Copy URL Twitter E-mail

General

Target

1ea855fa125549b8ab1b9a2af86db88d
Size

5.5MB
MD5

1ea855fa125549b8ab1b9a2af86db88d
SHA1

9d228aa694a21689f7a594c718ed97bdad2bdbf8
SHA256

ff82bb88d99a0a239afa3e226cffaf91ec775e8778c249ef3131a10b452e6da3
SHA512

499aba293e11a1b9687f88c2d824485faeec6ecd4626ce823084c40358bfffee1ee4e36b163cac6f4ebfd16d34455aeec97f06d9dcf257571e63045eb6665220
SSDEEP

98304:ljC1W1QQPd8b0rb3YYRRtOcNglutlfj/6LN7iafrCoglUdInSYENSc:5C1EvPSYrzRRyuT2LNnjLaHEAc

Score

1^/10

Malware Config

Signatures

Files

1ea855fa125549b8ab1b9a2af86db88d
.dll windows:5 windows x86 arch:x86

540fde2772bd220df6277bd213c21b59

Code Sign

3f:07:03:37:2c:74:71:f1:73:4d:53:a0:3b:66:9b:7e:6a:c9:20:57
Certificate

Issuer

CN=MicroSoftware\, Ltda,OU=Unidade de Desenvolvimento de Sistemas,O=MicroSoftware\, Ltda,L=São José dos Campos,ST=São Paulo,C=BR,1.2.840.113549.1.9.1=#0c1761646d696e404d6963726f536f6674776172652e6e6574

Not Before

12/08/2021, 00:50

Not After

10/08/2031, 00:50

Subject

CN=MicroSoftware\, Ltda,OU=Unidade de Desenvolvimento de Sistemas,O=MicroSoftware\, Ltda,L=São José dos Campos,ST=São Paulo,C=BR,1.2.840.113549.1.9.1=#0c1761646d696e404d6963726f536f6674776172652e6e6574

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

3f:07:03:37:2c:74:71:f1:73:4d:53:a0:3b:66:9b:7e:6a:c9:20:57
Certificate

Issuer

CN=MicroSoftware\, Ltda,OU=Unidade de Desenvolvimento de Sistemas,O=MicroSoftware\, Ltda,L=São José dos Campos,ST=São Paulo,C=BR,1.2.840.113549.1.9.1=#0c1761646d696e404d6963726f536f6674776172652e6e6574

Not Before

12/08/2021, 00:50

Not After

10/08/2031, 00:50

Subject

CN=MicroSoftware\, Ltda,OU=Unidade de Desenvolvimento de Sistemas,O=MicroSoftware\, Ltda,L=São José dos Campos,ST=São Paulo,C=BR,1.2.840.113549.1.9.1=#0c1761646d696e404d6963726f536f6674776172652e6e6574

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

92:78:02:9d:03:39:b1:1c:0c:3d:01:0f:9c:a8:fb:66:5d:a1:74:93:ce:ca:36:66:35:39:36:c9:33:82:69:ce
Signer

Actual PE Digest

92:78:02:9d:03:39:b1:1c:0c:3d:01:0f:9c:a8:fb:66:5d:a1:74:93:ce:ca:36:66:35:39:36:c9:33:82:69:ce

Digest Algorithm

sha256

PE Digest Matches

true

e5:b4:d2:12:d8:6a:b3:35:02:4d:2a:a6:43:fe:ce:dd:5a:a1:f9:3d
Signer

Actual PE Digest

e5:b4:d2:12:d8:6a:b3:35:02:4d:2a:a6:43:fe:ce:dd:5a:a1:f9:3d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA

user32

MessageBoxW

advapi32

RegQueryInfoKeyW

msvcrt

memset

urlmon

HlinkNavigateString

comctl32

ImageList_GetIconSize

gdi32

SetBrushOrgEx

shfolder

SHGetFolderPathW

winmm

timeGetTime

magnification

MagSetWindowFilterList

netapi32

NetWkstaGetInfo

wsock32

getsockname

version

GetFileVersionInfoSizeW

oleaut32

VariantChangeType

ole32

IsEqualGUID

shell32

SHGetDesktopFolder

Exports

Exports

HASH_Begin
HASH_Create
HASH_Destroy
HASH_End
HASH_Update
NSS_Initialize
TMethodImplementationIntercept
WNetAddConnection2A
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

Size: - Virtual size: 13.4MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.2MB - Virtual size: 7.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 95KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

540fde2772bd220df6277bd213c21b59

Code Sign

3f:07:03:37:2c:74:71:f1:73:4d:53:a0:3b:66:9b:7e:6a:c9:20:57Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6bCertificate

Extended Key Usages

Key Usages

3f:07:03:37:2c:74:71:f1:73:4d:53:a0:3b:66:9b:7e:6a:c9:20:57Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6bCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

92:78:02:9d:03:39:b1:1c:0c:3d:01:0f:9c:a8:fb:66:5d:a1:74:93:ce:ca:36:66:35:39:36:c9:33:82:69:ceSigner

e5:b4:d2:12:d8:6a:b3:35:02:4d:2a:a6:43:fe:ce:dd:5a:a1:f9:3dSigner

Headers

File Characteristics

Imports

kernel32

user32

advapi32

msvcrt

urlmon

comctl32

gdi32

shfolder

winmm

magnification

netapi32

wsock32

version

oleaut32

ole32

shell32

Exports

Exports

Sections

Size: - Virtual size: 13.4MB

Size: 512B - Virtual size: 4KB

Size: 512B - Virtual size: 4KB

Size: 1KB - Virtual size: 4KB

.rsrc Size: 3.2MB - Virtual size: 7.9MB

Size: 95KB - Virtual size: 96KB

3f:07:03:37:2c:74:71:f1:73:4d:53:a0:3b:66:9b:7e:6a:c9:20:57
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

3f:07:03:37:2c:74:71:f1:73:4d:53:a0:3b:66:9b:7e:6a:c9:20:57
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

92:78:02:9d:03:39:b1:1c:0c:3d:01:0f:9c:a8:fb:66:5d:a1:74:93:ce:ca:36:66:35:39:36:c9:33:82:69:ce
Signer

e5:b4:d2:12:d8:6a:b3:35:02:4d:2a:a6:43:fe:ce:dd:5a:a1:f9:3d
Signer

.rsrc
Size: 3.2MB - Virtual size: 7.9MB