360b302b122732c9f4c21ce5aca4ffab9e364be018fa6c8eb0337d259232f7e8

Sharing

Copy URL Twitter E-mail

General

Target

360b302b122732c9f4c21ce5aca4ffab9e364be018fa6c8eb0337d259232f7e8
Size

490KB
MD5

509c5d260a842ff1631609abb6f49aea
SHA1

e909019436562aa0231390a00d60a7c059dd11a1
SHA256

360b302b122732c9f4c21ce5aca4ffab9e364be018fa6c8eb0337d259232f7e8
SHA512

c7030a22aa16d3d513167ebf95382aad6860af80be319ea06b8b4c39ce1157651997e306e8f4b9c2b88c92d9c4db6182095253787bba29a4bfc712947440dbc8
SSDEEP

12288:CiV2TgPPTVmoUfElmr8y4aRz+AqI07o8lv:ETg5O83xPZv

Score

1^/10

Malware Config

Signatures

Files

360b302b122732c9f4c21ce5aca4ffab9e364be018fa6c8eb0337d259232f7e8
.exe windows:4 windows x86 arch:x86

81aeecd86308550f01088e298c7cd099

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0b:e7:d4:fe:80:0f:15:75:85:83:33:a2:92:f2:24:44
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

15/06/2021, 00:00

Not After

05/07/2024, 23:59

Subject

CN=Gladinet\, Inc.,O=Gladinet\, Inc.,L=Boca Raton,ST=Florida,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

94:0f:66:d1:24:18:89:68:4e:f7:44:bf:7d:b8:31:d5:d3:9b:cb:7a
Signer

Actual PE Digest

94:0f:66:d1:24:18:89:68:4e:f7:44:bf:7d:b8:31:d5:d3:9b:cb:7a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\src\servershell\GladEdit\_bldtmp\retail\GladEdit.pdb

Imports

kernel32

MulDiv
OutputDebugStringW
InterlockedExchange
InterlockedExchangeAdd
CreateFileMappingW
MapViewOfFile
InterlockedIncrement
WideCharToMultiByte
MultiByteToWideChar
HeapDestroy
HeapCreate
ReadFile
FindFirstFileW
FindNextFileW
FindClose
ReadDirectoryChangesW
Sleep
SetFilePointer
WriteFile
FlushFileBuffers
CreateFileW
GetFileSize
GetFileAttributesExW
EnterCriticalSection
LeaveCriticalSection
GetFileAttributesW
CreateDirectoryW
DeleteFileW
GetLastError
SetFileAttributesW
CopyFileW
MoveFileExW
InterlockedDecrement
CloseHandle
DeleteCriticalSection
InitializeCriticalSection
FindResourceW
LoadResource
LockResource
SizeofResource
GetTickCount
CreateThread
GetModuleFileNameW
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetEnvironmentVariableA
GetCurrentThreadId
GetVersion
GetFileType
GetStdHandle
QueryPerformanceCounter
GetCurrentProcessId
GlobalMemoryStatus
FreeLibrary
GetProcAddress
LoadLibraryA
GetVersionExA
GetModuleHandleW
GlobalAlloc
lstrcmpW
GlobalLock
CompareStringA
LoadLibraryW
GetLocaleInfoW
lstrcmpA
EnumResourceLanguagesW
ConvertDefaultLocale
GetCurrentThread
GlobalDeleteAtom
GlobalAddAtomW
SetLastError
FreeResource
GlobalFree
GlobalUnlock
lstrlenW
WritePrivateProfileStringW
LocalFree
FormatMessageW
CompareStringW
GlobalFindAtomW
GetModuleHandleA
LocalAlloc
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
SetErrorMode
GlobalFlags
GetThreadLocale
SetEndOfFile
GetCurrentProcess
lstrlenA
HeapFree
HeapAlloc
GetProcessHeap
GetStartupInfoW
RtlUnwind
ExitProcess
HeapReAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetSystemTimeAsFileTime
RaiseException
VirtualAlloc
HeapSize
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetStartupInfoA
VirtualFree
TerminateProcess
IsDebuggerPresent
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
GetConsoleCP
GetConsoleMode
SetStdHandle
GetLocaleInfoA
GetStringTypeA
GetStringTypeW

