zgrat | 9544c306872ba30be9c4738e8d4621496d4a34915f24af356905ab0f8de01066

Sharing

Copy URL Twitter E-mail

General

Target

9544c306872ba30be9c4738e8d4621496d4a34915f24af356905ab0f8de01066
Size

5.5MB
MD5

cececbb3f6729042e4e526770768e217
SHA1

2db4aeccf35972bce927adb063098171bf982fc1
SHA256

9544c306872ba30be9c4738e8d4621496d4a34915f24af356905ab0f8de01066
SHA512

894f67862ed69dd21e1fb5399e9af1e4ef4a955902f172b5ee19bdaf880f38f5d3cd518459fa59de63f5b295e31adf6f3bf7a7f7562dd2e38e466044c9b9da9e
SSDEEP

98304:EBL/hy3oduj0Ja/wlVvsFKbELs9ybAR2v0l6joZ+XctuqB8674B2HEdijApgdWcx:EBL/hy3oduj0Ja/wlVvsFKbELs9ybARr

Score

10^/10

zgrat

Malware Config

Signatures

Detect ZGRat V1 1 IoCs

resource	yara_rule
sample	family_zgrat_v1

Zgrat family
zgrat

Files

9544c306872ba30be9c4738e8d4621496d4a34915f24af356905ab0f8de01066
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

