eb7ac15e6d6f2604e94643c2840557e0132ab3e714d652452d4043f8ebf88175

Sharing

Copy URL

Twitter E-mail

General

Target

eb7ac15e6d6f2604e94643c2840557e0132ab3e714d652452d4043f8ebf88175
Size

262KB
MD5

b53cbe89c13dd860360eabd0b5424509
SHA1

6f1d45bc304d2e0a795e01a50085cd4f6d11fcb2
SHA256

eb7ac15e6d6f2604e94643c2840557e0132ab3e714d652452d4043f8ebf88175
SHA512

452607cf1bea2baab730baea7e55f2e9d35ef2d65d7d8ac4805ce7b3473eb450e3d4b9e979bc95f4a2dd796ee1ecf34b24ef31f6fc6d12648e94cfab96a40f70
SSDEEP

3072:ICw9AVKwGEOic8G7a7uIKtc/uBiXaSvTwxcQfGFTvDqwxoTO7zfF0HuYkV1SDYfW:KAbwm71Q4Ica6oTO7ziCd5yoeie3

Score

1^/10

Malware Config

Signatures

Files

eb7ac15e6d6f2604e94643c2840557e0132ab3e714d652452d4043f8ebf88175
.dll windows:5 windows x86 arch:x86

78c630ba32eae87bbf5f178042732777

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28-07-2020 00:00

Not After

18-03-2029 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28-07-2020 00:00

Not After

28-07-2030 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1f:6c:98:ca:ad:2a:e7:c1:8a:bb:ca:ad
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

17-06-2022 13:01

Not After

17-06-2025 13:01

Subject

SERIALNUMBER=02386638,CN=NETSUPPORT LTD.,O=NETSUPPORT LTD.,STREET=Netsupport House Towngate East\, Market Deeping,L=Peterborough,ST=Cambridgeshire,C=GB,1.2.840.113549.1.9.1=#0c196973406e6574737570706f7274736f6674776172652e636f6d,1.3.6.1.4.1.311.60.2.1.3=#13024742,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6a
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06-04-2022 07:45

Not After

08-05-2033 07:45

Subject

CN=Globalsign TSA for CodeSign1 - R6,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20-06-2018 00:00

Not After

10-12-2034 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10-12-2014 00:00

Not After

10-12-2034 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28-07-2020 00:00

Not After

18-03-2029 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28-07-2020 00:00

Not After

28-07-2030 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1f:6c:98:ca:ad:2a:e7:c1:8a:bb:ca:ad
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

17-06-2022 13:01

Not After

17-06-2025 13:01

Subject

SERIALNUMBER=02386638,CN=NETSUPPORT LTD.,O=NETSUPPORT LTD.,STREET=Netsupport House Towngate East\, Market Deeping,L=Peterborough,ST=Cambridgeshire,C=GB,1.2.840.113549.1.9.1=#0c196973406e6574737570706f7274736f6674776172652e636f6d,1.3.6.1.4.1.311.60.2.1.3=#13024742,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6a
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06-04-2022 07:45

Not After

08-05-2033 07:45

Subject

CN=Globalsign TSA for CodeSign1 - R6,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20-06-2018 00:00

Not After

10-12-2034 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10-12-2014 00:00

Not After

10-12-2034 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

db:fb:1d:9d:8d:c4:1d:e8:0b:43:cc:a7:e7:db:e0:fc:cb:39:73:a6:e7:5c:3a:43:ff:64:bc:e1:d4:19:27:1f
Signer

Actual PE Digest

db:fb:1d:9d:8d:c4:1d:e8:0b:43:cc:a7:e7:db:e0:fc:cb:39:73:a6:e7:5c:3a:43:ff:64:bc:e1:d4:19:27:1f

Digest Algorithm

sha256

PE Digest Matches

true

25:f6:88:93:66:5d:49:c0:a6:e7:72:4f:3a:62:ec:f7:45:3a:5c:13
Signer

Actual PE Digest

25:f6:88:93:66:5d:49:c0:a6:e7:72:4f:3a:62:ec:f7:45:3a:5c:13

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\nsmsrc\nsm\1410\1410\PCIAppCtrl\Release_unicode\pciappctrl.pdb

