eff0ff1a9186ca9d78eeb78f24b97d2a7e558f57bae5f3e1de7b0a7283e78e37

Sharing

Copy URL

Twitter E-mail

General

Target

eff0ff1a9186ca9d78eeb78f24b97d2a7e558f57bae5f3e1de7b0a7283e78e37
Size

5.8MB
MD5

bdbfa4c9c9a72e85cd7aacbbb8a7a5b3
SHA1

763ac7ece3a10e2f6a5cdf827a8de45d9fd5999c
SHA256

eff0ff1a9186ca9d78eeb78f24b97d2a7e558f57bae5f3e1de7b0a7283e78e37
SHA512

d5be169775ab7ff0a3f2f22b007da5d379e2dab9e75d01689d80b796dc7088bea8fac6d009f81354de40299a216a0820c20fc32d8035793bcd80b5f7f4ad15c4
SSDEEP

98304:0tWCkDPAq5WpxbxXmLRrGwblLcDNxJ+Hi/H8U9eTpvB4DaOFa0LPJia/wF+WNTez:0iPAmWDbNmDOX6bOeTpvBsJwFnTeQa9L

Score

1^/10

Malware Config

Signatures

Files

eff0ff1a9186ca9d78eeb78f24b97d2a7e558f57bae5f3e1de7b0a7283e78e37
.exe windows:6 windows x86 arch:x86

b05e2410e92b97a4b739f3ded2bca4b2

Code Sign

11:7f:03:55:15:52:a9:bd:47:6d:6d:63:6c:a0:81:5e
Certificate

Issuer

CN=HDD Verbatim Digital EVO-II 5Tb HDWG460EZSTA N300 (4096rpm) 4036Mb 0.5 Rtl

Not Before

22-01-2023 17:37

Not After

23-01-2033 17:37

Subject

CN=HDD Verbatim Digital EVO-II 5Tb HDWG460EZSTA N300 (4096rpm) 4036Mb 0.5 Rtl

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03-05-2023 00:00

Not After

02-08-2034 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ad:c1:fd:e3:73:ad:01:99:c1:e6:9c:ee:95:d7:03:8b:01:c2:50:c9:d2:39:c4:53:a5:fd:19:80:df:e1:f3:39
Signer

Actual PE Digest

ad:c1:fd:e3:73:ad:01:99:c1:e6:9c:ee:95:d7:03:8b:01:c2:50:c9:d2:39:c4:53:a5:fd:19:80:df:e1:f3:39

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersionExA
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

GetWindowRect

gdi32

CreateCompatibleBitmap

advapi32

SystemFunction036

shell32

SHGetFolderPathA

ole32

CoUninitialize

ws2_32

WSACleanup

crypt32

CryptUnprotectData

shlwapi

PathFindExtensionA

gdiplus

GdipSaveImageToFile

setupapi

SetupDiEnumDeviceInterfaces

ntdll

RtlUnicodeStringToAnsiString

Sections

.text
Size: - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 202KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp_0
Size: - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp_1
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp_2
Size: 5.6MB - Virtual size: 5.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 223KB - Virtual size: 223KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b05e2410e92b97a4b739f3ded2bca4b2

Code Sign

11:7f:03:55:15:52:a9:bd:47:6d:6d:63:6c:a0:81:5eCertificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

ad:c1:fd:e3:73:ad:01:99:c1:e6:9c:ee:95:d7:03:8b:01:c2:50:c9:d2:39:c4:53:a5:fd:19:80:df:e1:f3:39Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

ws2_32

crypt32

shlwapi

gdiplus

setupapi

ntdll

Sections

.text Size: - Virtual size: 1.0MB

.rdata Size: - Virtual size: 202KB

.data Size: - Virtual size: 13KB

.vmp_0 Size: - Virtual size: 3.2MB

.vmp_1 Size: 2KB - Virtual size: 1KB

.vmp_2 Size: 5.6MB - Virtual size: 5.6MB

.reloc Size: 7KB - Virtual size: 6KB

.rsrc Size: 223KB - Virtual size: 223KB

11:7f:03:55:15:52:a9:bd:47:6d:6d:63:6c:a0:81:5e
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

ad:c1:fd:e3:73:ad:01:99:c1:e6:9c:ee:95:d7:03:8b:01:c2:50:c9:d2:39:c4:53:a5:fd:19:80:df:e1:f3:39
Signer

.text
Size: - Virtual size: 1.0MB

.rdata
Size: - Virtual size: 202KB

.data
Size: - Virtual size: 13KB

.vmp_0
Size: - Virtual size: 3.2MB

.vmp_1
Size: 2KB - Virtual size: 1KB

.vmp_2
Size: 5.6MB - Virtual size: 5.6MB

.reloc
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 223KB - Virtual size: 223KB