27bc5e25cc0993a7f6583b12ad5ebda8

Sharing

Copy URL Twitter E-mail

General

Target

27bc5e25cc0993a7f6583b12ad5ebda8
Size

672KB
MD5

27bc5e25cc0993a7f6583b12ad5ebda8
SHA1

a597694fbcf460f1ae4f4a4b4b01a57c6c301367
SHA256

5ddf2d517599b0546bd8ac5635c86c533f7132313b950231fc30b9b64bef4630
SHA512

bce0e5536998a95f802bd7e909a5551e0cef69f86b0e47b1dcf1f7fbac3bb06e7b1b565e7418c692eb9ecb3461f6772da8c5cd6bfdb6d0df8ee34c8380999fd3
SSDEEP

12288:XBWuNaBPXnrtwe83ER9NhcL7wQTLGHQH9dxV6wkHLtZ:XBJEZwe83ETN+TLGwdxTkrtZ

Score

1^/10

Malware Config

Signatures

Files

27bc5e25cc0993a7f6583b12ad5ebda8
.exe windows:5 windows x86 arch:x86

53565cfb4ed7b19601a9b21f35c0e9c2

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

27/04/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

Issuer

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

30/05/2020, 10:48

Subject

CN=Sectigo SHA-1 Time Stamping Signer,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

53:f0:7c:ba:47:55:8d:64:93:39:d9:f4
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

27/01/2017, 11:00

Not After

31/03/2020, 12:33

Subject

CN=Biz Secure Labs Pvt. Ltd.,O=Biz Secure Labs Pvt. Ltd.,L=Pune,ST=Maharashtra,C=IN,1.2.840.113549.1.9.1=#0c1a737570706f727440696e646961616e746976697275732e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

f4:1f:ff:5a:a9:e3:b5:89:2f:1d:b4:00:74:e5:b7:e4:1e:3e:93:22
Signer

Actual PE Digest

f4:1f:ff:5a:a9:e3:b5:89:2f:1d:b4:00:74:e5:b7:e4:1e:3e:93:22

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetDateFormatA
ExitProcess
GetCommandLineA
GetStartupInfoA
HeapValidate
IsBadReadPtr
RtlUnwind
RaiseException
VirtualAlloc
GetSystemInfo
DebugBreak
GetStdHandle
OutputDebugStringA
WriteConsoleW
GetFileType
OutputDebugStringW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
LoadLibraryW
GetACP
IsValidCodePage
GetTimeZoneInformation
InitializeCriticalSectionAndSpinCount
SetHandleCount
LCMapStringA
LCMapStringW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
HeapFree
VirtualFree
HeapAlloc
HeapSize
HeapReAlloc
GetDriveTypeA
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
GetProcessHeap
CompareStringW
SetEnvironmentVariableA
OpenEventA
FileTimeToLocalFileTime
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetCurrentDirectoryA
GetCurrentThread
GetLocaleInfoA
GetOEMCP
GetCPInfo
GlobalFlags
GetFullPathNameA
SetEndOfFile
FlushFileBuffers
SetFilePointer
WriteFile
SetEvent
lstrcmpW
GetCurrentThreadId
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
GetVersionExA
lstrcmpA
FileTimeToSystemTime
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalAlloc
GetCurrentProcessId
CompareStringA
GetModuleFileNameW
GetModuleHandleW
GetAtomNameA
GlobalGetAtomNameA
InterlockedIncrement
InterlockedDecrement
FindNextFileA
FindFirstFileA
FindClose
SetLastError
GlobalFree
MultiByteToWideChar
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
lstrlenA
MoveFileA
CopyFileA
GetPrivateProfileSectionA
GetModuleFileNameA
GetLastError
lstrcmpiA
GetPrivateProfileStringA
MoveFileExA
CreateDirectoryA
DeleteFileA
ReadFile
CloseHandle
GetFileSize
CreateFileA
GetLongPathNameA
GetCurrentProcess
GetModuleHandleA
WritePrivateProfileStringA
Sleep
GetComputerNameA
FreeLibrary
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
CreateMutexA
OpenMutexA
FindResourceA
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
GetTimeFormatA