19:53:fb:f0:bb:ee:96:46:99:87:cc:89:d6:33:92:12
Certificate

Issuer

CN=CISCO SYSTEMS INC,OU=CISCO SYSTEMS INC,O=Creted by CISCO,L=xÛ)wÛ*wÛ*wÜ*wÛ*wÛ)wÛ)wÛ*wÛ*xÛ*wÛ*xÛ*xÛ*xÛ*wÛ*xÛ)wÛ*wÛ*xÛ*wÛ*wÜ*wÛ*wÛ*wÛ*wÛ)wÜ)xÛ*wÛ*wÛ*wÛ)wÛ*xÛ)wÛ)wÛ*xÛ)wÛ)wÛ*wÛ*wÛ*wÛ*wÛ*xÛ*wÛ)wÛ*wÛ)wÛ)wÛ*wÛ)wÛ*wÛ*xÛ*xÛ*wÛ*xÛ*wÛ)xÛ*wÛ*wÛ*wÜ*xÛ*wÛ*wÛ*xÛ)wÛ)wÛ*xÛ)xÛ*wÛ*xÛ*wÜ*xÛ)wÛ)wÛ)wÛ)wÛ)xÛ)wÛ)xÛ*wÛ)wÛ)wÛ*wÛ*wÛ*wÛ*xÛ*wÛ)xÛ)wÛ*xÛ*xÜ*wÛ*wÛ*wÛ*wÛ*xÛ*wÛ*wÛ*wÛ*wÛ*wÛ*xÛ*xÛ)xÛ*wÛ)wÛ)wÛ*wÜ*wÛ*wÛ*xÛ*xÛ*xÛ*wÛ*wÛ*wÛ)wÛ*wÛ)wÜ*wÛ)wÜ*wÛ)wÜ*wÛ*xÛ)xÛ)wÜ)wÛ*xÛ*xÛ)wÛ*wÛ*wÜ*wÛ*wÛ)wÛ)wÛ*wÛ*xÛ*wÛ*xÛ*xÛ*xÛ*wÛ*xÛ)wÛ*wÛ*xÛ*wÛ*wÜ*wÛ*wÛ*wÛ*wÛ)wÜ)xÛ*wÛ*wÛ*wÛ)wÛ*xÛ)wÛ)wÛ*xÛ)wÛ)wÛ*wÛ*wÛ*wÛ*wÛ*xÛ*wÛ)wÛ*wÛ)wÛ)wÛ*wÛ)wÛ*wÛ*xÛ*xÛ*wÛ*xÛ*wÛ)xÛ*wÛ*wÛ*wÜ*xÛ*wÛ*wÛ*xÛ)wÛ)wÛ*xÛ)xÛ*wÛ*xÛ*wÜ*xÛ)wÛ)wÛ)wÛ)wÛ)xÛ)wÛ)xÛ*wÛ)wÛ)wÛ*wÛ*wÛ*wÛ*xÛ*wÛ)xÛ)wÛ*xÛ*xÜ*wÛ*wÛ*wÛ*wÛ*xÛ*wÛ*wÛ*wÛ*wÛ*wÛ*xÛ*xÛ)xÛ*wÛ)wÛ)wÛ*wÜ*wÛ*wÛ*xÛ*xÛ*xÛ*wÛ*wÛ*wÛ)wÛ*wÛ)wÜ*wÛ)wÜ*wÛ)wÜ*wÛ*xÛ)xÛ)wÜ)wÛ*xÛ*xÛ)wÛ*wÛ*wÜ*wÛ*wÛ)wÛ)wÛ*wÛ*xÛ*wÛ*xÛ*xÛ*xÛ*wÛ*xÛ)wÛ*wÛ*xÛ*wÛ*wÜ*wÛ*wÛ*wÛ*wÛ)wÜ)xÛ*wÛ*wÛ*wÛ)wÛ*xÛ)wÛ)wÛ*xÛ)wÛ)wÛ*wÛ*wÛ*wÛ*wÛ*xÛ*wÛ)wÛ*wÛ)wÛ)wÛ*wÛ)wÛ*wÛ*xÛ*xÛ*wÛ*xÛ*wÛ)xÛ*wÛ*wÛ*wÜ*xÛ*wÛ*wÛ*xÛ)wÛ)wÛ*xÛ)xÛ*wÛ*xÛ*wÜ*xÛ)wÛ)wÛ)wÛ)wÛ)xÛ)wÛ)xÛ*wÛ)wÛ)wÛ*wÛ*wÛ*wÛ*xÛ*wÛ)xÛ)wÛ*xÛ*xÜ*wÛ*wÛ*wÛ*wÛ*xÛ*wÛ*wÛ*wÛ*wÛ*wÛ*xÛ*xÛ)xÛ*wÛ)wÛ)wÛ*wÜ*wÛ*wÛ*xÛ*xÛ*xÛ*wÛ*wÛ*wÛ)wÛ*wÛ)wÜ*wÛ)wÜ*wÛ)wÜ*wÛ*xÛ)xÛ)wÜ)wÛ*xÛ*xÛ)wÛ*wÛ*wÜ*wÛ*wÛ)wÛ)wÛ*wÛ*xÛ*wÛ*xÛ*xÛ*xÛ*wÛ*xÛ)wÛ*