404f78898b927d3398259c611a868c95

Sharing

Copy URL Twitter E-mail

General

Target

404f78898b927d3398259c611a868c95
Size

23KB
MD5

404f78898b927d3398259c611a868c95
SHA1

adf3ffc1d3c839132e1b59abfb13027574e34b38
SHA256

40fa2ba5d3f1aa33275f5e07cd33fc29bd2f3b0ece653553d64e7058aa41d49c
SHA512

18342117df7725a74655a66e05b734a6823f50f85a0d5607eb07e51507366b0c615dcf17d8d6b9a119503add17f8c973f89a30eef5c5fdd14b8fbe51fe2ef924
SSDEEP

384:S6IA6Km0TAPzZ3JTSYekuqImks2ZwlzZfetLn88O:SbkcPSYekuqIHdOzZmtL88

Score

1^/10

Malware Config

Signatures

Files

404f78898b927d3398259c611a868c95
.exe windows:4 windows x86 arch:x86

4824dc292a6fc00296c6be5ba750a635

Code Sign

12:00:12:56:88:4a:29:9a:c4:21:44:5a:79:00:00:00:12:56:88
Certificate

Issuer

CN=Microsoft RSA TLS CA 01,O=Microsoft Corporation,C=US

Not Before

29/06/2021, 21:35

Not After

29/06/2022, 21:35

Subject

CN=*.oneroute.microsoft.com

a3:41:3e:2f:e0:d8:0f:7f:42:7a:6d:0e:8f:6c:fc:70:9f:b6:83:95
Signer

Actual PE Digest

a3:41:3e:2f:e0:d8:0f:7f:42:7a:6d:0e:8f:6c:fc:70:9f:b6:83:95

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

CreateFileA
CreateFileMappingA
DeleteCriticalSection
EnterCriticalSection
FreeLibrary
GetCurrentProcess
GetLastError
GetModuleHandleA
GetProcAddress
GetStartupInfoA
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
MapViewOfFile
SetErrorMode
SetUnhandledExceptionFilter
Sleep
TlsGetValue
VirtualFree
VirtualProtect
VirtualQuery

msvcrt

__getmainargs
__initenv
__lconv_init
__p__acmdln
__p__commode
__p__fmode
__set_app_type
__setusermatherr
_amsg_exit
_cexit
_errno
_initterm
_iob
_onexit
abort
asin
calloc
exit
fprintf
free
fwrite
malloc
memcpy
rand
signal
strcmp
strlen
strncmp
vfprintf

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 196B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4824dc292a6fc00296c6be5ba750a635

Code Sign

12:00:12:56:88:4a:29:9a:c4:21:44:5a:79:00:00:00:12:56:88Certificate

a3:41:3e:2f:e0:d8:0f:7f:42:7a:6d:0e:8f:6c:fc:70:9f:b6:83:95Signer

Headers

File Characteristics

Imports

kernel32

msvcrt

Sections

.text Size: 13KB - Virtual size: 13KB

.data Size: 512B - Virtual size: 44B

.rdata Size: 2KB - Virtual size: 2KB

/4 Size: 512B - Virtual size: 244B

.bss Size: - Virtual size: 196B

.idata Size: 1KB - Virtual size: 1KB

.CRT Size: 512B - Virtual size: 52B

.tls Size: 512B - Virtual size: 8B

.rsrc Size: 1KB - Virtual size: 1KB

12:00:12:56:88:4a:29:9a:c4:21:44:5a:79:00:00:00:12:56:88
Certificate

a3:41:3e:2f:e0:d8:0f:7f:42:7a:6d:0e:8f:6c:fc:70:9f:b6:83:95
Signer

.text
Size: 13KB - Virtual size: 13KB

.data
Size: 512B - Virtual size: 44B

.rdata
Size: 2KB - Virtual size: 2KB

/4
Size: 512B - Virtual size: 244B

.bss
Size: - Virtual size: 196B

.idata
Size: 1KB - Virtual size: 1KB

.CRT
Size: 512B - Virtual size: 52B

.tls
Size: 512B - Virtual size: 8B

.rsrc
Size: 1KB - Virtual size: 1KB