59df1994669ecbe4551bdd92855b1e702d169320aec817f97fa6a52b0d9fc34c

Sharing

Copy URL Twitter E-mail

General

Target

59df1994669ecbe4551bdd92855b1e702d169320aec817f97fa6a52b0d9fc34c
Size

410KB
MD5

9e8998a8eda33d48a4451259c0420fb5
SHA1

a0547c2a4eb9c122b43febc8b21bbdd73e92ef53
SHA256

59df1994669ecbe4551bdd92855b1e702d169320aec817f97fa6a52b0d9fc34c
SHA512

4e02b2ea4f14ee02bcb72227ddd42cb8fe61484b0067d930a2debfc5e4995d8fa41d0197247aa3fb6c7ce82c6531a8286e388c065717f10a03a76386714490c1
SSDEEP

12288:5kfDQ6pZPXnPue2OM1DFkkLkkkbkkkGkzMU:5kfDlGe2F1DFkkLkkkbkkkG0f

Score

1^/10

Malware Config

Signatures

Files

59df1994669ecbe4551bdd92855b1e702d169320aec817f97fa6a52b0d9fc34c
.dll windows:6 windows x86 arch:x86

610a26d7c29b65c8fc3c6c71c9a971bd

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:3a:58:33:80:c4:d7:6a:bf:d3:33:5a:9f:ae:34:2c
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

06/07/2023, 00:00

Not After

10/06/2024, 23:59

Subject

SERIALNUMBER=6397588,CN=Nmap Software LLC,O=Nmap Software LLC,L=Beaverton,ST=Oregon,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

bb:da:53:f6:f6:d9:75:7a:a5:60:27:6b:5c:70:44:d5:13:48:08:b0:b6:64:30:fb:2e:1a:a6:41:e2:3c:3f:11
Signer

Actual PE Digest

bb:da:53:f6:f6:d9:75:7a:a5:60:27:6b:5c:70:44:d5:13:48:08:b0:b6:64:30:fb:2e:1a:a6:41:e2:3c:3f:11

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Nmap\Documents\Repos\npcap\wpcap\build-win32\run\Release\wpcap.pdb

Imports

packet

PacketSetMinToCopy
PacketGetAirPcapHandle
PacketCloseAdapter
PacketGetReadEvent
PacketRequest
PacketGetNetInfoEx
PacketGetAdapterNames
PacketSetHwFilter
PacketReceivePacket
PacketInitPacket
PacketSendPackets
PacketSendPacket
PacketOpenAdapter
PacketGetMonitorMode
PacketSetMonitorMode
PacketIsMonitorModeSupported
PacketIsLoopbackAdapter
PacketGetNetType
PacketSetBuff
PacketGetStatsEx
PacketGetStats
PacketGetTimestampModes
PacketSetTimestampMode
PacketSetLoopbackBehavior
PacketSetBpf
PacketSetReadTimeout
PacketSetMode
PacketGetVersion

ws2_32

ntohl
getaddrinfo
socket
shutdown
send
recv
listen
connect
bind
getnameinfo
setsockopt
select
getsockopt
getsockname
getpeername
closesocket
accept
WSACleanup
WSAStartup
WSAGetLastError
WSASetLastError
getprotobyname
getservbyname
getservbyport
gethostbyname
gethostbyaddr
inet_ntoa
inet_addr
htons
freeaddrinfo
htonl
ntohs

kernel32

FindNextFileA
WriteConsoleW
SetEndOfFile
HeapSize
CreateFileW
GetStringTypeW
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
GetFileSizeEx
GetConsoleOutputCP
FlushFileBuffers
HeapReAlloc
ReadConsoleW
GetConsoleMode
WriteFile
SetFilePointerEx
GetStdHandle
LCMapStringW
HeapFree
HeapAlloc
GetModuleFileNameW
GetModuleHandleExW
ExitProcess
ReadFile
GetFileType
SetStdHandle
CloseHandle
RaiseException
EncodePointer
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
RtlUnwind
InterlockedFlushSList
FormatMessageW
GetSystemDirectoryA
FreeLibrary
GetProcAddress
LoadLibraryA
SetLastError
GetLastError
MultiByteToWideChar
WideCharToMultiByte
SetEvent
GetVersion
WaitForSingleObject
Sleep
FindClose
FindFirstFileA
DecodePointer
InitializeSListHead
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime

Exports

Exports

bpf_dump
bpf_filter
bpf_image
bpf_validate
eproto_db
pcap_activate
pcap_breakloop
pcap_bufsize
pcap_can_set_rfmon
pcap_close
pcap_compile
pcap_compile_nopcap
pcap_create
pcap_createsrcstr
pcap_datalink
pcap_datalink_ext
pcap_datalink_name_to_val
pcap_datalink_val_to_description
pcap_datalink_val_to_description_or_dlt
pcap_datalink_val_to_name
pcap_dispatch
pcap_dump
pcap_dump_close
pcap_dump_file
pcap_dump_flush
pcap_dump_ftell
pcap_dump_ftell64
pcap_dump_hopen
pcap_dump_open
pcap_dump_open_append
pcap_ether_aton
pcap_ether_hostton
pcap_file
pcap_fileno
pcap_findalldevs
pcap_findalldevs_ex
pcap_free_datalinks
pcap_free_tstamp_types
pcap_freealldevs
pcap_freecode
pcap_get_airpcap_handle
pcap_get_tstamp_precision
pcap_geterr
pcap_getevent
pcap_getnonblock
pcap_hopen_offline
pcap_hopen_offline_with_tstamp_precision
pcap_init
pcap_inject
pcap_is_swapped
pcap_lib_version
pcap_list_datalinks
pcap_list_tstamp_types
pcap_live_dump
pcap_live_dump_ended
pcap_lookupdev
pcap_lookupnet
pcap_loop
pcap_major_version
pcap_minor_version
pcap_nametoaddr
pcap_nametoaddrinfo
pcap_nametoeproto
pcap_nametollc
pcap_nametonetaddr
pcap_nametoport
pcap_nametoportrange
pcap_nametoproto
pcap_next
pcap_next_etherent
pcap_next_ex
pcap_offline_filter
pcap_oid_get_request
pcap_oid_set_request
pcap_open
pcap_open_dead
pcap_open_dead_with_tstamp_precision
pcap_open_live
pcap_open_offline
pcap_open_offline_with_tstamp_precision
pcap_parsesrcstr
pcap_perror
pcap_remoteact_accept
pcap_remoteact_accept_ex
pcap_remoteact_cleanup
pcap_remoteact_close
pcap_remoteact_list
pcap_sendpacket
pcap_sendqueue_alloc
pcap_sendqueue_destroy
pcap_sendqueue_queue
pcap_sendqueue_transmit
pcap_set_buffer_size
pcap_set_datalink
pcap_set_immediate_mode
pcap_set_promisc
pcap_set_rfmon
pcap_set_snaplen
pcap_set_timeout
pcap_set_tstamp_precision
pcap_set_tstamp_type
pcap_setbuff
pcap_setdirection
pcap_setfilter
pcap_setmintocopy
pcap_setmode
pcap_setnonblock
pcap_setsampling
pcap_setuserbuffer
pcap_snapshot
pcap_stats
pcap_stats_ex
pcap_statustostr
pcap_strerror
pcap_tstamp_type_name_to_val
pcap_tstamp_type_val_to_description
pcap_tstamp_type_val_to_name
pcap_version
pcap_wsockinit

Sections

.text
Size: 260KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 119KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

610a26d7c29b65c8fc3c6c71c9a971bd

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

02:3a:58:33:80:c4:d7:6a:bf:d3:33:5a:9f:ae:34:2cCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

bb:da:53:f6:f6:d9:75:7a:a5:60:27:6b:5c:70:44:d5:13:48:08:b0:b6:64:30:fb:2e:1a:a6:41:e2:3c:3f:11Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

packet

ws2_32

kernel32

Exports

Exports

Sections

.text Size: 260KB - Virtual size: 260KB

.rdata Size: 119KB - Virtual size: 119KB

.data Size: 5KB - Virtual size: 32KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 12KB - Virtual size: 12KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

02:3a:58:33:80:c4:d7:6a:bf:d3:33:5a:9f:ae:34:2c
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

bb:da:53:f6:f6:d9:75:7a:a5:60:27:6b:5c:70:44:d5:13:48:08:b0:b6:64:30:fb:2e:1a:a6:41:e2:3c:3f:11
Signer

.text
Size: 260KB - Virtual size: 260KB

.rdata
Size: 119KB - Virtual size: 119KB

.data
Size: 5KB - Virtual size: 32KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 12KB - Virtual size: 12KB