fcb7a309bd96a073d591ad22dc53a1947e438f57f76597692550e6d0a4114654

Resubmissions

14/03/2024, 17:46

240314-wce47scf45 1

14/03/2024, 17:42

240314-wabc8sad71 1

Sharing

Copy URL Twitter E-mail

General

Target

fcb7a309bd96a073d591ad22dc53a1947e438f57f76597692550e6d0a4114654
Size

187KB
MD5

a0eb4304e6d92bb29feebd1d60c7c5ba
SHA1

a471a8464b401c31fa73fb460bfbcb8be70c5f6d
SHA256

fcb7a309bd96a073d591ad22dc53a1947e438f57f76597692550e6d0a4114654
SHA512

112c75c58d9f0227e45a71ed4df920e689884de0d74d5d052abce5d4271e6343894021b81b7801278b954dff561bbdde69089fbde64ddf744cf8c8763e34ee0a
SSDEEP

3072:/0k+tGaNv4w9ucipng0VfVpsmsmddUSSr1Z2msxpSq8M0REX8:/0HNN4xcipngEfDsmlS5ZcPSq0L

Score

1^/10

Malware Config

Signatures

Files

fcb7a309bd96a073d591ad22dc53a1947e438f57f76597692550e6d0a4114654
.exe windows:10 windows x64 arch:x64

b898664253fda776233db48555e7463b

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3f:09:a6:ff:99:73:10:0f:95:85:a5:ba:8f:7d:ec:b6:92:94:f3:b5:c6:3c:52:1b:df:9c:d1:fa:54:d9:15:72
Signer

Actual PE Digest

3f:09:a6:ff:99:73:10:0f:95:85:a5:ba:8f:7d:ec:b6:92:94:f3:b5:c6:3c:52:1b:df:9c:d1:fa:54:d9:15:72

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

TrustedInstaller.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_c_exit
_initterm
_register_thread_local_exe_atexit_callback

api-ms-win-crt-private-l1-1-0

_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memmove
_o__wcsicmp
_o_exit
_o_free
_o_malloc
_o_terminate
_o_toupper
_o_wcstoul
__C_specific_handler
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf
_o__exit
_o__errno
_o__crt_atexit
_o__configure_wide_argv
_o__configthreadlocale
_o___p__commode
_o___p___wargv
_o___p___argc
_o__cexit
_o__callnewh
wcsstr
wcsrchr
wcschr
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

wcscmp
memset

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-com-l1-1-0

CoRegisterClassObject
CoResumeClassObjects
CoRevokeClassObject
CoDisconnectContext
CoCreateInstance
CoSuspendClassObjects
CoInitializeEx
CoInitializeSecurity
CoUninitialize
CoRevertToSelf
CoTaskMemFree
StringFromCLSID
CoGetMalloc
CoGetInterfaceAndReleaseStream
CoMarshalInterThreadInterfaceInStream
CoGetClassObject
CoUnmarshalInterface
CreateStreamOnHGlobal
CoImpersonateClient
CoMarshalInterface
CoGetCallContext
CoReleaseMarshalData

api-ms-win-core-processthreads-l1-1-0

OpenThreadToken
TerminateThread
GetCurrentThreadId
CreateThread
GetExitCodeProcess
GetExitCodeThread
CreateProcessW
GetCurrentProcessId
GetCurrentProcess
GetCurrentThread
TerminateProcess
OpenProcessToken
ExitProcess

api-ms-win-core-errorhandling-l1-1-0

SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError

api-ms-win-core-synch-l1-1-0

AcquireSRWLockShared
ReleaseSRWLockShared
ReleaseSemaphore
ReleaseMutex
SetEvent
WaitForMultipleObjectsEx
CreateEventW
WaitForSingleObjectEx
ReleaseSRWLockExclusive
TryEnterCriticalSection
OpenSemaphoreW
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
WaitForSingleObject
LeaveCriticalSection
CreateMutexExW
InitializeCriticalSectionEx
CreateSemaphoreExW
AcquireSRWLockExclusive

api-ms-win-service-core-l1-1-0

RegisterServiceCtrlHandlerExW
StartServiceCtrlDispatcherW
SetServiceStatus

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegCloseKey
RegEnumValueW
RegQueryValueExW
RegCreateKeyExW
RegOpenKeyExW

api-ms-win-core-heap-l1-1-0

HeapSetInformation
HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-registry-l2-1-0

RegDeleteKeyW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpW

api-ms-win-core-file-l1-1-0

CreateDirectoryW
GetFileAttributesExW
GetFileAttributesW
CompareFileTime
FindFirstFileW
FindNextFileW
FileTimeToLocalFileTime
FindClose
DeleteFileW
GetFullPathNameW
CreateFileW

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

api-ms-win-service-management-l1-1-0

CloseServiceHandle
OpenServiceW
OpenSCManagerW

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetSystemDirectoryW
GetSystemTime
GetSystemWindowsDirectoryW
GetSystemTimeAsFileTime
GetWindowsDirectoryW
GetTickCount

api-ms-win-core-sysinfo-l1-2-0

GetOsSafeBootMode

api-ms-win-core-libraryloader-l1-1-0

GetModuleHandleExW
GetModuleHandleW
GetModuleFileNameA
GetModuleFileNameW
GetProcAddress
FreeLibrary

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-kernel32-legacy-l1-1-0

LoadLibraryW
WaitForMultipleObjects

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringA
DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CreateThreadpoolTimer
CloseThreadpoolTimer

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-service-private-l1-1-1

I_ScRegisterPreshutdownRestart

ntdll

RtlRaiseStatus
DbgPrintEx
NtQuerySystemInformation
NtClose

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW
GetEnvironmentVariableW

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-security-base-l1-1-0

AllocateAndInitializeSid
RevertToSelf
AdjustTokenPrivileges
FreeSid
CheckTokenMembership
ImpersonateSelf

api-ms-win-core-heap-obsolete-l1-1-0

LocalAlloc

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventProviderEnabled
EventSetInformation
EventUnregister
EventRegister

api-ms-win-service-management-l2-1-0

QueryServiceConfigW
ChangeServiceConfigW

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-shutdown-l1-1-0

InitiateSystemShutdownExW

Sections

.text
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 804B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

b898664253fda776233db48555e7463b

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60Certificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

3f:09:a6:ff:99:73:10:0f:95:85:a5:ba:8f:7d:ec:b6:92:94:f3:b5:c6:3c:52:1b:df:9c:d1:fa:54:d9:15:72Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-service-core-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-registry-l2-1-0

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-timezone-l1-1-0

api-ms-win-service-management-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-sysinfo-l1-2-0

api-ms-win-core-libraryloader-l1-1-0

api-ms-win-core-file-l1-2-0

api-ms-win-core-kernel32-legacy-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-profile-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-service-private-l1-1-1

ntdll

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-file-l2-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-heap-obsolete-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-service-management-l2-1-0

api-ms-win-core-io-l1-1-0

api-ms-win-core-shutdown-l1-1-0

Sections

.text Size: 114KB - Virtual size: 114KB

.rdata Size: 54KB - Virtual size: 53KB

.data Size: 1KB - Virtual size: 3KB

.pdata Size: 5KB - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 804B

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

3f:09:a6:ff:99:73:10:0f:95:85:a5:ba:8f:7d:ec:b6:92:94:f3:b5:c6:3c:52:1b:df:9c:d1:fa:54:d9:15:72
Signer

.text
Size: 114KB - Virtual size: 114KB

.rdata
Size: 54KB - Virtual size: 53KB

.data
Size: 1KB - Virtual size: 3KB

.pdata
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 804B