OFICIO No 218 CITACION JUDICIAL SPOA 051726000328201980198[.]exe[.]bin

Sharing

Copy URL

Twitter E-mail

General

Target

OFICIO No 218 CITACION JUDICIAL SPOA 051726000328201980198.exe.bin
Size

1.4MB
MD5

7f668ad0262fca387912eac42fe0d1ad
SHA1

ed66322c57e35ae311e936bee30338fc1e5fa9cb
SHA256

5bf7b71e86df7325952c69689ad1be6461477848afb69cf76f3ecf58471b92b6
SHA512

2c8b68902102d47663d112d068a93ab9c1b24d9e1f1111e291e3db75605df7c13bc9cf6238fb26d8685e7483d79c90874522bb812baa29f02498c557d15c8946
SSDEEP

24576:LrCsGvc3I9PZ9pxsPfEPaXuDBFRlC08a8SLOXEjJUYK90SebGaFf1ZYZkLlK9:6sG03+VxsP8ZLlC08a82rU1PyhK9

Score

1^/10

Malware Config

Signatures

Files

OFICIO No 218 CITACION JUDICIAL SPOA 051726000328201980198.exe.bin
.exe windows:5 windows x86 arch:x86

75d0d6eb4dc0a41689233896c7c5a6d1

Code Sign

30:20:cd:c2:db:9e:d0:be:86:6d:83:92:bb:5c:4d:0e
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12-04-2016 00:00

Not After

12-04-2021 23:59

Subject

CN=ALCPU,O=ALCPU,POSTALCODE=67298,STREET=Snapir st. 1/12,L=Tel Aviv,ST=Tel Aviv,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:00:00:00:35:d8:d5:59:5b:06:71:41:2b:00:00:00:00:00:35
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-08-2013 20:26

Not After

15-08-2023 20:36

Subject

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30-05-2000 10:48

Not After

30-05-2020 10:48

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09-05-2013 00:00

Not After

08-05-2028 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02-05-2019 00:00

Not After

01-08-2030 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8b:c9:8b:c3:c8:ae:19:37:f3:89:19:17:4a:92:6d:5a:86:d2:f5:70:4b:24:01:10:c4:96:83:cd:3f:a1:b2:8c
Signer

Actual PE Digest

8b:c9:8b:c3:c8:ae:19:37:f3:89:19:17:4a:92:6d:5a:86:d2:f5:70:4b:24:01:10:c4:96:83:cd:3f:a1:b2:8c

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\vmagent_new\bin\joblist\458571\out\Release\360EvtMgr.pdb

Imports

kernel32

SetFilePointer
WriteFile
OutputDebugStringW
CloseHandle
RaiseException
InitializeCriticalSection
DeleteCriticalSection
WaitForSingleObject
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
FlushInstructionCache
GetLocalTime
lstrcmpiW
lstrlenW
FileTimeToSystemTime
SystemTimeToFileTime
CreateDirectoryW
GetExitCodeProcess
FreeResource
CreateProcessW
GetStartupInfoW
ExpandEnvironmentStringsW
GetFileSizeEx
SetEndOfFile
GetLongPathNameW
SetUnhandledExceptionFilter
DeviceIoControl
ProcessIdToSessionId
OpenProcess
GetSystemDirectoryW
VirtualProtect
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetFileSize
ReadFile
GetFileAttributesW
IsDebuggerPresent
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
IsProcessorFeaturePresent
FlushFileBuffers
QueryPerformanceCounter
TryEnterCriticalSection
FormatMessageW
LocalFree
HeapLock
HeapUnlock
HeapWalk
ReleaseMutex
OpenThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CreateFileA
LocalFileTimeToFileTime
SetFilePointerEx
SetEvent
ResetEvent
UnhandledExceptionFilter
CreateTimerQueue
SignalObjectAndWait
SwitchToThread
CreateThread
SetThreadPriority
GetThreadPriority
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetProcessAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetCurrentThread
FreeLibraryAndExitThread
DuplicateHandle
ReleaseSemaphore
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
RtlUnwind
WideCharToMultiByte
FindNextFileW
FindFirstFileW
FindClose
FileTimeToLocalFileTime
DeleteFileW
GetUserDefaultUILanguage
MultiByteToWideChar
GetPrivateProfileStringW
LoadLibraryW
GetModuleFileNameW
GetVersionExW
GetVersion
LeaveCriticalSection
EnterCriticalSection
SetCurrentDirectoryW
FindResourceW
SizeofResource
LockResource
LoadResource
GetModuleHandleW
FindResourceExW
GetProcessHeap
HeapSize
VirtualFree
SetThreadAffinityMask
LoadLibraryExW
GetProcAddress
FreeLibrary
GetTickCount
GetSystemTimeAsFileTime
CreateFileW
GetThreadTimes
TerminateProcess
GetProcessTimes
CreateSemaphoreW
Sleep
CreateEventW
CreateMutexW
WaitForSingleObjectEx
InitializeCriticalSectionAndSpinCount
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
SetLastError
GetLastError
VirtualAlloc

