1e25cbe9f94e6b722ee51aae680f5510[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

1e25cbe9f94e6b722ee51aae680f5510.exe
Size

249KB
MD5

1e25cbe9f94e6b722ee51aae680f5510
SHA1

74cf67380449e0d81ba5c15a43ea7fdf703ba7ef
SHA256

152704e13aba56bccb1183992109216ee3c2d007dfe123ff5762955ecd3b8f00
SHA512

5bbbb5a1d643b1251ea0dcf4a609e448b4cd91bcb36e737810e48f989954cb243905798eb2c0fbb05ded4f18fc49a92d0330ec981dadc7d5a13ff17ffa04cf8d
SSDEEP

6144:yq8e+JHFebX8Ua1Sp0St8/4i0WbvKJjCvEA:T8e+1FMX8Ua1c0k84d2vKJuR

Score

1^/10

Malware Config

Signatures

Files

1e25cbe9f94e6b722ee51aae680f5510.exe
.exe windows:6 windows x86 arch:x86

31ec39f4a4b45eb83a2c38e4d4f51e1c

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

56:16:56:37:c5:91:d1:12:51:d6:02:f1:87:c3:d2:36
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

30/08/2022, 00:00

Not After

29/08/2024, 23:59

Subject

CN=rozetatech co.\,ltd,O=rozetatech co.\,ltd,ST=Gyeonggi-do,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

78:8e:04:f7:a6:9b:37:ea:de:42:08:0b:6e:a3:c5:b0:33:7c:71:6b:de:df:0e:44:f1:41:d3:cc:0a:01:ee:6a
Signer

Actual PE Digest

78:8e:04:f7:a6:9b:37:ea:de:42:08:0b:6e:a3:c5:b0:33:7c:71:6b:de:df:0e:44:f1:41:d3:cc:0a:01:ee:6a

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpynA
lstrcpynW
lstrcpyA
lstrcatA
lstrlenA
lstrlenW
_lopen
_lcreat
_lwrite
_lclose
_llseek
GetStartupInfoA
FindResourceA
AddAtomA
GetPrivateProfileIntA
GetPrivateProfileStringA
WritePrivateProfileStringA
CopyFileW
MoveFileW
FileTimeToSystemTime
SystemTimeToFileTime
WideCharToMultiByte
ResetEvent
lstrcmpA
CreateFileA
GetOverlappedResult
SetEvent
CreateEventA
TerminateThread
ClearCommError
SetupComm
EscapeCommFunction
GetCommState
GetCommTimeouts
PurgeComm
SetCommMask
SetCommState
SetCommTimeouts
WaitCommEvent
lstrcpyW
lstrcatW
SetUnhandledExceptionFilter
GetModuleFileNameA
MulDiv
DeleteAtom
LocalFree
LocalAlloc
GlobalLock
lstrcmpiA
WaitForSingleObject
FormatMessageA
GlobalUnlock
GlobalAlloc
LoadLibraryA
SizeofResource
LockResource
LoadResource
GetProcAddress
GetModuleHandleA
GetModuleFileNameW
FreeResource
FreeLibrary
GetTickCount
GetLocalTime
GetSystemTime
CreateProcessW
CreateThread
GetExitCodeProcess
ExitProcess
WaitForMultipleObjects
Sleep
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
HeapAlloc
HeapDestroy
HeapCreate
SetLastError
GetLastError
CloseHandle
GetTempPathA
GetTempPathW
WriteFile
SetFileTime
SetFilePointerEx
SetFileAttributesW
RemoveDirectoryW
ReadFile
GetFileTime
GetFileSize
GetFileAttributesW
FindNextFileW
FindFirstFileW
FindClose
DeleteFileW
CreateFileW
CreateDirectoryW
GetCurrentDirectoryW
GetCommandLineW
MultiByteToWideChar
GetCommandLineA

