91d6f749b6c43b1457e0412b7d90b5d6a9b579382331e16815deda76fe00f267

Sharing

Copy URL Twitter E-mail

General

Target

91d6f749b6c43b1457e0412b7d90b5d6a9b579382331e16815deda76fe00f267
Size

1.7MB
MD5

10f54323ef03e6e64e397a57209425ca
SHA1

9bc3535169b9480a7d0a18ad07ea1d453a497860
SHA256

91d6f749b6c43b1457e0412b7d90b5d6a9b579382331e16815deda76fe00f267
SHA512

8b454e5220dd47620795448b8dfd8fd0e462ba800e76c28cd45cc88e14d976af70c85cc22592bf27a0dd0c599dee2f749e8f7096dd0b6849c3e3ee9ad35a727c
SSDEEP

24576:+n4FfD/8QwEsvGZnbv5NVovNQX8+SXyqfl2wZurEH7UMo:e4FD8QlscxolQX8+SiqNW

Score

1^/10

Malware Config

Signatures

Files

91d6f749b6c43b1457e0412b7d90b5d6a9b579382331e16815deda76fe00f267
.exe windows:5 windows x86 arch:x86

37c7c9a90e075560b6f0951a929d3365

Code Sign

33:00:00:00:be:a4:0f:f5:c9:a5:0e:e1:30:00:00:00:00:00:be
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/09/2016, 17:58

Not After

07/09/2018, 17:58

Subject

CN=Microsoft Time-Stamp Service,OU=AOC+OU=nCipher DSE ESN:843D-37F6-F104,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:b1:dd:ed:ba:54:e9:65:b8:5f:00:01:00:00:01:b1
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/07/2018, 20:11

Not After

26/07/2019, 20:11

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:01:03:5e:25:1c:99:1f:a3:1e:b8:00:00:00:00:01:03
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/07/2018, 20:08

Not After

26/07/2019, 20:08

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

dd:7d:38:77:d0:29:a3:48:fc:5f:c5:c2:e5:05:b3:68:01:b3:30:98:18:7c:a4:7d:b0:dd:e4:11:11:66:70:09
Signer

Actual PE Digest

dd:7d:38:77:d0:29:a3:48:fc:5f:c5:c2:e5:05:b3:68:01:b3:30:98:18:7c:a4:7d:b0:dd:e4:11:11:66:70:09

Digest Algorithm

sha256

PE Digest Matches

false

6d:f7:34:3a:c1:66:d5:5d:9e:82:d2:cb:5a:8d:5f:25:b6:95:5f:30
Signer

Actual PE Digest

6d:f7:34:3a:c1:66:d5:5d:9e:82:d2:cb:5a:8d:5f:25:b6:95:5f:30

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

P:\Target\x86\ship\ses\x-none\opatchinst.pdb

Imports

kernel32

MoveFileA
MultiByteToWideChar
Sleep
CreateThread
CreateToolhelp32Snapshot
Process32First
Process32Next
ReadFile
ExpandEnvironmentStringsA
SetEvent
CreateEventA
SetFilePointer
CreateFileW
DeleteFileW
GetTempFileNameW
WriteFile
GetTempPathW
CreateProcessW
ExpandEnvironmentStringsW
GetSystemDirectoryA
LoadResource
LockResource
FindResourceA
GetSystemDefaultLangID
GetUserDefaultLangID
GlobalAlloc
CopyFileA
GetModuleHandleA
CompareStringA
SetCurrentDirectoryA
GetCurrentDirectoryA
GetDiskFreeSpaceExA
SetLastError
GetCurrentProcess
CreateProcessA
GetWindowsDirectoryA
GetModuleFileNameA
WritePrivateProfileStringA
SetFileTime
DosDateTimeToFileTime
LoadLibraryA
LocalAlloc
FlushFileBuffers
WriteConsoleW
SetStdHandle
GetTempFileNameA
GetTempPathA
CreateFileMappingA
lstrlenA
LocalFree
UnmapViewOfFile
MapViewOfFile
GetFullPathNameA
GetFileSize
DeleteFileA
CreateFileA
CreateDirectoryA
GetVersionExA
GetLastError
GetExitCodeProcess
WaitForSingleObject
CloseHandle
WideCharToMultiByte
lstrlenW
LoadLibraryExA
GetProcAddress
GetModuleHandleW
LCMapStringW
GetStringTypeW
GetConsoleMode
FreeLibrary
GlobalFree
GetFileAttributesW
GetCommandLineA
HeapSetInformation
GetStartupInfoW
EncodePointer
DecodePointer
HeapFree
RaiseException
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetFileAttributesA
ExitThread
GetCurrentThreadId
ExitProcess
HeapAlloc
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
IsProcessorFeaturePresent
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LeaveCriticalSection
EnterCriticalSection
InterlockedExchange
LoadLibraryW
GetConsoleCP

