eb2028d42ba105a81d88510ee66644156f6719566fa6a92f48171f0b970d614f

Sharing

Copy URL Twitter E-mail

General

Target

eb2028d42ba105a81d88510ee66644156f6719566fa6a92f48171f0b970d614f
Size

5.8MB
MD5

2a6756a42a69a1e4d22bb3cd7e625d46
SHA1

0c939318295e02a85705efc9946e157c44a1d8ff
SHA256

eb2028d42ba105a81d88510ee66644156f6719566fa6a92f48171f0b970d614f
SHA512

3e68d773076bac5ccfdbbb5eb0e8d15f827c0c94f81c9c9535987586dd03d377feef0a74c0f367d459a90b9257444a8e12d696cdec88c802ef4652720cd8dd33
SSDEEP

98304:hKwCpE+mBoEBDeasdzH/cs8cfQW6OUiCpIWLQCIFBRQlt3RHffOYVvsIrqNkJW6P:hKL/ERqH/TQW6OKuWL6FERAIrqNp/8B

Score

1^/10

Malware Config

Signatures

Files

eb2028d42ba105a81d88510ee66644156f6719566fa6a92f48171f0b970d614f
.dll windows:5 windows x86 arch:x86

5c2d49f08eefd55e492e62b5a3bc70f6

Code Sign

b1:3c:53:37:b0:86:3b:4a:d8:5e:c3:42:3c:e8:3f:be
Certificate

Issuer

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Not Before

23/02/2024, 00:00

Not After

22/02/2027, 23:59

Subject

SERIALNUMBER=53481265A,CN=PURSLANE,O=PURSLANE,ST=North West,C=SG,2.5.4.15=#130f427573696e65737320456e74697479,1.3.6.1.4.1.311.60.2.1.3=#13025347

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

e0:a9:3a:ab:d6:8c:2b:db:64:12:c2:cc:57:00:60:a4:06:16:8a:ad:e5:b0:34:13:40:2c:de:3c:e2:77:aa:f5
Signer

Actual PE Digest

e0:a9:3a:ab:d6:8c:2b:db:64:12:c2:cc:57:00:60:a4:06:16:8a:ad:e5:b0:34:13:40:2c:de:3c:e2:77:aa:f5

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\sciter\sciter\sdk\bin.win\x32\sciter.pdb

Imports

ws2_32

WSASocketW
ioctlsocket
WSARecv
socket
FreeAddrInfoW
GetAddrInfoW
htons
closesocket
getsockopt
setsockopt
getaddrinfo
freeaddrinfo
WSASetLastError
WSAStartup
WSARecvFrom
select
bind
WSAIoctl
WSASend
WSAGetLastError
listen
shutdown

wininet

InternetConnectA
HttpQueryInfoW
HttpQueryInfoA
InternetReadFile
InternetCloseHandle
InternetOpenA
InternetSetOptionW
HttpSendRequestA
InternetErrorDlg
HttpOpenRequestA
InternetQueryOptionW

shell32

DragQueryFileW
SHGetFileInfoW
CommandLineToArgvW
ord74
SHGetPathFromIDListW
Shell_NotifyIconW
ShellExecuteW
ord727
SHBrowseForFolderW
SHGetSpecialFolderPathW
ShellExecuteExW

advapi32

GetUserNameW
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
RegCloseKey
RegQueryValueExW
RegOpenKeyExW

ole32

CoTaskMemFree
CoCreateInstance
CoCreateGuid
OleUninitialize
OleInitialize
CoUninitialize
ReleaseStgMedium
DoDragDrop
RevokeDragDrop
RegisterDragDrop
CreateStreamOnHGlobal
CoInitialize
CoTaskMemAlloc
CoFreeUnusedLibraries

oleaut32

SysFreeString
SafeArrayCreateVector
SysAllocStringLen
SafeArrayDestroy
SafeArrayPutElement

gdi32

GetGlyphIndicesW
EnumFontFamiliesExW
GetFontUnicodeRanges
GetClipBox
SaveDC
GetStockObject
RestoreDC
BitBlt
StartPage
SetLayout
CreateDCW
SetMapMode
StartDocW
EndPage
StretchDIBits
DeleteObject
CreateBitmap
CreateDIBSection
GetDIBits
SelectObject
DeleteDC
CreateCompatibleDC
GetObjectW
AddFontMemResourceEx
GetDeviceCaps
CreateSolidBrush
GetObjectA
EndDoc
SetViewportOrgEx
CreateFontW

