88af7e095544a7f42606552474523282

Sharing

Copy URL Twitter E-mail

General

Target

88af7e095544a7f42606552474523282
Size

37KB
MD5

88af7e095544a7f42606552474523282
SHA1

b1d5ad51a6944ee38b4bf63f89da35bd9326c8fb
SHA256

c9dc172124da90d41305cd154a7d2d5a560adf4a18c3913a2831155a1d6b317a
SHA512

31d235050c8876df398677c43b6c9bfb5eda6670a3c180862a154c3721e7558f44a9073a12a8dde57101c76f92f82426f14a8609e43a9e3b5bbe613cd3831298
SSDEEP

768:7CIohOHsYk+pZL9lDt8c6FkVZERJHS7JhcP+MQA:mIoctFrhVUJ8SqA

Score

1^/10

Malware Config

Signatures

Files

88af7e095544a7f42606552474523282
.exe windows:4 windows x64 arch:x64

283bc4c56940e4177ff6570e1e0e4dc1

Code Sign

12:00:12:56:88:4a:29:9a:c4:21:44:5a:79:00:00:00:12:56:88
Certificate

Issuer

CN=Microsoft RSA TLS CA 01,O=Microsoft Corporation,C=US

Not Before

29/06/2021, 21:35

Not After

29/06/2022, 21:35

Subject

CN=*.oneroute.microsoft.com

00:62:19:9b:77:19:0f:93:b1:f9:92:83:ec:4e:4e:98:22:e6:a8:87
Signer

Actual PE Digest

00:62:19:9b:77:19:0f:93:b1:f9:92:83:ec:4e:4e:98:22:e6:a8:87

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

CreateEventA
CreateFileA
CreateFileMappingA
DeleteCriticalSection
EnterCriticalSection
GetCurrentProcess
GetLastError
GetModuleHandleA
GetProcAddress
GetStartupInfoA
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
MapViewOfFile
OpenProcess
SetUnhandledExceptionFilter
Sleep
SleepEx
TlsGetValue
VirtualFree
VirtualProtect
VirtualQuery
WaitForSingleObject

msvcrt

__C_specific_handler
__getmainargs
__initenv
__iob_func
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_cexit
_commode
_errno
_fmode
_initterm
_onexit
abort
acos
asin
atan
calloc
exit
fprintf
free
fwrite
malloc
memcpy
rand
signal
strcmp
strlen
strncmp
vfprintf

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 1024B - Virtual size: 672B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 1024B - Virtual size: 524B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 416B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

283bc4c56940e4177ff6570e1e0e4dc1

Code Sign

12:00:12:56:88:4a:29:9a:c4:21:44:5a:79:00:00:00:12:56:88Certificate

00:62:19:9b:77:19:0f:93:b1:f9:92:83:ec:4e:4e:98:22:e6:a8:87Signer

Headers

File Characteristics

Imports

kernel32

msvcrt

Sections

.text Size: 25KB - Virtual size: 24KB

.data Size: 512B - Virtual size: 208B

.rdata Size: 4KB - Virtual size: 4KB

.pdata Size: 1024B - Virtual size: 672B

.xdata Size: 1024B - Virtual size: 524B

.bss Size: - Virtual size: 416B

.idata Size: 2KB - Virtual size: 1KB

.CRT Size: 512B - Virtual size: 104B

.tls Size: 512B - Virtual size: 16B

12:00:12:56:88:4a:29:9a:c4:21:44:5a:79:00:00:00:12:56:88
Certificate

00:62:19:9b:77:19:0f:93:b1:f9:92:83:ec:4e:4e:98:22:e6:a8:87
Signer

.text
Size: 25KB - Virtual size: 24KB

.data
Size: 512B - Virtual size: 208B

.rdata
Size: 4KB - Virtual size: 4KB

.pdata
Size: 1024B - Virtual size: 672B

.xdata
Size: 1024B - Virtual size: 524B

.bss
Size: - Virtual size: 416B

.idata
Size: 2KB - Virtual size: 1KB

.CRT
Size: 512B - Virtual size: 104B

.tls
Size: 512B - Virtual size: 16B