bd3be94afa57936741a5debde1eff537dcd7c7bc79ccfa9739c4614efc424eeb

Resubmissions

16-04-2024 18:30

240416-w5thasah21 8

16-04-2024 18:23

240416-w1n21saf9t 8

Sharing

Copy URL

Twitter E-mail

General

Target

bd3be94afa57936741a5debde1eff537dcd7c7bc79ccfa9739c4614efc424eeb
Size

447KB
MD5

c8498405ab7a73429e2a49f58c861a68
SHA1

ad207f5c379fbaf05a2a02e67c2a506dd5bffc89
SHA256

bd3be94afa57936741a5debde1eff537dcd7c7bc79ccfa9739c4614efc424eeb
SHA512

02add9fc1e8d0892b205b7423f887925fd15d88a71edb3d52d07f4e1cf96f01bd8bc897f33e9b5e4eac9d57fabf29ab3775b50d7c2f54541ed0fb43f5ad2747f
SSDEEP

6144:oVIUzmYXbyCRftHgU3CEDwRCEiEwR93v1Nb0thkhOwaw:jU/ry8VH13kCvEaF9kmYwaw

Score

1^/10

Malware Config

Signatures

Files

bd3be94afa57936741a5debde1eff537dcd7c7bc79ccfa9739c4614efc424eeb
.exe windows:4 windows x86 arch:x86

ea50a75036bd9b795ea1c0adc5b9d591

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01-08-1996 00:00

Not After

31-12-2020 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

4e:eb:08:05:55:f1:ab:f7:09:bb:a9:ca:e3:2f:13:cd
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

19-06-2009 00:00

Not After

19-06-2011 23:59

Subject

CN=MGAME Corp.,OU=Web Dev Team,O=MGAME Corp.,L=Geumcheon-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

36:12:22:96:c5:e3:38:a5:20:a1:d2:5f:4c:d7:09:54
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01-08-1996 00:00

Not After

01-01-2021 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06-08-2003 00:00

Not After

05-08-2013 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

27:ba:b6:b1:c7:81:42:fe:85:2f:f1:d2:2b:7f:e4:7c:a6:ba:67:d4
Signer

Actual PE Digest

27:ba:b6:b1:c7:81:42:fe:85:2f:f1:d2:2b:7f:e4:7c:a6:ba:67:d4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

wsprintfA

advapi32

OpenServiceA
RegCreateKeyExA
ImpersonateSelf
OpenThreadToken
AllocateAndInitializeSid
InitializeSecurityDescriptor
GetLengthSid
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
IsValidSecurityDescriptor
AccessCheck
RevertToSelf
OpenProcessToken
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
CloseServiceHandle
OpenSCManagerA
StartServiceA
ChangeServiceConfig2A
RegSetValueExA
RegCreateKeyA
CreateServiceA
FreeSid

kernel32

SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
InterlockedExchange
CreateDirectoryA
FreeLibrary
GetModuleFileNameA
GetCurrentProcess
GetProcAddress
GetModuleHandleA
MultiByteToWideChar
WideCharToMultiByte
CloseHandle
GetVersionExA
WriteFile
SetFilePointer
GetLastError
CreateFileA
lstrcatA
LockResource
LoadResource
SizeofResource
FindResourceA
LoadLibraryA
GetTempFileNameA
GetTempPathA
RaiseException
SetFileAttributesA
lstrlenA
lstrcpyA
LocalFree
LocalAlloc
GetCurrentThread
CreateProcessA
GetSystemDirectoryA
ExitProcess
TerminateProcess
HeapAlloc
HeapFree
InterlockedDecrement
InterlockedIncrement
DeleteFileA
RtlUnwind
GetStartupInfoA
GetCommandLineA
GetVersion
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
GetCPInfo
GetACP
GetOEMCP
ReadFile
SetHandleCount
GetStdHandle
GetFileType
LCMapStringA
LCMapStringW
Sleep
GetCurrentThreadId
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
HeapSize
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetStringTypeA
GetStringTypeW
SetStdHandle
FlushFileBuffers

Sections

.text
Size: 64KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 348KB - Virtual size: 344KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

ea50a75036bd9b795ea1c0adc5b9d591

Code Sign

01Certificate

4e:eb:08:05:55:f1:ab:f7:09:bb:a9:ca:e3:2f:13:cdCertificate

Extended Key Usages

36:12:22:96:c5:e3:38:a5:20:a1:d2:5f:4c:d7:09:54Certificate

0aCertificate

Extended Key Usages

Key Usages

27:ba:b6:b1:c7:81:42:fe:85:2f:f1:d2:2b:7f:e4:7c:a6:ba:67:d4Signer

Headers

File Characteristics

Imports

user32

advapi32

kernel32

Sections

.text Size: 64KB - Virtual size: 62KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 16KB - Virtual size: 20KB

.rsrc Size: 348KB - Virtual size: 344KB

01
Certificate

4e:eb:08:05:55:f1:ab:f7:09:bb:a9:ca:e3:2f:13:cd
Certificate

36:12:22:96:c5:e3:38:a5:20:a1:d2:5f:4c:d7:09:54
Certificate

0a
Certificate

27:ba:b6:b1:c7:81:42:fe:85:2f:f1:d2:2b:7f:e4:7c:a6:ba:67:d4
Signer

.text
Size: 64KB - Virtual size: 62KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 16KB - Virtual size: 20KB

.rsrc
Size: 348KB - Virtual size: 344KB