70f35e8ff711ceff751af7b2c223d77a

Sharing

Copy URL

Twitter E-mail

General

Target

70f35e8ff711ceff751af7b2c223d77a
Size

645KB
MD5

70f35e8ff711ceff751af7b2c223d77a
SHA1

bbeda9e18aeb9f6650b02bf6a97e06903bb39c2f
SHA256

9b6889a235d9280277e92f17cdd46b340f0f9de3a74446b334ce9156e2bd0535
SHA512

dcfba8589532e8dfc678bc4fb01f9188005d35e62f494fbdf1062b6f9feb894f558d6be9f052dbb42dfb5d65582cd9ef1d463052373bd6f324c25077d7e0bb78
SSDEEP

12288:32psOKKJpwu9shpaldGz6Gcsl1Ln2PoHjO2avrmf:5KJp95ldGz65WLE2myf

Score

1^/10

Malware Config

Signatures

Files

70f35e8ff711ceff751af7b2c223d77a
.exe windows:6 windows x64 arch:x64

8fab69e1e447184bf14f16bb9af4d2bd

Code Sign

33:00:00:01:df:6b:f0:2e:92:a7:4a:b4:d0:00:00:00:00:01:df
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-12-2020 21:31

Not After

02-12-2021 21:31

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

55:65:8b:6c:39:fe:5a:dd:36:ef:63:7f:b4:d7:f1:5f:cf:a9:7c:0f:67:14:d3:00:95:54:bc:65:ff:ed:7b:92
Signer

Actual PE Digest

55:65:8b:6c:39:fe:5a:dd:36:ef:63:7f:b4:d7:f1:5f:cf:a9:7c:0f:67:14:d3:00:95:54:bc:65:ff:ed:7b:92

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

EventUnregister
EventRegister
EventWrite
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegLoadAppKeyW
RegDeleteTreeW
RegCreateKeyExW
RegSaveKeyW
RegGetKeySecurity
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
RegDeleteKeyW
RegDeleteKeyExA
RegDeleteKeyExW
RegDeleteValueA
RegDeleteValueW
RegDeleteKeyValueA
RegDeleteKeyValueW
RegDeleteTreeA
RegEnumKeyExA
RegEnumKeyExW
RegEnumValueA
RegEnumValueW
RegQueryInfoKeyA
RegQueryInfoKeyW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
RegDeleteKeyA

kernel32

GetTempPathW
GetTempFileNameW
ReadProcessMemory
CreateEventW
WaitForSingleObject
GetCurrentProcess
ExitProcess
GetCurrentProcessId
GetOverlappedResult
WaitNamedPipeW
CreateFileW
DuplicateHandle
DecodePointer
SetEvent
LocalFree
OpenProcess
GetModuleHandleW
GetSystemDirectoryW
LoadLibraryW
CreateThread
CreatePipe
WaitForMultipleObjects
VirtualQuery
SetThreadContext
GetThreadContext
ResumeThread
SuspendThread
CreateTimerQueue
UnregisterWaitEx
QueryDepthSList
ReleaseSemaphore
VirtualProtect
GetModuleHandleA
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SignalObjectAndWait
VerifyVersionInfoW
VerSetConditionMask
GetPrivateProfileStringW
HeapLock
GetVersionExW
HeapUnlock
Thread32Next
OpenThread
Thread32First
CreateToolhelp32Snapshot
InitializeCriticalSection
CompareStringA
GetFileAttributesExW
Sleep
FlushViewOfFile
UnmapViewOfFile
ReadFile
CreateFileMappingW
CreateDirectoryW
FindFirstFileW
ReleaseMutex
CreateMutexW
FindAtomW
AddAtomW
GetFileAttributesW
LoadLibraryExA
VirtualFree
VirtualAlloc
FlushInstructionCache
InterlockedPopEntrySList
GetTickCount
SwitchToThread
TryEnterCriticalSection
WriteConsoleW
ReadConsoleW
SetEndOfFile
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
WaitForSingleObjectEx
OutputDebugStringW
GetStringTypeW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetFileType
GetCurrentThread
GetACP
WideCharToMultiByte
MultiByteToWideChar
GetStdHandle
GetModuleHandleExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
EncodePointer
RtlPcToFileHeader
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwindEx
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
CloseHandle
CompareStringOrdinal
FindResourceW
FindResourceExW
LoadResource
LockResource
SizeofResource
GetProcAddress
LoadLibraryExW
lstrcmpW
MulDiv
GlobalAlloc
GlobalLock
GlobalUnlock
SetLastError
RaiseException
GetCurrentThreadId
InitializeCriticalSectionEx
DeleteCriticalSection
GetModuleFileNameW
LeaveCriticalSection
EnterCriticalSection
GetLastError
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
WriteFile
MapViewOfFile