wÛ*xÛ*wÛ*wÜ*wÛ*wÛ*wÛ*wÛ)wÜ)xÛ*wÛ*wÛ*wÛ)wÛ*xÛ)wÛ)wÛ*xÛ)wÛ)wÛ*wÛ*wÛ*wÛ*wÛ*xÛ*wÛ)wÛ*wÛ)wÛ)wÛ*wÛ)wÛ*wÛ*xÛ*xÛ*wÛ*xÛ*wÛ)xÛ*wÛ*wÛ*wÜ*xÛ*wÛ*wÛ*xÛ)wÛ)wÛ*xÛ)xÛ*wÛ*xÛ*wÜ*xÛ)wÛ)wÛ)wÛ)wÛ)xÛ)wÛ)xÛ*wÛ)wÛ)wÛ*wÛ*wÛ*wÛ*xÛ*wÛ)xÛ)wÛ*xÛ*xÜ*wÛ*wÛ*wÛ*wÛ*xÛ*wÛ*wÛ*wÛ*wÛ*wÛ*xÛ*xÛ)xÛ*wÛ)wÛ)wÛ*wÜ*wÛ*wÛ*xÛ*xÛ*xÛ*wÛ*wÛ*wÛ)wÛ*wÛ)wÜ*wÛ)wÜ*wÛ)wÜ*wÛ*xÛ)xÛ)wÜ)wÛ*xÛ*xÛ)wÛ*wÛ*wÜ*wÛ*wÛ)wÛ)wÛ*wÛ*xÛ*wÛ*xÛ*xÛ*xÛ*wÛ*xÛ)wÛ*wÛ*xÛ*wÛ*wÜ*wÛ*wÛ*wÛ*wÛ)wÜ)xÛ*wÛ*wÛ*wÛ)wÛ*xÛ)wÛ)wÛ*xÛ)wÛ)wÛ*wÛ*wÛ*wÛ*wÛ*xÛ*wÛ)wÛ*wÛ)wÛ)wÛ*wÛ)wÛ*wÛ*xÛ*xÛ*wÛ*xÛ*wÛ)xÛ*wÛ*wÛ*wÜ*xÛ*wÛ*wÛ*xÛ)wÛ)wÛ*xÛ)xÛ*wÛ*xÛ*wÜ*xÛ)wÛ)wÛ)wÛ)wÛ)xÛ)wÛ)xÛ*wÛ)wÛ)wÛ*wÛ*wÛ*wÛ*xÛ*wÛ)xÛ)wÛ*xÛ*xÜ*wÛ*wÛ*wÛ*wÛ*xÛ*wÛ*wÛ*wÛ*wÛ*wÛ*xÛ*xÛ)xÛ*wÛ)wÛ)wÛ*wÜ*wÛ*wÛ*xÛ*xÛ*xÛ*wÛ*wÛ*wÛ)wÛ*wÛ)wÜ*wÛ)wÜ*wÛ)wÜ*wÛ*xÛ)xÛ)wÜ)wÛ*xÛ*xÛ)wÛ*wÛ*wÜ*wÛ*wÛ)wÛ)wÛ*wÛ*xÛ*wÛ*xÛ*xÛ*xÛ*wÛ*xÛ)wÛ*wÛ*xÛ*wÛ*wÜ*wÛ*wÛ*wÛ*wÛ)wÜ)xÛ*wÛ*wÛ*wÛ)wÛ*xÛ)wÛ)wÛ*xÛ)wÛ)wÛ*wÛ*wÛ*wÛ*wÛ*xÛ*wÛ)wÛ*wÛ)wÛ)wÛ*wÛ)wÛ*wÛ*xÛ*xÛ*wÛ*xÛ*wÛ)xÛ*wÛ*wÛ*wÜ*xÛ*wÛ*wÛ*xÛ)wÛ)wÛ*xÛ)xÛ*wÛ*xÛ*wÜ*xÛ)wÛ)wÛ)wÛ)wÛ)xÛ)wÛ)xÛ*wÛ)wÛ)wÛ*wÛ*wÛ*wÛ*xÛ*wÛ)xÛ)wÛ*xÛ*xÜ*wÛ*wÛ*wÛ*wÛ*xÛ*wÛ*wÛ*wÛ*wÛ*wÛ*xÛ*xÛ)xÛ*wÛ)wÛ)wÛ*wÜ*wÛ*wÛ*xÛ*xÛ*xÛ*wÛ*wÛ*wÛ)wÛ*wÛ)wÜ*wÛ)wÜ*wÛ)wÜ*wÛ*xÛ)xÛ)wÜ)wÛ*xÛ*xÛ)wÛ*wÛ*wÜ*wÛ*wÛ)wÛ)wÛ*wÛ*xÛ*wÛ*xÛ*xÛ*xÛ*wÛ*xÛ)wÛ*wÛ*xÛ*wÛ*wÜ*wÛ*wÛ*wÛ*wÛ)wÜ)xÛ*wÛ*wÛ*wÛ)wÛ*xÛ)wÛ)wÛ*xÛ)wÛ)wÛ*wÛ*wÛ*wÛ*wÛ*xÛ*wÛ)wÛ*wÛ)wÛ)wÛ*wÛ)wÛ*wÛ*xÛ*xÛ*wÛ*xÛ*wÛ)xÛ*wÛ*wÛ*wÜ*xÛ*wÛ*wÛ*xÛ)wÛ)wÛ*xÛ)xÛ*wÛ*xÛ*wÜ*xÛ)wÛ)wÛ)wÛ)wÛ)xÛ)wÛ)xÛ*