10a37995c3345eeaec241c14902fc1bf35372cf62413fac75e77277a03fec436[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

10a37995c3345eeaec241c14902fc1bf35372cf62413fac75e77277a03fec436.exe
Size

4.2MB
MD5

e999f948bcd52e55d3999c7b7ff5b939
SHA1

35fd1c040a66f4844de0f7ae48e5512a10969810
SHA256

10a37995c3345eeaec241c14902fc1bf35372cf62413fac75e77277a03fec436
SHA512

b546a7da6d2610ef03da2a4c0a62b1e13707e8340d02d4233bcb3dca9d49c8be78993d6e82065982ed549bc279730d9e1bbe3bb33f0d2537e98d6cfa455fb0b4
SSDEEP

98304:G8FlAy1KL8H1PNxeszOqf6JLZ/QlI5jC3dYiXIDJKfBV:1FlAy108H1Pdp6Jd/Ql2yigH

Score

1^/10

Malware Config

Signatures

Files

10a37995c3345eeaec241c14902fc1bf35372cf62413fac75e77277a03fec436.exe
.exe windows:5 windows x86 arch:x86

2f42c7240ce091676db27467fe8eb2d6

Code Sign

97:87:f5:3d:3d:e1:69:df:35:1b:09:12:3d:30:96:b2
Certificate

Issuer

CN=5225102f0434382d242811523e2627225c0650271700133f52163721402002312055,POSTALCODE=10820,ST=0b1c1115005f5c4e110211020a04161610030607020106461710+ST=0b1c1115494a5c041c1150080c17090704050e005006511f0214001f1518010656090d0252450d0309185403131b5207441f1b0d41130a081a5013450802055b0c0b0a070b

Not Before

19/12/2023, 16:40

Not After

18/12/2024, 16:40

Subject

CN=5225102f0434382d242811523e2627225c0650271700133f52163721402002312055,POSTALCODE=10820,ST=0b1c1115005f5c4e110211020a04161610030607020106461710+ST=0b1c1115494a5c041c1150080c17090704050e005006511f0214001f1518010656090d0252450d0309185403131b5207441f1b0d41130a081a5013450802055b0c0b0a070b

14:a2:a5:78:7b:d3:8b:b4:fc:00:13:3d:dd:41:1a:05:88:57:d6:25:96:e3:ff:85:d5:93:86:16:18:0b:d6:48
Signer

Actual PE Digest

14:a2:a5:78:7b:d3:8b:b4:fc:00:13:3d:dd:41:1a:05:88:57:d6:25:96:e3:ff:85:d5:93:86:16:18:0b:d6:48

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LocalUnlock
FindFirstFileW
SetThreadContext
WriteConsoleInputW
CommConfigDialogA
DebugActiveProcessStop
ConvertThreadToFiber
GlobalAddAtomA
InterlockedIncrement
HeapFree
GetEnvironmentStringsW
GetFileAttributesExA
GetModuleHandleW
ReadConsoleW
GetCompressedFileSizeW
GetCommandLineA
GetConsoleCP
GlobalAlloc
SetFileShortNameW
LoadLibraryW
GetLocaleInfoW
ReadFileScatter
SetVolumeMountPointA
DeleteVolumeMountPointW
GlobalFlags
GetConsoleAliasW
GetModuleFileNameW
FlushFileBuffers
GetShortPathNameA
GetNamedPipeHandleStateW
GetCPInfoExW
GetLastError
GetCurrentDirectoryW
SetLastError
SetComputerNameA
LoadLibraryA
WriteConsoleA
OpenWaitableTimerW
FoldStringA
FindNextFileA
FindFirstVolumeMountPointA
GetModuleHandleA
UpdateResourceW
VirtualProtect
GetCPInfoExA
GetWindowsDirectoryW
GetProfileSectionW
CreateFileW
SetStdHandle
SetFilePointer
WriteConsoleW
InterlockedDecrement
Sleep
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
EncodePointer
DecodePointer
MoveFileA
HeapReAlloc
HeapSetInformation
GetStartupInfoW
RtlUnwind
HeapAlloc
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
HeapSize
GetProcAddress
ExitProcess
HeapCreate
HeapDestroy
RaiseException
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetCurrentThreadId
GetCurrentThread
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
FatalAppExitA
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeW
MultiByteToWideChar
SetConsoleCtrlHandler
FreeLibrary
LCMapStringW
GetConsoleMode
ReadFile
CloseHandle
DeleteFileA

user32

CharUpperBuffW
CharToOemBuffW
GetNextDlgTabItem

Sections

.text
Size: 149KB - Virtual size: 149KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4.0MB - Virtual size: 8.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.zumo
Size: 512B - Virtual size: 1B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 58KB - Virtual size: 286KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2f42c7240ce091676db27467fe8eb2d6

Code Sign

97:87:f5:3d:3d:e1:69:df:35:1b:09:12:3d:30:96:b2Certificate

14:a2:a5:78:7b:d3:8b:b4:fc:00:13:3d:dd:41:1a:05:88:57:d6:25:96:e3:ff:85:d5:93:86:16:18:0b:d6:48Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

Sections

.text Size: 149KB - Virtual size: 149KB

.data Size: 4.0MB - Virtual size: 8.7MB

.zumo Size: 512B - Virtual size: 1B

.rsrc Size: 58KB - Virtual size: 286KB

97:87:f5:3d:3d:e1:69:df:35:1b:09:12:3d:30:96:b2
Certificate

14:a2:a5:78:7b:d3:8b:b4:fc:00:13:3d:dd:41:1a:05:88:57:d6:25:96:e3:ff:85:d5:93:86:16:18:0b:d6:48
Signer

.text
Size: 149KB - Virtual size: 149KB

.data
Size: 4.0MB - Virtual size: 8.7MB

.zumo
Size: 512B - Virtual size: 1B

.rsrc
Size: 58KB - Virtual size: 286KB