user32

CharUpperBuffA
KillTimer
SetCapture
ReleaseCapture
SetCursor
PtInRect
DefWindowProcA
RegisterClassExA
BeginPaint
EndPaint
wsprintfW
RegisterClassExW
CreateWindowExW
IsClipboardFormatAvailable
CharUpperBuffW
CharLowerBuffW
GetKeyState
GetCapture
ScrollWindow
SetScrollPos
SetScrollRange
CreateCaret
DestroyCaret
HideCaret
ShowCaret
SetCaretPos
GetClassNameA
DefMDIChildProcW
GetMenu
MessageBeep
ShowCursor
ClientToScreen
SetForegroundWindow
GetMessageA
TranslateMessage
DispatchMessageA
PostQuitMessage
LoadAcceleratorsA
TranslateAcceleratorA
DrawMenuBar
EnableMenuItem
GetMenuItemCount
ModifyMenuA
SetMenuItemBitmaps
GetMenuItemInfoA
UpdateWindow
ChildWindowFromPoint
EnumChildWindows
DefFrameProcA
TranslateMDISysAccel
LoadIconA
MessageBoxW
MessageBoxA
GetWindowRect
GetClientRect
GetWindowTextLengthW
GetWindowTextLengthA
GetWindowTextW
GetWindowTextA
SetScrollInfo
LoadCursorA
GetPropA
SetPropA
InvalidateRect
ReleaseDC
GetDC
DrawTextA
TrackPopupMenuEx
ModifyMenuW
GetSubMenu
DestroyMenu
LoadMenuA
GetSystemMetrics
EnableWindow
SetTimer
GetFocus
SetFocus
ScreenToClient
LoadBitmapA
GetWindow
GetParent
SetClassLongA
GetClassLongA
SetWindowLongA
GetWindowLongA
GetCursorPos
InflateRect
SetRect
EmptyClipboard
GetClipboardData
SetClipboardData
CloseClipboard
OpenClipboard
GetDialogBaseUnits
SendDlgItemMessageW
SendDlgItemMessageA
IsDlgButtonChecked
CheckRadioButton
CheckDlgButton
GetDlgItemTextW
GetDlgItemTextA
SetDlgItemTextW
SetDlgItemTextA
GetDlgItemInt
LoadStringA
LoadStringW
wsprintfA
FillRect
DrawFocusRect
PeekMessageA
SendMessageA
IsDialogMessageA
SetWindowTextW
SetDlgItemInt
GetDlgItem
EndDialog
DialogBoxParamW
CreateDialogParamW
IsZoomed
IsIconic
MoveWindow
ShowWindow
DestroyWindow
CreateWindowExA
CallWindowProcA
PostMessageA
GetSysColor
SetWindowTextA
SendMessageW
OffsetRect

gdi32

GetTextColor
GetTextMetricsA
EnumFontFamiliesA
CreatePen
ExtTextOutA
TextOutW
TextOutA
MoveToEx
GetObjectA
CreateDIBSection
SetTextColor
BitBlt
SetBkMode
SetBkColor
SelectObject
LineTo
GetTextExtentPoint32A
GetDIBits
EnumFontsW
DeleteObject
DeleteDC
CreateSolidBrush
CreateFontW
CreateCompatibleDC
CreateCompatibleBitmap

shell32

DragQueryPoint
SHGetDesktopFolder
SHBrowseForFolderW
DragFinish
DragAcceptFiles
SHGetPathFromIDListW
SHGetMalloc
ShellExecuteW
DragQueryFileW

comdlg32

CommDlgExtendedError
GetOpenFileNameW
GetSaveFileNameW
ChooseColorA

comctl32

ImageList_Add
ImageList_Create
ord17
PropertySheetW
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_Destroy

ntdll

strstr
strchr
memmove
memcpy
memcmp
memset

ws2_32

connect
ioctlsocket
htonl
htons
inet_addr
recv
recvfrom
send
sendto
closesocket
gethostbyname
WSAStartup
WSACleanup
WSAGetLastError
WSAAsyncSelect
WSACreateEvent
WSAEventSelect
socket
bind

msimg32

GradientFill

Sections

.text
Size: 157KB - Virtual size: 156KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

31ec39f4a4b45eb83a2c38e4d4f51e1c

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

56:16:56:37:c5:91:d1:12:51:d6:02:f1:87:c3:d2:36Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

78:8e:04:f7:a6:9b:37:ea:de:42:08:0b:6e:a3:c5:b0:33:7c:71:6b:de:df:0e:44:f1:41:d3:cc:0a:01:ee:6aSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

comctl32

ntdll

ws2_32

msimg32

Sections

.text Size: 157KB - Virtual size: 156KB

.rdata Size: 26KB - Virtual size: 26KB

.data Size: 5KB - Virtual size: 7KB

.rsrc Size: 42KB - Virtual size: 41KB

.reloc Size: 7KB - Virtual size: 6KB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

56:16:56:37:c5:91:d1:12:51:d6:02:f1:87:c3:d2:36
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

78:8e:04:f7:a6:9b:37:ea:de:42:08:0b:6e:a3:c5:b0:33:7c:71:6b:de:df:0e:44:f1:41:d3:cc:0a:01:ee:6a
Signer

.text
Size: 157KB - Virtual size: 156KB

.rdata
Size: 26KB - Virtual size: 26KB

.data
Size: 5KB - Virtual size: 7KB

.rsrc
Size: 42KB - Virtual size: 41KB

.reloc
Size: 7KB - Virtual size: 6KB