comdlg32

PrintDlgW
GetOpenFileNameW
CommDlgExtendedError
GetSaveFileNameW

winspool.drv

ord203

kernel32

RaiseException
RtlUnwind
InitializeSListHead
GetSystemTimeAsFileTime
GetModuleHandleW
IsDebuggerPresent
IsProcessorFeaturePresent
FindFirstFileExA
DecodePointer
HeapReAlloc
DeleteFileW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
WaitForSingleObjectEx
HeapSize
GetLogicalDriveStringsW
GetVolumeInformationW
SetThreadPriority
GlobalFree
FormatMessageW
LocalAlloc
LocalSize
lstrcmpW
LoadLibraryW
GetVersionExW
GetThreadPriority
GetTickCount
GetExitCodeThread
GetNativeSystemInfo
CreateTimerQueue
SignalObjectAndWait
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
EnumSystemLocalesW
IsValidLocale
MultiByteToWideChar
FindFirstFileW
FindNextFileW
FindClose
WideCharToMultiByte
VerSetConditionMask
VerifyVersionInfoW
GetFullPathNameW
GetModuleFileNameW
QueryPerformanceCounter
QueryPerformanceFrequency
CompareStringW
GetNumberFormatW
GetCurrencyFormatW
GetDateFormatW
GetTimeFormatW
GetComputerNameW
GetUserDefaultLCID
GetLocaleInfoW
LoadLibraryExW
GetProcAddress
GetSystemTime
SystemTimeToFileTime
GetTimeZoneInformation
FileTimeToSystemTime
OutputDebugStringW
CreateFileW
GetFileSize
CreateFileMappingW
MapViewOfFile
FlushViewOfFile
UnmapViewOfFile
GetProcessAffinityMask
SetFilePointer
SetEndOfFile
MulDiv
GetTempPathA
GetTempFileNameA
GetLastError
GetFileAttributesW
Sleep
GetCurrentThreadId
GetCPInfo
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalSize
TryEnterCriticalSection
TlsSetValue
EnterCriticalSection
ReleaseSemaphore
WaitForMultipleObjects
LeaveCriticalSection
InitializeCriticalSection
WaitForSingleObject
ResumeThread
CreateEventW
SetEvent
TlsAlloc
ResetEvent
DeleteCriticalSection
CreateSemaphoreW
TlsGetValue
TlsFree
GetCurrentProcess
SetEnvironmentVariableW
GetEnvironmentVariableW
GetCurrentDirectoryW
GetCurrentProcessId
SetErrorMode
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
ReadFile
SetNamedPipeHandleState
CreateNamedPipeA
SetLastError
WriteFile
RegisterWaitForSingleObject
UnregisterWait
CreateNamedPipeW
PeekNamedPipe
DuplicateHandle
QueueUserWorkItem
GetNamedPipeHandleStateW
GetCurrentThread
SwitchToThread
WaitNamedPipeW
ConnectNamedPipe
FlushFileBuffers
CancelIo
SetHandleInformation
GetConsoleMode
GetFileType
GetModuleHandleA
LoadLibraryA
LocalFree
FormatMessageA
DebugBreak
CreateDirectoryW
DeviceIoControl
RemoveDirectoryW
SetFileTime
CreateHardLinkW
GetFileInformationByHandle
SetFilePointerEx
MoveFileExW
CopyFileW
SetConsoleCtrlHandler
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
GetConsoleCursorInfo
SetConsoleCursorInfo
FillConsoleOutputCharacterW
ReadConsoleInputW
CreateFileA
ReadConsoleW
WriteConsoleInputW
FillConsoleOutputAttribute
WriteConsoleW
GetNumberOfConsoleInputEvents
SetConsoleCursorPosition
GetLongPathNameW
GetShortPathNameW
ReadDirectoryChangesW
SetInformationJobObject
AssignProcessToJobObject
TerminateProcess
CreateJobObjectW
UnregisterWaitEx
LCMapStringW
CreateProcessW
GetExitCodeProcess
GetStartupInfoW
GetStdHandle
lstrlenW
CreateThread
ExitProcess
FreeLibrary
VirtualAlloc
VirtualProtect
VirtualFree
AllocConsole
HeapFree
GetCommandLineW
HeapAlloc
GetProcessHeap
LoadLibraryExA
GetModuleFileNameA
SetThreadAffinityMask
GetThreadTimes
InterlockedPopEntrySList
QueryDepthSList
InterlockedFlushSList
EncodePointer
InitializeCriticalSectionAndSpinCount
ExitThread
InterlockedPushEntrySList
CloseHandle
FreeLibraryAndExitThread
GetModuleHandleExW
SetStdHandle
GetConsoleCP
GetFileAttributesExW
SetFileAttributesW
GetStringTypeW
GetACP

