de31431b7b37a4357e9be1fe89f615e9

Sharing

Copy URL Twitter E-mail

General

Target

de31431b7b37a4357e9be1fe89f615e9
Size

277KB
MD5

de31431b7b37a4357e9be1fe89f615e9
SHA1

c88cbc4222fd907a8039cbe539b04988e03a7ee9
SHA256

8fc1d365d25f9d22f83b9ff12b4be394ad8937dcd702216e4e98a22824e86ca1
SHA512

99f44ea401fb8b67da216e5fd510a9d99ef27f81ab066b7611ac41ffde5a419014b5cd321e1615358fd8550decdcd22588804d5bb912ccbb6fe8903306f9785e
SSDEEP

6144:PweE9zK9FCp1ZLOShMtmjYF6fmdKKpdOudK4RnttQAhFj+5Y:GKOxhM6YFxe8Kont9z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
de31431b7b37a4357e9be1fe89f615e9

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

Files

de31431b7b37a4357e9be1fe89f615e9
.exe windows:4 windows x86 arch:x86

29b61e5a552b3a9bc00953de1c93be41

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileAttributesA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CompareFileTime
SearchPathA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
CreateDirectoryA
lstrcmpiA
GetCommandLineA
GetVersion
SetErrorMode
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
LoadLibraryA
SetFileTime
CloseHandle
GlobalFree
lstrcmpA
ExpandEnvironmentStringsA
GetExitCodeProcess
GlobalAlloc
WaitForSingleObject
GetWindowsDirectoryA
GetTempPathA
GetProcAddress
FindFirstFileA
FindNextFileA
DeleteFileA
SetFilePointer
ReadFile
FindClose
GetPrivateProfileStringA
WritePrivateProfileStringA
WriteFile
MulDiv
LoadLibraryExA
GetModuleHandleA
MultiByteToWideChar
FreeLibrary

user32

GetWindowRect
EnableMenuItem
GetSystemMenu
ScreenToClient
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetForegroundWindow
PostQuitMessage
RegisterClassA
EndDialog
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
ExitWindowsEx
DestroyWindow
OpenClipboard
TrackPopupMenu
SendMessageTimeoutA
GetDC
LoadImageA
GetDlgItem
FindWindowExA
IsWindow
SetClipboardData
SetWindowLongA
EmptyClipboard
SetTimer
CreateDialogParamA
wsprintfA
ShowWindow
SetWindowTextA

gdi32

SelectObject
SetBkMode
CreateFontIndirectA
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA

advapi32

RegDeleteValueA
SetFileSecurityA
RegOpenKeyExA
RegDeleteKeyA
RegEnumValueA
RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegEnumKeyA

comctl32

ImageList_Create
ImageList_Destroy
ord17
ImageList_AddMasked

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
dll.exe
.exe windows:6 windows x64 arch:x64

97127a290a53cac2cc926877788cd459

Code Sign

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3a:10:10:87:8e:d6:f7:dd:d4:ec:8e:8f
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

18/09/2019, 12:58

Not After

11/12/2022, 11:53

Subject

CN=Adersoft,O=Adersoft,L=Paris,C=FR,1.2.840.113549.1.9.1=#0c14737570706f72744061646572736f66742e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:90:20:77:61:c4:26:dd:94:50:03:0d
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

14/06/2018, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign TSA for Advanced - G3 - 003-01,O=GMO GlobalSign K.K.,C=JP

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

29/03/2029, 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

05:72:78:91:99:e8:d4:b7:87:79:a3:0b:27:46:77:82:b3:12:db:ca
Signer

Actual PE Digest

05:72:78:91:99:e8:d4:b7:87:79:a3:0b:27:46:77:82:b3:12:db:ca

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Projets\vbsedit_source\launcher\x64\Release\launcher64w.pdb

Imports

kernel32

GetCurrentThreadId
MultiByteToWideChar
FormatMessageW
LockResource
CloseHandle
CreateThread
FindResourceExW
LoadResource
FindResourceW
GetProcAddress
LocalFree
ExitProcess
GetModuleHandleW
FreeLibrary
lstrcmpiW
LoadLibraryExW
GetExitCodeProcess
GetACP
WideCharToMultiByte
ReadFile
WriteFile
ExpandEnvironmentStringsW
SetFilePointer
EnumResourceNamesW
CreateFileW
GetFileAttributesW
UnmapViewOfFile
FreeResource
Sleep
GetFileSize
IsBadReadPtr
CreateFileMappingW
MapViewOfFile
GetFileType
FlushFileBuffers
WriteConsoleW
GetStringTypeW
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileW
FindFirstFileExW
WaitForSingleObject
GetFileSizeEx
GetConsoleCP
ReadConsoleW
GetConsoleMode
SetFilePointerEx
LCMapStringW
GetStdHandle
GetModuleHandleExW
GetCommandLineW
GetCommandLineA
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
LeaveCriticalSection
GetModuleFileNameW
EnterCriticalSection
SetLastError
SizeofResource
GetProcessHeap
DeleteCriticalSection
HeapDestroy
DecodePointer
HeapAlloc
RaiseException
RtlPcToFileHeader
RtlUnwindEx
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
LoadLibraryExA
VirtualFree
VirtualAlloc
FlushInstructionCache
GetCurrentProcess
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
OutputDebugStringW
IsDebuggerPresent
LocalAlloc
HeapReAlloc
GetLastError
HeapSize
InitializeCriticalSectionEx
FindClose
HeapFree