wÛ)wÛ)wÛ*wÛ*wÛ*wÛ*xÛ*wÛ)xÛ)wÛ*xÛ*xÜ*wÛ*wÛ*wÛ*wÛ*xÛ*wÛ*wÛ*wÛ*wÛ*wÛ*xÛ*xÛ)xÛ*wÛ)wÛ)wÛ*wÜ*wÛ*wÛ*xÛ*xÛ*xÛ*wÛ*wÛ*wÛ)wÛ*wÛ)wÜ*wÛ)wÜ*wÛ)wÜ*wÛ*xÛ)xÛ)wÜ)wÛ*xÛ*xÛ)wÛ*wÛ*wÜ*wÛ*wÛ)wÛ)wÛ*wÛ*xÛ*wÛ*xÛ*xÛ*xÛ*wÛ*xÛ)wÛ*wÛ*xÛ*wÛ*wÜ*wÛ*wÛ*wÛ*wÛ)wÜ)xÛ*wÛ*wÛ*wÛ)wÛ*xÛ)wÛ)wÛ*xÛ)wÛ)wÛ*wÛ*wÛ*wÛ*wÛ*xÛ*wÛ)wÛ*wÛ)wÛ)wÛ*wÛ)wÛ*wÛ*xÛ*xÛ*wÛ*xÛ*wÛ)xÛ*wÛ*wÛ*wÜ*xÛ*wÛ*wÛ*xÛ)wÛ)wÛ*xÛ)xÛ*wÛ*xÛ*wÜ*xÛ)wÛ)wÛ)wÛ)wÛ)xÛ)wÛ)xÛ*wÛ)wÛ)wÛ*wÛ*wÛ*wÛ*xÛ*wÛ)xÛ)wÛ*xÛ*xÜ*wÛ*wÛ*wÛ*wÛ*xÛ*wÛ*wÛ*wÛ*wÛ*wÛ*xÛ*xÛ)xÛ*wÛ)wÛ)wÛ*wÜ*wÛ*wÛ*xÛ*xÛ*xÛ*wÛ*wÛ*wÛ)wÛ*wÛ)wÜ*wÛ)wÜ*wÛ)wÜ*wÛ*xÛ)xÛ)wÜ)wÛ*xÛ*xÛ)wÛ*wÛ*wÜ*wÛ*wÛ)wÛ)wÛ*wÛ*xÛ*wÛ*xÛ*xÛ*xÛ*wÛ*xÛ)wÛ*wÛ*xÛ*wÛ*wÜ*wÛ*wÛ*wÛ*wÛ)wÜ)xÛ*wÛ*wÛ*wÛ)wÛ*xÛ)wÛ)wÛ*xÛ)wÛ)wÛ*wÛ*wÛ*wÛ*wÛ*xÛ*wÛ)wÛ*wÛ)wÛ)wÛ*wÛ)wÛ*wÛ*xÛ*xÛ*wÛ*xÛ*wÛ)xÛ*wÛ*wÛ*wÜ*xÛ*wÛ*wÛ*xÛ)wÛ)wÛ*xÛ)xÛ*wÛ*xÛ*wÜ*xÛ)wÛ)wÛ)wÛ)wÛ)xÛ)wÛ)xÛ*wÛ)wÛ)wÛ*wÛ*wÛ*wÛ*xÛ*wÛ)xÛ)wÛ*xÛ*xÜ*wÛ*wÛ*wÛ*wÛ*xÛ*wÛ*wÛ*wÛ*wÛ*wÛ*xÛ*xÛ)xÛ*wÛ)wÛ)wÛ*wÜ*wÛ*wÛ*xÛ*xÛ*xÛ*wÛ*wÛ*wÛ)wÛ*wÛ)wÜ*wÛ)wÜ*wÛ)wÜ*wÛ*xÛ)xÛ)wÜ)wÛ*xÛ*xÛ)wÛ*wÛ*wÜ*wÛ*wÛ)wÛ)wÛ*wÛ*xÛ*wÛ*xÛ*xÛ*xÛ*wÛ*xÛ)wÛ*wÛ*xÛ*wÛ*wÜ*wÛ*wÛ*wÛ*wÛ)wÜ)xÛ*wÛ*wÛ*wÛ)wÛ*xÛ)wÛ)wÛ*xÛ)wÛ)wÛ*wÛ*wÛ*wÛ*wÛ*xÛ*wÛ)wÛ*wÛ)wÛ)wÛ*wÛ)wÛ*wÛ*xÛ*xÛ*wÛ*xÛ*wÛ)xÛ*wÛ*wÛ*wÜ*xÛ*wÛ*wÛ*xÛ)wÛ)wÛ*xÛ)xÛ*wÛ*xÛ*wÜ*xÛ)wÛ)wÛ)wÛ)wÛ)xÛ)wÛ)xÛ*wÛ)wÛ)wÛ*wÛ*wÛ*wÛ*xÛ*wÛ)xÛ)wÛ*xÛ*xÜ*wÛ*wÛ*wÛ*wÛ*xÛ*wÛ*wÛ*wÛ*wÛ*wÛ*xÛ*xÛ)xÛ*wÛ)wÛ)wÛ*wÜ*wÛ*wÛ*xÛ*xÛ*xÛ*wÛ*wÛ*wÛ)wÛ*wÛ)wÜ*wÛ)wÜ*wÛ)wÜ*wÛ*xÛ)xÛ)wÜ)wÛ*xÛ*,ST=Made in United States,C=US

