a391c0f63b0d6fe3c221866a20c92fde240811e6c294221c06bb308a56f4557f

Sharing

Copy URL Twitter E-mail

General

Target

a391c0f63b0d6fe3c221866a20c92fde240811e6c294221c06bb308a56f4557f
Size

3.9MB
MD5

bff1951733b055e977135ecd2c198749
SHA1

2f155e9499f18d447398187fa1dfdcdd212d8328
SHA256

a391c0f63b0d6fe3c221866a20c92fde240811e6c294221c06bb308a56f4557f
SHA512

9061d5c502b88d92641bd7ff9c8b1f8f3b0652785a26ee297db0375f551c4a30615fcbbd2c2278734f50186ce232c5bebd4c534a6294d2ae81827b3d58c94e61
SSDEEP

49152:8dxgbIOlNjCNknqDG3WdVdabrOWfXCnIsRb1FdDKwlpT7bweDYH:8d9ujpqDG3WdV0XnXCnIe1hPS

Score

1^/10

Malware Config

Signatures

N/A. 1 IoCs

N/A.

dropper

resource	yara_rule
sample	dropper_html

Files

a391c0f63b0d6fe3c221866a20c92fde240811e6c294221c06bb308a56f4557f
.exe windows:5 windows x86 arch:x86

51d91c787ded87d43394e34c14decd34

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3a:df:44:50:8a:56:88:94:f5:5e:96:5b:6e:83:3b:1d
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

14/03/2022, 00:00

Not After

13/03/2025, 23:59

Subject

CN=Traction Software Limited,O=Traction Software Limited,ST=Devon,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

4c:f9:17:50:8f:c8:57:36:b7:35:7b:0a:f6:e6:9e:40:8d:e5:a6:56
Signer

Actual PE Digest

4c:f9:17:50:8f:c8:57:36:b7:35:7b:0a:f6:e6:9e:40:8d:e5:a6:56

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

ntohs
inet_ntoa
inet_addr
htons
WSAGetLastError
__WSAFDIsSet
select
closesocket
getsockname
WSAIoctl
WSAStartup
shutdown
socket
recv
gethostbyname
connect
gethostname
send
ioctlsocket
getsockopt
setsockopt
bind

kernel32

InterlockedIncrement
GlobalFlags
SetErrorMode
WritePrivateProfileStringW
GetStartupInfoW
RtlUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
GetCPInfo
HeapFree
GetTimeZoneInformation
HeapAlloc
ExitProcess
HeapReAlloc
GetProcessHeap
ExitThread
HeapSize
TlsFree
VirtualAlloc
VirtualQuery
SetStdHandle
GetFileType
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetStartupInfoA
HeapCreate
VirtualFree
IsValidCodePage
LCMapStringW
LCMapStringA
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
CreateFileA
GetDriveTypeA
LoadLibraryExW
OpenProcess
ResetEvent
TerminateThread
GetExitCodeThread
LocalSize
EnumResourceNamesW
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
GetFileSizeEx
GetFileAttributesExW
CreateEventW
SuspendThread
SetEvent
SetThreadPriority
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
CompareStringA
InterlockedExchange
lstrlenA
GetCurrentProcessId
FileTimeToLocalFileTime
GetVolumeInformationW
GetCurrentProcess
DuplicateHandle
UnlockFile
LockFile
FlushFileBuffers
GetThreadLocale
WideCharToMultiByte
InterlockedDecrement
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
lstrcmpW
FreeResource
GlobalFree
GlobalAlloc
EnumResourceTypesW
InterlockedCompareExchange
GlobalUnlock
MulDiv
LocalFileTimeToFileTime
ReleaseSemaphore
CreateSemaphoreA
GetComputerNameA
LoadLibraryA
GetVersionExA
GetFileSize
WriteFile
ReadFile
SetEndOfFile
SetFileTime
GetFileTime
CreateThread
GetCurrentThreadId
SetFilePointer
MoveFileW
CreateFileW
CreateDirectoryW
GetFileAttributesW
GetModuleFileNameW
GetCurrentDirectoryA
GetFullPathNameW
GetModuleHandleA
QueryPerformanceCounter
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetModuleFileNameA
FormatMessageA
GetComputerNameW
GetOEMCP
GetACP
GetSystemTimeAsFileTime
GetLocalTime
GetSystemTime
CompareFileTime
SystemTimeToFileTime
FileTimeToSystemTime
SetLastError
GetSystemInfo
GetVersionExW
GlobalMemoryStatus
GlobalLock
SetFileAttributesW
DeleteFileW
WaitForSingleObject
CloseHandle
CopyFileW
ResumeThread
GetModuleHandleW
GetCommandLineW
GetCurrentDirectoryW
GetTickCount
GetWindowsDirectoryW
WinExec
lstrlenW
LocalAlloc
LocalFree
GetExitCodeProcess
Sleep
TerminateProcess
FormatMessageW
FindFirstFileW
FindNextFileW
FindClose
GetTempPathW
MultiByteToWideChar
FindResourceW
LoadResource
LockResource
SizeofResource
LoadLibraryW
GetLastError
GetProcAddress
FreeLibrary
VirtualProtect
LoadLibraryExA

