ClientSA[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

ClientSA.dll
Size

24.3MB
MD5

f430b9bebcfd4ba429e68f4c56cd9fe5
SHA1

b6468d6963a4a0323cb3cc80cfdb9260aab3cc92
SHA256

eb531bb4dc9abeefbead1d7f4cc2f22981fb31208b8f4f8d3bafa66b619622aa
SHA512

c9bd978dd4c0690f826fe99d92eb3afef9240202f7f6f80465f31f60ed65b44d87434ed5d6111c9eca9c4e116848658f70cde52ff26436c5a14a1cbc33db4358
SSDEEP

786432:eizf7jRacFbCHsAEIuqOQR+d/kuebUC1ETKW:eir7FfFGLar2+d/WrGT

Score

1^/10

Malware Config

Signatures

Files

ClientSA.dll
.dll windows:6 windows x64 arch:x64

e7d8c976ad74514e9cd7afd967a78f06

Code Sign

c9:89:94:cb:43:ae:38:a9
Certificate

Issuer

CN=dbb9a458-70ca-4d1f-885e-2a21795ab09c

Not Before

22/03/2024, 22:37

Not After

23/03/2025, 10:37

Subject

CN=dbb9a458-70ca-4d1f-885e-2a21795ab09c

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c9:89:94:cb:43:ae:38:a9
Certificate

Issuer

CN=dbb9a458-70ca-4d1f-885e-2a21795ab09c

Not Before

22/03/2024, 22:37

Not After

23/03/2025, 10:37

Subject

CN=dbb9a458-70ca-4d1f-885e-2a21795ab09c

01:9b:ea:de:c8:4d:6b:8f:f7:6c:3a:9f:2e:01:24:16
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

07/11/2023, 17:13

Not After

09/12/2034, 17:13

Subject

CN=Globalsign TSA for CodeSign1 - R6 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

76:77:ed:46:51:71:63:ab:de:47:5c:e9:ba:7f:73:ef:40:dc:3c:c9:1d:18:3f:89:33:c6:1f:6b:cf:93:a5:f7
Signer

Actual PE Digest

76:77:ed:46:51:71:63:ab:de:47:5c:e9:ba:7f:73:ef:40:dc:3c:c9:1d:18:3f:89:33:c6:1f:6b:cf:93:a5:f7

Digest Algorithm

sha256

PE Digest Matches

true

84:84:9a:2c:95:42:74:ad:e5:9f:1a:31:27:2c:bf:45:d6:62:0e:3e
Signer

Actual PE Digest

84:84:9a:2c:95:42:74:ad:e5:9f:1a:31:27:2c:bf:45:d6:62:0e:3e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\Work\Arizona DE\Arizona DE\x64\Release\ClientSA.pdb

Imports

gdi32

AddFontResourceW

advapi32

RegCloseKey

dbghelp

SymFunctionTableAccess64

shell32

ShellExecuteW

kernel32

GetLocalTime

user32

GetDpiForWindow

d2d1

ord1

dwrite

DWriteCreateFactory

bcrypt

BCryptGenRandom

ws2_32

WSAEventSelect

ole32

CoInitializeEx

crypt32

CryptStringToBinaryW

Exports

Exports

curl_easy_cleanup
curl_easy_duphandle
curl_easy_escape
curl_easy_getinfo
curl_easy_header
curl_easy_init
curl_easy_nextheader
curl_easy_pause
curl_easy_perform
curl_easy_recv
curl_easy_reset
curl_easy_send
curl_easy_setopt
curl_easy_strerror
curl_easy_unescape
curl_easy_upkeep
curl_escape
curl_formadd
curl_formfree
curl_formget
curl_free
curl_getdate
curl_getenv
curl_global_cleanup
curl_global_init
curl_global_init_mem
curl_global_sslset
curl_global_trace
curl_maprintf
curl_mfprintf
curl_mime_addpart
curl_mime_data
curl_mime_data_cb
curl_mime_encoder
curl_mime_filedata
curl_mime_filename
curl_mime_free
curl_mime_headers
curl_mime_init
curl_mime_name
curl_mime_subparts
curl_mime_type
curl_mprintf
curl_msnprintf
curl_msprintf
curl_multi_add_handle
curl_multi_assign
curl_multi_cleanup
curl_multi_fdset
curl_multi_info_read
curl_multi_init
curl_multi_perform
curl_multi_poll
curl_multi_remove_handle
curl_multi_setopt
curl_multi_socket
curl_multi_socket_action
curl_multi_socket_all
curl_multi_strerror
curl_multi_timeout
curl_multi_wait
curl_multi_wakeup
curl_mvaprintf
curl_mvfprintf
curl_mvprintf
curl_mvsnprintf
curl_mvsprintf
curl_share_cleanup
curl_share_init
curl_share_setopt
curl_share_strerror
curl_slist_append
curl_slist_free_all
curl_strequal
curl_strnequal
curl_unescape
curl_url
curl_url_cleanup
curl_url_dup
curl_url_get
curl_url_set
curl_url_strerror

Sections

.text
Size: - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 697KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 514KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.?Au
Size: - Virtual size: 16.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.%Xo
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.?:/
Size: 24.3MB - Virtual size: 24.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 336B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e7d8c976ad74514e9cd7afd967a78f06

Code Sign

c9:89:94:cb:43:ae:38:a9Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

c9:89:94:cb:43:ae:38:a9Certificate

01:9b:ea:de:c8:4d:6b:8f:f7:6c:3a:9f:2e:01:24:16Certificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51Certificate

Key Usages

76:77:ed:46:51:71:63:ab:de:47:5c:e9:ba:7f:73:ef:40:dc:3c:c9:1d:18:3f:89:33:c6:1f:6b:cf:93:a5:f7Signer

84:84:9a:2c:95:42:74:ad:e5:9f:1a:31:27:2c:bf:45:d6:62:0e:3eSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

gdi32

advapi32

dbghelp

shell32

kernel32

user32

d2d1

dwrite

bcrypt

ws2_32

ole32

crypt32

Exports

Exports

Sections

.text Size: - Virtual size: 2.7MB

.rdata Size: - Virtual size: 697KB

.data Size: - Virtual size: 514KB

.pdata Size: - Virtual size: 120KB

_RDATA Size: - Virtual size: 500B

.?Au Size: - Virtual size: 16.1MB

.%Xo Size: 1KB - Virtual size: 1KB

.?:/ Size: 24.3MB - Virtual size: 24.3MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 336B

c9:89:94:cb:43:ae:38:a9
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

c9:89:94:cb:43:ae:38:a9
Certificate

01:9b:ea:de:c8:4d:6b:8f:f7:6c:3a:9f:2e:01:24:16
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

76:77:ed:46:51:71:63:ab:de:47:5c:e9:ba:7f:73:ef:40:dc:3c:c9:1d:18:3f:89:33:c6:1f:6b:cf:93:a5:f7
Signer

84:84:9a:2c:95:42:74:ad:e5:9f:1a:31:27:2c:bf:45:d6:62:0e:3e
Signer

.text
Size: - Virtual size: 2.7MB

.rdata
Size: - Virtual size: 697KB

.data
Size: - Virtual size: 514KB

.pdata
Size: - Virtual size: 120KB

_RDATA
Size: - Virtual size: 500B

.?Au
Size: - Virtual size: 16.1MB

.%Xo
Size: 1KB - Virtual size: 1KB

.?:/
Size: 24.3MB - Virtual size: 24.3MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 336B