837d792fd6731f54ab1b99fb7d51e8409376ea560c77d9dbd617b26a5f2b59ac

Sharing

Copy URL Twitter E-mail

General

Target

837d792fd6731f54ab1b99fb7d51e8409376ea560c77d9dbd617b26a5f2b59ac
Size

8.7MB
MD5

2f7e353f4c25ac8312f7f1f02c757171
SHA1

ec75204de817443b2ca87680f1df3ef2734595a0
SHA256

837d792fd6731f54ab1b99fb7d51e8409376ea560c77d9dbd617b26a5f2b59ac
SHA512

9cfb22c5f13163ac3608bd2bc0411f36ff8cede2bd00e8dacf9450826de95722f4c855389c4da1f23de09445abdb8dc0a5a55a3cc1e262897ff10c268b767e4b
SSDEEP

196608:eYhUk1guc1CPwDv3uFR0ZOagyBDf+wm6Yfk1guc1CPwDv3uFR0ZOagyBDf+XN:eHbuc1CPwDv3uFmTgyBDfdQbuc1CPwDA

Score

1^/10

Malware Config

Signatures

Files

837d792fd6731f54ab1b99fb7d51e8409376ea560c77d9dbd617b26a5f2b59ac
.exe windows:5 windows x86 arch:x86

27530fb380d35ceeb28b595d1d14dbc7

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:3f:5b:ab:7c:0e:18:cf:b0:e6:4a:2b:0b:ed:74:46
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

03/02/2021, 00:00

Not After

06/03/2024, 23:59

Subject

CN=Marcotte Systems Ltd,O=Marcotte Systems Ltd,L=Boucherville,ST=Quebec,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:56:b8:b9:15:ff:bf:f8:d8:68:37:6b:33:70:66:4b:22:47:80:cf:0c:9a:6b:a7:6d:fc:9d:84:4c:91:7a:ac
Signer

Actual PE Digest

0e:56:b8:b9:15:ff:bf:f8:d8:68:37:6b:33:70:66:4b:22:47:80:cf:0c:9a:6b:a7:6d:fc:9d:84:4c:91:7a:ac

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\repos\tools\libs\fv.pdb

Imports

user32

PeekMessageA
PostMessageA
GetWindowTextA
GetWindowTextLengthA
EnumWindows
GetWindowThreadProcessId
DispatchMessageA
wsprintfA
UnregisterClassA
LoadStringA
TranslateMessage
MessageBoxA

kernel32

FreeLibrary
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
LoadLibraryExA
FormatMessageA
CreateFileA
GetDriveTypeA
GetFileSize
SetFilePointer
WriteFile
CloseHandle
SetLastError
SetErrorMode
GetCurrentProcess
GetCurrentProcessId
GetTickCount
GetProcessAffinityMask
SetProcessAffinityMask
LoadLibraryA
GetComputerNameA
FillConsoleOutputCharacterA
GetConsoleScreenBufferInfo
SetConsoleCursorPosition
MultiByteToWideChar
WideCharToMultiByte
LockFileEx
UnlockFileEx
TryEnterCriticalSection
SetEvent
ResetEvent
WaitForSingleObject
CreateEventA
Sleep
IsBadWritePtr
FileTimeToLocalFileTime
LocalFileTimeToFileTime
GetSystemTime
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
SystemTimeToFileTime
GetTimeZoneInformation
DuplicateHandle
SetThreadPriority
ResumeThread
GetThreadTimes
CreateFileW
GetFileSizeEx
ReadFile
SetEndOfFile
SetFilePointerEx
GetTempPathA
GetTempFileNameA
GetConsoleWindow
LoadResource
LockResource
SizeofResource
FindResourceA
SetEnvironmentVariableA
GetFullPathNameA
GetFullPathNameW
DeleteCriticalSection
LocalFree
TerminateProcess
GetExitCodeProcess
CreateProcessA
OpenProcess
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileSectionA
GetVersionExA
FillConsoleOutputAttribute
SetConsoleTextAttribute
ReadConsoleInputA
SetConsoleMode
CreateDirectoryA
CreateDirectoryW
DeleteFileW
FindNextFileA
MoveFileExW
VirtualQuery
lstrlenA
IsBadReadPtr
IsBadCodePtr
GetDateFormatA
GetTimeFormatA
GetUserDefaultLCID
ReleaseMutex
CreateMutexA
QueryPerformanceCounter
QueryPerformanceFrequency
lstrlenW
MapViewOfFileEx
UnmapViewOfFile
CreateFileMappingA
FlushFileBuffers
CreateThread
ExitThread
SetPriorityClass
GetLocalTime
TlsFree
TlsSetValue
TlsGetValue
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetProcessHeap
HeapValidate
HeapFree
HeapAlloc
Beep
MoveFileExA
CopyFileExA
CopyFileA
SleepEx
GetLastError
SetFileTime
SetFileAttributesA
RemoveDirectoryA
GetFileAttributesA
FindFirstFileA
FindClose
DeleteFileA
GetCurrentDirectoryA
GetEnvironmentVariableA
GetCommandLineA
GetStdHandle
TlsAlloc
SetStdHandle
GetCurrentThreadId
EncodePointer
DecodePointer
RaiseException
GetStringTypeW
RtlUnwind
ExitProcess
GetModuleHandleExW
AreFileApisANSI
GetSystemTimeAsFileTime
LoadLibraryExW
GetDriveTypeW
GetConsoleMode
HeapReAlloc
GetFileType
GetModuleFileNameW
WriteConsoleW
GetModuleHandleW
ReadConsoleW
GetConsoleCP
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetStartupInfoW
IsProcessorFeaturePresent
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesW
HeapSize
IsDebuggerPresent
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetCurrentDirectoryW
OutputDebugStringW
GetComputerNameExA

