7ea9f2c1e2ac86e48ebac10dcabf63b86ec51ab0414f5a76a7fc7034b39464e0

Sharing

Copy URL Twitter E-mail

General

Target

7ea9f2c1e2ac86e48ebac10dcabf63b86ec51ab0414f5a76a7fc7034b39464e0
Size

11.1MB
MD5

2484bc670b8007c6875888cfa8bcb807
SHA1

f18e0fd8b96aed47f4508e96587fefb882dfb12b
SHA256

7ea9f2c1e2ac86e48ebac10dcabf63b86ec51ab0414f5a76a7fc7034b39464e0
SHA512

8b8902f575f0300d9bd9079c8f77e061ca254539a12ed0a6406f0a85b564c7f2bca41c9e22833eac16b118823be4282211b59bff95b781b41cfb09cdf3c35a43
SSDEEP

196608:VAh4nvSntJ+5o1CPwDv3uFFTT2c+d37+HaCd5KmvSntJ+5o1CPwDv3uFFTT2c+da:V76J2o1CPwDv3uFdKc+d37y5l6J2o1CR

Score

1^/10

Malware Config

Signatures

Files

7ea9f2c1e2ac86e48ebac10dcabf63b86ec51ab0414f5a76a7fc7034b39464e0
.exe windows:5 windows x86 arch:x86

01303c56831ade6544b4d7057f7cac70

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:3f:5b:ab:7c:0e:18:cf:b0:e6:4a:2b:0b:ed:74:46
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

03/02/2021, 00:00

Not After

06/03/2024, 23:59

Subject

CN=Marcotte Systems Ltd,O=Marcotte Systems Ltd,L=Boucherville,ST=Quebec,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:cc:8d:59:c5:4b:1c:81:88:9e:8b:e8:b0:3d:6d:47:77:df:76:12:7e:df:07:3d:23:91:8b:42:87:4f:ed:ba
Signer

Actual PE Digest

06:cc:8d:59:c5:4b:1c:81:88:9e:8b:e8:b0:3d:6d:47:77:df:76:12:7e:df:07:3d:23:91:8b:42:87:4f:ed:ba

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\repos\tools\libs\fv.pdb

Imports

user32

PostMessageA
GetWindowTextA
GetWindowTextLengthA
EnumWindows
GetWindowThreadProcessId
TranslateMessage
DispatchMessageA
wsprintfA
UnregisterClassA
LoadStringA
MessageBoxA
PeekMessageA

kernel32

FreeLibrary
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
LoadLibraryExA
FormatMessageA
CreateFileA
GetDriveTypeA
GetFileSize
SetFilePointer
WriteFile
CloseHandle
SetLastError
SetErrorMode
GetCurrentProcess
GetCurrentProcessId
GetTickCount
GetProcessAffinityMask
SetProcessAffinityMask
LoadLibraryA
GetComputerNameA
FillConsoleOutputCharacterA
GetConsoleScreenBufferInfo
SetConsoleCursorPosition
MultiByteToWideChar
WideCharToMultiByte
LockFileEx
UnlockFileEx
TryEnterCriticalSection
SetEvent
ResetEvent
WaitForSingleObject
CreateEventA
Sleep
IsBadWritePtr
FileTimeToLocalFileTime
LocalFileTimeToFileTime
GetSystemTime
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
SystemTimeToFileTime
GetTimeZoneInformation
CreateFileW
GetFileSizeEx
ReadFile
SetEndOfFile
SetFilePointerEx
GetTempPathA
GetTempFileNameA
GetConsoleWindow
LoadResource
LockResource
SizeofResource
FindResourceA
SetEnvironmentVariableA
GetFullPathNameA
GetFullPathNameW
GetComputerNameExA
LocalFree
DuplicateHandle
TerminateProcess
DeleteCriticalSection
CreateProcessA
OpenProcess
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileSectionA
SetStdHandle
GetVersionExA
FillConsoleOutputAttribute
SetConsoleTextAttribute
ReadConsoleInputA
SetConsoleMode
CreateDirectoryA
CreateDirectoryW
DeleteFileW
FindNextFileA
MoveFileExW
SetThreadPriority
ResumeThread
GetThreadTimes
VirtualQuery
lstrlenA
IsBadReadPtr
IsBadCodePtr
GetDateFormatA
GetTimeFormatA
GetUserDefaultLCID
lstrlenW
MapViewOfFileEx
UnmapViewOfFile
CreateFileMappingA
ReleaseMutex
CreateMutexA
CreateThread
ExitThread
SetPriorityClass
FlushFileBuffers
QueryPerformanceFrequency
GetLocalTime
TlsFree
TlsSetValue
TlsGetValue
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetProcessHeap
HeapValidate
HeapFree
HeapAlloc
Beep
CopyFileExA
MoveFileExA
CopyFileA
SleepEx
GetLastError
SetFileTime
SetFileAttributesA
RemoveDirectoryA
GetFileAttributesA
FindFirstFileA
FindClose
DeleteFileA
GetCurrentDirectoryA
GetEnvironmentVariableA
GetCommandLineA
GetStdHandle
TlsAlloc
GetCurrentThreadId
EncodePointer
DecodePointer
RaiseException
GetStringTypeW
RtlUnwind
ExitProcess
GetModuleHandleExW
AreFileApisANSI
GetSystemTimeAsFileTime
GetDriveTypeW
GetConsoleMode
HeapReAlloc
GetFileType
GetModuleFileNameW
WriteConsoleW
LoadLibraryExW
GetModuleHandleW
ReadConsoleW
GetConsoleCP
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetStartupInfoW
IsProcessorFeaturePresent
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesW
HeapSize
IsDebuggerPresent
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetCurrentDirectoryW
OutputDebugStringW
GetExitCodeProcess
QueryPerformanceCounter

