General

Malware Config

Signatures

Files

• 6456be4321465dbd715568ca4bda48c1c7674c08ad291b18c1cb0c183f63e028.exe

  .exe windows:5 windows x86 arch:x86

  4a3373f64999adc95eeb1061dfb317d8

  
  

  Code Sign

  48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16

  Certificate

  Issuer

  CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  25-05-2021 00:00

  Not After

  31-12-2028 23:59

  Subject

  CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a

  Certificate

  Issuer

  CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  01-08-2022 00:00

  Not After

  09-11-2031 23:59

  Subject

  CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a

  Certificate

  Issuer

  CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

  Not Before

  22-03-2021 00:00

  Not After

  21-03-2036 23:59

  Subject

  CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  89:07:f5:1b:60:c3:ea:f3:80:f3:54:29:3c:61:b0:c4

  Certificate

  Issuer

  CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

  Not Before

  07-02-2022 00:00

  Not After

  07-02-2024 23:59

  Subject

  CN=Balena Inc,O=Balena Inc,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b

  Certificate

  Issuer

  CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  23-03-2022 00:00

  Not After

  22-03-2037 23:59

  Subject

  CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a

  Certificate

  Issuer

  CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

  Not Before

  21-09-2022 00:00

  Not After

  21-11-2033 23:59

  Subject

  CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16

  Certificate

  Issuer

  CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  25-05-2021 00:00

  Not After

  31-12-2028 23:59

  Subject

  CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a

  Certificate

  Issuer

  CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

  Not Before

  22-03-2021 00:00

  Not After

  21-03-2036 23:59

  Subject

  CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  89:07:f5:1b:60:c3:ea:f3:80:f3:54:29:3c:61:b0:c4

  Certificate

  Issuer

  CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

  Not Before

  07-02-2022 00:00

  Not After

  07-02-2024 23:59

  Subject

  CN=Balena Inc,O=Balena Inc,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a

  Certificate

  Issuer

  CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

  Not Before

  21-09-2022 00:00

  Not After

  21-11-2033 23:59

  Subject

  CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b

  Certificate

  Issuer

  CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  23-03-2022 00:00

  Not After

  22-03-2037 23:59

  Subject

  CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a

  Certificate

  Issuer

  CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  01-08-2022 00:00

  Not After

  09-11-2031 23:59

  Subject

  CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  e8:a4:8a:92:a7:b7:f0:e4:00:ca:81:af:13:40:fa:bf:88:b3:7f:c0:f5:8d:25:8c:9c:5b:9d:36:3b:02:ed:08

  Signer

  Actual PE Digest

  e8:a4:8a:92:a7:b7:f0:e4:00:ca:81:af:13:40:fa:bf:88:b3:7f:c0:f5:8d:25:8c:9c:5b:9d:36:3b:02:ed:08

