588ad2d65880acf04ef4ef3edc1a202c3a4e07e803a5970f053dde437c9dfad6

Sharing

Copy URL Twitter E-mail

General

Target

588ad2d65880acf04ef4ef3edc1a202c3a4e07e803a5970f053dde437c9dfad6
Size

1.1MB
MD5

b050c2a1b6fa58c6a123500a0f87fcd6
SHA1

b9a19b0329c84d5a2cbc3dbd37ae4a2a75e7bcb4
SHA256

588ad2d65880acf04ef4ef3edc1a202c3a4e07e803a5970f053dde437c9dfad6
SHA512

8735b4d183362d8e7686e6637715efa60f519d3f338a13a5c0e0a7c724b59e96f09e4e5d1572990412fd3b10a78412955cc08e472455df8a4640e60ed5c1d2c6
SSDEEP

24576:ZZQlxDknn20Nq0twfFZZy5EmT9JyH1zxg1yD95rk8NO+NtpG9/6CGJhSqrzm8kIx:P8HVD95rk8Htp5rbp

Score

1^/10

Malware Config

Signatures

Files

588ad2d65880acf04ef4ef3edc1a202c3a4e07e803a5970f053dde437c9dfad6
.exe windows:6 windows x64 arch:x64

1347785cb24c458b9fab587930b41ba2

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:31:61:a4:65:90:c7:69:8c:4c:8f:9f:1a:6d:aa:9b
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

02/10/2023, 00:00

Not After

01/10/2024, 23:59

Subject

CN=KingsIsle Entertainment Inc.,O=KingsIsle Entertainment Inc.,L=Plano,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

cd:a3:17:0b:bf:a9:5b:b8:5b:70:a0:24:f8:7c:da:b2:b7:ff:8a:3d:6c:ee:ab:55:4d:ec:45:e7:03:5f:e8:8a
Signer

Actual PE Digest

cd:a3:17:0b:bf:a9:5b:b8:5b:70:a0:24:f8:7c:da:b2:b7:ff:8a:3d:6c:ee:ab:55:4d:ec:45:e7:03:5f:e8:8a

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Code\Wizard101\Wizard_1_540_01_Live\Core\Bin\KIWebHelper.pdb

Imports

libcef

cef_string_utf16_clear
cef_string_utf16_cmp
cef_string_utf16_to_utf8
cef_log
cef_string_userfree_utf16_free
cef_process_message_create
cef_string_list_alloc
cef_string_utf8_to_utf16
cef_string_multimap_free
cef_string_multimap_alloc
cef_string_map_alloc
cef_string_multimap_append
cef_string_multimap_value
cef_string_multimap_key
cef_string_multimap_size
cef_string_map_append
cef_string_map_value
cef_string_map_key
cef_string_map_size
cef_string_list_append
cef_string_list_value
cef_string_list_size
cef_v8context_get_current_context
cef_api_hash
cef_string_utf8_clear
cef_string_map_free
cef_execute_process
cef_register_extension
cef_list_value_create
cef_v8value_create_array
cef_v8value_create_string
cef_v8value_create_double
cef_v8value_create_int
cef_v8value_create_bool
cef_v8value_create_null
cef_string_list_free
cef_string_utf16_set

kernel32

SystemTimeToFileTime
MoveFileA
CopyFileA
GetModuleHandleA
GetSystemTime
SetHandleInformation
WriteFile
UnlockFile
SetFileTime
SetFilePointer
SetEndOfFile
RemoveDirectoryA
ReadFile
LockFileEx
GetFileTime
GetFileAttributesA
GetDiskFreeSpaceA
FlushFileBuffers
FindNextFileA
FindFirstFileA
FindClose
DeleteFileA
CreateFileA
CreateDirectoryA
GetModuleFileNameA
VirtualFree
VirtualAlloc
GetSystemInfo
SetLastError
GetLastError
MultiByteToWideChar
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
CloseHandle
InitializeCriticalSection
ReleaseSemaphore
WaitForSingleObject
CreateThread
SetThreadPriority
GetThreadPriority
ExitThread
TlsAlloc
TlsFree
CreateSemaphoreA
GetCommandLineA
GetProcessTimes
GetCurrentProcess
GetCurrentProcessId
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
InitializeSListHead
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
CreateEventW
WaitForSingleObjectEx
InitializeCriticalSectionAndSpinCount
OutputDebugStringA
IsDebuggerPresent
Sleep
GetCurrentThread
RtlCaptureContext
ResetEvent
SetEvent
WaitForMultipleObjects
WaitForMultipleObjectsEx
CreateEventA
LoadLibraryA
GetProcAddress
GetModuleHandleW
FreeLibrary
GetCurrentThreadId
TlsSetValue
TlsGetValue
OpenProcess
CreateProcessA
GetExitCodeProcess
TerminateProcess

