2844ba7eb36f91b253c5ebec405bc39357fa0791e80d30bdba02a9dc8e3604eb

Sharing

Copy URL Twitter E-mail

General

Target

2844ba7eb36f91b253c5ebec405bc39357fa0791e80d30bdba02a9dc8e3604eb
Size

5.3MB
MD5

8258438ab7695c3ab51bd87574123494
SHA1

5d9f4c01e38a6c5560548504443fa7614bb58c1c
SHA256

2844ba7eb36f91b253c5ebec405bc39357fa0791e80d30bdba02a9dc8e3604eb
SHA512

306be748fc0d0b9dcc7b716dbffbe92ffca6b2bd913b3197374b6d18cc3b809094524771304a2956d2e05c65c6582260d5f95c22f76b155f45940eb0f1230830
SSDEEP

98304:Eh309wpbeh4p9GTpDji7yejCO3vtY14TFSbYTrkXkHVC5f9robTL9dm4vlYYph8r:Eh3+8p9GTli7HVVNxOO7H45f9UZU4NYz

Score

1^/10

Malware Config

Signatures

Files

2844ba7eb36f91b253c5ebec405bc39357fa0791e80d30bdba02a9dc8e3604eb
.exe windows:6 windows x86 arch:x86

05b30f4d6aba33ed0d9711ee457e27a8

Code Sign

67:6e:20:ee:07:fc:c9:49:aa:7e:95:78:32:b7:bd:ab
Certificate

Issuer

CN=ActiveReports RDF document API,OU=Active,O=GrapeCity Inc. All rights reserved,ST=CH,C=CH

Not Before

10/12/2023, 16:06

Not After

10/09/2025, 00:00

Subject

CN=ActiveReports RDF document API,OU=Active,O=GrapeCity Inc. All rights reserved,ST=CH,C=CH

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f4:f7:1a:07:a2:ac:df:f3:1a:66:81:25:f9:cd:93:64:e0:2d:eb:21:c4:d0:96:f8:0d:04:64:8f:8c:4c:56:95
Signer

Actual PE Digest

f4:f7:1a:07:a2:ac:df:f3:1a:66:81:25:f9:cd:93:64:e0:2d:eb:21:c4:d0:96:f8:0d:04:64:8f:8c:4c:56:95

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

��~�#i�jυ3wru{��4q\�a��b��҅/z+x��m4�_m�zpg��d��l�b��,��օf��'�(:,xp�_y�q��=ǟt$k\e��g�<@��w��*lc��a�ԡ��w@��.�(�~�>tl|q,��gql��2�?��vgf#��e}��`��&n��g]��q(��a��ur:�p��5b��2�\yj��\5��̬��"��r�

i�_�x�?��p�)-�=yz�v�)*o�t��-ns�;�w��5�z��@��{��'� �o�mj�}��%�<&m��\~��[h��w�'a� v�i#��o-jwي3��a�k��d
i�_�x�?��p�)-�=yz�v�)*o�t��-ns�;�w��5�z��@��{��'� �o�mj�}��%�<&m��\~��[h��w�'a� v�i#��o-jwي3��a�k��d
i�_�x�?��p�)-�=yz�v�)*o�t��-ns�;�w��5�z��@��{��'� �o�mj�}��%�<&m��\~��[h��w�'a� v�i#��o-jwي3��a�k��d
i�_�x�?��p�)-�=yz�v�)*o�t��-ns�;�w��5�z��@��{��'� �o�mj�}��%�<&m��\~��[h��w�'a� v�i#��o-jwي3��a�k��d
i�_�x�?��p�)-�=yz�v�)*o�t��-ns�;�w��5�z��@��{��'� �o�mj�}��%�<&m��\~��[h��w�'a� v�i#��o-jwي3��a�k��d
i�_�x�?��p�)-�=yz�v�)*o�t��-ns�;�w��5�z��@��{��'� �o�mj�}��%�<&m��\~��[h��w�'a� v�i#��o-jwي3��a�k��d
i�_�x�?��p�)-�=yz�v�)*o�t��-ns�;�w��5�z��@��{��'� �o�mj�}��%�<&m��\~��[h��w�'a� v�i#��o-jwي3��a�k��d
i�_�x�?��p�)-�=yz�v�)*o�t��-ns�;�w��5�z��@��{��'� �o�mj�}��%�<&m��\~��[h��w�'a� v�i#��o-jwي3��a�k��d
i�_�x�?��p�)-�=yz�v�)*o�t��-ns�;�w��5�z��@��{��'� �o�mj�}��%�<&m��\~��[h��w�'a� v�i#��o-jwي3��a�k��d
i�_�x�?��p�)-�=yz�v�)*o�t��-ns�;�w��5�z��@��{��'� �o�mj�}��%�<&m��\~��[h��w�'a� v�i#��o-jwي3��a�k��d
i�_�x�?��p�)-�=yz�v�)*o�t��-ns�;�w��5�z��@��{��'� �o�mj�}��%�<&m��\~��[h��w�'a� v�i#��o-jwي3��a�k��d
i�_�x�?��p�)-�=yz�v�)*o�t��-ns�;�w��5�z��@��{��'� �o�mj�}��%�<&m��\~��[h��w�'a� v�i#��o-jwي3��a�k��d
i�_�x�?��p�)-�=yz�v�)*o�t��-ns�;�w��5�z��@��{��'� �o�mj�}��%�<&m��\~��[h��w�'a� v�i#��o-jwي3��a�k��d
i�_�x�?��p�)-�=yz�v�)*o�t��-ns�;�w��5�z��@��{��'� �o�mj�}��%�<&m��\~��[h��w�'a� v�i#��o-jwي3��a�k��d
i�_�x�?��p�)-�=yz�v�)*o�t��-ns�;�w��5�z��@��{��'� �o�mj�}��%�<&m��\~��[h��w�'a� v�i#��o-jwي3��a�k��d
i�_�x�?��p�)-�=yz�v�)*o�t��-ns�;�w��5�z��@��{��'� �o�mj�}��%�<&m��\~��[h��w�'a� v�i#��o-jwي3��a�k��d
i�_�x�?��p�)-�=yz�v�)*o�t��-ns�;�w��5�z��@��{��'� �o�mj�}��%�<&m��\~��[h��w�'a� v�i#��o-jwي3��a�k��d
i�_�x�?��p�)-�=yz�v�)*o�t��-ns�;�w��5�z��@��{��'� �o�mj�}��%�<&m��\~��[h��w�'a� v�i#��o-jwي3��a�k��d
i�_�x�?��p�)-�=yz�v�)*o�t��-ns�;�w��5�z��@��{��'� �o�mj�}��%�<&m��\~��[h��w�'a� v�i#��o-jwي3��a�k��d