  Digest Algorithm

  sha256

  PE Digest Matches

  false

  94:8e:aa:c0:7d:9d:78:3d:f7:05:ee:b3:64:0f:30:c2:7c:94:b7:b5

  Signer

  Actual PE Digest

  94:8e:aa:c0:7d:9d:78:3d:f7:05:ee:b3:64:0f:30:c2:7c:94:b7:b5

  Digest Algorithm

  sha1

  PE Digest Matches

  false

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_GUARD_CF

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  PDB Paths

  Y:\inter\cluster\LjR\dn\x86\Packet\u\me.pdb

  Imports

  kernel32

  CreateMutexW

  CreateThread

  InterlockedExchange

  ReleaseMutex

  LocalFree

  lstrlenW

  FormatMessageW

  InitializeCriticalSection

  EnterCriticalSection

  LeaveCriticalSection

  WideCharToMultiByte

  GetModuleHandleW

  GetProcAddress

  MultiByteToWideChar

  FreeLibrary

  GetCurrentProcess

  VerSetConditionMask

  GetSystemDirectoryW

  LoadLibraryW

  OutputDebugStringA

  CreateFileA

  RtlCaptureStackBackTrace

  CompareStringW

  GetModuleHandleA

  GetConsoleTitleW

  Beep

  FindClose

  FindNextFileW

  GetSystemTimeAsFileTime

  FileTimeToLocalFileTime

  FileTimeToSystemTime

  QueryPerformanceFrequency

  QueryPerformanceCounter

  ConvertThreadToFiber

  ConvertFiberToThread

  CreateFiberEx

  DeleteFiber

  SwitchToFiber

  GetOverlappedResult

  CancelIo

  SetEndOfFile

  GetFileAttributesW

  GetLargestConsoleWindowSize

  OutputDebugStringW

  GetStringTypeW

  EncodePointer

  TlsAlloc

  TlsGetValue

  TlsSetValue

  TlsFree

  LCMapStringW

  GetCPInfo

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  TerminateProcess

  IsProcessorFeaturePresent

  WaitForSingleObjectEx

  GetStartupInfoW

  InitializeSListHead

  RtlUnwind

  LoadLibraryExW

  ExitThread

  FreeLibraryAndExitThread

  HeapAlloc

  HeapReAlloc

  HeapFree

  GetCommandLineA

  GetCommandLineW

  IsValidLocale

  GetUserDefaultLCID

  EnumSystemLocalesW

  HeapSize

  GetProcessHeap

  FindFirstFileExW

  IsValidCodePage

  GetEnvironmentStringsW

  FreeEnvironmentStringsW

  SetEnvironmentVariableW

  SetStdHandle

  GetConsoleMode

  FlushFileBuffers

  SetFilePointerEx

  GetModuleFileNameW

  GetModuleHandleExW

  SwitchToThread

  InterlockedCompareExchange

  CreateProcessW

  ReadConsoleW

  WriteFile

  WriteConsoleW

  GetThreadLocale

  GetLocaleInfoW

  GetCPInfoExW

  GetOEMCP

  GetACP

  GetConsoleCP

  ExitProcess

  GetModuleFileNameA

  DebugBreak

  IsDebuggerPresent

  ReadFile

  GetFileSizeEx

  WriteConsoleOutputCharacterW

  GetConsoleSelectionInfo

  SetConsoleTitleW

  WriteConsoleOutputW

  ReadConsoleOutputA

  GetTickCount

  SetConsoleCursorPosition

  GetFileType

  ReadConsoleOutputCharacterW

  Module32NextW

  GetConsoleWindow

  GetNumberOfConsoleInputEvents

  GetCurrentProcessId

  DeleteCriticalSection

  DecodePointer

  FillConsoleOutputAttribute

  Module32FirstW

  ScrollConsoleScreenBufferW

  ResetEvent

  RaiseException

  WriteConsoleOutputAttribute

  CloseHandle

  Process32FirstW

  InterlockedIncrement

  WaitForMultipleObjectsEx

  InterlockedExchangeAdd

  GetVersionExW

  SetEvent

  ReadConsoleInputW

  FillConsoleOutputCharacterW

  Process32NextW

  SetConsoleCursorInfo

  GetLastError

  Sleep

  CreateEventW

  CreateToolhelp32Snapshot

  GetCurrentThreadId

  CreateFileW

  WaitForSingleObject

  GetEnvironmentVariableW

  CreateConsoleScreenBuffer

  InitializeCriticalSectionAndSpinCount

  SetConsoleWindowInfo

  WaitForMultipleObjects

  GetConsoleCursorInfo

  SetConsoleMode

  GetStdHandle

  GetConsoleOutputCP

  SetConsoleScreenBufferSize

  SetConsoleTextAttribute

  SetLastError

  GetConsoleScreenBufferInfo

  SetFilePointer

  SetConsoleCtrlHandler

  user32

  DestroyIcon

  GetPropA

  RemovePropA

  CallWindowProcW

  GetAsyncKeyState

  MessageBeep

  MessageBoxW

  PostMessageW

  AllowSetForegroundWindow

  wsprintfW

  MessageBoxA

  wsprintfA

  GetProcessWindowStation

  GetUserObjectInformationW

  GetWindowThreadProcessId

  GetWindowLongW

  EnumWindows

  GetWindowRect

  SetWindowPos

  IntersectRect

  GetMonitorInfoW

  MonitorFromRect

  SendMessageW

  ole32

  CoCreateInstance

  CoInitializeEx

  CoTaskMemFree

  CoUninitialize

  advapi32

  RegCreateKeyExW

  RegSetValueExW

  CryptGenRandom

  RegCloseKey

  RegOpenKeyExW

  RegQueryValueExW

  comdlg32

  GetSaveFileNameW

  CommDlgExtendedError

  Sections

  .text

  Size: 1.7MB - Virtual size: 1.7MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 578KB - Virtual size: 578KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 32KB - Virtual size: 43KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .tls

  Size: 512B - Virtual size: 153B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 1.3MB - Virtual size: 1.3MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 116KB - Virtual size: 116KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