81d1e936a8f817e01344049ce63b41e968fec7b265c9d2ab6678412904f15178

Resubmissions

18-04-2024 11:16

240418-ndcfpscf5y 10

18-04-2024 11:16

18-04-2024 11:16

18-04-2024 11:16

18-04-2024 11:16

18-04-2024 09:58

Sharing

Copy URL

Twitter E-mail

General

Target

81d1e936a8f817e01344049ce63b41e968fec7b265c9d2ab6678412904f15178
Size

224KB
MD5

dceece60dcee5fd4d47755d6b3a85a75
SHA1

6969cc2f1939fd4373a83a2e607318e2cf7d78aa
SHA256

81d1e936a8f817e01344049ce63b41e968fec7b265c9d2ab6678412904f15178
SHA512

da5c40491463e6cd94486d06ccda76a7eaf15fdb04e1015b6ec24d8f023ec06a91115b309e7d144aa628b93a634e2b79ea6421a8708c9b837c6a3c43ac38ef7f
SSDEEP

3072:/kHyNZCT7RbVv513b2cLrEJeGUDL61UNmUCFh9W8Nf3IAK9EjCcak+OWgY5:VCTh/V3DeewB93I/+UOXC

Score

1^/10

Malware Config

Signatures

Files

81d1e936a8f817e01344049ce63b41e968fec7b265c9d2ab6678412904f15178
.exe windows:4 windows x86 arch:x86

a00eb146d4bc6ba9a6218fe31b7a8430

Code Sign

02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10-11-2006 00:00

Not After

10-11-2031 00:00

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:47:3c:3c:19:d9:e1:a9:42:9b:58:b6:fa:ec:29:67
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

19-02-2020 00:00

Not After

22-02-2021 12:00

Subject

SERIALNUMBER=7576076,CN=Digital Leadership Solutions Limited,O=Digital Leadership Solutions Limited,L=Paraparaumu,C=NZ,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024e5a

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2014 00:00

Not After

22-10-2024 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18-04-2012 12:00

Not After

18-04-2027 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10-11-2006 00:00

Not After

10-11-2021 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

50:0e:c6:67:17:ac:aa:ac:c0:41:c1:6f:08:6a:a6:57:0f:5f:06:38
Signer

Actual PE Digest

50:0e:c6:67:17:ac:aa:ac:c0:41:c1:6f:08:6a:a6:57:0f:5f:06:38

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4424
ord3574
ord609
ord567
ord825
ord4275
ord2078
ord6215
ord4299
ord3573
ord1641
ord3626
ord3663
ord2414
ord6199
ord800
ord860
ord540
ord2379
ord2818
ord283
ord2754
ord1168
ord2411
ord2023
ord4218
ord2578
ord4398
ord3582
ord616
ord2080
ord3317
ord755
ord470
ord850
ord6289
ord539
ord968
ord3832
ord3315
ord1648
ord1238
ord4407
ord6741
ord6508
ord6919
ord835
ord4287
ord6613
ord6766
ord3874
ord3610
ord656
ord2089
ord5981
ord535
ord861
ord537
ord1601
ord5710
ord823
ord858
ord758
ord475
ord5647
ord3909
ord640
ord1640
ord323
ord1567
ord690
ord1988
ord5207
ord532
ord6877
ord389
ord268
ord1228
ord6084
ord1771
ord6366
ord2413
ord2024
ord4219
ord2581
ord4401
ord3639
ord3571
ord3619
ord692
ord1146
ord2841
ord2450
ord6172
ord5873
ord5789
ord2107
ord4083
ord1795
ord2864
ord5148
ord641
ord802
ord2514
ord6569
ord853
ord2513
ord293
ord926
ord3499
ord2515
ord355
ord1572
ord924
ord5450
ord5440
ord6383
ord6394
ord815
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord3401
ord4622
ord3670
ord561
ord3952
ord2724
ord6354
ord1216
ord6467
ord1227
ord1877
ord4249
ord2486
ord2687
ord6364
ord4472
ord5498
ord3278
ord3353
ord3749
ord446
ord743
ord1177
ord1226
ord1210
ord3530
ord2439
ord1693
ord5618
ord994
ord4342
ord4687
ord4639
ord5674
ord2156
ord4856
ord4920
ord6002
ord2137
ord1963
ord5213
ord2953
ord3868
ord5150
ord4705
ord4707
ord2876
ord5649
ord4113
ord4661
ord4660
ord4768
ord4650
ord4903
ord4548
ord4521
ord4594
ord4988
ord4925
ord4930
ord4935
ord4659
ord4909
ord4908
ord4668
ord4667
ord4666
ord4648
ord4689
ord5023
ord4654
ord4643
ord4354
ord4780
ord4649
ord4637
ord4636
ord5060
ord4584
ord4371
ord4361
ord4356
ord4739
ord4741
ord4738
ord4409
ord4603
ord5008
ord4415
ord4992
ord4979
ord2488
ord3404
ord4539
ord2954
ord2384
ord6370
ord2983
ord3148
ord3260
ord4466
ord3269
ord2986
ord3080
ord4081
ord4624
ord5825
ord3721
ord795
ord723
ord3946
ord423
ord6880
ord5314
ord5332
ord2541
ord2998
ord4949
ord324
ord2116
ord2099
ord4459
ord5033
ord6030
ord2241
ord3470
ord452
ord2795
ord6262
ord1892
ord4252
ord3326
ord6365
ord1212
ord4570
ord4672
ord4843
ord5011
ord5265
ord4376
ord4853
ord4998
ord6052
ord1775
ord6371
ord5286
ord4438
ord3279
ord4625
ord4425
ord449
ord746
ord2278
ord4713
ord5280
ord3597
ord6438
ord542
ord2370
ord2302
ord4234
ord1086
ord4710
ord2642
ord3092
ord3708
ord781
ord1085
ord6663
ord2764
ord4204
ord3771
ord6134
ord4220
ord2584
ord3654
ord2438
ord6270
ord1644
ord6136
ord3767
ord6376
ord2055
ord1116
ord1176
ord1575
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord1578
ord600
ord826
ord269
ord2648
ord4441
ord4837
ord3798
ord5290
ord4353
ord6374
ord5163
ord2385
ord5241
ord4396
ord1776
ord4078
ord6055
ord2575
ord3681
ord3402
ord1576

