ec3b97cf120d513fe95927c4db3d266e0d31ef3cc97f31c4add63dc54470a016

Sharing

Copy URL Twitter E-mail

General

Target

ec3b97cf120d513fe95927c4db3d266e0d31ef3cc97f31c4add63dc54470a016
Size

39KB
MD5

989501df40acff84b47cb0112771ff11
SHA1

ff39e45e01dbfb90a05f8572d838c2cb2056713f
SHA256

ec3b97cf120d513fe95927c4db3d266e0d31ef3cc97f31c4add63dc54470a016
SHA512

45e28a13b32d623da26296ab93d2b626a02f7f33959cbdc2e4ba05d71f29aa19bbf9966608b912cb2eadd5f8e79045b0bece9b9208a302b22f967ad578e66560
SSDEEP

384:Ie35CYora/UKcNLswsKLOsNcS7hOdjQhYX1bG25+d1lFwKPQG1AdNlI2ge7wzIDr:Ie39DUVNLswsKy0IsjzwvJVYNFRKhp

Score

1^/10

Malware Config

Signatures

Files

ec3b97cf120d513fe95927c4db3d266e0d31ef3cc97f31c4add63dc54470a016
.dll windows:4 windows x64 arch:x64

e0a6d389d5588ad619c02b1d74279c39

Code Sign

10:88:f7:f1:fb:07:56:9c:3b:58:6d:01:2a:6e:46:4b
Certificate

Issuer

CN=SSL.com EV Code Signing Intermediate CA RSA R3,O=SSL Corp,L=Houston,ST=Texas,C=US

Not Before

01/06/2023, 16:36

Not After

30/05/2024, 16:09

Subject

SERIALNUMBER=9E-839,CN=CodeWeavers\, Inc,O=CodeWeavers\, Inc,L=Saint Paul,ST=Minnesota,C=US,1.3.6.1.4.1.311.60.2.1.3=#13025553,1.3.6.1.4.1.311.60.2.1.2=#13094d696e6e65736f7461,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

42:4b:6a:53:ce:c7:66:14:1c:2a:63:b1:a5:1c:41:04
Certificate

Issuer

CN=SSL.com EV Root Certification Authority RSA R2,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

26/03/2019, 17:44

Not After

22/03/2034, 17:44

Subject

CN=SSL.com EV Code Signing Intermediate CA RSA R3,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5a:5a:ac:e8:1a:35:6e:b4:62:86:8d:57:7d:e0:3d:c7
Certificate

Issuer

CN=SSL.com Timestamping Issuing RSA CA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Not Before

19/02/2024, 16:18

Not After

16/02/2034, 16:18

Subject

CN=SSL.com Timestamping Unit 2024 E1,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56
Certificate

Issuer

CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

13/11/2019, 18:50

Not After

12/11/2034, 18:50

Subject

CN=SSL.com Timestamping Issuing RSA CA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

27:c8:37:52:cd:c6:0f:e5:66:d0:39:02:24:91:5d:32:c9:6b:4b:8d:6d:08:ce:57:84:a1:b3:45:02:61:e7:30
Signer

Actual PE Digest

27:c8:37:52:cd:c6:0f:e5:66:d0:39:02:24:91:5d:32:c9:6b:4b:8d:6d:08:ce:57:84:a1:b3:45:02:61:e7:30

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

DisableThreadLibraryCalls
GetModuleHandleA
GetProcAddress
GetTickCount
HeapAlloc
HeapFree
HeapReAlloc
IsBadStringPtrW
RaiseException
Sleep
DeleteCriticalSection
EnterCriticalSection
GetLastError
InitializeCriticalSection
LeaveCriticalSection
TlsGetValue
VirtualProtect
VirtualQuery

msvcrt

_amsg_exit
_initterm
_lock
_unlock
_vsnprintf
__iob_func
_strdup
abort
calloc
fputs
free
fwrite
getenv
strncmp
vfprintf

