Office-2016-e-Serial-Atualizado-2018-Desde-200_601571[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

Office-2016-e-Serial-Atualizado-2018-Desde-200_601571.exe
Size

22.6MB
MD5

b2658c43da03bf040076d62f9dab987c
SHA1

1ecda8adc0b680aabb604d21dcb8963b8d5678d6
SHA256

37ae3b6b05ddcaa9b19b7f1ff0f25e33657c3a00e8fca0190f5f975f12e9b151
SHA512

9534c0d36764629dc17fd5aece1c018fd660b82c768735a56747072185991f2199df735d5a965aaa05dabed130c2ec9711d309acc2edb5a32cfecdd123ff6217
SSDEEP

393216:Seun/sw/hb0kGcd+yS1Af3EZxRZndSk9bGWqCgu5op+wiCYCr2sfqisfUn:Sei0kGcd+yS1Af3KEkTqA5a+Nc2sfqVi

Score

1^/10

Malware Config

Signatures

Files

Office-2016-e-Serial-Atualizado-2018-Desde-200_601571.exe
.exe windows:6 windows x86 arch:x86

d8359e6572c0fb9f719d599358e232e9

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f1:4c:5e:6a:b9:68:28:42:64:f1:b0:70:b9:9d:3c:70
Certificate

Issuer

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Not Before

18/08/2023, 00:00

Not After

17/08/2024, 23:59

Subject

SERIALNUMBER=0450768115,CN=Cyber Holding Partners LLC,O=Cyber Holding Partners LLC,ST=New Jersey,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130a4e6577204a6572736579,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

fe:a2:5c:de:fa:ce:09:26:39:8a:a0:7b:04:70:05:42:bb:5f:f2:d5:77:fe:f4:48:58:b8:fa:b6:4f:28:e1:af
Signer

Actual PE Digest

fe:a2:5c:de:fa:ce:09:26:39:8a:a0:7b:04:70:05:42:bb:5f:f2:d5:77:fe:f4:48:58:b8:fa:b6:4f:28:e1:af

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetUnhandledExceptionFilter
DuplicateHandle
GetConsoleOutputCP
GetCurrentProcess
InterlockedPushEntrySList
LocalFree
GetCurrentThread
SetPriorityClass
GetCPInfo
GetLogicalProcessorInformation
CreateThread
FreeLibraryAndExitThread
GlobalAlloc
ReadConsoleW
GetLocaleInfoW
UnregisterWait
EnterCriticalSection
FlushFileBuffers
GetEnvironmentVariableA
FileTimeToSystemTime
DeleteTimerQueueTimer
LoadLibraryExW
FreeLibrary
GetDriveTypeW
HeapReAlloc
VerSetConditionMask
ExitThread
RegisterWaitForSingleObject
SetEvent
GetModuleFileNameW
RemoveDirectoryW
IsValidLocale
SwitchToThread
CreateDirectoryW
FormatMessageW
GetCommandLineA
ReleaseSemaphore
TryEnterCriticalSection
lstrlenA
TlsSetValue
InitializeCriticalSection
GetFileSize
TlsFree
ChangeTimerQueueTimer
GetFullPathNameW
GetCurrentThreadId
WriteFile
GetModuleHandleA
QueryPerformanceCounter
WriteConsoleW
GetVersionExW
IsValidCodePage
Sleep
SystemTimeToTzSpecificLocalTime
GetCommandLineW
VirtualAlloc
PeekNamedPipe
GlobalUnlock
GetLogicalDriveStringsW
SetFilePointer
UnhandledExceptionFilter
SetStdHandle
AcquireSRWLockExclusive
GetFileAttributesExW
GetTickCount64
CreateEventW
CompareFileTime
SetFilePointerEx
DeleteCriticalSection
RaiseException
GetProcessHeap
InterlockedFlushSList
FindNextFileW
LeaveCriticalSection
WideCharToMultiByte
GlobalLock
FreeEnvironmentStringsW
TerminateProcess
GetThreadTimes
SetEnvironmentVariableW
GetSystemTimeAsFileTime
VerifyVersionInfoW
GetNumaHighestNodeNumber
SleepEx
TlsAlloc
GetCurrentDirectoryW
ResetEvent
SignalObjectAndWait
FileTimeToLocalFileTime
GetConsoleMode
EncodePointer
FindFirstFileW
InitializeSListHead
SetEndOfFile
InitializeCriticalSectionEx
GlobalMemoryStatus
GetDateFormatW
InterlockedPopEntrySList
CreateSemaphoreW
SetLastError
GetFileSizeEx
GetVersion
HeapSize
FindFirstFileExW
SetThreadAffinityMask
IsProcessorFeaturePresent
GetFileAttributesW
CloseHandle
DecodePointer
SetFileAttributesW
ExitProcess
InitializeCriticalSectionAndSpinCount
VirtualProtect
LoadLibraryW
GetOEMCP
lstrcatA
LCMapStringW
GetProcAddress
DeleteFileW
GetModuleHandleExW
QueryDepthSList
GetCurrentProcessId
GetACP
GetThreadPriority
EnumSystemLocalesW
GetLastError
FindClose
GetStdHandle
MultiByteToWideChar
GetTimeFormatW
GetSystemDirectoryW
ReadFile
GlobalFree
WaitForMultipleObjects
TlsGetValue
GetSystemInfo
CreateTimerQueue
MoveFileW
GetFileType
GetFileInformationByHandle
GetTimeZoneInformation
GetStringTypeW
CreateFileW
GetModuleHandleW
GetEnvironmentStringsW
IsDebuggerPresent
GetStartupInfoW
SetThreadPriority
HeapAlloc
ReleaseSRWLockExclusive
UnregisterWaitEx
QueryPerformanceFrequency
MoveFileExW
RtlUnwind
CompareStringW
WaitForSingleObjectEx
GetProcessAffinityMask
SetFileTime
GetTickCount
WaitForSingleObject
GetUserDefaultLCID
CreateTimerQueueTimer
HeapFree
VirtualFree