msvcrt

__CxxFrameHandler
_mbscmp
_setmbcp
_CxxThrowException
sscanf
_ftol
wcslen
wcsncpy
_EH_prolog
??1type_info@@UAE@XZ
__dllonexit
_onexit
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_controlfp
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3

kernel32

MultiByteToWideChar
GetLastError
lstrlenA
InterlockedDecrement
GetStartupInfoA
GetProcAddress
LoadLibraryW
ExitProcess
LocalFree
GetModuleHandleA
lstrlenW
WideCharToMultiByte
LocalAlloc

user32

EnableWindow
SendMessageA
SetCapture
PtInRect
ReleaseCapture
DrawEdge
ActivateKeyboardLayout
CreatePopupMenu
LockWindowUpdate
InsertMenuA
GetWindowRect
GetCursorPos
ScreenToClient
LoadCursorA
SetCursor
CopyRect
DrawStateA
GetSysColor
LoadBitmapA
OffsetRect
GetWindowLongA
GetClientRect
LoadImageA
FrameRect
InvalidateRect
DrawFrameControl
InflateRect
IsWindow

gdi32

CreateFontIndirectA
CreateCompatibleDC
CreateSolidBrush
LPtoDP

shell32

SHGetFileInfoA
ShellExecuteA

ole32

CoTaskMemAlloc
CLSIDFromString
CLSIDFromProgID
CreateStreamOnHGlobal
OleRun
CoCreateInstance

olepro32

ord251

oleaut32

VariantInit
LoadRegTypeLi
VariantCopy
SysAllocString
SysFreeString
SafeArrayGetDim
VariantClear
GetErrorInfo
SetErrorInfo
VariantChangeType
CreateErrorInfo

Sections

.text
Size: 96KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

a00eb146d4bc6ba9a6218fe31b7a8430

Code Sign

02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77Certificate

Key Usages

06:47:3c:3c:19:d9:e1:a9:42:9b:58:b6:fa:ec:29:67Certificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

50:0e:c6:67:17:ac:aa:ac:c0:41:c1:6f:08:6a:a6:57:0f:5f:06:38Signer

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

shell32

ole32

olepro32

oleaut32

Sections

.text Size: 96KB - Virtual size: 92KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 4KB - Virtual size: 11KB

.idata Size: 8KB - Virtual size: 6KB

.rsrc Size: 76KB - Virtual size: 74KB

.reloc Size: 12KB - Virtual size: 9KB

02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77
Certificate

06:47:3c:3c:19:d9:e1:a9:42:9b:58:b6:fa:ec:29:67
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

50:0e:c6:67:17:ac:aa:ac:c0:41:c1:6f:08:6a:a6:57:0f:5f:06:38
Signer

.text
Size: 96KB - Virtual size: 92KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 4KB - Virtual size: 11KB

.idata
Size: 8KB - Virtual size: 6KB

.rsrc
Size: 76KB - Virtual size: 74KB

.reloc
Size: 12KB - Virtual size: 9KB