shell32

SHGetPathFromIDListA
SHGetMalloc
SHGetSpecialFolderLocation

ws2_32

WSAIoctl
WSACancelBlockingCall
WSAGetLastError
accept
bind
closesocket
connect
ioctlsocket
getpeername
htons
inet_addr
inet_ntoa
listen
recv
send
shutdown
socket
gethostbyname
gethostname
WSAStartup
WSACleanup

ole32

CoInitializeSecurity
CLSIDFromProgID
CoCreateInstance
CoUninitialize
CoInitialize
OleInitialize
OleUninitialize
CoCreateGuid

oleaut32

SysAllocString
SafeArrayDestroy
VariantChangeType
VariantCopy
VariantClear
VariantInit
SysFreeString

imagehlp

CheckSumMappedFile
MapFileAndCheckSumA

advapi32

EqualSid
AddAccessAllowedAce
RegQueryValueExA
RegOpenKeyExA
RegConnectRegistryA
RegCloseKey
ConvertSidToStringSidA
GetTokenInformation
LookupAccountSidA
GetUserNameA
OpenProcessToken
GetAce
GetAclInformation
GetLengthSid
GetSecurityDescriptorControl
GetSecurityDescriptorDacl
InitializeAcl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
LookupAccountNameA
RegCreateKeyExA
RegSetValueExA
SetFileSecurityA
GetFileSecurityA
ConvertStringSidToSidA
AdjustTokenPrivileges
AllocateAndInitializeSid
FreeSid
LookupPrivilegeValueA
AddAce

rpcrt4

UuidFromStringA

psapi

EnumProcesses
GetModuleFileNameExA

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

Sections

.text
Size: 716KB - Virtual size: 715KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 186KB - Virtual size: 186KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

27530fb380d35ceeb28b595d1d14dbc7

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

08:3f:5b:ab:7c:0e:18:cf:b0:e6:4a:2b:0b:ed:74:46Certificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

0e:56:b8:b9:15:ff:bf:f8:d8:68:37:6b:33:70:66:4b:22:47:80:cf:0c:9a:6b:a7:6d:fc:9d:84:4c:91:7a:acSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

user32

kernel32

shell32

ws2_32

ole32

oleaut32

imagehlp

advapi32

rpcrt4

psapi

version

Sections

.text Size: 716KB - Virtual size: 715KB

.rdata Size: 186KB - Virtual size: 186KB

.data Size: 25KB - Virtual size: 58KB

.rsrc Size: 3.3MB - Virtual size: 3.3MB

.reloc Size: 38KB - Virtual size: 38KB

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

08:3f:5b:ab:7c:0e:18:cf:b0:e6:4a:2b:0b:ed:74:46
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

0e:56:b8:b9:15:ff:bf:f8:d8:68:37:6b:33:70:66:4b:22:47:80:cf:0c:9a:6b:a7:6d:fc:9d:84:4c:91:7a:ac
Signer

.text
Size: 716KB - Virtual size: 715KB

.rdata
Size: 186KB - Virtual size: 186KB

.data
Size: 25KB - Virtual size: 58KB

.rsrc
Size: 3.3MB - Virtual size: 3.3MB

.reloc
Size: 38KB - Virtual size: 38KB