user32

DispatchMessageW
PeekMessageW
PostMessageW
CreatePopupMenu
DestroyMenu
TrackPopupMenu
InsertMenuItemW
SetWindowTextW
GetSystemMetrics
CopyRect
ClientToScreen
KillTimer
SetTimer
GetActiveWindow
MessageBoxW
GetLastInputInfo
DialogBoxParamW
PostQuitMessage
MonitorFromWindow
DefWindowProcW
InvalidateRect
GetClientRect
IsDialogMessageW
LoadImageW
GetParent
GetWindowLongW
MapWindowPoints
EndDialog
GetMonitorInfoW
MonitorFromPoint
SystemParametersInfoW
GetWindow
GetMessageW
GetWindowRect
RegisterClassW
SetWindowPos
SendMessageW
RegisterWindowMessageW
SetForegroundWindow
WaitForInputIdle
FindWindowW
SetWindowLongW
CharNextW
CreateDialogParamW
ShowWindow
DestroyWindow
GetClassInfoW
UnregisterClassW
TranslateMessage

advapi32

RegQueryValueExW
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
DuplicateTokenEx
OpenProcessToken
CreateProcessAsUserW
RegQueryInfoKeyW
RegEnumKeyExW
RegSetValueExW
RegQueryValueExA
RegOpenKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey

shell32

SHGetSpecialFolderPathW
ord165
ShellExecuteW

ole32

CoUninitialize
CoInitialize
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance

oleaut32

SysAllocString
SysFreeString
SysStringByteLen
SysAllocStringByteLen
VarUI4FromStr
VariantClear
VarBstrCmp
VariantInit
DispCallFunc
SafeArrayCreate
SafeArrayDestroy
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayLock
SafeArrayUnlock
SafeArrayCopy
SafeArrayGetVartype
VariantCopy

shlwapi

PathIsDirectoryW
SHSetValueW
PathFindFileNameW
PathAddBackslashW
StrStrIW
StrCmpNIA
SHGetValueW
PathRemoveFileSpecW
PathCombineW
PathAppendW
PathFileExistsW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

psapi

EnumProcessModules
GetModuleFileNameExW

ntdll

RtlDllShutdownInProgress

comctl32

InitCommonControlsEx

imm32

ImmDisableIME

msvcrt

__DestructExceptionObject
_wcsupr
___lc_codepage_func
_lock
_unlock
_iob
__pctype_func
iswctype
___mb_cur_max_func
_wcslwr
__dllonexit
__set_app_type
_wcmdln
_exit
__RTDynamicCast
_control87
_XcptFilter
_fmode
mbtowc
strrchr
_CIexp
_CIlog10
ceil
_clearfp
?terminate@@YAXXZ
_wcstoui64
_msize
__CxxFrameHandler
_initterm
__setusermatherr
atexit
__wgetmainargs
_amsg_exit
_cexit
strtol
wcstol
___lc_handle_func
tolower
abort
realloc
__uncaught_exception
??0exception@@QAE@XZ
_CIsqrt
__p__commode
_c_exit
localeconv
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@ABQBD@Z
calloc
wcschr
memcmp
_beginthreadex
_strtoui64
strtoul
wcstoul
malloc
free
wcsrchr
??_U@YAPAXI@Z
atoi
exit
_wtoi
_wcsnicmp
_wcsicmp
wcsspn
wcscspn
wcsstr
_errno
??_V@YAXPAX@Z
??3@YAXPAX@Z
memmove
_CxxThrowException
??2@YAPAXI@Z
memset
memcpy

Sections

.text
Size: 342KB - Virtual size: 344KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1012KB - Virtual size: 1011KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

75d0d6eb4dc0a41689233896c7c5a6d1

Code Sign

30:20:cd:c2:db:9e:d0:be:86:6d:83:92:bb:5c:4d:0eCertificate

Extended Key Usages

Key Usages

33:00:00:00:35:d8:d5:59:5b:06:71:41:2b:00:00:00:00:00:35Certificate

Extended Key Usages

Key Usages

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22Certificate

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

8b:c9:8b:c3:c8:ae:19:37:f3:89:19:17:4a:92:6d:5a:86:d2:f5:70:4b:24:01:10:c4:96:83:cd:3f:a1:b2:8cSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

version

psapi

ntdll

comctl32

imm32

msvcrt

Sections

.text Size: 342KB - Virtual size: 344KB

.rdata Size: 56KB - Virtual size: 56KB

.data Size: 7KB - Virtual size: 24KB

.rsrc Size: 1012KB - Virtual size: 1011KB

30:20:cd:c2:db:9e:d0:be:86:6d:83:92:bb:5c:4d:0e
Certificate

33:00:00:00:35:d8:d5:59:5b:06:71:41:2b:00:00:00:00:00:35
Certificate

27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

8b:c9:8b:c3:c8:ae:19:37:f3:89:19:17:4a:92:6d:5a:86:d2:f5:70:4b:24:01:10:c4:96:83:cd:3f:a1:b2:8c
Signer

.text
Size: 342KB - Virtual size: 344KB

.rdata
Size: 56KB - Virtual size: 56KB

.data
Size: 7KB - Virtual size: 24KB

.rsrc
Size: 1012KB - Virtual size: 1011KB