bfcf5f616b1b73700e25ed79a51f6592dcb59f47ee88ac584a9ac804cc86652d

Sharing

Copy URL Twitter E-mail

General

Target

bfcf5f616b1b73700e25ed79a51f6592dcb59f47ee88ac584a9ac804cc86652d
Size

1.7MB
MD5

964af3c92eefb8915bf3f4a728f2415f
SHA1

7f79538ace0feed057904a010d6f29c35b30be41
SHA256

bfcf5f616b1b73700e25ed79a51f6592dcb59f47ee88ac584a9ac804cc86652d
SHA512

fc831b50d28ba22cee88d4aac0904f563d3963a62be14848f9d1d151c71cce3d3d599dd0cb6aa947b96d895d0d28e22a8a0ac26af83d7da7f0fbace637bc63a4
SSDEEP

24576:+HrTgQR4wdBgwE6SHUf4T1bmMb4R3pNcF/X2yon:+HV4rwE6TMb442yon

Score

1^/10

Malware Config

Signatures

Files

bfcf5f616b1b73700e25ed79a51f6592dcb59f47ee88ac584a9ac804cc86652d
.dll windows:6 windows x86 arch:x86

194626d43f26c1982a95631fc6459d5a

Code Sign

29:83:be:66:e9:a7:f8:41:bf:8e:e2:e0:3a:21:14:c6
Certificate

Issuer

CN=crysus

Not Before

31/12/2023, 21:00

Not After

31/12/2029, 21:00

Subject

CN=crysus

Extended Key Usages

ExtKeyUsageCodeSigning

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:85:d0:84:fe:eb:8f:35:96:f4:16:0f:82:3b:f7:7a:97:88:40:7a:4d:88:1a:8e:47:d0:b1:1d:19:f7:3d:81
Signer

Actual PE Digest

0c:85:d0:84:fe:eb:8f:35:96:f4:16:0f:82:3b:f7:7a:97:88:40:7a:4d:88:1a:8e:47:d0:b1:1d:19:f7:3d:81

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Clon_\OneDrive\Masaüstü\Hile Koruması\crysus\Debug\Crysus.pdb

Imports

kernel32

OpenProcess
K32EnumProcesses
K32EnumProcessModules
K32GetModuleFileNameExA
ReadProcessMemory
Process32First
Process32Next
FindNextFileA
GetTickCount
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
ResumeThread
FindFirstFileExW
GetTimeZoneInformation
SetStdHandle
GetFullPathNameW
GetCurrentDirectoryW
SetCurrentDirectoryW
DeleteFileW
ReadConsoleW
SetFilePointerEx
GetFileSizeEx
ReadFile
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
WaitForSingleObject
Module32Next
Module32First
CreateToolhelp32Snapshot
LoadLibraryExA
GetProcAddress
FreeLibrary
GetModuleHandleA
GetCurrentProcessId
GetProcessHeap
HeapFree
HeapAlloc
GetLastError
CloseHandle
FindFirstFileA
FindClose
CreateThread
TerminateProcess
GetCurrentProcess
FindNextFileW
Sleep
GetLocaleInfoW
LCMapStringW
FormatMessageA
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
LocalFree
EncodePointer
DecodePointer
MultiByteToWideChar
LCMapStringEx
GetLocaleInfoEx
GetStringTypeW
CompareStringEx
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
RaiseException
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
VirtualQuery
RtlUnwind
InterlockedPushEntrySList
InterlockedFlushSList
GetModuleFileNameW
LoadLibraryExW
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
ExitProcess
GetModuleHandleExW
HeapValidate
GetSystemInfo
CreateFileW
GetDriveTypeW
GetFileInformationByHandle
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetStdHandle
WriteConsoleW
GetCurrentThread
HeapReAlloc
HeapSize
HeapQueryInformation
WriteFile
OutputDebugStringW
SetConsoleCtrlHandler
GetTempPathW
GetDateFormatW
GetTimeFormatW
CompareStringW
SetEndOfFile

user32

LoadCursorA
SetWindowLongA
GetWindowLongA
GetClientRect
EndPaint
BeginPaint
UpdateWindow
GetSystemMetrics
ShowWindow
DestroyWindow
LoadImageA
RegisterClassExA
UnregisterClassA
DefWindowProcA
DispatchMessageA
TranslateMessage
GetMessageA
FindWindowA
FindWindowExA
SendMessageA
WindowFromPoint
GetWindowTextA
MessageBoxA
CreateWindowExA

gdi32

SelectObject
GetStockObject
DeleteObject
DeleteDC
CreateCompatibleDC
BitBlt
GetObjectA

advapi32

SetSecurityInfo
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
InitializeAcl
GetTokenInformation
GetLengthSid
FreeSid
AllocateAndInitializeSid
AddAccessDeniedAce
AddAccessAllowedAce
OpenProcessToken
GetUserNameA

shell32

ShellExecuteA

Exports

Exports

Crysus

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 260KB - Virtual size: 260KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 265B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

194626d43f26c1982a95631fc6459d5a

Code Sign

29:83:be:66:e9:a7:f8:41:bf:8e:e2:e0:3a:21:14:c6Certificate

Extended Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

0c:85:d0:84:fe:eb:8f:35:96:f4:16:0f:82:3b:f7:7a:97:88:40:7a:4d:88:1a:8e:47:d0:b1:1d:19:f7:3d:81Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

Exports

Exports

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 260KB - Virtual size: 260KB

.data Size: 14KB - Virtual size: 21KB

.idata Size: 6KB - Virtual size: 5KB

.00cfg Size: 512B - Virtual size: 265B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 45KB - Virtual size: 44KB

29:83:be:66:e9:a7:f8:41:bf:8e:e2:e0:3a:21:14:c6
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

0c:85:d0:84:fe:eb:8f:35:96:f4:16:0f:82:3b:f7:7a:97:88:40:7a:4d:88:1a:8e:47:d0:b1:1d:19:f7:3d:81
Signer

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 260KB - Virtual size: 260KB

.data
Size: 14KB - Virtual size: 21KB

.idata
Size: 6KB - Virtual size: 5KB

.00cfg
Size: 512B - Virtual size: 265B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 45KB - Virtual size: 44KB