de5874b42a1db76a83583ee5f694506b737fb1b6d808b157f34050adb6d5e3ac

Sharing

Copy URL Twitter E-mail

General

Target

de5874b42a1db76a83583ee5f694506b737fb1b6d808b157f34050adb6d5e3ac
Size

2.4MB
MD5

33667720ea3971843d26ef4d07d99bd4
SHA1

fb774d14916fbbbd3895d07b45e26ee09367e820
SHA256

de5874b42a1db76a83583ee5f694506b737fb1b6d808b157f34050adb6d5e3ac
SHA512

3fe1a27f3969dd551e3b0f1017640b2de39805f56f2f0b58b717ac187c1e013b0980d9185b5913a6826b94ef1fbbfcc0ad4d4b0311314431709024f57424ce9b
SSDEEP

49152:aOYCwgNpHOAMdo3xsLu+n5cm2neCPT0VABsLTCLkxG:9SupcuYVu

Score

1^/10

Malware Config

Signatures

Files

de5874b42a1db76a83583ee5f694506b737fb1b6d808b157f34050adb6d5e3ac
.exe windows:5 windows x86 arch:x86

bdd95248cf1f9eeb54c69368894837d4

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

27/04/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

Issuer

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

30/05/2020, 10:48

Subject

CN=Sectigo SHA-1 Time Stamping Signer,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

02:fd:37:e6:c7:98:46:16:1f:65:13:0f:4a:b3:fd:df
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

19/02/2020, 00:00

Not After

02/03/2021, 12:00

Subject

SERIALNUMBER=2221542,CN=Gemalto\, Inc.,O=Gemalto\, Inc.,L=Austin,ST=Texas,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f9:84:23:4e:6a:2f:a7:41:a8:d4:87:0e:5d:2a:3f:ff:26:3c:13:15:4f:0e:59:98:91:c6:20:0d:54:44:36:41
Signer

Actual PE Digest

f9:84:23:4e:6a:2f:a7:41:a8:d4:87:0e:5d:2a:3f:ff:26:3c:13:15:4f:0e:59:98:91:c6:20:0d:54:44:36:41

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegCreateKeyExA
RegDeleteValueA
RegSetValueExA
SetEntriesInAclW
SetSecurityInfo
AllocateAndInitializeSid
FreeSid
GetSecurityInfo
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegQueryValueExW

kernel32

FreeLibrary
GetModuleHandleA
GetProcAddress
GetEnvironmentVariableA
GetVolumeInformationA
GetVersionExA
GetCurrentProcessId
GetCurrentThreadId
SystemTimeToFileTime
GetProcessTimes
Sleep
LocalFree
GetSystemTime
OpenProcess
CloseHandle
GetFileInformationByHandle
SetLastError
CreateFileW
WideCharToMultiByte
GetTickCount
QueryPerformanceFrequency
QueryPerformanceCounter
GetLastError
GetCurrentProcess
VirtualProtect
OutputDebugStringA
LoadLibraryExA
GetCommandLineW
FlushFileBuffers
ConnectNamedPipe
CreateNamedPipeA
ReadFile
DisconnectNamedPipe
WriteFile
InterlockedCompareExchange
InterlockedIncrement
InterlockedDecrement
GetComputerNameExW
GetComputerNameW
GetModuleFileNameA
LocalAlloc
MultiByteToWideChar
DeviceIoControl
CreateFileA
GetSystemInfo
DefineDosDeviceA
QueryDosDeviceA
SetFileAttributesW
CreateDirectoryW
TlsAlloc
TlsSetValue
TlsGetValue
GetSystemTimeAsFileTime
IsBadReadPtr
FindFirstFileW
GetSystemDirectoryA
TerminateProcess
GetTimeZoneInformation
GetProcessHeap
HeapAlloc
HeapReAlloc
HeapFree
CreateThread
SetThreadPriority
ResumeThread
WaitForSingleObject
TerminateThread
CreateMutexA
OpenMutexA
ReleaseMutex
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
DeleteFileW
RemoveDirectoryW
MoveFileExW
SetFilePointerEx
SetEndOfFile
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
SwitchToThread
FindNextFileW
SetEvent
CreateEventA
ExitProcess
GetStartupInfoA
GetCommandLineA
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
TlsFree
HeapDestroy
HeapCreate
VirtualFree
LoadLibraryA
RtlUnwind
InterlockedExchange
VirtualQuery
HeapSize
GetACP
GetOEMCP
GetCPInfo
VirtualAlloc
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetEnvironmentVariableW
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 86KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128KB - Virtual size: 434KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

bdd95248cf1f9eeb54c69368894837d4

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19Certificate

Extended Key Usages

Key Usages

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49Certificate

Extended Key Usages

Key Usages

02:fd:37:e6:c7:98:46:16:1f:65:13:0f:4a:b3:fd:dfCertificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

f9:84:23:4e:6a:2f:a7:41:a8:d4:87:0e:5d:2a:3f:ff:26:3c:13:15:4f:0e:59:98:91:c6:20:0d:54:44:36:41Signer

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

Sections

.text Size: 2.1MB - Virtual size: 2.1MB

.rdata Size: 86KB - Virtual size: 86KB

.data Size: 128KB - Virtual size: 434KB

.rsrc Size: 1KB - Virtual size: 1KB

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

02:fd:37:e6:c7:98:46:16:1f:65:13:0f:4a:b3:fd:df
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

f9:84:23:4e:6a:2f:a7:41:a8:d4:87:0e:5d:2a:3f:ff:26:3c:13:15:4f:0e:59:98:91:c6:20:0d:54:44:36:41
Signer

.text
Size: 2.1MB - Virtual size: 2.1MB

.rdata
Size: 86KB - Virtual size: 86KB

.data
Size: 128KB - Virtual size: 434KB

.rsrc
Size: 1KB - Virtual size: 1KB