79b2c3471537c894b7582fc4bf439dd5

Sharing

Copy URL Twitter E-mail

General

Target

79b2c3471537c894b7582fc4bf439dd5
Size

8.4MB
MD5

79b2c3471537c894b7582fc4bf439dd5
SHA1

dc9757adf42c4cfcb7224416f7034567022746a4
SHA256

4bb1f62a4f89fe25e728bd933d2bc9b5fb40677fe1cf6ee09643fbfef2cca2b3
SHA512

19f9222dd9cdc290977a971ce513e6c00ec088eeee1494f6029e03d5774239034504afe1f8d90b5f146fccc609f028c306b22f0941408a9a346ab6f86a034362
SSDEEP

196608:zpfNoie0ejFoTBIJRGBhNuq2QUWa7Ujh9SzFy98nt:zpl/iihNuqDaojh9SzS8t

Score

1^/10

Malware Config

Signatures

Files

79b2c3471537c894b7582fc4bf439dd5
.dll windows:5 windows x64 arch:x64

6b926c679a9c0bb1b1c11f21465624bd

Code Sign

33:00:00:00:be:a4:0f:f5:c9:a5:0e:e1:30:00:00:00:00:00:be
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/09/2016, 17:58

Not After

07/09/2018, 17:58

Subject

CN=Microsoft Time-Stamp Service,OU=AOC+OU=nCipher DSE ESN:843D-37F6-F104,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:00:54:51:4c:85:3e:ad:08:70:67:00:01:00:00:00:54
Certificate

Issuer

CN=Microsoft Windows Verification PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

05/10/2017, 17:34

Not After

05/10/2018, 17:34

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0a:59:2b:00:00:00:00:00:3b
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

11/02/2016, 23:24

Not After

09/05/2021, 23:28

Subject

CN=Microsoft Windows Verification PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

15:7a:67:52:93:c9:20:04:87:bc:cf:82:e8:a6:b7:ee:23:22:db:4d
Signer

Actual PE Digest

15:7a:67:52:93:c9:20:04:87:bc:cf:82:e8:a6:b7:ee:23:22:db:4d

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

WaitForSingleObject
OpenProcess
Sleep
GetFileAttributesA
CreateProcessA
GetModuleFileNameW
GetSystemDirectoryA
VirtualAllocEx
CreateFileMappingW
GetModuleFileNameA
OpenFileMappingW
CloseHandle
GetCurrentProcessId
WriteProcessMemory
DeleteFileA
CreateRemoteThread
GetLastError
HeapFree
HeapAlloc
HeapReAlloc
GetCurrentThreadId
FlsSetValue
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
HeapSetInformation
GetVersion
HeapCreate
HeapDestroy
GetProcAddress
GetModuleHandleW
ExitProcess
DecodePointer
WriteFile
GetStdHandle
EncodePointer
RtlUnwindEx
FlsGetValue
FlsFree
SetLastError
FlsAlloc
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
LoadLibraryW
SetFilePointer
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapSize
SetStdHandle
WriteConsoleW
MultiByteToWideChar
LCMapStringW
GetStringTypeW
CreateFileW
FlushFileBuffers

Exports

Exports

Embedding
cmsot

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 659KB - Virtual size: 671KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6b926c679a9c0bb1b1c11f21465624bd

Code Sign

33:00:00:00:be:a4:0f:f5:c9:a5:0e:e1:30:00:00:00:00:00:beCertificate

Extended Key Usages

33:00:00:00:54:51:4c:85:3e:ad:08:70:67:00:01:00:00:00:54Certificate

Extended Key Usages

61:0a:59:2b:00:00:00:00:00:3bCertificate

Key Usages

61:16:68:34:00:00:00:00:00:1cCertificate

Extended Key Usages

Key Usages

15:7a:67:52:93:c9:20:04:87:bc:cf:82:e8:a6:b7:ee:23:22:db:4dSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 36KB - Virtual size: 35KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 659KB - Virtual size: 671KB

.pdata Size: 2KB - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 2KB

33:00:00:00:be:a4:0f:f5:c9:a5:0e:e1:30:00:00:00:00:00:be
Certificate

33:00:00:00:54:51:4c:85:3e:ad:08:70:67:00:01:00:00:00:54
Certificate

61:0a:59:2b:00:00:00:00:00:3b
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

15:7a:67:52:93:c9:20:04:87:bc:cf:82:e8:a6:b7:ee:23:22:db:4d
Signer

.text
Size: 36KB - Virtual size: 35KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 659KB - Virtual size: 671KB

.pdata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 2KB