Not Before

06/04/2024, 09:18

Not After

07/05/2026, 00:00

Subject

CN=CISCO SYSTEMS INC,OU=CISCO SYSTEMS INC,O=Creted by CISCO,L=xÛ)wÛ*wÛ*wÜ*wÛ*wÛ)wÛ)wÛ*wÛ*xÛ*wÛ*xÛ*xÛ*xÛ*wÛ*xÛ)wÛ*wÛ*xÛ*wÛ*wÜ*wÛ*wÛ*wÛ*wÛ)wÜ)xÛ*wÛ*wÛ*wÛ)wÛ*xÛ)wÛ)wÛ*xÛ)wÛ)wÛ*wÛ*wÛ*wÛ*wÛ*xÛ*wÛ)wÛ*wÛ)wÛ)wÛ*wÛ)wÛ*wÛ*xÛ*xÛ*wÛ*xÛ*wÛ)xÛ*wÛ*wÛ*wÜ*xÛ*wÛ*wÛ*xÛ)wÛ)wÛ*xÛ)xÛ*wÛ*xÛ*wÜ*xÛ)wÛ)wÛ)wÛ)wÛ)xÛ)wÛ)xÛ*wÛ)wÛ)wÛ*wÛ*wÛ*wÛ*xÛ*wÛ)xÛ)wÛ*xÛ*xÜ*wÛ*wÛ*wÛ*wÛ*xÛ*wÛ*wÛ*wÛ*wÛ*wÛ*xÛ*xÛ)xÛ*wÛ)wÛ)wÛ*wÜ*wÛ*wÛ*xÛ*xÛ*xÛ*wÛ*wÛ*wÛ)wÛ*wÛ)wÜ*wÛ)wÜ*wÛ)wÜ*wÛ*xÛ)xÛ)wÜ)wÛ*xÛ*xÛ)wÛ*wÛ*wÜ*wÛ*wÛ)wÛ)wÛ*wÛ*xÛ*wÛ*xÛ*xÛ*xÛ*wÛ*xÛ)wÛ*wÛ*xÛ*wÛ*wÜ*wÛ*wÛ*wÛ*wÛ)wÜ)xÛ*wÛ*wÛ*wÛ)wÛ*xÛ)wÛ)wÛ*xÛ)wÛ)wÛ*wÛ*wÛ*wÛ*wÛ*xÛ*wÛ)wÛ*wÛ)wÛ)wÛ*wÛ)wÛ*wÛ*xÛ*xÛ*wÛ*xÛ*wÛ)xÛ*wÛ*wÛ*wÜ*xÛ*wÛ*wÛ*xÛ)wÛ)wÛ*xÛ)xÛ*wÛ*xÛ*wÜ*xÛ)wÛ)wÛ)wÛ)wÛ)xÛ)wÛ)xÛ*wÛ)wÛ)wÛ*wÛ*wÛ*wÛ*xÛ*wÛ)xÛ)wÛ*xÛ*xÜ*wÛ*wÛ*wÛ*wÛ*xÛ*wÛ*wÛ*wÛ*wÛ*wÛ*xÛ*xÛ)xÛ*wÛ)wÛ)wÛ*wÜ*wÛ*wÛ*xÛ*xÛ*xÛ*wÛ*wÛ*wÛ)wÛ*wÛ)wÜ*wÛ)wÜ*wÛ)wÜ*wÛ*xÛ)xÛ)wÜ)wÛ*xÛ*xÛ)wÛ*wÛ*wÜ*wÛ*wÛ)wÛ)wÛ*wÛ*xÛ*wÛ*xÛ*xÛ*xÛ*wÛ*xÛ)wÛ*wÛ*xÛ*wÛ*wÜ*wÛ*wÛ*wÛ*wÛ)wÜ)xÛ*wÛ*wÛ*wÛ)wÛ*xÛ)wÛ)wÛ*xÛ)wÛ)wÛ*wÛ*wÛ*wÛ*wÛ*xÛ*wÛ)wÛ*wÛ)wÛ)wÛ*wÛ)wÛ*wÛ*xÛ*xÛ*wÛ*xÛ*wÛ)xÛ*wÛ*wÛ*wÜ*xÛ*wÛ*wÛ*xÛ)wÛ)wÛ*xÛ)xÛ*wÛ*xÛ*wÜ*xÛ)wÛ)wÛ)wÛ)wÛ)xÛ)wÛ)xÛ*wÛ)wÛ)wÛ*wÛ*wÛ*wÛ*xÛ*wÛ)xÛ)wÛ*xÛ*xÜ*wÛ*wÛ*wÛ*wÛ*xÛ*wÛ*wÛ*wÛ*wÛ*wÛ*xÛ*xÛ)xÛ*wÛ)wÛ)wÛ*wÜ*wÛ*wÛ*xÛ*xÛ*xÛ*wÛ*wÛ*wÛ)wÛ*wÛ)wÜ*wÛ)wÜ*wÛ)wÜ*wÛ*xÛ)xÛ)wÜ)wÛ*xÛ*xÛ)wÛ*wÛ*wÜ*wÛ*wÛ)wÛ)wÛ*wÛ*xÛ*wÛ*xÛ*xÛ*xÛ*wÛ*xÛ)wÛ*