shell32

SHGetPathFromIDListA
SHGetMalloc
SHGetSpecialFolderLocation

ws2_32

WSAIoctl
WSACancelBlockingCall
WSAGetLastError
accept
bind
closesocket
connect
ioctlsocket
getpeername
htons
inet_addr
inet_ntoa
listen
recv
send
shutdown
socket
gethostbyname
gethostname
WSAStartup
WSACleanup

ole32

CoInitializeSecurity
CLSIDFromProgID
CoCreateInstance
CoUninitialize
CoInitialize
OleInitialize
OleUninitialize
CoCreateGuid

oleaut32

SysAllocString
SafeArrayDestroy
VariantChangeType
VariantCopy
VariantClear
VariantInit
SysFreeString

imagehlp

CheckSumMappedFile
MapFileAndCheckSumA

advapi32

EqualSid
AddAccessAllowedAce
RegQueryValueExA
RegOpenKeyExA
RegConnectRegistryA
RegCloseKey
ConvertSidToStringSidA
GetTokenInformation
LookupAccountSidA
GetUserNameA
OpenProcessToken
GetAce
GetAclInformation
GetLengthSid
GetSecurityDescriptorControl
GetSecurityDescriptorDacl
InitializeAcl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetFileSecurityA
GetFileSecurityA
LookupAccountNameA
ConvertStringSidToSidA
RegCreateKeyExA
RegSetValueExA
AdjustTokenPrivileges
AllocateAndInitializeSid
FreeSid
LookupPrivilegeValueA
AddAce

rpcrt4

UuidFromStringA

psapi

EnumProcesses
GetModuleFileNameExA

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

Sections

.text
Size: 725KB - Virtual size: 725KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 187KB - Virtual size: 187KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4.4MB - Virtual size: 4.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

01303c56831ade6544b4d7057f7cac70

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

08:3f:5b:ab:7c:0e:18:cf:b0:e6:4a:2b:0b:ed:74:46Certificate

Extended Key Usages

Key Usages

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

06:cc:8d:59:c5:4b:1c:81:88:9e:8b:e8:b0:3d:6d:47:77:df:76:12:7e:df:07:3d:23:91:8b:42:87:4f:ed:baSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

user32

kernel32

shell32

ws2_32

ole32

oleaut32

imagehlp

advapi32

rpcrt4

psapi

version

Sections

.text Size: 725KB - Virtual size: 725KB

.rdata Size: 187KB - Virtual size: 187KB

.data Size: 25KB - Virtual size: 58KB

.rsrc Size: 4.4MB - Virtual size: 4.4MB

.reloc Size: 39KB - Virtual size: 38KB

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

08:3f:5b:ab:7c:0e:18:cf:b0:e6:4a:2b:0b:ed:74:46
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

06:cc:8d:59:c5:4b:1c:81:88:9e:8b:e8:b0:3d:6d:47:77:df:76:12:7e:df:07:3d:23:91:8b:42:87:4f:ed:ba
Signer

.text
Size: 725KB - Virtual size: 725KB

.rdata
Size: 187KB - Virtual size: 187KB

.data
Size: 25KB - Virtual size: 58KB

.rsrc
Size: 4.4MB - Virtual size: 4.4MB

.reloc
Size: 39KB - Virtual size: 38KB