user32

WaitMessage
SetRectEmpty
UnregisterClassW
GetSysColorBrush
SetWindowContextHelpId
MapDialogRect
GetMessageW
ValidateRect
PostQuitMessage
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
FillRect
WindowFromPoint
GetWindowThreadProcessId
CharUpperW
MoveWindow
IsDialogMessageW
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
EnableMenuItem
CheckMenuItem
DestroyMenu
GetMenuItemInfoW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetFocus
DestroyIcon
GetForegroundWindow
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
TrackPopupMenuEx
TrackPopupMenu
GetKeyState
SetMenu
SetScrollPos
GetScrollPos
SetForegroundWindow
IsWindowVisible
PostMessageW
MessageBoxW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
EqualRect
GetScrollInfo
SetScrollInfo
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
CopyRect
GetMenu
SetWindowPos
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
GetWindowLongW
IsWindowEnabled
GetNextDlgTabItem
GetMenuState
GetMenuStringW
GetMenuItemID
GetMenuItemCount
CharNextW
IsRectEmpty
SetRect
CopyAcceleratorTableW
InvalidateRgn
GetNextDlgGroupItem
KillTimer
SystemParametersInfoW
RegisterClipboardFormatW
PostThreadMessageW
GetWindowTextLengthW
LookupIconIdFromDirectoryEx
LoadImageW
CreateIconFromResourceEx
CreateIconIndirect
GetIconInfo
GetDoubleClickTime
DrawFocusRect
GetMenuDefaultItem
SetMenuDefaultItem
SetClassLongW
SetWindowRgn
DrawStateW
DrawIconEx
SendMessageTimeoutW
DrawMenuBar
DrawFrameControl
DrawEdge
AdjustWindowRect
RegisterClassA
DefMDIChildProcW
DefMDIChildProcA
DefDlgProcW
DefDlgProcA
DefFrameProcW
DefFrameProcA
DefWindowProcA
CallWindowProcA
EnableScrollBar
EnumWindows
IsWindowUnicode
GetWindowLongA
SetWindowLongA
RegisterWindowMessageW
EmptyClipboard
wsprintfW
IsClipboardFormatAvailable
GetClipboardData
CloseClipboard
OpenClipboard
SetTimer
GetSystemMetrics
LoadIconW
FindWindowW
BringWindowToTop
IsIconic
GetSystemMenu
AppendMenuW
DrawIcon
EndDialog
SetFocus
GetWindowTextW
GetDlgItem
SetWindowTextW
ShowWindow
CreateWindowExW
VkKeyScanW
SendInput
SetWindowLongW
MessageBeep
LoadCursorW
CopyIcon
GetSysColor
ReleaseCapture
GetParent
SetCapture
InvalidateRect
ReleaseDC
GetDC
GetClientRect
InflateRect
PtInRect
SetCursor
ScreenToClient
LoadAcceleratorsW
GetCursorPos
IsWindow
EnableWindow
GetWindow
RedrawWindow
UpdateWindow
GetWindowRect
SendMessageW
LoadMenuW
GetSubMenu
PeekMessageW
DispatchMessageW
TranslateMessage
TranslateAcceleratorW
GetLastActivePopup