user32

ShowOwnedPopups
IsWindowVisible
ValidateRect
InvalidateRect
UpdateWindow
GetWindowDC
ClientToScreen
BringWindowToTop
GetMenuCheckMarkDimensions
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
LoadIconA
GetClientRect
MapWindowPoints
DispatchMessageA
GetFocus
SetFocus
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
BeginDeferWindowPos
CopyRect
EndDeferWindowPos
GetTopWindow
GetWindow
GetCapture
WinHelpA
TrackPopupMenu
GetKeyState
GetDlgCtrlID
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
SetPropA
GetPropA
CallWindowProcA
RemovePropA
SetMenu
GetMenu
GetMessageTime
GetMessagePos
SetWindowLongA
SetWindowPos
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetMenuItemID
InflateRect
PtInRect
GetMenuState
GetSubMenu
GetMenuItemCount
IsMenu
IsWindow
SendMessageA
PostMessageA
SetForegroundWindow
GetForegroundWindow
SetWindowTextA
ShowWindow
SetRectEmpty
SetCursor
ReleaseCapture
DestroyMenu
LoadAcceleratorsA
TranslateAcceleratorA
DefWindowProcA
TabbedTextOutA
PostQuitMessage
ReuseDDElParam
UnpackDDElParam
GetClipboardFormatNameA
RegisterWindowMessageA
GetDesktopWindow
GetActiveWindow
SetActiveWindow
DestroyWindow
GetDlgItem
GetWindowTextA
UnhookWindowsHookEx
MessageBoxA
GetWindowLongA
GetParent
GetLastActivePopup
IsWindowEnabled
EnableWindow
GetWindowThreadProcessId
GetSystemMetrics
GetDC
ReleaseDC
GetSysColor
LoadCursorA
LoadMenuA
SetMenuItemBitmaps
ModifyMenuA
InsertMenuItemA
GetMenuItemInfoA
EnableMenuItem
CheckMenuItem
CreatePopupMenu
GrayStringA
DrawTextExA
DrawTextA
FillRect
LoadBitmapA
GetSysColorBrush
PeekMessageA

gdi32

CreateCompatibleBitmap
CreateBitmap
CreateFontIndirectA
CreatePatternBrush
CreateSolidBrush
GetObjectType
GetStockObject
GetObjectA
ExtTextOutA
GetDeviceCaps
PtVisible
RectVisible
BitBlt
GetPixel
TextOutA
GetTextExtentPoint32A
Escape
GetClipBox
SetTextColor
SetBkColor
DeleteDC
SaveDC
RestoreDC
SetBkMode
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
CreateCompatibleDC
SelectObject
DeleteObject

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

CryptAcquireContextA
RevertToSelf
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
SetThreadToken
OpenThreadToken

shell32

SHGetSpecialFolderPathA
DragFinish
DragQueryFileA

ole32

CoTaskMemFree
StringFromCLSID

oleaut32

VariantInit
VariantChangeType
VariantClear

shlwapi

PathFileExistsA
StrFormatByteSize64A
PathRemoveFileSpecA
StrStrIA

wintrust

WinVerifyTrust

netapi32

NetApiBufferFree
NetUserEnum

oleacc

CreateStdAccessibleObject
LresultFromObject

Sections

.text
Size: 447KB - Virtual size: 447KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 109KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

53565cfb4ed7b19601a9b21f35c0e9c2

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cdCertificate

Extended Key Usages

Key Usages

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19Certificate

Extended Key Usages

Key Usages

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49Certificate

Extended Key Usages

Key Usages

53:f0:7c:ba:47:55:8d:64:93:39:d9:f4Certificate

Extended Key Usages

Key Usages

f4:1f:ff:5a:a9:e3:b5:89:2f:1d:b4:00:74:e5:b7:e4:1e:3e:93:22Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

shlwapi

wintrust

netapi32

oleacc

Sections

.text Size: 447KB - Virtual size: 447KB

.rdata Size: 109KB - Virtual size: 108KB

.data Size: 9KB - Virtual size: 33KB

.rsrc Size: 33KB - Virtual size: 32KB

.reloc Size: 65KB - Virtual size: 65KB

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

53:f0:7c:ba:47:55:8d:64:93:39:d9:f4
Certificate

f4:1f:ff:5a:a9:e3:b5:89:2f:1d:b4:00:74:e5:b7:e4:1e:3e:93:22
Signer

.text
Size: 447KB - Virtual size: 447KB

.rdata
Size: 109KB - Virtual size: 108KB

.data
Size: 9KB - Virtual size: 33KB

.rsrc
Size: 33KB - Virtual size: 32KB

.reloc
Size: 65KB - Virtual size: 65KB