c4355c12cdb30a5ab2fe97828b1b189abcef20d9b651be38fb61283f94aa9918

Sharing

Copy URL Twitter E-mail

General

Target

c4355c12cdb30a5ab2fe97828b1b189abcef20d9b651be38fb61283f94aa9918
Size

306KB
MD5

9d3ff29bb3a7834ecab9d30a29f38bf4
SHA1

667dad8bbfbbad428d229d383d00e90ed89565a0
SHA256

c4355c12cdb30a5ab2fe97828b1b189abcef20d9b651be38fb61283f94aa9918
SHA512

934fc8f3fe1adf7f20cf6007b395c2725866588c37c7c27764f1cbb1aa255f2a93bf7b716e6f83463eb31dd89cb5d93291ef489e8a520286a6b1246496c2f7d0
SSDEEP

3072:dYQbijezGcxjdUC3zgLLWIpZegtfsE7PHAZ7EfY0m09w5F9e8YHpHOfYZGDQbHAi:doQRUCMLPpFtfsEDAZwfBmmMZIbZKUgi

Score

1^/10

Malware Config

Signatures

Files

c4355c12cdb30a5ab2fe97828b1b189abcef20d9b651be38fb61283f94aa9918
.exe windows:6 windows x64 arch:x64

ad9d3fb95cbac8980218b759a91b7e62

Code Sign

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/03/2019, 00:00

Not After

31/12/2028, 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e0:42:cf:38:a9:cf:02:4a:38:f0:8e:81:65:59:09:85
Certificate

Issuer

CN=Certera Code Signing CA,O=Certera,C=US

Not Before

08/05/2023, 00:00

Not After

07/05/2024, 23:59

Subject

CN=AAAA CLEANING REMOVALS LIMITED,O=AAAA CLEANING REMOVALS LIMITED,ST=Kent,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

21:66:f0:8a:51:eb:fc:ab:cc:8f:44:30:91:a9:4b:0e
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

07/09/2022, 00:00

Not After

06/09/2032, 23:59

Subject

CN=Certera Code Signing CA,O=Certera,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ad:ca:86:d4:8e:41:0f:f0:62:11:e3:f3:72:50:6f:aa:5f:85:52:b1:5e:3b:29:55:b9:15:f4:7e:bf:c6:0c:26
Signer

Actual PE Digest

ad:ca:86:d4:8e:41:0f:f0:62:11:e3:f3:72:50:6f:aa:5f:85:52:b1:5e:3b:29:55:b9:15:f4:7e:bf:c6:0c:26

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

SetFilePointer
InitializeCriticalSectionEx
GetCurrentThreadId
HeapSize
MultiByteToWideChar
Sleep
GetLastError
LockResource
HeapReAlloc
CloseHandle
RaiseException
CreateThread
FindResourceExW
LoadResource
FindResourceW
HeapAlloc
DecodePointer
HeapDestroy
GetProcAddress
DeleteCriticalSection
ExitProcess
GetProcessHeap
GetModuleHandleW
LeaveCriticalSection
WideCharToMultiByte
SetConsoleOutputCP
GetFileType
lstrcmpiW
LoadLibraryExW
FlushFileBuffers
CreateFileW
GetConsoleMode
SetFilePointerEx
GetStringTypeW
SetStdHandle
LCMapStringW
FlsFree
GetModuleFileNameW
ExpandEnvironmentStringsW
WriteFile
GetConsoleOutputCP
EnterCriticalSection
SetLastError
HeapFree
SizeofResource
FreeLibrary
ReadFile
FlsSetValue
FlsGetValue
FlsAlloc
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetStdHandle
WriteConsoleW
GetModuleHandleExW
GetCommandLineW
GetCommandLineA
RtlUnwind
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RtlPcToFileHeader
RtlUnwindEx
EncodePointer
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
GetCurrentProcess
FlushInstructionCache
VirtualAlloc
VirtualFree
LoadLibraryExA
IsDebuggerPresent
OutputDebugStringW
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime

user32

SetWindowLongPtrW
LoadCursorW
TranslateMessage
CharNextW
PeekMessageW
DispatchMessageW
RegisterClassExW
GetWindowLongPtrW
MsgWaitForMultipleObjects
UnregisterClassW
CreateWindowExW
DefWindowProcW
CallWindowProcW
MessageBoxW
GetClassInfoExW

advapi32

RegCloseKey
RegQueryInfoKeyW
RegDeleteKeyW
RegCreateKeyExW
RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW
RegDeleteValueW
RegQueryValueExW

ole32

CoInitialize
CoTaskMemAlloc
StringFromGUID2
CoGetObject
CoCreateInstance
CLSIDFromProgID
CoTaskMemFree
CoTaskMemRealloc
CLSIDFromString
CoGetInstanceFromFile
CoUninitialize

oleaut32

LoadRegTypeLi
VariantInit
LoadTypeLi
SysFreeString
SysAllocString
VariantCopy
SysStringLen
SafeArrayUnaccessData
SysAllocStringLen
LoadTypeLibEx
VariantChangeType
VariantClear
VarUI4FromStr
SafeArrayAccessData

Sections

.text
Size: 174KB - Virtual size: 174KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ad9d3fb95cbac8980218b759a91b7e62

Code Sign

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95Certificate

Key Usages

e0:42:cf:38:a9:cf:02:4a:38:f0:8e:81:65:59:09:85Certificate

Extended Key Usages

Key Usages

21:66:f0:8a:51:eb:fc:ab:cc:8f:44:30:91:a9:4b:0eCertificate

Extended Key Usages

Key Usages

ad:ca:86:d4:8e:41:0f:f0:62:11:e3:f3:72:50:6f:aa:5f:85:52:b1:5e:3b:29:55:b9:15:f4:7e:bf:c6:0c:26Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

Sections

.text Size: 174KB - Virtual size: 174KB

.rdata Size: 67KB - Virtual size: 67KB

.data Size: 6KB - Virtual size: 11KB

.pdata Size: 12KB - Virtual size: 12KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 39KB - Virtual size: 38KB

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

e0:42:cf:38:a9:cf:02:4a:38:f0:8e:81:65:59:09:85
Certificate

21:66:f0:8a:51:eb:fc:ab:cc:8f:44:30:91:a9:4b:0e
Certificate

ad:ca:86:d4:8e:41:0f:f0:62:11:e3:f3:72:50:6f:aa:5f:85:52:b1:5e:3b:29:55:b9:15:f4:7e:bf:c6:0c:26
Signer

.text
Size: 174KB - Virtual size: 174KB

.rdata
Size: 67KB - Virtual size: 67KB

.data
Size: 6KB - Virtual size: 11KB

.pdata
Size: 12KB - Virtual size: 12KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 39KB - Virtual size: 38KB