4dc73e256094d67d440f5be93ec0ea15aa45159db39a08be5947d8618325ac9d

Sharing

Copy URL Twitter E-mail

General

Target

4dc73e256094d67d440f5be93ec0ea15aa45159db39a08be5947d8618325ac9d
Size

1.8MB
MD5

7fb1e21fca48dc0d27ddc58667395084
SHA1

809b874e3d791f4bd3b0a86cd4133fcc2abf9779
SHA256

4dc73e256094d67d440f5be93ec0ea15aa45159db39a08be5947d8618325ac9d
SHA512

d75042f6cb8e4a79702ed24a60f7ed9fdb888879b1f95c6680f55e796a1483dcba586f6bd89213c74e4576194e646be95cd01282425de53c733fc60f52e35578
SSDEEP

24576:LOA5c1n90JrJ+RULnpxO8XzWC5sF0n3MmtEcFwyH4jlzK1eN:iA5QP0n/ZjhYG3MsEcslzaC

Score

1^/10

Malware Config

Signatures

Files

4dc73e256094d67d440f5be93ec0ea15aa45159db39a08be5947d8618325ac9d
.exe windows:6 windows x64 arch:x64

12ab1cdff104d496260bae930be6bce7

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:49:4d:7d:f0:20:97:10:7b:90:65:02:51:33:fe:92
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

07/02/2023, 00:00

Not After

08/03/2025, 23:59

Subject

SERIALNUMBER=000681038,CN=Bitsum LLC,O=Bitsum LLC,L=Morristown,ST=Tennessee,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130954656e6e6573736565,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

46:f6:a1:86:30:13:b4:c9:46:6c:4f:9f:e8:3a:27:ba:3b:3f:56:42:31:1d:5e:2b:54:d3:4a:a9:b2:09:30:ff
Signer

Actual PE Digest

46:f6:a1:86:30:13:b4:c9:46:6c:4f:9f:e8:3a:27:ba:3b:3f:56:42:31:1d:5e:2b:54:d3:4a:a9:b2:09:30:ff

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\dev\projs\ProcessSupervisor\output\ProcessLasso.pdb

Imports

comctl32

ord412
ImageList_Remove
ord17
ImageList_Destroy
ImageList_Create
ImageList_ReplaceIcon
ord410
ord413
InitCommonControlsEx

gdiplus

GdiplusStartup
GdiplusShutdown
GdipDrawRectangleI
GdipAlloc
GdipSetPenDashStyle
GdipFree
GdipCreateFromHDC
GdipDeleteGraphics
GdipDeletePen
GdipCreatePen1
GdipDrawLineI