�ւ�"�ߤ��j�r�ߑ�y��% �ź��ί��s`�<�} uay �� i,��t�sp��$��=�y��4>d��\�^q��m��-čdq��)��i�"f�ޗݣ@.�l؛�y�m��

��
��
��

advapi32

RegSetValueExA

� c�v�ɇ(��c�i��9�o��3��m�l �a

ShellExecuteExW

ole32

�j��>�\1�� .r�j�8Q�� Y��0��}��N��l�n/��j�

Sections

.text
Size: - Virtual size: 162KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.dll‹&
Size: - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.dll‹&
Size: - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp_{~
Size: - Virtual size: 958KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp_{~
Size: 1024B - Virtual size: 524B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp_{~
Size: 5.3MB - Virtual size: 5.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 37KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

05b30f4d6aba33ed0d9711ee457e27a8

Code Sign

67:6e:20:ee:07:fc:c9:49:aa:7e:95:78:32:b7:bd:abCertificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

f4:f7:1a:07:a2:ac:df:f3:1a:66:81:25:f9:cd:93:64:e0:2d:eb:21:c4:d0:96:f8:0d:04:64:8f:8c:4c:56:95Signer

Headers

DLL Characteristics

File Characteristics

Imports

�ւ�"�ߤ��j�r�ߑ�y��% �ź����ί��s`�<�} uay ���� ���i,��t�sp���$���=�y��4>d��\�^q���m�� -čdq��)��i�"f�ޗݣ@.�l؛�y�m�� �� 

advapi32

� c�v�ɇ(��c�i���9�o��3��m�l �a

ole32

Sections

.text Size: - Virtual size: 162KB

.rdata Size: - Virtual size: 67KB

.data Size: - Virtual size: 7KB

.dll‹& Size: - Virtual size: 1.6MB

.dll‹& Size: - Virtual size: 1.9MB

.vmp_{~ Size: - Virtual size: 958KB

.vmp_{~ Size: 1024B - Virtual size: 524B

.vmp_{~ Size: 5.3MB - Virtual size: 5.3MB

.reloc Size: 7KB - Virtual size: 6KB

.rsrc Size: 37KB - Virtual size: 136KB

67:6e:20:ee:07:fc:c9:49:aa:7e:95:78:32:b7:bd:ab
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

f4:f7:1a:07:a2:ac:df:f3:1a:66:81:25:f9:cd:93:64:e0:2d:eb:21:c4:d0:96:f8:0d:04:64:8f:8c:4c:56:95
Signer

�ւ�"�ߤ��j�r�ߑ�y��% �ź��ί��s`�<�} uay �� i,��t�sp��$��=�y��4>d��\�^q��m��-čdq��)��i�"f�ޗݣ@.�l؛�y�m��

� c�v�ɇ(��c�i��9�o��3��m�l �a

.text
Size: - Virtual size: 162KB

.rdata
Size: - Virtual size: 67KB

.data
Size: - Virtual size: 7KB

.dll‹&
Size: - Virtual size: 1.6MB

.dll‹&
Size: - Virtual size: 1.9MB

.vmp_{~
Size: - Virtual size: 958KB

.vmp_{~
Size: 1024B - Virtual size: 524B

.vmp_{~
Size: 5.3MB - Virtual size: 5.3MB

.reloc
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 37KB - Virtual size: 136KB