user32

AdjustWindowRectEx
RegisterClassW
GetClassInfoW
GetClassInfoExW
CreateWindowExW
GetMenu
UpdateWindow
SetForegroundWindow
TrackPopupMenu
MapWindowPoints
GetMessagePos
GetMessageTime
GetTopWindow
GetForegroundWindow
GetWindowTextW
SetFocus
RemovePropW
GetPropW
SetPropW
GetClassNameW
GetClassLongW
GetCapture
WinHelpW
SendDlgItemMessageA
SendDlgItemMessageW
RegisterWindowMessageW
SetWindowTextW
MoveWindow
ShowWindow
TabbedTextOutW
DrawTextW
DrawTextExW
GrayStringW
ClientToScreen
GetWindowDC
BeginPaint
SetWindowLongW
UnregisterClassW
LoadCursorW
GetSysColorBrush
UnregisterClassA
GetUserObjectInformationW
GetProcessWindowStation
MessageBoxA
PostQuitMessage
PostMessageW
ReleaseDC
CheckMenuItem
EnableMenuItem
GetMenuState
ModifyMenuW
GetParent
GetFocus
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
ValidateRect
PeekMessageW
GetKeyState
IsWindowVisible
GetActiveWindow
CallNextHookEx
PtInRect
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
GetDC
SetActiveWindow
SetWindowPos
SetWindowsHookExW
SetCursor
IsWindowEnabled
GetLastActivePopup
GetWindowLongW
GetWindowThreadProcessId
EndDialog
GetNextDlgTabItem
GetDlgItem
IsWindow
DestroyWindow
CreateDialogIndirectParamW
SystemParametersInfoA
GetWindowPlacement
GetWindow
DestroyMenu
UnhookWindowsHookEx
EndPaint
MapVirtualKeyW
GetKeyNameTextW
DrawIconEx
SystemParametersInfoW
GetSysColor
LoadBitmapW
GetSubMenu
GetMenuItemInfoW
GetMenuItemID
GetMenuItemCount
AppendMenuW
DrawEdge
OffsetRect
CopyRect
CreateIconFromResourceEx
CreateIconFromResource
MessageBoxW
ReleaseCapture
GetCursorPos
SwitchToThisWindow
DestroyIcon
GetSystemMetrics
SetClassLongW
DispatchMessageW
TranslateMessage
IsDialogMessageW
GetMessageW
DrawIcon
GetWindowRect
LoadIconW
EnableWindow
GetDesktopWindow
SetCapture
GetClientRect
IsIconic
SendMessageW
CreatePopupMenu

gdi32

LineTo
MoveToEx
PtVisible
RectVisible
SetMapMode
SetBkMode
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetClipBox
CreateSolidBrush
CreatePen
GetStockObject
DeleteDC
CreateFontIndirectW
GetObjectW
CreateBitmap
CreateCompatibleBitmap
CreateCompatibleDC
Rectangle
PatBlt
BitBlt
DeleteObject
CreateDIBitmap
SelectObject
ExtTextOutW
GetDeviceCaps
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
TextOutW

advapi32

RegDeleteKeyW
FreeSid
InitializeSecurityDescriptor
AllocateAndInitializeSid
GetLengthSid
InitializeAcl
SetSecurityDescriptorDacl
AddAccessAllowedAce
RegOpenKeyA
RegCloseKey
DeregisterEventSource
ReportEventA
RegisterEventSourceA
RegQueryValueExW
RegOpenKeyExW
RegEnumKeyW
RegOpenKeyW
RegQueryValueW
RegCreateKeyExW
RegSetValueExW

shell32

SHGetSpecialFolderPathW
ShellExecuteW
SHGetMalloc
SHGetPathFromIDListW
SHCreateDirectoryExW
SHParseDisplayName
SHBrowseForFolderW
Shell_NotifyIconW

ole32

CoInitializeEx

winhttp

WinHttpSendRequest
WinHttpSetTimeouts
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpSetOption
WinHttpWriteData
WinHttpOpen
WinHttpAddRequestHeaders
WinHttpConnect
WinHttpOpenRequest
WinHttpCloseHandle

rpcrt4

UuidCreate

msimg32

TransparentBlt

comctl32

InitCommonControlsEx

shlwapi

PathFindExtensionW
PathFindFileNameW

ws2_32

WSASetLastError
WSACleanup
WSAStartup
gethostname

oleacc

CreateStdAccessibleObject
LresultFromObject

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

oleaut32

VariantInit
VariantChangeType
VariantClear

Sections

.text
Size: 292KB - Virtual size: 289KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

81aeecd86308550f01088e298c7cd099

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

0b:e7:d4:fe:80:0f:15:75:85:83:33:a2:92:f2:24:44Certificate

Extended Key Usages

Key Usages

94:0f:66:d1:24:18:89:68:4e:f7:44:bf:7d:b8:31:d5:d3:9b:cb:7aSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

winhttp

rpcrt4

msimg32

comctl32

shlwapi

ws2_32

oleacc

winspool.drv

oleaut32

Sections

.text Size: 292KB - Virtual size: 289KB

.rdata Size: 88KB - Virtual size: 85KB

.data Size: 56KB - Virtual size: 74KB

.rsrc Size: 40KB - Virtual size: 37KB

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

0b:e7:d4:fe:80:0f:15:75:85:83:33:a2:92:f2:24:44
Certificate

94:0f:66:d1:24:18:89:68:4e:f7:44:bf:7d:b8:31:d5:d3:9b:cb:7a
Signer

.text
Size: 292KB - Virtual size: 289KB

.rdata
Size: 88KB - Virtual size: 85KB

.data
Size: 56KB - Virtual size: 74KB

.rsrc
Size: 40KB - Virtual size: 37KB