gdi32

CreateSolidBrush
CreateCompatibleBitmap
Escape
CombineRgn
DPtoLP
GetBkColor
GetTextColor
GetRgnBox
GetTextMetricsW
GetMapMode
StretchBlt
GetTextCharsetInfo
OffsetRgn
CreatePen
GetObjectType
SelectPalette
CreatePatternBrush
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
CreateDIBSection
SetBrushOrgEx
Polygon
CreatePalette
CreateDIBitmap
GetDIBits
GetDeviceCaps
GetStockObject
CreateFontIndirectW
GetObjectW
StretchDIBits
GetTextExtentPoint32W
TextOutW
RectVisible
PtVisible
GetPixel
GetWindowExtEx
GetViewportExtEx
CreateRectRgn
GetClipRgn
SelectClipRgn
DeleteObject
IntersectClipRect
ExcludeClipRect
SetMapMode
SetStretchBltMode
SetBkMode
RestoreDC
SaveDC
PatBlt
CreateRectRgnIndirect
CreateBitmap
ExtTextOutW
BitBlt
CreateCompatibleDC
SetBkColor
SetTextColor
GetClipBox
SelectObject

comdlg32

GetSaveFileNameW
GetOpenFileNameW
GetFileTitleW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

CryptAcquireContextW
RegCreateKeyExW
RegEnumKeyW
RegQueryValueW
RegOpenKeyExW
RegEnumValueW
RegOpenKeyW
RegCreateKeyW
RegSetValueExW
RegSetValueW
RegDeleteKeyW
RegQueryValueExW
GetUserNameA
CryptExportKey
CryptDestroyKey
CryptCreateHash
CryptSetHashParam
CryptDestroyHash
CryptSignHashA
RegCloseKey
CryptGenRandom
CryptReleaseContext
CryptGetUserKey
CryptGetProvParam
RegQueryValueExA
CryptAcquireContextA
RegCreateKeyExA
RegOpenKeyExA

shell32

DragFinish
DragQueryPoint
DragQueryFileW
ShellExecuteExW
ShellExecuteW
SHGetPathFromIDListW
DragAcceptFiles
SHGetMalloc
SHBrowseForFolderW

comctl32

FlatSB_GetScrollProp
_TrackMouseEvent
ImageList_GetBkColor
ImageList_GetImageInfo
ImageList_DrawIndirect
ImageList_GetIconSize
ImageList_Destroy
ord17

shlwapi

PathIsUNCW
PathFindExtensionW
PathFindFileNameW
PathStripToRootW

oledlg

OleUIBusyW

ole32

CoTaskMemFree
CoUninitialize
CoInitialize
CoTaskMemAlloc
OleRun
CoCreateInstance
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
StgOpenStorageOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
StgCreateDocfileOnILockBytes

oleaut32

VariantClear
VariantTimeToSystemTime
SystemTimeToVariantTime
SysAllocStringLen
VariantChangeType
VariantInit
SysStringLen
SysFreeString
SysAllocStringByteLen
SysStringByteLen
SysAllocString
VariantCopy
SafeArrayDestroy
OleCreateFontIndirect
OleLoadPicturePath

imagehlp

ImageDirectoryEntryToData

winmm

PlaySoundW

Sections

.text
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 958KB - Virtual size: 957KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 89KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 197KB - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

51d91c787ded87d43394e34c14decd34

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

3a:df:44:50:8a:56:88:94:f5:5e:96:5b:6e:83:3b:1dCertificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

4c:f9:17:50:8f:c8:57:36:b7:35:7b:0a:f6:e6:9e:40:8d:e5:a6:56Signer

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

imagehlp

winmm

Sections

.text Size: 2.6MB - Virtual size: 2.6MB

.rdata Size: 958KB - Virtual size: 957KB

.data Size: 89KB - Virtual size: 146KB

.rsrc Size: 197KB - Virtual size: 196KB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

3a:df:44:50:8a:56:88:94:f5:5e:96:5b:6e:83:3b:1d
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

4c:f9:17:50:8f:c8:57:36:b7:35:7b:0a:f6:e6:9e:40:8d:e5:a6:56
Signer

.text
Size: 2.6MB - Virtual size: 2.6MB

.rdata
Size: 958KB - Virtual size: 957KB

.data
Size: 89KB - Virtual size: 146KB

.rsrc
Size: 197KB - Virtual size: 196KB