gdi32

CreateSolidBrush
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
DeleteObject
BitBlt
DeleteDC
GetStockObject
GetObjectW
GetDeviceCaps

user32

GetWindowLongW
SetWindowLongW
DefWindowProcW
LoadCursorW
RegisterClassExW
UnregisterClassW
IsWindow
IsChild
GetFocus
SetFocus
GetWindow
PostMessageW
SetWindowPos
CharNextW
GetSysColor
GetClassNameW
SendMessageW
GetDlgItem
EndPaint
BeginPaint
GetWindowLongPtrW
SetWindowLongPtrW
DestroyAcceleratorTable
GetDesktopWindow
ReleaseDC
GetDC
InvalidateRect
CallWindowProcW
InvalidateRgn
GetClientRect
FillRect
ReleaseCapture
SetCapture
MoveWindow
ScreenToClient
GetParent
SetWindowTextW
ClientToScreen
CreateAcceleratorTableW
DestroyWindow
CreateWindowExW
GetClassInfoExW
GetWindowTextW
PeekMessageW
SetTimer
KillTimer
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetAsyncKeyState
SetParent
AttachThreadInput
GetGUIThreadInfo
GetWindowThreadProcessId
PostThreadMessageW
DispatchMessageW
TranslateMessage
PostQuitMessage
GetMessageW
GetDoubleClickTime
AllowSetForegroundWindow
GetMonitorInfoW
MonitorFromPoint
RegisterWindowMessageW
GetWindowTextLengthW
RedrawWindow

ole32

CoTaskMemFree
OleLockRunning
CreateStreamOnHGlobal
CoCreateInstance
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
OleInitialize
IIDFromString
CoInitialize
CoReleaseServerProcess
CoAddRefServerProcess
CoInitializeEx
CoUninitialize
CoCreateGuid
StringFromCLSID
OleUninitialize
CoGetMalloc
CreateBindCtx
CoTaskMemAlloc
StringFromGUID2

oleaut32

SysStringLen
SysAllocStringByteLen
SysFreeString
SysAllocString
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
VariantInit
VariantClear
SysAllocStringLen
VariantCopy
SafeArrayAccessData
SafeArrayUnaccessData
VarBstrCat
SafeArrayUnlock
SafeArrayDestroy
SafeArrayCreate
SafeArrayLock
DispCallFunc
VariantChangeType
SysStringByteLen

shlwapi

PathCombineW
PathRemoveFileSpecW
StrCmpIW
PathIsRootW
PathFileExistsW
PathFindFileNameW
PathAppendW
StrStrW
ord176
ord12
StrCmpNIW

shell32

CommandLineToArgvW
SHGetKnownFolderPath

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

wer

WerReportCreate
WerReportAddFile
WerReportSubmit
WerReportAddDump
WerReportSetParameter
WerReportCloseHandle

urlmon

CreateUri

vcruntime140

__RTDynamicCast
__uncaught_exception
memcmp
strrchr
wcschr

Sections

.text
Size: 420KB - Virtual size: 420KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 162KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8fab69e1e447184bf14f16bb9af4d2bd

Code Sign

33:00:00:01:df:6b:f0:2e:92:a7:4a:b4:d0:00:00:00:00:01:dfCertificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

55:65:8b:6c:39:fe:5a:dd:36:ef:63:7f:b4:d7:f1:5f:cf:a9:7c:0f:67:14:d3:00:95:54:bc:65:ff:ed:7b:92Signer

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

gdi32

user32

ole32

oleaut32

shlwapi

shell32

version

wer

urlmon

vcruntime140

Sections

.text Size: 420KB - Virtual size: 420KB

.rdata Size: 162KB - Virtual size: 161KB

.data Size: 10KB - Virtual size: 19KB

.pdata Size: 24KB - Virtual size: 23KB

_RDATA Size: 512B - Virtual size: 148B

.detourc Size: 8KB - Virtual size: 8KB

.detourd Size: 512B - Virtual size: 24B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 7KB - Virtual size: 6KB

33:00:00:01:df:6b:f0:2e:92:a7:4a:b4:d0:00:00:00:00:01:df
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

55:65:8b:6c:39:fe:5a:dd:36:ef:63:7f:b4:d7:f1:5f:cf:a9:7c:0f:67:14:d3:00:95:54:bc:65:ff:ed:7b:92
Signer

.text
Size: 420KB - Virtual size: 420KB

.rdata
Size: 162KB - Virtual size: 161KB

.data
Size: 10KB - Virtual size: 19KB

.pdata
Size: 24KB - Virtual size: 23KB

_RDATA
Size: 512B - Virtual size: 148B

.detourc
Size: 8KB - Virtual size: 8KB

.detourd
Size: 512B - Virtual size: 24B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 7KB - Virtual size: 6KB