wÛ*xÛ*wÛ*wÜ*wÛ*wÛ*wÛ*wÛ)wÜ)xÛ*wÛ*wÛ*wÛ)wÛ*xÛ)wÛ)wÛ*xÛ)wÛ)wÛ*wÛ*wÛ*wÛ*wÛ*xÛ*wÛ)wÛ*wÛ)wÛ)wÛ*wÛ)wÛ*wÛ*xÛ*xÛ*wÛ*xÛ*wÛ)xÛ*wÛ*wÛ*wÜ*xÛ*wÛ*wÛ*xÛ)wÛ)wÛ*xÛ)xÛ*wÛ*xÛ*wÜ*xÛ)wÛ)wÛ)wÛ)wÛ)xÛ)wÛ)xÛ*wÛ)wÛ)wÛ*wÛ*wÛ*wÛ*xÛ*wÛ)xÛ)wÛ*xÛ*xÜ*wÛ*wÛ*wÛ*wÛ*xÛ*wÛ*wÛ*wÛ*wÛ*wÛ*xÛ*xÛ)xÛ*wÛ)wÛ)wÛ*wÜ*wÛ*wÛ*xÛ*xÛ*xÛ*wÛ*wÛ*wÛ)wÛ*wÛ)wÜ*wÛ)wÜ*wÛ)wÜ*wÛ*xÛ)xÛ)wÜ)wÛ*xÛ*xÛ)wÛ*wÛ*wÜ*wÛ*wÛ)wÛ)wÛ*wÛ*xÛ*wÛ*xÛ*xÛ*xÛ*wÛ*xÛ)wÛ*wÛ*xÛ*wÛ*wÜ*wÛ*wÛ*wÛ*wÛ)wÜ)xÛ*wÛ*wÛ*wÛ)wÛ*xÛ)wÛ)wÛ*xÛ)wÛ)wÛ*wÛ*wÛ*wÛ*wÛ*xÛ*wÛ)wÛ*wÛ)wÛ)wÛ*wÛ)wÛ*wÛ*xÛ*xÛ*wÛ*xÛ*wÛ)xÛ*wÛ*wÛ*wÜ*xÛ*wÛ*wÛ*xÛ)wÛ)wÛ*xÛ)xÛ*wÛ*xÛ*wÜ*xÛ)wÛ)wÛ)wÛ)wÛ)xÛ)wÛ)xÛ*wÛ)wÛ)wÛ*wÛ*wÛ*wÛ*xÛ*wÛ)xÛ)wÛ*xÛ*xÜ*wÛ*wÛ*wÛ*wÛ*xÛ*wÛ*wÛ*wÛ*wÛ*wÛ*xÛ*xÛ)xÛ*wÛ)wÛ)wÛ*wÜ*wÛ*wÛ*xÛ*xÛ*xÛ*wÛ*wÛ*wÛ)wÛ*wÛ)wÜ*wÛ)wÜ*wÛ)wÜ*wÛ*xÛ)xÛ)wÜ)wÛ*xÛ*xÛ)wÛ*wÛ*wÜ*wÛ*wÛ)wÛ)wÛ*wÛ*xÛ*wÛ*xÛ*xÛ*xÛ*wÛ*xÛ)wÛ*wÛ*xÛ*wÛ*wÜ*wÛ*wÛ*wÛ*wÛ)wÜ)xÛ*wÛ*wÛ*wÛ)wÛ*xÛ)wÛ)wÛ*xÛ)wÛ)wÛ*wÛ*wÛ*wÛ*wÛ*xÛ*wÛ)wÛ*wÛ)wÛ)wÛ*wÛ)wÛ*wÛ*xÛ*xÛ*wÛ*xÛ*wÛ)xÛ*wÛ*wÛ*wÜ*xÛ*wÛ*wÛ*xÛ)wÛ)wÛ*xÛ)xÛ*wÛ*xÛ*wÜ*xÛ)wÛ)wÛ)wÛ)wÛ)xÛ)wÛ)xÛ*wÛ)wÛ)wÛ*wÛ*wÛ*wÛ*xÛ*wÛ)xÛ)wÛ*xÛ*xÜ*wÛ*wÛ*wÛ*wÛ*xÛ*wÛ*wÛ*wÛ*wÛ*wÛ*xÛ*xÛ)xÛ*wÛ)wÛ)wÛ*wÜ*wÛ*wÛ*xÛ*xÛ*xÛ*wÛ*wÛ*wÛ)wÛ*wÛ)wÜ*wÛ)wÜ*wÛ)wÜ*wÛ*xÛ)xÛ)wÜ)wÛ*xÛ*xÛ)wÛ*wÛ*wÜ*wÛ*wÛ)wÛ)wÛ*wÛ*xÛ*wÛ*xÛ*xÛ*xÛ*wÛ*xÛ)wÛ*wÛ*xÛ*wÛ*wÜ*wÛ*wÛ*wÛ*wÛ)wÜ)xÛ*wÛ*wÛ*wÛ)wÛ*xÛ)wÛ)wÛ*xÛ)wÛ)wÛ*wÛ*wÛ*wÛ*wÛ*xÛ*wÛ)wÛ*wÛ)wÛ)wÛ*wÛ)wÛ*wÛ*xÛ*xÛ*wÛ*xÛ*wÛ)xÛ*wÛ*wÛ*wÜ*xÛ*wÛ*wÛ*xÛ)wÛ)wÛ*xÛ)xÛ*wÛ*xÛ*wÜ*xÛ)wÛ)wÛ)wÛ)wÛ)xÛ)wÛ)xÛ*wÛ)wÛ)wÛ*wÛ*wÛ*wÛ*xÛ*wÛ)xÛ)wÛ*xÛ*xÜ*wÛ*wÛ*wÛ*wÛ*xÛ*wÛ*wÛ*wÛ*wÛ*wÛ*xÛ*xÛ)xÛ*wÛ)wÛ)wÛ*wÜ*wÛ*wÛ*xÛ*xÛ*xÛ*wÛ*wÛ*wÛ)wÛ*wÛ)wÜ*wÛ)wÜ*wÛ)wÜ*wÛ*xÛ)xÛ)wÜ)wÛ*xÛ*xÛ)wÛ*wÛ*wÜ*wÛ*wÛ)wÛ)wÛ*wÛ*xÛ*wÛ*xÛ*xÛ*xÛ*wÛ*xÛ)wÛ*wÛ*xÛ*wÛ*wÜ*wÛ*wÛ*wÛ*wÛ)wÜ)xÛ*wÛ*wÛ*wÛ)wÛ*xÛ)wÛ)wÛ*xÛ)wÛ)wÛ*wÛ*wÛ*wÛ*wÛ*xÛ*wÛ)wÛ*wÛ)wÛ)wÛ*wÛ)wÛ*wÛ*xÛ*xÛ*wÛ*xÛ*wÛ)xÛ*wÛ*wÛ*wÜ*xÛ*wÛ*wÛ*xÛ)wÛ)wÛ*xÛ)xÛ*wÛ*xÛ*wÜ*xÛ)wÛ)wÛ)wÛ)wÛ)xÛ)wÛ)xÛ*wÛ)wÛ)wÛ*wÛ*wÛ*wÛ*xÛ*wÛ)xÛ)wÛ*xÛ*xÜ*wÛ*wÛ*wÛ*wÛ*xÛ*wÛ*wÛ*wÛ*wÛ*wÛ*xÛ*xÛ)xÛ*wÛ)wÛ)wÛ*wÜ*wÛ*wÛ*xÛ*xÛ*xÛ*wÛ*wÛ*wÛ)wÛ*wÛ)wÜ*wÛ)wÜ*wÛ)wÜ*wÛ*xÛ)xÛ)wÜ)wÛ*xÛ*xÛ)wÛ*wÛ*wÜ*wÛ*wÛ)wÛ)wÛ*wÛ*xÛ*wÛ*xÛ*xÛ*xÛ*wÛ*xÛ)wÛ*wÛ*xÛ*wÛ*wÜ*wÛ*wÛ*wÛ*wÛ)wÜ)xÛ*wÛ*wÛ*wÛ)wÛ*xÛ)wÛ)wÛ*xÛ)wÛ)wÛ*wÛ*wÛ*wÛ*wÛ*xÛ*wÛ)wÛ*wÛ)wÛ)wÛ*wÛ)wÛ*wÛ*xÛ*xÛ*wÛ*xÛ*wÛ)xÛ*wÛ*wÛ*wÜ*xÛ*wÛ*wÛ*xÛ)wÛ)wÛ*xÛ)xÛ*wÛ*xÛ*wÜ*xÛ)wÛ)wÛ)wÛ)wÛ)xÛ)wÛ)xÛ*wÛ)wÛ)wÛ*wÛ*wÛ*wÛ*xÛ*wÛ)xÛ)wÛ*xÛ*xÜ*wÛ*wÛ*wÛ*wÛ*xÛ*wÛ*wÛ*wÛ*wÛ*wÛ*xÛ*xÛ)xÛ*wÛ)wÛ)wÛ*wÜ*wÛ*wÛ*xÛ*xÛ*xÛ*wÛ*wÛ*wÛ)wÛ*wÛ)wÜ*wÛ)wÜ*wÛ)wÜ*wÛ*xÛ)xÛ)wÜ)wÛ*xÛ*xÛ)wÛ*wÛ*wÜ*wÛ*wÛ)wÛ)wÛ*wÛ*xÛ*wÛ*xÛ*xÛ*xÛ*wÛ*xÛ)wÛ*wÛ*xÛ*wÛ*wÜ*wÛ*wÛ*wÛ*wÛ)wÜ)xÛ*wÛ*wÛ*wÛ)wÛ*xÛ)wÛ)wÛ*xÛ)wÛ)wÛ*wÛ*wÛ*wÛ*wÛ*xÛ*wÛ)wÛ*wÛ)wÛ)wÛ*wÛ)wÛ*wÛ*xÛ*xÛ*wÛ*xÛ*wÛ)xÛ*wÛ*wÛ*wÜ*xÛ*wÛ*wÛ*xÛ)wÛ)wÛ*xÛ)xÛ*wÛ*xÛ*wÜ*xÛ)wÛ)wÛ)wÛ)wÛ)xÛ)wÛ)xÛ*wÛ)wÛ)wÛ*wÛ*wÛ*wÛ*xÛ*wÛ)xÛ)wÛ*xÛ*xÜ*wÛ*wÛ*wÛ*wÛ*xÛ*wÛ*wÛ*wÛ*wÛ*wÛ*xÛ*xÛ)xÛ*wÛ)wÛ)wÛ*wÜ*wÛ*wÛ*xÛ*xÛ*xÛ*wÛ*wÛ*wÛ)wÛ*wÛ)wÜ*wÛ)wÜ*wÛ)wÜ*wÛ*xÛ)xÛ)wÜ)wÛ*xÛ*,ST=Made in United States,C=US