msvcp140

?_Xlength_error@std@@YAXPEBD@Z
?_Raise_handler@std@@3P6AXAEBVexception@stdext@@@ZEA
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Xout_of_range@std@@YAXPEBD@Z

vcruntime140

__std_exception_destroy
__std_exception_copy
__std_terminate
__CxxFrameHandler3
memchr
memcmp
memcpy
memmove
_purecall
memset
strchr
_CxxThrowException
__std_type_info_name
__C_specific_handler
wcschr
__std_type_info_compare

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_c_exit
_initialize_narrow_environment
_configure_narrow_argv
strerror
_register_onexit_function
system
_errno
perror
strerror_s
_crt_atexit
exit
_cexit
_seh_filter_exe
_invoke_watson
_invalid_parameter_noinfo_noreturn
_exit
_initterm_e
_initterm
_initialize_onexit_table
_get_narrow_winmain_command_line
terminate
_set_app_type

api-ms-win-crt-heap-l1-1-0

free
malloc
_set_new_mode
_callnewh

api-ms-win-crt-time-l1-1-0

_gmtime32
_ftime32
clock
_localtime32_s
_localtime32
strftime

api-ms-win-crt-string-l1-1-0

strcmp
isspace
toupper
tolower
isxdigit
isalnum
strncpy
strtok
strncmp

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsscanf
fwrite
fclose
fopen_s
_mktemp_s
__stdio_common_vfprintf
__acrt_iob_func
__stdio_common_vsprintf
__p__commode
__stdio_common_vswprintf
_set_fmode

api-ms-win-crt-environment-l1-1-0

getenv
_putenv

api-ms-win-crt-convert-l1-1-0

strtoul
strtod
strtol
atoi

api-ms-win-crt-math-l1-1-0

asinf
ceilf
sinf
__setusermatherr
atan2f
sqrtf
cosf

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

zlib1v142x64

inflateEnd
inflate
inflateInit_
deflate
uncompress
compress2
deflateEnd
deflateInit_

dbghelp

SymFunctionTableAccess64
StackWalk64
SymGetModuleBase64

ws2_32

ntohs
listen
inet_ntoa
inet_addr
select
getpeername
closesocket
bind
accept
socket
recv
WSAEventSelect
WSAEnumNetworkEvents
WSACleanup
WSAStartup
htons
connect
WSAGetLastError
gethostbyname
send

winmm

timeEndPeriod
timeBeginPeriod
timeGetTime
timeGetDevCaps

user32

MessageBoxA

api-ms-win-crt-filesystem-l1-1-0

_chmod

Sections

.text
Size: 613KB - Virtual size: 613KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 185KB - Virtual size: 185KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1347785cb24c458b9fab587930b41ba2

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

04:31:61:a4:65:90:c7:69:8c:4c:8f:9f:1a:6d:aa:9bCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

cd:a3:17:0b:bf:a9:5b:b8:5b:70:a0:24:f8:7c:da:b2:b7:ff:8a:3d:6c:ee:ab:55:4d:ec:45:e7:03:5f:e8:8aSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

libcef

kernel32

msvcp140

vcruntime140

vcruntime140_1

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

zlib1v142x64

dbghelp

ws2_32

winmm

user32

api-ms-win-crt-filesystem-l1-1-0

Sections

.text Size: 613KB - Virtual size: 613KB

.rdata Size: 185KB - Virtual size: 185KB

.data Size: 7KB - Virtual size: 39KB

.pdata Size: 41KB - Virtual size: 40KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 6KB - Virtual size: 6KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

04:31:61:a4:65:90:c7:69:8c:4c:8f:9f:1a:6d:aa:9b
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

cd:a3:17:0b:bf:a9:5b:b8:5b:70:a0:24:f8:7c:da:b2:b7:ff:8a:3d:6c:ee:ab:55:4d:ec:45:e7:03:5f:e8:8a
Signer

.text
Size: 613KB - Virtual size: 613KB

.rdata
Size: 185KB - Virtual size: 185KB

.data
Size: 7KB - Virtual size: 39KB

.pdata
Size: 41KB - Virtual size: 40KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 6KB - Virtual size: 6KB