20acc9e0bb328e6e5d99fb2627e60eaa3887e43a5e2a4614bb67745374bc8458

Sharing

Copy URL

Twitter E-mail

General

Target

20acc9e0bb328e6e5d99fb2627e60eaa3887e43a5e2a4614bb67745374bc8458
Size

210KB
MD5

c7bee7cdc6f793cc494f02b0901e6319
SHA1

49038760645c72fdcee567ac0ea11a759e1de7e4
SHA256

20acc9e0bb328e6e5d99fb2627e60eaa3887e43a5e2a4614bb67745374bc8458
SHA512

37eaba884c6142833fc52ffd197b29360ae7cb802fcbcaf7503723c3fb1320196a1c50928d67a09f20cf6512f2fc36e1a8b135d8b164ec833ea86a11c175abd4
SSDEEP

3072:nTFL6D/uL0VCuNz+wmJbT7q2xsdzEnyJz1nxSuHHzj:nEyECuNzAtT7q24zEAzZ3

Score

1^/10

Malware Config

Signatures

Files

20acc9e0bb328e6e5d99fb2627e60eaa3887e43a5e2a4614bb67745374bc8458
.exe windows:5 windows x64 arch:x64

f47f210e752c0e06947531b22080045d

Code Sign

0d:4e:5d:45:6a:57:a3:26:f0:97:bc:20:15:2b:29:00
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

17/02/2021, 00:00

Not After

16/05/2024, 23:59

Subject

CN=DriveLock SE,O=DriveLock SE,L=München,ST=Bayern,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0d:4e:5d:45:6a:57:a3:26:f0:97:bc:20:15:2b:29:00
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

17/02/2021, 00:00

Not After

16/05/2024, 23:59

Subject

CN=DriveLock SE,O=DriveLock SE,L=München,ST=Bayern,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ed:f2:dd:a3:c2:aa:41:ec:d2:05:49:39:bb:38:bf:86:bd:92:c2:20:f5:40:b3:ab:3f:46:0e:06:01:78:52:98
Signer

Actual PE Digest

ed:f2:dd:a3:c2:aa:41:ec:d2:05:49:39:bb:38:bf:86:bd:92:c2:20:f5:40:b3:ab:3f:46:0e:06:01:78:52:98

Digest Algorithm

sha256

PE Digest Matches

false

c4:40:00:80:29:97:97:fb:99:6b:32:36:65:e5:08:cf:01:06:3f:93
Signer

Actual PE Digest

c4:40:00:80:29:97:97:fb:99:6b:32:36:65:e5:08:cf:01:06:3f:93

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

SetFilePointer
lstrlenW
GetFileSizeEx
MoveFileW
FileTimeToSystemTime
GetCurrentThreadId
GetLocalTime
MultiByteToWideChar
WideCharToMultiByte
lstrcpyW
FindClose
GetFirmwareEnvironmentVariableW
CreateProcessW
CreateFileW
FindNextFileW
RemoveDirectoryW
GetExitCodeProcess
SetStdHandle
HeapReAlloc
GetConsoleMode
GetConsoleCP
LoadLibraryW
GetFileAttributesW
GetTempPathW
DeleteFileW
FlushFileBuffers
FileTimeToLocalFileTime
GetSystemTimeAsFileTime
GetComputerNameExA
GetCommandLineA
GetModuleFileNameW
WTSGetActiveConsoleSessionId
GetCurrentProcess
GetCurrentProcessId
ProcessIdToSessionId
GetNativeSystemInfo
lstrlenA
WriteFile
LeaveCriticalSection
EnterCriticalSection
GetTickCount
GetLastError
InitializeCriticalSection
TlsSetValue
TlsGetValue
GetModuleHandleExW
TlsFree
TlsAlloc
GetProcAddress
LCMapStringW
QueryPerformanceCounter
HeapCreate
GetVersion
HeapSetInformation
GetModuleHandleW
FreeLibrary
WaitForSingleObject
TerminateProcess
OpenProcess
Sleep
CloseHandle
SetLastError
FindFirstFileW
DeleteCriticalSection
GetStartupInfoW
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
ExitProcess
HeapSize
GetStdHandle
GetStringTypeW
RtlUnwindEx
DecodePointer
EncodePointer
ExitThread
CreateThread
GetCommandLineW
RaiseException
RtlPcToFileHeader
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
FlsGetValue
FlsSetValue
FlsFree
FlsAlloc
HeapAlloc
HeapFree
VirtualAlloc

advapi32

GetUserNameA
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegDeleteValueW
ChangeServiceConfig2W
AdjustTokenPrivileges
LookupPrivilegeValueW
GetTokenInformation
OpenProcessToken
RegQueryValueExA
ControlService
QueryServiceStatusEx
OpenServiceW
OpenSCManagerW
ChangeServiceConfigW
CloseServiceHandle

shell32

SHGetSpecialFolderPathW
SHGetFolderPathW

fltlib

FilterDetach
FilterVolumeInstanceFindNext
FilterVolumeInstanceFindClose
FilterVolumeFindClose
FilterUnload
FilterVolumeInstanceFindFirst
FilterVolumeFindNext
FilterVolumeFindFirst

psapi

GetModuleBaseNameW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

msi

ord169
ord190
ord141

Sections

.text
Size: 141KB - Virtual size: 141KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f47f210e752c0e06947531b22080045d

Code Sign

0d:4e:5d:45:6a:57:a3:26:f0:97:bc:20:15:2b:29:00Certificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

0d:4e:5d:45:6a:57:a3:26:f0:97:bc:20:15:2b:29:00Certificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

ed:f2:dd:a3:c2:aa:41:ec:d2:05:49:39:bb:38:bf:86:bd:92:c2:20:f5:40:b3:ab:3f:46:0e:06:01:78:52:98Signer

c4:40:00:80:29:97:97:fb:99:6b:32:36:65:e5:08:cf:01:06:3f:93Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shell32

fltlib

psapi

version

msi

Sections

.text Size: 141KB - Virtual size: 141KB

.rdata Size: 34KB - Virtual size: 34KB

.data Size: 5KB - Virtual size: 16KB

.pdata Size: 5KB - Virtual size: 5KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

0d:4e:5d:45:6a:57:a3:26:f0:97:bc:20:15:2b:29:00
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

0d:4e:5d:45:6a:57:a3:26:f0:97:bc:20:15:2b:29:00
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

ed:f2:dd:a3:c2:aa:41:ec:d2:05:49:39:bb:38:bf:86:bd:92:c2:20:f5:40:b3:ab:3f:46:0e:06:01:78:52:98
Signer

c4:40:00:80:29:97:97:fb:99:6b:32:36:65:e5:08:cf:01:06:3f:93
Signer

.text
Size: 141KB - Virtual size: 141KB

.rdata
Size: 34KB - Virtual size: 34KB

.data
Size: 5KB - Virtual size: 16KB

.pdata
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB