8eddbe8ca493d53ec3fab3fdcc8c436357a60753597d1d7514671334bff23d54

Sharing

Copy URL Twitter E-mail

General

Target

8eddbe8ca493d53ec3fab3fdcc8c436357a60753597d1d7514671334bff23d54
Size

809KB
MD5

2a02ed9d126855713f186b16659121a4
SHA1

82fb4c6b758f1fa7e0da3ba070278ba13cf99496
SHA256

8eddbe8ca493d53ec3fab3fdcc8c436357a60753597d1d7514671334bff23d54
SHA512

49fd61aa92ddb1cccb6647cdc682910340cbbc348248c39611201c925b37cdba1f70e0dee06f2ede183cd66a5e5285704d65d891f6a33413c263945e0738cfe0
SSDEEP

12288:SFKMe0pjZ5X1RkXW5NkaAYh4ufowCSUm90uD1U5:SNdP1RkXzaAo4ZDm9RU5

Score

10^/10

Malware Config

Signatures

Detects executables calling ClearMyTracksByProcess 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_ClearMyTracksByProcess

Files

8eddbe8ca493d53ec3fab3fdcc8c436357a60753597d1d7514671334bff23d54
.exe windows:4 windows x86 arch:x86

0298354a3d6bbe165ed9166d11334121

Code Sign

44:55:02:1f
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA

Not Before

14/04/2024, 15:15

Not After

14/04/2025, 15:15

Subject

CN=TOPERSOFT®

Extended Key Usages

ExtKeyUsageCodeSigning

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

f3:d9:a9:69:b5:ae:31:04:9a:00:39:49:b8:74:7e:60:1e:f7:16:e8
Signer

Actual PE Digest

f3:d9:a9:69:b5:ae:31:04:9a:00:39:49:b8:74:7e:60:1e:f7:16:e8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarTstGt
__vbaVarSub
_CIcos
_adj_fptan
__vbaVarMove
__vbaVarVargNofree
__vbaFreeVar
__vbaLateIdCall
__vbaLineInputStr
__vbaLenBstr
__vbaStrVarMove
__vbaEnd
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaRecAnsiToUni
ord519
__vbaResume
__vbaStrCat
__vbaRecDestruct
__vbaSetSystemError
__vbaHresultCheckObj
__vbaLenVar
_adj_fdiv_m32
ord666
__vbaAryDestruct
ord593
__vbaExitProc
ord594
ord595
__vbaObjSet
__vbaStrLike
__vbaOnError
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
ord520
__vbaVarTstLt
__vbaBoolVarNull
_CIsin
ord525
__vbaVarZero
ord632
__vbaVargVarMove
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
ord529
__vbaStrCmp
__vbaVarTstEq
__vbaI2I4
__vbaObjVar
__vbaVarLikeVar
DllFunctionCall
__vbaVarLateMemSt
_adj_fpatan
__vbaLateIdCallLd
__vbaRedim
__vbaRecUniToAnsi
EVENT_SINK_Release
ord600
__vbaUI1I2
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord712
__vbaPrintFile
__vbaStrToUnicode
ord606
_adj_fprem
_adj_fdivr_m64
ord607
ord608
ord716
__vbaFPException
__vbaInStrVar
__vbaStrVarVal
__vbaVarCat
ord535
ord537
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaInStr
__vbaVarLateMemCallLdRf
ord648
__vbaNew2
ord571
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaVarNot
__vbaFreeStrList
ord576
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaVarTstNe
__vbaI4Var
__vbaVarCmpEq
__vbaVarAdd
__vbaLateMemCall
__vbaVarDup
__vbaStrToAnsi
__vbaFpI2
__vbaFpI4
__vbaVarLateMemCallLd
__vbaVarCopy
ord616
__vbaRecDestructAnsi
__vbaLateMemCallLd
_CIatan
__vbaStrMove
__vbaStrVarCopy
__vbaLateIdNamedCall
_allmul
__vbaLateIdSt
_CItan
ord546
__vbaFPInt
_CIexp
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 760KB - Virtual size: 758KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0298354a3d6bbe165ed9166d11334121

Code Sign

44:55:02:1fCertificate

Extended Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

f3:d9:a9:69:b5:ae:31:04:9a:00:39:49:b8:74:7e:60:1e:f7:16:e8Signer

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 760KB - Virtual size: 758KB

.data Size: 4KB - Virtual size: 9KB

.rsrc Size: 36KB - Virtual size: 33KB

44:55:02:1f
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

f3:d9:a9:69:b5:ae:31:04:9a:00:39:49:b8:74:7e:60:1e:f7:16:e8
Signer

.text
Size: 760KB - Virtual size: 758KB

.data
Size: 4KB - Virtual size: 9KB

.rsrc
Size: 36KB - Virtual size: 33KB