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

kernel32

MoveFileExW
GetFileSize
VerSetConditionMask
GetCurrentProcessId
SystemTimeToFileTime
GlobalMemoryStatusEx
CreateProcessW
SetThreadExecutionState
GetModuleHandleW
CopyFileW
VerifyVersionInfoW
IsBadReadPtr
QueryPerformanceCounter
OpenMutexW
GetProcessTimes
CreateMutexW
WideCharToMultiByte
GetProcAddress
TerminateProcess
LoadLibraryW
FreeLibrary
SetThreadPriority
ExitThread
GetCurrentThread
SetThreadPriorityBoost
CreateDirectoryW
SetPriorityClass
SetProcessShutdownParameters
GetVersionExW
GetTickCount64
SetUnhandledExceptionFilter
GlobalAlloc
GlobalLock
GlobalUnlock
EnterCriticalSection
CompareFileTime
ReadFile
GetStartupInfoW
GetExitCodeProcess
GetFileTime
GetSystemTimeAsFileTime
GetProcessHeap
ExitProcess
DeleteCriticalSection
HeapDestroy
DecodePointer
FindNextChangeNotification
GetCurrentDirectoryW
FileTimeToLocalFileTime
WriteConsoleW
GetConsoleMode
GetConsoleOutputCP
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
ResetEvent
GetACP
IsValidCodePage
FindFirstFileExW
HeapAlloc
GetTimeZoneInformation
SetFilePointerEx
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetFileType
GetStdHandle
GetModuleHandleExW
FreeLibraryAndExitThread
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RtlPcToFileHeader
RtlUnwindEx
InitializeSListHead
IsProcessorFeaturePresent
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RaiseException
OutputDebugStringW
IsDebuggerPresent
GetCPInfo
CompareStringEx
SleepConditionVariableSRW
WakeAllConditionVariable
LCMapStringEx
CreateThread
GetSystemInfo
CloseHandle
DeleteFileW
QueryPerformanceFrequency
FindCloseChangeNotification
GetActiveProcessorGroupCount
TerminateThread
FileTimeToSystemTime
SetEvent
Sleep
MultiByteToWideChar
CreateEventW
OpenProcess
FindFirstChangeNotificationW
GetSystemDirectoryW
ReleaseMutex
OpenEventW
GetFileAttributesW
InitializeCriticalSection
SetFilePointer
LeaveCriticalSection
WaitForMultipleObjects
GetCurrentProcess
GetOEMCP
FindResourceW
LoadResource
FindResourceExW
HeapReAlloc
LockResource
GetLastError
HeapSize
CreateFileW
WaitForSingleObject
InitializeCriticalSectionEx
HeapFree
SizeofResource
GetCommandLineW
GetLocaleInfoEx
EncodePointer
WaitForSingleObjectEx
TryAcquireSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetStringTypeW
GetExitCodeThread
SuspendThread
GetCurrentThreadId
LocalUnlock
LocalLock
LocalAlloc
MulDiv
GetTimeFormatW
GetDateFormatW
GetNumaNodeProcessorMask
K32GetModuleBaseNameW
FindNextFileW
FindFirstFileW
SetEndOfFile
FlushFileBuffers
WriteFile
GetTickCount
GetLocalTime
ResumeThread
GetProcessPriorityBoost
InitializeCriticalSectionAndSpinCount
GetThreadPriority
RemoveDirectoryW
MoveFileW
GetVolumeNameForVolumeMountPointW
WinExec
SetLastError
ProcessIdToSessionId
GetModuleFileNameW
FindClose
GetUserDefaultUILanguage
IsBadWritePtr
CompareStringOrdinal
LoadLibraryExW
VirtualProtect
LocalFree
SetProcessAffinityMask
CreateToolhelp32Snapshot
Thread32First
OpenThread
SetThreadGroupAffinity
Thread32Next
GetProcessAffinityMask
GetProcessGroupAffinity
SetProcessPriorityBoost
GetPriorityClass
SetProcessWorkingSetSize
GetLogicalProcessorInformationEx
GetActiveProcessorCount
GetNumaHighestNodeNumber

user32

SetWindowLongPtrW
SendMessageW
EndDialog
SetWindowTextW
GetWindowLongPtrW
SetTimer
IsDialogMessageW
WaitMessage
CreateDialogIndirectParamW
GetAsyncKeyState
SetDlgItemTextW
GetDlgItemTextW
GetDlgItem
KillTimer
DialogBoxParamW
UpdateWindow
EnableWindow
PeekMessageW
WinHelpW
GetKeyState
GetClassLongPtrW
OpenClipboard
CloseClipboard
EmptyClipboard
SetClipboardData
GetMessageW
LoadAcceleratorsW
DispatchMessageW
TranslateAcceleratorW
TranslateMessage
IsIconic
GetWindowTextLengthW
IsDlgButtonChecked
GetDlgItemInt
SetDlgItemInt
GetWindowTextW
SetDlgItemTextA
CheckDlgButton
GetMenuItemInfoW
DefWindowProcW
LoadMenuW
GetWindowRect
GetMenu
DestroyWindow
GetDC
IsWindowVisible
SetWindowPos
FillRect
CreateWindowExW
DeleteMenu
ScreenToClient
CreatePopupMenu
SetClassLongPtrW
RegisterClassExW
TrackPopupMenu
GetSubMenu
ShowWindow
GetClassInfoW
RedrawWindow
DestroyIcon
GetWindowInfo
ClientToScreen
SetMenuItemInfoW
TrackMouseEvent
GetSysColor
LoadBitmapW
DestroyMenu
SetFocus
LoadIconW
GetParent
LoadCursorW
DrawMenuBar
CheckMenuItem
GetClientRect
AppendMenuW
DrawTextW
PostQuitMessage
EnableMenuItem
SystemParametersInfoW
RegisterWindowMessageW
SetForegroundWindow
LoadImageW
InvalidateRect
ReleaseDC
GetCursorPos
BeginPaint
EndPaint
PostMessageW
MessageBoxW
SetPropW
FrameRect
GetMenuBarInfo
OffsetRect
IntersectRect
LoadStringW
GetSystemMetrics
GetWindowThreadProcessId
GetWindow
EnumWindows
GetWindowLongW
SetWindowLongW
IsWindowEnabled
SetRect
GetActiveWindow
GetLastActivePopup
MessageBeep
DrawIcon
GetDialogBaseUnits
IsWindow
GetClassNameW
GetSystemMenu
MoveWindow
FindWindowW

