6894da8fa49e6f422a60ff35e89af60ff2bb4b6d73efc765f39a6551b441a91d

Sharing

Copy URL Twitter E-mail

General

Target

6894da8fa49e6f422a60ff35e89af60ff2bb4b6d73efc765f39a6551b441a91d
Size

1.8MB
MD5

17340e7bcc575b5d36145eb5e64dd136
SHA1

99c33220cb399e8ea00b7f2ed11ab4ea8dfadf3f
SHA256

6894da8fa49e6f422a60ff35e89af60ff2bb4b6d73efc765f39a6551b441a91d
SHA512

4868545f10e1aca4b0a1948ba626f53480d385ad315454d8b3dfb5e77f3f415bf42c95d8d52837939e786348f66b52447fb49737ff3abfb634a8980fcb1e2737
SSDEEP

24576:NM6OztKkIgMyRBFFuGVt/HL85Rld+SUKBWJ3XdClALtL8rFeIIqCAuaJIDSSfYE6:N4F+2LfIIqvIDoAhNS67tGDzr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6894da8fa49e6f422a60ff35e89af60ff2bb4b6d73efc765f39a6551b441a91d

Files

6894da8fa49e6f422a60ff35e89af60ff2bb4b6d73efc765f39a6551b441a91d
.exe windows:6 windows x86 arch:x86

5bdb73ee7b4ea765af48d30098164e30

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\work\application\cert_manager\Release\cert_manager.pdb

Imports

ws2_32

inet_addr
inet_ntoa
ntohs
gethostbyname
WSAStartup
WSACleanup
recv
send
__WSAFDIsSet
closesocket
select
accept
bind
connect
listen
socket
setsockopt
htons

crypt32

CryptBinaryToStringW
CryptDecodeObjectEx
CertVerifySubjectCertificateContext
CertCreateCertificateContext
CryptSignMessage
CertAddCertificateContextToStore
CertDeleteCertificateFromStore
CryptEncodeObject
CryptSignAndEncodeCertificate
CryptExportPublicKeyInfo
CertFreeCertificateChain
CertGetNameStringW
CertOpenSystemStoreW
CryptStringToBinaryA
CryptStringToBinaryW
CertStrToNameW
CertNameToStrW
CertGetCertificateContextProperty
CertFreeCertificateContext
CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CertCompareCertificateName
CertGetCertificateChain
CertSetCertificateContextProperty

kernel32

GlobalUnlock
GlobalLock
GlobalHandle
GlobalFree
MulDiv
lstrcmpW
lstrcmpiW
MultiByteToWideChar
GetTickCount
LocalAlloc
LocalFree
lstrcpyW
lstrlenW
WideCharToMultiByte
CreateFileW
CloseHandle
CreateFileMappingW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
FileTimeToLocalFileTime
Sleep
FileTimeToSystemTime
DeleteFileA
FormatMessageW
InitializeCriticalSectionEx
OutputDebugStringA
FormatMessageA
QueryPerformanceCounter
QueryPerformanceFrequency
InitializeCriticalSection
SetEvent
ResetEvent
ReleaseSemaphore
WaitForSingleObject
FindResourceW
CreateSemaphoreW
TerminateProcess
CreateThread
GetCurrentDirectoryW
CreateDirectoryW
GetFileAttributesW
LocalFileTimeToFileTime
ReadFile
SetFilePointer
SetFileTime
WriteFile
SystemTimeToFileTime
GetFileInformationByHandle
GetFileSize
GetLocalTime
CreateFileA
GetTempPathA
GetModuleFileNameA
LoadLibraryA
SizeofResource
InterlockedFlushSList
RtlUnwind
GetCurrentProcessId
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SwitchToThread
LoadLibraryExA
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
FlushInstructionCache
GetCurrentProcess
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
OutputDebugStringW
IsDebuggerPresent
LockResource
LoadResource
GlobalAlloc
LoadLibraryExW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
FreeLibrary
FindResourceExW
GetCurrentThreadId
CreateMutexW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
GetModuleHandleExW
GetStdHandle
GetCurrentThread
GetFileType
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
GetFileSizeEx
SetFilePointerEx
ReadConsoleW
GetTimeZoneInformation
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
SetLastError
GetLastError
RaiseException
DecodePointer
SetConsoleCtrlHandler
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
WriteConsoleW
GetFileAttributesExW
SetEndOfFile
CreateEventW
ExitProcess