user32

InvalidateRect
UpdateWindow
SetWindowPos
AnimateWindow
IsWindowVisible
GetWindowPlacement
RegisterClassW
EndPaint
BeginPaint
GetForegroundWindow
CreateWindowExW
SetTimer
MoveWindow
SetWindowLongW
ShowWindow
DefWindowProcW
GetParent
SendMessageW
DestroyWindow
RedrawWindow
WindowFromPoint
SetForegroundWindow
IsIconic
ScreenToClient
ClientToScreen
MapWindowPoints
RegisterWindowMessageW
LoadIconW
RegisterClassExW
AdjustWindowRectEx
SetClassLongW
GetClassLongW
PostMessageW
KillTimer
GetAsyncKeyState
GetMessageTime
IsWindowUnicode
GetFocus
SetFocus
SetCursor
GetCursorPos
GetScrollInfo
GetWindowTextW
SetWindowTextW
CallMsgFilterW
PeekMessageW
TranslateMessage
EnableWindow
GetCapture
ReleaseCapture
CallNextHookEx
SetWindowsHookExW
UnhookWindowsHookEx
GetActiveWindow
IsChild
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
EnumThreadWindows
IsRectEmpty
GetWindow
FlashWindowEx
MonitorFromPoint
GetKeyboardLayout
CreateCaret
DestroyCaret
SetCaretPos
FindWindowW
RegisterClipboardFormatW
GetDesktopWindow
MessageBeep
NotifyWinEvent
GetDoubleClickTime
GetWindowThreadProcessId
GetSystemMetrics
DestroyIcon
DrawIconEx
IsWindow
GetWindowRect
GetIconInfo
CreateIconIndirect
GetClientRect
SetScrollInfo
LoadCursorFromFileA
LoadCursorW
DestroyCursor
GetSysColor
ReleaseDC
GetDC
SetWinEventHook
GetClipboardSequenceNumber
GetClipboardData
GetWindowLongW
IsClipboardFormatAvailable
GetKeyState
SetClipboardData
EnumClipboardFormats
CountClipboardFormats
CloseClipboard
EmptyClipboard
IsWindowEnabled
MonitorFromWindow
EnumDisplayMonitors
GetMonitorInfoW
EnumDisplayDevicesW
PostQuitMessage
SystemParametersInfoW
MessageBoxA
GetMessageW
MapVirtualKeyW
GetUpdateRect
DispatchMessageW
LoadStringW
UpdateLayeredWindow
SetActiveWindow
MessageBoxW
PostThreadMessageW
SetCapture
GetQueueStatus
MsgWaitForMultipleObjects
OpenClipboard

uxtheme

OpenThemeData
SetWindowTheme
IsThemeBackgroundPartiallyTransparent
DrawThemeBackground
GetThemePartSize
CloseThemeData

shlwapi

PathIsRelativeW

winmm

timeBeginPeriod
timeGetTime
timeSetEvent
timeKillEvent
timeEndPeriod

comctl32

ImageList_GetIconSize
ImageList_Destroy
ImageList_DrawEx

oleacc

LresultFromObject
AccessibleObjectFromWindow

imm32

ImmNotifyIME
ImmReleaseContext
ImmGetContext
ImmGetCompositionStringW
ImmIsIME
ImmSetCandidateWindow
ImmAssociateContextEx

usp10

ScriptFreeCache
ScriptApplyDigitSubstitution
ScriptItemize
ScriptBreak
ScriptShape
ScriptPlace