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5f:6f:01:47:57:1e:54:3e:49:7a:36:44:43:ab:f8:b6:87:ce:6e:5f:0f:c0:b9:29:4a:67:cf:fe:9e:3c:47:3f
Signer

Actual PE Digest

5f:6f:01:47:57:1e:54:3e:49:7a:36:44:43:ab:f8:b6:87:ce:6e:5f:0f:c0:b9:29:4a:67:cf:fe:9e:3c:47:3f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 5.3MB - Virtual size: 5.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 189KB - Virtual size: 189KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

19:53:fb:f0:bb:ee:96:46:99:87:cc:89:d6:33:92:12Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

5f:6f:01:47:57:1e:54:3e:49:7a:36:44:43:ab:f8:b6:87:ce:6e:5f:0f:c0:b9:29:4a:67:cf:fe:9e:3c:47:3fSigner

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 5.3MB - Virtual size: 5.3MB

.rsrc Size: 189KB - Virtual size: 189KB

.reloc Size: 512B - Virtual size: 12B

19:53:fb:f0:bb:ee:96:46:99:87:cc:89:d6:33:92:12
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

5f:6f:01:47:57:1e:54:3e:49:7a:36:44:43:ab:f8:b6:87:ce:6e:5f:0f:c0:b9:29:4a:67:cf:fe:9e:3c:47:3f
Signer

.text
Size: 5.3MB - Virtual size: 5.3MB

.rsrc
Size: 189KB - Virtual size: 189KB

.reloc
Size: 512B - Virtual size: 12B