user32

DestroyIcon
LoadIconW
GetCursorPos
SetForegroundWindow
SetMenuDefaultItem
GetMenuDefaultItem
TrackPopupMenu
GetSubMenu
DestroyMenu
LoadMenuW
CreateIconIndirect
SetTimer
IsMenu
PostMessageW
GetMonitorInfoW
MonitorFromWindow
LoadImageW
MapWindowPoints
GetSystemMetrics
GetActiveWindow
GetDlgCtrlID
SetDlgItemTextW
KillTimer
DialogBoxParamW
PostQuitMessage
wsprintfW
MapDialogRect
IsDialogMessageW
LoadCursorW
GetWindow
GetClassNameW
GetParent
GetDesktopWindow
SetWindowLongW
GetWindowLongW
FillRect
GetSysColor
ScreenToClient
ClientToScreen
MessageBoxW
SetWindowContextHelpId
AdjustWindowRectEx
GetWindowRect
GetClientRect
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
RedrawWindow
InvalidateRgn
InvalidateRect
EndPaint
MessageBeep
ReleaseDC
GetDC
GetMenu
DestroyAcceleratorTable
CreateAcceleratorTableW
EnableWindow
ReleaseCapture
SetCapture
GetFocus
SetFocus
CharNextW
GetDlgItem
EndDialog
CreateDialogIndirectParamW
SetWindowPos
MoveWindow
ShowWindow
DestroyWindow
IsChild
IsWindow
CreateWindowExW
GetClassInfoExW
RegisterClassExW
UnregisterClassW
CallWindowProcW
DefWindowProcW
SendMessageW
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
RegisterWindowMessageW
BeginPaint

gdi32

DeleteDC
DeleteObject
GetDeviceCaps
GetStockObject
SelectObject
CreateSolidBrush
CreateFontW
SetBkMode
SetTextColor
CreateBitmap
BitBlt
GetObjectW
CreateCompatibleDC
CreateCompatibleBitmap

advapi32

RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
CryptGetDefaultProviderW
RegOpenKeyExW
RegQueryInfoKeyW
RegSetValueExW
CryptAcquireContextW
CryptReleaseContext
CryptGenKey
CryptDestroyKey
CryptSetKeyParam
CryptGetKeyParam
CryptGetProvParam
CryptGenRandom
CryptImportKey
CryptDecrypt
CryptEnumProvidersW
CryptGetHashParam
CryptSignHashW
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptExportKey
CryptGetUserKey
CryptSetHashParam
RegCloseKey

shell32

Shell_NotifyIconW

ole32

CreateStreamOnHGlobal
CoUninitialize
CoGetClassObject
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
StringFromGUID2
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoInitialize
OleInitialize
OleUninitialize
OleLockRunning
CoCreateGuid

oleaut32

SysFreeString
SysStringLen
VariantInit
VariantClear
VarUI4FromStr
SysAllocStringLen
LoadRegTypeLi
OleCreateFontIndirect
SysStringByteLen
SysAllocStringByteLen
CreateErrorInfo
LoadTypeLi
GetErrorInfo
VariantChangeType
SetErrorInfo
SysAllocString

comctl32

InitCommonControlsEx

Sections

.text
Size: 844KB - Virtual size: 844KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 246KB - Virtual size: 246KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 654KB - Virtual size: 654KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5bdb73ee7b4ea765af48d30098164e30

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

crypt32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

Sections

.text Size: 844KB - Virtual size: 844KB

.rdata Size: 246KB - Virtual size: 246KB

.data Size: 14KB - Virtual size: 114KB

.rsrc Size: 654KB - Virtual size: 654KB

.reloc Size: 37KB - Virtual size: 37KB

.text
Size: 844KB - Virtual size: 844KB

.rdata
Size: 246KB - Virtual size: 246KB

.data
Size: 14KB - Virtual size: 114KB

.rsrc
Size: 654KB - Virtual size: 654KB

.reloc
Size: 37KB - Virtual size: 37KB