f4ab529f16fd2e88c1e552fdaacacf59c40cf863dfa6356beadaf310d5ae6544

Sharing

Copy URL Twitter E-mail

General

Target

f4ab529f16fd2e88c1e552fdaacacf59c40cf863dfa6356beadaf310d5ae6544
Size

878KB
MD5

00f6982debf7fc28b7e70b041bc22cf7
SHA1

0ea8bb9950585da9969e4da760837fa88505542a
SHA256

f4ab529f16fd2e88c1e552fdaacacf59c40cf863dfa6356beadaf310d5ae6544
SHA512

a2df4e0b5e2ef7fca70210d4fd0030629de41450db731d248ffd5d2c6b2938225d4d10acd768241a4084d30b31522e4bb52905221b5dab107a0753543c9eae3c
SSDEEP

12288:R42rO13CWthRtUZ1PuQB/V7oXU8OnSC+s59kr15gSQ/QwroSkohEZQ60Z:e261yWt36Z0QBpuU8HR5gS2QwroB2K0

Score

1^/10

Malware Config

Signatures

Files

f4ab529f16fd2e88c1e552fdaacacf59c40cf863dfa6356beadaf310d5ae6544
.exe windows:6 windows x64 arch:x64

3ba132b0b7b7ed434ae1838170143700

Code Sign

6b:00:00:05:41:83:54:69:e6:5e:00:7c:4c:00:00:00:00:05:41
Certificate

Issuer

CN=Microsoft RSA TLS CA 01,O=Microsoft Corporation,C=US

Not Before

03/09/2020, 19:04

Not After

03/09/2021, 19:04

Subject

CN=*.oneroute.microsoft.com

cb:7f:70:6d:9c:61:bd:bc:01:51:f5:01:a2:d2:87:7f:d4:79:e6:44
Signer

Actual PE Digest

cb:7f:70:6d:9c:61:bd:bc:01:51:f5:01:a2:d2:87:7f:d4:79:e6:44

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\SDUSER\source\repos\WindowSecurity\x64\Release\WindowSecurity.pdb

Imports

urlmon

URLDownloadToFileW

ws2_32

__WSAFDIsSet
ioctlsocket
listen
htonl
accept
WSAIoctl
WSASetLastError
socket
ntohs
getsockopt
getsockname
getpeername
connect
WSAGetLastError
send
select
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
recvfrom
sendto
ntohl
WSACloseEvent
WSACleanup
GetNameInfoW
closesocket
WSASocketW
getaddrinfo
WSAStartup
WSAConnect
InetPtonW
gethostname
recv
htons
freeaddrinfo
setsockopt
bind

user32

ShowWindow
CharUpperA
GetCursorPos

crypt32

CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertFindExtension
CertAddCertificateContextToStore
CryptDecodeObjectEx
CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptStringToBinaryA
PFXImportCertStore

kernel32

GetTimeZoneInformation
SetStdHandle
SetEndOfFile
HeapSize
GetCurrentDirectoryW
GetFullPathNameW
FindClose
HeapReAlloc
HeapFree
WriteFile
GetModuleFileNameW
SetFilePointer
WaitForSingleObject
CreateFileW
MultiByteToWideChar
Sleep
GetTempPathA
CloseHandle
GetSystemInfo
HeapAlloc
GetProcessHeap
GlobalMemoryStatusEx
CopyFileW
WideCharToMultiByte
GetConsoleWindow
GetTickCount
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
LCMapStringEx
GetStringTypeW
GetCPInfo
GetLastError
SleepEx
QueryPerformanceFrequency
GetSystemDirectoryA
FreeLibrary
GetModuleHandleA
GetProcAddress
LoadLibraryA
QueryPerformanceCounter
MoveFileExA
WaitForSingleObjectEx
GetEnvironmentVariableA
FindNextFileW
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
SetLastError
FormatMessageW
VerSetConditionMask
VerifyVersionInfoA
CreateFileA
GetFileSizeEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
DeleteFileW
CompareStringW
GetTimeFormatW
GetDateFormatW
CreatePipe
GetFileAttributesExW
GetExitCodeProcess
FlushFileBuffers
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
GetCommandLineW
GetCommandLineA
SetFilePointerEx
FreeLibraryAndExitThread
ExitThread
CreateThread
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetFileInformationByHandle
GetDriveTypeW
CreateProcessW
DuplicateHandle
GetModuleHandleExW
ExitProcess
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
RaiseException
RtlPcToFileHeader
RtlUnwindEx
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
WriteConsoleW
GetStdHandle
RtlUnwind

normaliz

IdnToAscii

wldap32

ord27
ord26
ord22
ord41
ord50
ord33
ord60
ord211
ord46
ord217
ord143
ord35
ord79
ord32
ord30
ord200
ord301
ord45

advapi32

CryptDestroyKey
CryptHashData
CryptCreateHash
CryptGenRandom
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
CryptImportKey
CryptEncrypt
CryptDestroyHash

Sections

.text
Size: 577KB - Virtual size: 577KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 160KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 101KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3ba132b0b7b7ed434ae1838170143700

Code Sign

6b:00:00:05:41:83:54:69:e6:5e:00:7c:4c:00:00:00:00:05:41Certificate

cb:7f:70:6d:9c:61:bd:bc:01:51:f5:01:a2:d2:87:7f:d4:79:e6:44Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

urlmon

ws2_32

user32

crypt32

kernel32

normaliz

wldap32

advapi32

Sections

.text Size: 577KB - Virtual size: 577KB

.rdata Size: 160KB - Virtual size: 160KB

.data Size: 5KB - Virtual size: 11KB

.pdata Size: 26KB - Virtual size: 25KB

_RDATA Size: 512B - Virtual size: 244B

.rsrc Size: 101KB - Virtual size: 101KB

.reloc Size: 4KB - Virtual size: 3KB

6b:00:00:05:41:83:54:69:e6:5e:00:7c:4c:00:00:00:00:05:41
Certificate

cb:7f:70:6d:9c:61:bd:bc:01:51:f5:01:a2:d2:87:7f:d4:79:e6:44
Signer

.text
Size: 577KB - Virtual size: 577KB

.rdata
Size: 160KB - Virtual size: 160KB

.data
Size: 5KB - Virtual size: 11KB

.pdata
Size: 26KB - Virtual size: 25KB

_RDATA
Size: 512B - Virtual size: 244B

.rsrc
Size: 101KB - Virtual size: 101KB

.reloc
Size: 4KB - Virtual size: 3KB