9866506c7dd3e5e134db22782ac186ba1d8156ce59e68e7d89af1fa43807211a

Sharing

Copy URL Twitter E-mail

General

Target

9866506c7dd3e5e134db22782ac186ba1d8156ce59e68e7d89af1fa43807211a
Size

300KB
MD5

cdb3a8f42a33081c5a252ff54c4f35d0
SHA1

c32ae6149bb184b68bc961694af95324225e454f
SHA256

9866506c7dd3e5e134db22782ac186ba1d8156ce59e68e7d89af1fa43807211a
SHA512

69220ef5955241bc8fc737eaa604bff0d45af295956827561ff2ce7d9d052ae12b48b5df3cabf6e11d1770315490f944125eedb2f8a60334cbda49cd8100ef77
SSDEEP

6144:0xHjS9u2SRYKqpg8uwDu1mBV+UdvrEFp7hK++:0guffwWmBjvrEH73+

Score

1^/10

Malware Config

Signatures

Files

9866506c7dd3e5e134db22782ac186ba1d8156ce59e68e7d89af1fa43807211a
.exe windows:4 windows x86 arch:x86

0bb6136ca80accf3edd779dff39f1201

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

08:0a:f1:12:3f:77:06:03:5e:fc:6e:17:6b:48:0a:04
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

13/08/2022, 00:00

Not After

14/08/2024, 23:59

Subject

CN=MOBILE-ID TECHNOLOGIES AND SERVICES JOINT STOCK COMPANY,OU=IT Department,O=MOBILE-ID TECHNOLOGIES AND SERVICES JOINT STOCK COMPANY,L=Thủ Đức,ST=Ho Chi Minh City,C=VN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:0a:f1:12:3f:77:06:03:5e:fc:6e:17:6b:48:0a:04
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

13/08/2022, 00:00

Not After

14/08/2024, 23:59

Subject

CN=MOBILE-ID TECHNOLOGIES AND SERVICES JOINT STOCK COMPANY,OU=IT Department,O=MOBILE-ID TECHNOLOGIES AND SERVICES JOINT STOCK COMPANY,L=Thủ Đức,ST=Ho Chi Minh City,C=VN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

19:05:74:3c:1a:11:f8:78:5c:4e:57:ca:bc:0b:5a:09:1e:c9:2c:11:0f:80:68:c6:18:6f:d2:52:15:5e:d9:11
Signer

Actual PE Digest

19:05:74:3c:1a:11:f8:78:5c:4e:57:ca:bc:0b:5a:09:1e:c9:2c:11:0f:80:68:c6:18:6f:d2:52:15:5e:d9:11

Digest Algorithm

sha256

PE Digest Matches

false

50:cc:c1:52:b9:ae:ef:31:d5:a4:05:40:d5:2b:6b:d5:76:1b:49:49
Signer

Actual PE Digest

50:cc:c1:52:b9:ae:ef:31:d5:a4:05:40:d5:2b:6b:d5:76:1b:49:49

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42u

ord535
ord860
ord1155
ord942
ord2637
ord1172
ord2859
ord537
ord6451
ord2910
ord6665
ord3806
ord2634
ord5977
ord4219
ord470
ord755
ord2371
ord4282
ord5679
ord5706
ord1165
ord1143
ord2717
ord1131
ord2613
ord2078
ord6211
ord5714
ord1197
ord815
ord561
ord3733
ord4418
ord4616
ord5710
ord5285
ord5303
ord4692
ord4074
ord5298
ord5296
ord3341
ord2388
ord5193
ord1089
ord3917
ord5727
ord2504
ord2546
ord4480
ord6371
ord4269
ord4667
ord940
ord2606
ord823
ord4370
ord4847
ord5276
ord4704
ord2810
ord538
ord6195
ord3087
ord6330
ord4229
ord2362
ord2293
ord5261
ord825
ord324
ord540
ord858
ord861
ord800
ord641
ord3592
ord4419
ord4621
ord4075
ord3074
ord3820
ord3826
ord3825
ord2971
ord3076
ord2980
ord3257
ord3131
ord4459
ord3254
ord3142
ord2977
ord5273
ord2116
ord2438
ord5257
ord1720
ord5059
ord3744
ord6372
ord2047
ord2640
ord4435
ord4831
ord3793
ord4347
ord6370
ord5157
ord2377
ord5237
ord4401
ord1767
ord4073
ord6048
ord2506
ord4992
ord3871
ord1569

msvcrt

_controlfp
_onexit
__dllonexit
??1type_info@@UAE@XZ
_except_handler3
__set_app_type
__p__fmode
_wcsicmp
__CxxFrameHandler
wcschr
??0exception@@QAE@ABV0@@Z
strncpy
??0exception@@QAE@XZ
_CxxThrowException
memmove
??1exception@@UAE@XZ
_wtol
wcscmp
wcslen
wcsstr
fclose
fwrite
_wfopen
atol
wcscpy
wcscat
_beginthreadex
_exit
_XcptFilter
exit
_wcmdln
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode

kernel32

Process32FirstW
Process32NextW
OpenProcess
WaitForMultipleObjects
Sleep
CreateEventW
CreateMutexW
CloseHandle
GetCommandLineW
SystemTimeToFileTime
CreateToolhelp32Snapshot
lstrcpyW
GetModuleHandleW
TerminateThread
GetStartupInfoW
SetEvent
TerminateProcess
FreeLibrary
GetProcAddress
CompareFileTime
LoadLibraryW
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
MultiByteToWideChar
LocalAlloc
lstrlenW
GetVersionExW
WaitForSingleObject
RemoveDirectoryW
GetExitCodeProcess
CreateProcessW
GetPrivateProfileStringW
DeleteFileW
CreateDirectoryW
GetTempPathW
ReadFile
GetFileSize
CreateFileW
OutputDebugStringW
GetUserDefaultLangID
lstrcatW
lstrcmpiW
GetModuleFileNameW
WideCharToMultiByte
LocalFree
lstrcpynW
GetLastError
GetSystemInfo

user32

GetParent
EndDialog
DestroyIcon
GetCursorPos
CreatePopupMenu
AppendMenuW
SetForegroundWindow
TrackPopupMenu
GetForegroundWindow
MessageBoxW
EnumWindows
LoadImageW
wsprintfW
IsWindow
IsIconic
DrawIcon
SendMessageW
LoadIconW
PostMessageW
RegisterWindowMessageW
GetDC
SetWindowRgn
ReleaseDC
LoadCursorW
RegisterClassExW
CreateWindowExW
SetWindowTextW
GetWindow
GetDlgCtrlID
GetClassNameW
EnableWindow
DestroyWindow
GetWindowTextW
UpdateWindow
BeginPaint
GetClientRect
DrawTextW
EndPaint
KillTimer
LoadBitmapW
SetTimer
ShowWindow
DefWindowProcW
PtInRect
InvalidateRect
GetWindowRect
GetSystemMetrics
MoveWindow
SetWindowPos
EnumThreadWindows

gdi32

DeleteDC
CreatePolygonRgn
GetStockObject
GetTextExtentPoint32W
SetBkMode
CreateCompatibleDC
SelectObject
Polygon
DeleteObject
CreateSolidBrush
CreatePen
CreateFontIndirectW

advapi32

RegCloseKey
RegOpenKeyExW
RegSetValueExW
RegEnumKeyExW
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegQueryValueExW

shell32

ShellExecuteExW
ShellExecuteW
Shell_NotifyIconW

ole32

CoUninitialize
CoInitialize

crypt32

CertCloseStore
CertFreeCertificateContext
CertGetIntendedKeyUsage
CertSetCertificateContextProperty
CertCreateCertificateContext
CertOpenStore
CryptDecodeObject
CertFindExtension
CryptVerifyCertificateSignature
CertDeleteCertificateFromStore
CertDuplicateCertificateContext
CertGetCertificateContextProperty
CertEnumCertificatesInStore
CertAddCertificateContextToStore
CertGetNameStringW

wininet

InternetCloseHandle
InternetOpenUrlW
InternetOpenW
InternetGetConnectedState
InternetCanonicalizeUrlW
DeleteUrlCacheEntryW
InternetReadFile

shlwapi

PathFileExistsW

winscard

SCardReleaseContext
SCardGetStatusChangeW
SCardEstablishContext

Sections

.text
Size: 104KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0bb6136ca80accf3edd779dff39f1201

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

08:0a:f1:12:3f:77:06:03:5e:fc:6e:17:6b:48:0a:04Certificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

08:0a:f1:12:3f:77:06:03:5e:fc:6e:17:6b:48:0a:04Certificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

19:05:74:3c:1a:11:f8:78:5c:4e:57:ca:bc:0b:5a:09:1e:c9:2c:11:0f:80:68:c6:18:6f:d2:52:15:5e:d9:11Signer

50:cc:c1:52:b9:ae:ef:31:d5:a4:05:40:d5:2b:6b:d5:76:1b:49:49Signer

Headers

File Characteristics

Imports

mfc42u

msvcrt

kernel32

user32

gdi32

advapi32

shell32

ole32

crypt32

wininet

shlwapi

winscard

Sections

.text Size: 104KB - Virtual size: 100KB

.rdata Size: 24KB - Virtual size: 20KB

.data Size: 16KB - Virtual size: 30KB

.rsrc Size: 56KB - Virtual size: 53KB

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

08:0a:f1:12:3f:77:06:03:5e:fc:6e:17:6b:48:0a:04
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

08:0a:f1:12:3f:77:06:03:5e:fc:6e:17:6b:48:0a:04
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

19:05:74:3c:1a:11:f8:78:5c:4e:57:ca:bc:0b:5a:09:1e:c9:2c:11:0f:80:68:c6:18:6f:d2:52:15:5e:d9:11
Signer

50:cc:c1:52:b9:ae:ef:31:d5:a4:05:40:d5:2b:6b:d5:76:1b:49:49
Signer

.text
Size: 104KB - Virtual size: 100KB

.rdata
Size: 24KB - Virtual size: 20KB

.data
Size: 16KB - Virtual size: 30KB

.rsrc
Size: 56KB - Virtual size: 53KB