c03292fca415b51d08da32e2f7226f66382eb391e19d53e3d81e3e3ba73aa8c1

Sharing

Copy URL Twitter E-mail

General

Target

c03292fca415b51d08da32e2f7226f66382eb391e19d53e3d81e3e3ba73aa8c1
Size

2.6MB
MD5

22adbffd1dbf3e13d036f936049a2e98
SHA1

52932be0bd8e381127aab9c639e6699fd1ecf268
SHA256

c03292fca415b51d08da32e2f7226f66382eb391e19d53e3d81e3e3ba73aa8c1
SHA512

1a35885d44181378cf39519d63b5f2637426d35a2948ba3a24f7478f5fb4221499dad053670d433ee65ecd319ec1f0383b257ee214468694d5470871a4f42547
SSDEEP

24576:vlym6I0Ti0LthzrbWah/8UNefRNCodot:9b10LthzHtZNez+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/AppvIsvSubsystems64.dll

Files

c03292fca415b51d08da32e2f7226f66382eb391e19d53e3d81e3e3ba73aa8c1
.iso
out.iso
.iso
AppvIsvSubsystems64.dll
.dll windows:6 windows x64 arch:x64

965e8d70fa0543eabcd0b4d7936ed17c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

vcruntime140

memcpy
__std_type_info_destroy_list
memset
__C_specific_handler

api-ms-win-crt-stdio-l1-1-0

fseek
fclose
fread_s
fopen_s
ftell

api-ms-win-crt-runtime-l1-1-0

_initterm
_cexit
_crt_atexit
_initterm_e
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
exit
_execute_onexit_table

api-ms-win-crt-heap-l1-1-0

free

kernel32

UnhandledExceptionFilter
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
CloseHandle
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetProcAddress
GetModuleHandleW

Exports

Exports

APIExportForDetours
CurrentThreadIsVirtualized
IsProcessHooked
RequestUnhookedFunctionList
VirtualizeCurrentProcess
VirtualizeCurrentThread

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 684B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Note .exe
.exe windows:6 windows x64 arch:x64

Code Sign

33:00:00:04:91:64:62:f3:b7:3e:e2:0c:cd:00:00:00:00:04:91
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/05/2022, 20:47

Not After

11/05/2023, 20:47

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:02:d0:e7:eb:7c:2e:f6:ce:23:e1:00:00:00:00:02:d0
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/05/2022, 20:46

Not After

11/05/2023, 20:46

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

19:a1:52:2e:ee:d1:00:7c:c9:8b:46:d4:00:57:b2:17:b0:56:25:69:13:df:14:07:6b:43:7a:c2:50:28:07:8e
Signer

Actual PE Digest

19:a1:52:2e:ee:d1:00:7c:c9:8b:46:d4:00:57:b2:17:b0:56:25:69:13:df:14:07:6b:43:7a:c2:50:28:07:8e

Digest Algorithm

sha256

PE Digest Matches

true

19:a1:52:2e:ee:d1:00:7c:c9:8b:46:d4:00:57:b2:17:b0:56:25:69:13:df:14:07:6b:43:7a:c2:50:28:07:8e
Signer

Actual PE Digest

19:a1:52:2e:ee:d1:00:7c:c9:8b:46:d4:00:57:b2:17:b0:56:25:69:13:df:14:07:6b:43:7a:c2:50:28:07:8e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\dbs\el\na1\Target\x64\ship\postc2r\x-none\winword.pdb

Exports

Exports

DllGetLCID

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.c2r
Size: 512B - Virtual size: 356B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bdcmetadataresource.xsd

Sharing

General

Malware Config

Signatures

Files

965e8d70fa0543eabcd0b4d7936ed17c

Headers

DLL Characteristics

File Characteristics

Imports

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

kernel32

Exports

Exports

Sections

.text Size: 16KB - Virtual size: 16KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 512B - Virtual size: 2KB

.pdata Size: 1024B - Virtual size: 684B

.reloc Size: 512B - Virtual size: 52B

Code Sign

33:00:00:04:91:64:62:f3:b7:3e:e2:0c:cd:00:00:00:00:04:91Certificate

Extended Key Usages

61:0c:52:4c:00:00:00:00:00:03Certificate

Key Usages

33:00:00:02:d0:e7:eb:7c:2e:f6:ce:23:e1:00:00:00:00:02:d0Certificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

19:a1:52:2e:ee:d1:00:7c:c9:8b:46:d4:00:57:b2:17:b0:56:25:69:13:df:14:07:6b:43:7a:c2:50:28:07:8eSigner

19:a1:52:2e:ee:d1:00:7c:c9:8b:46:d4:00:57:b2:17:b0:56:25:69:13:df:14:07:6b:43:7a:c2:50:28:07:8eSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Exports

Exports

Sections

.text Size: 14KB - Virtual size: 14KB

.rdata Size: 9KB - Virtual size: 8KB

.data Size: 1024B - Virtual size: 2KB

.pdata Size: 1KB - Virtual size: 1KB

.didat Size: 512B - Virtual size: 32B

.c2r Size: 512B - Virtual size: 356B

.rsrc Size: 1.5MB - Virtual size: 1.5MB

.reloc Size: 512B - Virtual size: 160B

.text
Size: 16KB - Virtual size: 16KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 2KB

.pdata
Size: 1024B - Virtual size: 684B

.reloc
Size: 512B - Virtual size: 52B

33:00:00:04:91:64:62:f3:b7:3e:e2:0c:cd:00:00:00:00:04:91
Certificate

61:0c:52:4c:00:00:00:00:00:03
Certificate

33:00:00:02:d0:e7:eb:7c:2e:f6:ce:23:e1:00:00:00:00:02:d0
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

19:a1:52:2e:ee:d1:00:7c:c9:8b:46:d4:00:57:b2:17:b0:56:25:69:13:df:14:07:6b:43:7a:c2:50:28:07:8e
Signer

19:a1:52:2e:ee:d1:00:7c:c9:8b:46:d4:00:57:b2:17:b0:56:25:69:13:df:14:07:6b:43:7a:c2:50:28:07:8e
Signer

.text
Size: 14KB - Virtual size: 14KB

.rdata
Size: 9KB - Virtual size: 8KB

.data
Size: 1024B - Virtual size: 2KB

.pdata
Size: 1KB - Virtual size: 1KB

.didat
Size: 512B - Virtual size: 32B

.c2r
Size: 512B - Virtual size: 356B

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

.reloc
Size: 512B - Virtual size: 160B