gdiplus

GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdipFillRectangleI
GdipCreatePath
GdipDeletePath
GdipAddPathArcI
GdipAddPathLineI
GdipFillPath
GdipGetClipBoundsI
GdipCreateLineBrush
GdipMultiplyLineTransform
GdipCreateMatrix2
GdipSetLinePresetBlend
GdipSetLineWrapMode
GdipAddPathEllipse
GdipCreatePathGradientFromPath
GdipSetPathGradientPresetBlend
GdipSetPathGradientWrapMode
GdipSetPathGradientCenterPoint
GdipCloneImage
GdipCreatePen1
GdipDeletePen
GdipDrawPath
GdipFillRectanglesI
GdipDrawLine
GdipSetClipRectI
GdipTranslateWorldTransform
GdipGetSmoothingMode
GdipSaveGraphics
GdipRestoreGraphics
GdipBeginContainer2
GdipGetImageGraphicsContext
GdipGraphicsClear
GdipGetPathWorldBounds
GdipClonePath
GdipSetClipRect
GdipAddPathRectangleI
GdipGetImageHeight
GdipGetImageWidth
GdipDeleteGraphics
GdipSetSmoothingMode
GdipEndContainer
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesColorMatrix
GdipDrawImageRectRect
GdipTransformPoints
GdipMultiplyWorldTransform
GdipResetWorldTransform
GdipCreateMatrix
GdipDeleteMatrix
GdipGetWorldTransform
GdipGetMatrixElements
GdipTranslateMatrix
GdipRotateMatrix
GdipScaleMatrix
GdipShearMatrix
GdipCreateTexture
GdipFillEllipse
GdipDrawEllipse
GdipFillPie
GdipDrawPie
GdipDrawArc
GdipFillRectangle
GdipDrawRectangle
GdipResetPath
GdipIsVisiblePathPoint
GdipStartPathFigure
GdipAddPathLine
GdipClosePathFigure
GdipSetPathFillMode
GdipAddPathArc
GdipAddPathBezier
GdipSetPageUnit
GdipSetCompositingQuality
GdipSetPixelOffsetMode
GdipSetInterpolationMode
GdipSetTextRenderingHint
GdipCreateFromHWND
GdipCreateFromHDC
GdipCreatePen2
GdipSetPenEndCap
GdipSetPenStartCap
GdipSetPenLineJoin
GdipSetPenMiterLimit
GdipSetPenDashStyle
GdipSetPenDashArray
GdipSetPenDashOffset
GdipGetFontSize
GdipDeleteFont
GdipGetCellAscent
GdipCreateFontFromDC
GdipGetLineSpacing
GdipGetEmHeight
GdipCreateFontFromLogfontA
GdipGetFamily
GdipDeleteFontFamily
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromGraphics
GdipDrawImageI
GdipCreateHBITMAPFromBitmap
GdipDrawDriverString
GdipCreateBitmapFromScan0
GdipFree
GdipAlloc
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipDisposeImage
GdipSetPathGradientTransform

Exports

Exports

SciterAPI

Sections

.text
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 166KB - Virtual size: 207KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 269KB - Virtual size: 268KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 277KB - Virtual size: 277KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5c2d49f08eefd55e492e62b5a3bc70f6

Code Sign

b1:3c:53:37:b0:86:3b:4a:d8:5e:c3:42:3c:e8:3f:beCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

e0:a9:3a:ab:d6:8c:2b:db:64:12:c2:cc:57:00:60:a4:06:16:8a:ad:e5:b0:34:13:40:2c:de:3c:e2:77:aa:f5Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

wininet

shell32

advapi32

ole32

oleaut32

gdi32

comdlg32

winspool.drv

kernel32

user32

uxtheme

shlwapi

winmm

comctl32

oleacc

imm32

usp10

gdiplus

Exports

Exports

Sections

.text Size: 4.0MB - Virtual size: 4.0MB

.rdata Size: 1.1MB - Virtual size: 1.1MB

.data Size: 166KB - Virtual size: 207KB

.rsrc Size: 269KB - Virtual size: 268KB

.reloc Size: 277KB - Virtual size: 277KB

b1:3c:53:37:b0:86:3b:4a:d8:5e:c3:42:3c:e8:3f:be
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

e0:a9:3a:ab:d6:8c:2b:db:64:12:c2:cc:57:00:60:a4:06:16:8a:ad:e5:b0:34:13:40:2c:de:3c:e2:77:aa:f5
Signer

.text
Size: 4.0MB - Virtual size: 4.0MB

.rdata
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 166KB - Virtual size: 207KB

.rsrc
Size: 269KB - Virtual size: 268KB

.reloc
Size: 277KB - Virtual size: 277KB