Imports

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

kernel32

GetVersionExW
GetLocalTime
GetTempPathW
GetModuleFileNameW
OutputDebugStringW
GetSystemTimeAsFileTime
GetProcessTimes
GetCurrentProcess
GetCurrentThreadId
GetTickCount
GetLastError
ExitProcess
SetLastError
GetVersion
MultiByteToWideChar
WideCharToMultiByte
VirtualQuery
VirtualProtect
IsBadReadPtr
LeaveCriticalSection
LoadLibraryA
GetModuleHandleA
EnterCriticalSection
InitializeCriticalSection
DeleteCriticalSection
LoadLibraryW
FreeLibrary
InterlockedDecrement
DeviceIoControl
GetComputerNameW
GetDriveTypeW
SetEvent
UnmapViewOfFile
WaitForMultipleObjects
Sleep
WaitForSingleObject
OpenEventW
MapViewOfFile
OpenFileMappingW
ResetEvent
CreateThread
LocalFree
CreateFileMappingW
LocalAlloc
TerminateThread
InterlockedIncrement
OpenMutexA
CreateMutexA
ReleaseMutex
GetWindowsDirectoryW
GetExitCodeThread
OpenMutexW
DisableThreadLibraryCalls
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
FatalAppExitA
GetStringTypeW
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
SetFilePointer
ReadFile
GetStartupInfoW
GetFileType
SetHandleCount
GetLocaleInfoW
HeapSize
HeapDestroy
HeapCreate
IsValidLocale
GetStdHandle
WriteFile
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
TerminateProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LCMapStringW
GetCurrentThread
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetCommandLineA
CreateEventW
GetModuleHandleW
GetProcAddress
GetCurrentProcessId
OpenProcess
CloseHandle
CompareStringW
HeapReAlloc
WriteConsoleW
SetEndOfFile
OutputDebugStringA
GetProcessHeap
InterlockedExchange
SetConsoleCtrlHandler
DecodePointer
EncodePointer
CreateFileW
FlushFileBuffers
GetConsoleMode
GetConsoleCP
SetStdHandle
HeapAlloc
HeapFree
RaiseException

user32

IsWindowVisible
GetWindow
UnhookWindowsHookEx
EnumWindows
FindWindowExW
SendMessageTimeoutW
SetWindowsHookExW
GetMenuState
EnableMenuItem
CallNextHookEx
GetWindowThreadProcessId
RegisterWindowMessageW
MsgWaitForMultipleObjects
IsIconic
SetForegroundWindow
ShowWindow
GetWindowTextW
wvsprintfW
wsprintfA
SendMessageW
PostMessageW
IsWindow
GetClassNameW
FindWindowW
CharUpperW
PostThreadMessageW
GetMessageW
TranslateMessage
DispatchMessageW
GetGuiResources
SetTimer
MessageBoxW
KillTimer
PeekMessageW
PostQuitMessage
wsprintfW
SetWindowTextW

advapi32

RegQueryValueExW
RegCloseKey
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
GetTokenInformation
RegOpenKeyExW

dbghelp

ImageDirectoryEntryToData

mpr

WNetGetUniversalNameW

ntdll

RtlInitUnicodeString
RtlUnwind
_strlwr
ZwClose

Exports

Exports

EnablePrinting
EnableResumePrintJob
GetOpticalDriveAccess
GetUSBMassStorageAccess
InstallHook
InstallHook2
ProtectMe
RemoveHook
ResetCommands
SetBadPID
SetCommand
SetConnected
SetOpticalDriveAccess
SetSharedDataChanged
SetUSBMassStorageAccess
_AppHookProc@12
_DevCtrlHookProc@12
_HookProc@12
_ShellHookProc@12

Sections

.text
Size: 181KB - Virtual size: 181KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.devmans
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.HookSec
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.prnmans
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

78c630ba32eae87bbf5f178042732777

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54Certificate

Extended Key Usages

Key Usages

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

1f:6c:98:ca:ad:2a:e7:c1:8a:bb:ca:adCertificate

Extended Key Usages

Key Usages

01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6aCertificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51Certificate

Key Usages

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54Certificate

Extended Key Usages

Key Usages

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

1f:6c:98:ca:ad:2a:e7:c1:8a:bb:ca:adCertificate

Extended Key Usages

Key Usages

01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6aCertificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51Certificate

Key Usages

db:fb:1d:9d:8d:c4:1d:e8:0b:43:cc:a7:e7:db:e0:fc:cb:39:73:a6:e7:5c:3a:43:ff:64:bc:e1:d4:19:27:1fSigner

25:f6:88:93:66:5d:49:c0:a6:e7:72:4f:3a:62:ec:f7:45:3a:5c:13Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

kernel32

user32

advapi32

dbghelp

mpr

ntdll

Exports

Exports

Sections

.text Size: 181KB - Virtual size: 181KB

.rdata Size: 30KB - Virtual size: 30KB

.data Size: 12KB - Virtual size: 24KB

.devmans Size: 512B - Virtual size: 8B

.HookSec Size: 2KB - Virtual size: 1KB

.prnmans Size: 512B - Virtual size: 12B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 9KB - Virtual size: 8KB

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

1f:6c:98:ca:ad:2a:e7:c1:8a:bb:ca:ad
Certificate

01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6a
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

1f:6c:98:ca:ad:2a:e7:c1:8a:bb:ca:ad
Certificate

01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6a
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

db:fb:1d:9d:8d:c4:1d:e8:0b:43:cc:a7:e7:db:e0:fc:cb:39:73:a6:e7:5c:3a:43:ff:64:bc:e1:d4:19:27:1f
Signer

25:f6:88:93:66:5d:49:c0:a6:e7:72:4f:3a:62:ec:f7:45:3a:5c:13
Signer

.text
Size: 181KB - Virtual size: 181KB

.rdata
Size: 30KB - Virtual size: 30KB

.data
Size: 12KB - Virtual size: 24KB

.devmans
Size: 512B - Virtual size: 8B

.HookSec
Size: 2KB - Virtual size: 1KB

.prnmans
Size: 512B - Virtual size: 12B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 9KB - Virtual size: 8KB