user32

GetParent
SetTimer
MoveWindow
CheckDlgButton
GetKeyState
ShowWindow
CloseClipboard
DialogBoxParamW
GetMonitorInfoA
GetWindowTextW
GetWindowTextLengthW
GetFocus
GetWindowLongW
SetWindowTextW
SetFocus
IsDlgButtonChecked
LoadIconW
SendMessageW
GetWindowRect
MessageBoxA
EndDialog
MonitorFromWindow
InvalidateRect
ScreenToClient
CharUpperW
wsprintfA
PostMessageW
KillTimer
SetWindowLongW
LoadStringW
EmptyClipboard
SetCursor
SystemParametersInfoW
EnableWindow
SetDlgItemTextW
OpenClipboard
MessageBoxW
LoadCursorW
MapDialogRect
SetClipboardData
GetDlgItem

advapi32

CryptGetHashParam
CryptHashData
CloseServiceHandle
CryptEncrypt
CryptImportKey
CryptDestroyHash
CryptCreateHash
CryptReleaseContext
CryptAcquireContextW
CryptDestroyKey

shell32

SHBrowseForFolderW
SHGetSpecialFolderPathW
SHGetPathFromIDListW
SHGetFileInfoW

ole32

OleInitialize
CoUninitialize
CoTaskMemFree
CoInitialize
CoCreateInstance

oleaut32

SysAllocString
SysFreeString
VariantClear
SysAllocStringLen
SysStringLen

bcrypt

BCryptGenRandom

crypt32

CertGetCertificateChain
CertFreeCertificateChainEngine
PFXImportCertStore
CertFindCertificateInStore
CertAddCertificateContextToStore
CryptStringToBinaryW
CertGetNameStringW
CertCloseStore
CertOpenStore
CertFreeCertificateChain
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateContext
CertFindExtension
CryptDecodeObjectEx
CertEnumCertificatesInStore

wldap32

ord73
ord301
ord147
ord133
ord79
ord142
ord167
ord127
ord145
ord219
ord46
ord14
ord216
ord208
ord41
ord117
ord26
ord27

ws2_32

recvfrom
sendto
getpeername
ioctlsocket
gethostname
freeaddrinfo
WSAEventSelect
getsockopt
send
WSAResetEvent
WSACloseEvent
WSAEnumNetworkEvents
socket
WSAIoctl
WSACreateEvent
closesocket
WSAGetLastError
ntohs
WSASetLastError
WSAStartup
WSACleanup
htons
setsockopt
WSAWaitForMultipleEvents
__WSAFDIsSet
select
accept
bind
connect
getsockname
htonl
listen
recv
getaddrinfo

Sections

.text
Size: 6.7MB - Virtual size: 6.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 275KB - Virtual size: 275KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d8359e6572c0fb9f719d599358e232e9

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6eCertificate

Extended Key Usages

Key Usages

f1:4c:5e:6a:b9:68:28:42:64:f1:b0:70:b9:9d:3c:70Certificate

Extended Key Usages

Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

fe:a2:5c:de:fa:ce:09:26:39:8a:a0:7b:04:70:05:42:bb:5f:f2:d5:77:fe:f4:48:58:b8:fa:b6:4f:28:e1:afSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

bcrypt

crypt32

wldap32

ws2_32

Sections

.text Size: 6.7MB - Virtual size: 6.7MB

.rdata Size: 275KB - Virtual size: 275KB

.data Size: 13KB - Virtual size: 34KB

.gfids Size: 3KB - Virtual size: 2KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 9KB - Virtual size: 9KB

.reloc Size: 96KB - Virtual size: 96KB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

f1:4c:5e:6a:b9:68:28:42:64:f1:b0:70:b9:9d:3c:70
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

fe:a2:5c:de:fa:ce:09:26:39:8a:a0:7b:04:70:05:42:bb:5f:f2:d5:77:fe:f4:48:58:b8:fa:b6:4f:28:e1:af
Signer

.text
Size: 6.7MB - Virtual size: 6.7MB

.rdata
Size: 275KB - Virtual size: 275KB

.data
Size: 13KB - Virtual size: 34KB

.gfids
Size: 3KB - Virtual size: 2KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 9KB - Virtual size: 9KB

.reloc
Size: 96KB - Virtual size: 96KB