user32

GetMonitorInfoW
MapWindowPoints
CharNextW
LoadCursorW
UnregisterClassW
MessageBoxW
DialogBoxParamW
GetParent
GetClassInfoExW
KillTimer
GetDlgItem
SetTimer
DispatchMessageW
GetActiveWindow
MsgWaitForMultipleObjects
wsprintfA
PeekMessageW
TranslateMessage
DestroyWindow
GetWindowLongW
DefWindowProcW
CallWindowProcW
GetWindow
GetWindowRect
SetWindowPos
MonitorFromWindow
SetWindowLongPtrW
CreateWindowExW
SendMessageW
EndDialog
SetWindowTextW
GetWindowLongPtrW
RegisterClassExW
GetClientRect

advapi32

RegCloseKey
RegOpenKeyExW
RegSetValueExW
RegEnumKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegQueryValueExW
CreateProcessWithLogonW
RegDeleteValueW
RegQueryInfoKeyW

shell32

ShellExecuteW

ole32

CoInitialize
CoTaskMemAlloc
CoCreateInstance
CoTaskMemFree
CoTaskMemRealloc
CLSIDFromProgID
CLSIDFromString
StringFromGUID2
CoGetInstanceFromFile
CoGetObject
CoUninitialize

oleaut32

VarUI4FromStr
VariantCopy
SysFreeString
SafeArrayUnaccessData
SafeArrayAccessData
VariantChangeType
VariantClear
SysAllocStringByteLen
LoadTypeLibEx
LoadRegTypeLi
LoadTypeLi
SysStringLen
SysAllocStringLen
VariantInit
SysAllocString

wintrust

WinVerifyTrust

crypt32

CertFreeCertificateContext
CryptQueryObject
CertCloseStore
CertFindCertificateInStore
CryptMsgClose
CryptMsgGetParam

version

VerQueryValueA
GetFileVersionInfoW
GetFileVersionInfoSizeW

Sections

.text
Size: 230KB - Virtual size: 229KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dll.exe.manifest

Sharing

General

Malware Config

Signatures

Files

29b61e5a552b3a9bc00953de1c93be41

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1KB - Virtual size: 108KB

.ndata Size: - Virtual size: 32KB

.rsrc Size: 80KB - Virtual size: 80KB

97127a290a53cac2cc926877788cd459

Code Sign

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cdCertificate

Extended Key Usages

Key Usages

3a:10:10:87:8e:d6:f7:dd:d4:ec:8e:8fCertificate

Extended Key Usages

Key Usages

33:90:20:77:61:c4:26:dd:94:50:03:0dCertificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:31:89:c6:50:04Certificate

Key Usages

04:00:00:00:00:01:21:58:53:08:a2Certificate

Key Usages

05:72:78:91:99:e8:d4:b7:87:79:a3:0b:27:46:77:82:b3:12:db:caSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

wintrust

crypt32

version

Sections

.text Size: 230KB - Virtual size: 229KB

.rdata Size: 95KB - Virtual size: 95KB

.data Size: 10KB - Virtual size: 17KB

.pdata Size: 10KB - Virtual size: 10KB

_RDATA Size: 512B - Virtual size: 148B

.rsrc Size: 58KB - Virtual size: 57KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 108KB

.ndata
Size: - Virtual size: 32KB

.rsrc
Size: 80KB - Virtual size: 80KB

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

3a:10:10:87:8e:d6:f7:dd:d4:ec:8e:8f
Certificate

33:90:20:77:61:c4:26:dd:94:50:03:0d
Certificate

04:00:00:00:00:01:31:89:c6:50:04
Certificate

04:00:00:00:00:01:21:58:53:08:a2
Certificate

05:72:78:91:99:e8:d4:b7:87:79:a3:0b:27:46:77:82:b3:12:db:ca
Signer

.text
Size: 230KB - Virtual size: 229KB

.rdata
Size: 95KB - Virtual size: 95KB

.data
Size: 10KB - Virtual size: 17KB

.pdata
Size: 10KB - Virtual size: 10KB

_RDATA
Size: 512B - Virtual size: 148B

.rsrc
Size: 58KB - Virtual size: 57KB

.reloc
Size: 3KB - Virtual size: 2KB