gdi32

BitBlt
CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
GetStockObject
CreateRoundRectRgn
DeleteDC
TextOutW
GetTextExtentPoint32W
SetBkMode
LineTo
CreatePen
MoveToEx
DeleteObject
CreateBitmap
CreateFontIndirectW
FillRgn
SetTextColor
SetBkColor
CreateSolidBrush
Ellipse
GetObjectW
CreateDCW

comdlg32

GetSaveFileNameW
ChooseColorW
GetOpenFileNameW

advapi32

RegOpenKeyExW
GetSidSubAuthorityCount
LookupAccountSidW
RegEnumKeyExW
RegQueryInfoKeyW
EnumServicesStatusExW
ControlService
QueryServiceStatus
QueryServiceConfigW
RegDeleteKeyW
ChangeServiceConfigW
StartServiceW
CloseServiceHandle
OpenServiceW
OpenSCManagerW
GetSidSubAuthority
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
SetSecurityDescriptorDacl
RegCloseKey
RegCreateKeyExW
RegSetValueExW
InitializeSecurityDescriptor
GetUserNameW
RegQueryValueExW
RegDeleteValueW
GetTokenInformation

shell32

SHGetStockIconInfo
ShellExecuteExW
SHGetKnownFolderPath
SHGetSpecialFolderPathW
ord178
SHCreateDirectoryExW
ExtractAssociatedIconW
ShellExecuteW
SHQueryUserNotificationState
Shell_NotifyIconW

ole32

CoInitializeEx
CoTaskMemFree
CoUninitialize
CoCreateInstance
IIDFromString
CoInitializeSecurity
StringFromGUID2

oleaut32

VariantClear
VariantInit
SysAllocString
SysFreeString

pdh

PdhCloseQuery
PdhAddEnglishCounterW
PdhRemoveCounter
PdhCollectQueryData
PdhOpenQueryW
PdhGetFormattedCounterValue

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

shlwapi

SHDeleteKeyW

dbghelp

MiniDumpWriteDump

uxtheme

DrawThemeText
SetWindowTheme
OpenThemeData
GetThemeColor
CloseThemeData
IsThemeActive
DrawThemeBackground

rpcrt4

UuidCreate
UuidFromStringW

wininet

InternetCanonicalizeUrlW
InternetOpenW
InternetCloseHandle
InternetOpenUrlW
InternetReadFile

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 234KB - Virtual size: 233KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 249KB - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

12ab1cdff104d496260bae930be6bce7

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0b:49:4d:7d:f0:20:97:10:7b:90:65:02:51:33:fe:92Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

46:f6:a1:86:30:13:b4:c9:46:6c:4f:9f:e8:3a:27:ba:3b:3f:56:42:31:1d:5e:2b:54:d3:4a:a9:b2:09:30:ffSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

comctl32

gdiplus

version

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

pdh

wtsapi32

shlwapi

dbghelp

uxtheme

rpcrt4

wininet

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 234KB - Virtual size: 233KB

.data Size: 24KB - Virtual size: 45KB

.pdata Size: 41KB - Virtual size: 40KB

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 249KB - Virtual size: 248KB

.reloc Size: 5KB - Virtual size: 4KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0b:49:4d:7d:f0:20:97:10:7b:90:65:02:51:33:fe:92
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

46:f6:a1:86:30:13:b4:c9:46:6c:4f:9f:e8:3a:27:ba:3b:3f:56:42:31:1d:5e:2b:54:d3:4a:a9:b2:09:30:ff
Signer

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 234KB - Virtual size: 233KB

.data
Size: 24KB - Virtual size: 45KB

.pdata
Size: 41KB - Virtual size: 40KB

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 249KB - Virtual size: 248KB

.reloc
Size: 5KB - Virtual size: 4KB