oleaut32

VariantChangeType
SysAllocString
VariantClear
VariantInit
SysFreeString

advapi32

RegQueryValueExW
CryptReleaseContext
LookupPrivilegeValueA
GetTokenInformation
FreeSid
EqualSid
AllocateAndInitializeSid
AdjustTokenPrivileges
OpenProcessToken
RegOpenKeyExW
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
ConvertStringSecurityDescriptorToSecurityDescriptorW
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptAcquireContextA

ole32

CLSIDFromProgID
CoInitialize
CoTaskMemFree
CoCreateInstance

gdi32

CreateFontIndirectA

Sections

.text
Size: 286KB - Virtual size: 285KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 964KB - Virtual size: 964KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

37c7c9a90e075560b6f0951a929d3365

Code Sign

33:00:00:00:be:a4:0f:f5:c9:a5:0e:e1:30:00:00:00:00:00:beCertificate

Extended Key Usages

33:00:00:01:b1:dd:ed:ba:54:e9:65:b8:5f:00:01:00:00:01:b1Certificate

Extended Key Usages

61:33:26:1a:00:00:00:00:00:31Certificate

Key Usages

61:16:68:34:00:00:00:00:00:1cCertificate

Extended Key Usages

Key Usages

33:00:00:01:03:5e:25:1c:99:1f:a3:1e:b8:00:00:00:00:01:03Certificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

dd:7d:38:77:d0:29:a3:48:fc:5f:c5:c2:e5:05:b3:68:01:b3:30:98:18:7c:a4:7d:b0:dd:e4:11:11:66:70:09Signer

6d:f7:34:3a:c1:66:d5:5d:9e:82:d2:cb:5a:8d:5f:25:b6:95:5f:30Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

oleaut32

advapi32

ole32

gdi32

Sections

.text Size: 286KB - Virtual size: 285KB

.data Size: 10KB - Virtual size: 17KB

.rsrc Size: 964KB - Virtual size: 964KB

.reloc Size: 15KB - Virtual size: 15KB

33:00:00:00:be:a4:0f:f5:c9:a5:0e:e1:30:00:00:00:00:00:be
Certificate

33:00:00:01:b1:dd:ed:ba:54:e9:65:b8:5f:00:01:00:00:01:b1
Certificate

61:33:26:1a:00:00:00:00:00:31
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

33:00:00:01:03:5e:25:1c:99:1f:a3:1e:b8:00:00:00:00:01:03
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

dd:7d:38:77:d0:29:a3:48:fc:5f:c5:c2:e5:05:b3:68:01:b3:30:98:18:7c:a4:7d:b0:dd:e4:11:11:66:70:09
Signer

6d:f7:34:3a:c1:66:d5:5d:9e:82:d2:cb:5a:8d:5f:25:b6:95:5f:30
Signer

.text
Size: 286KB - Virtual size: 285KB

.data
Size: 10KB - Virtual size: 17KB

.rsrc
Size: 964KB - Virtual size: 964KB

.reloc
Size: 15KB - Virtual size: 15KB