ntdll

_snprintf
memcmp
memmove
sprintf
strchr
strcmp
strcpy
strcspn
strlen

Exports

Exports

??0CVssJetWriter@@QAE@XZ
??0CVssWriter@@QEAA@XZ
??1CVssJetWriter@@UAE@XZ
??1CVssWriter@@UEAA@XZ
?AreComponentsSelected@CVssJetWriter@@IBG_NXZ
?AreComponentsSelected@CVssWriter@@IBG_NXZ
?CreateVssBackupComponents@@YGJPAPAVIVssBackupComponents@@@Z
?CreateVssExamineWriterMetadata@@YGJPAGPAPAVIVssExamineWriterMetadata@@@Z
?CreateVssSnapshotSetDescription@@YGJU_GUID@@JPAPAVIVssSnapshotSetDescription@@@Z
?GetBackupType@CVssJetWriter@@IBG?AW4_VSS_BACKUP_TYPE@@XZ
?GetBackupType@CVssWriter@@IBG?AW4_VSS_BACKUP_TYPE@@XZ
?GetContext@CVssJetWriter@@IBGJXZ
?GetContext@CVssWriter@@IBGJXZ
?GetCurrentLevel@CVssJetWriter@@IBG?AW4_VSS_APPLICATION_LEVEL@@XZ
?GetCurrentLevel@CVssWriter@@IBG?AW4_VSS_APPLICATION_LEVEL@@XZ
?GetCurrentSnapshotSetId@CVssJetWriter@@IBG?AU_GUID@@XZ
?GetCurrentSnapshotSetId@CVssWriter@@IBG?AU_GUID@@XZ
?GetCurrentVolumeArray@CVssJetWriter@@IBGPAPBGXZ
?GetCurrentVolumeArray@CVssWriter@@IBGPAPBGXZ
?GetCurrentVolumeCount@CVssJetWriter@@IBGIXZ
?GetCurrentVolumeCount@CVssWriter@@IBGIXZ
?GetRestoreType@CVssJetWriter@@IBG?AW4_VSS_RESTORE_TYPE@@XZ
?GetRestoreType@CVssWriter@@IBG?AW4_VSS_RESTORE_TYPE@@XZ
?GetSnapshotDeviceName@CVssJetWriter@@IBGJPBGPAPBG@Z
?GetSnapshotDeviceName@CVssWriter@@IBGJPBGPAPBG@Z
?Initialize@CVssJetWriter@@QAGJU_GUID@@PBG_N211K@Z
?Initialize@CVssWriter@@QEAAJU_GUID@@PEBGW4VSS_USAGE_TYPE@@W4VSS_SOURCE_TYPE@@W4_VSS_APPLICATION_LEVEL@@KW4VSS_ALTERNATE_WRITER_STATE@@_N1@Z
?InstallAlternateWriter@CVssWriter@@QAGJU_GUID@@0@Z
?IsBootableSystemStateBackedUp@CVssJetWriter@@IBG_NXZ
?IsBootableSystemStateBackedUp@CVssWriter@@IBG_NXZ
?IsPartialFileSupportEnabled@CVssJetWriter@@IBG_NXZ
?IsPartialFileSupportEnabled@CVssWriter@@IBG_NXZ
?IsPathAffected@CVssJetWriter@@IBG_NPBG@Z
?IsPathAffected@CVssWriter@@IBG_NPBG@Z
?LoadVssSnapshotSetDescription@@YGJPBGPAPAVIVssSnapshotSetDescription@@U_GUID@@@Z
?OnAbortBegin@CVssJetWriter@@UAGXXZ
?OnAbortEnd@CVssJetWriter@@UAGXXZ
?OnBackOffIOOnVolume@CVssWriter@@UAG_NPAGU_GUID@@1@Z
?OnBackupComplete@CVssWriter@@UAG_NPAVIVssWriterComponents@@@Z
?OnBackupCompleteBegin@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@@Z
?OnBackupCompleteEnd@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@_N@Z
?OnBackupShutdown@CVssWriter@@UAG_NU_GUID@@@Z
?OnContinueIOOnVolume@CVssWriter@@UAG_NPAGU_GUID@@1@Z
?OnFreezeBegin@CVssJetWriter@@UAG_NXZ
?OnFreezeEnd@CVssJetWriter@@UAG_N_N@Z
?OnIdentify@CVssJetWriter@@UAG_NPAVIVssCreateWriterMetadata@@@Z
?OnIdentify@CVssWriter@@UAG_NPAVIVssCreateWriterMetadata@@@Z
?OnPostRestore@CVssWriter@@UAG_NPAVIVssWriterComponents@@@Z
?OnPostRestoreBegin@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@@Z
?OnPostRestoreEnd@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@_N@Z
?OnPostSnapshot@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@@Z
?OnPostSnapshot@CVssWriter@@UAG_NPAVIVssWriterComponents@@@Z
?OnPreRestore@CVssWriter@@UAG_NPAVIVssWriterComponents@@@Z
?OnPreRestoreBegin@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@@Z
?OnPreRestoreEnd@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@_N@Z
?OnPrepareBackup@CVssWriter@@UAG_NPAVIVssWriterComponents@@@Z
?OnPrepareBackupBegin@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@@Z
?OnPrepareBackupEnd@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@_N@Z
?OnPrepareSnapshotBegin@CVssJetWriter@@UAG_NXZ
?OnPrepareSnapshotEnd@CVssJetWriter@@UAG_N_N@Z
?OnThawBegin@CVssJetWriter@@UAG_NXZ
?OnThawEnd@CVssJetWriter@@UAG_N_N@Z
?OnVSSApplicationStartup@CVssWriter@@UAG_NXZ
?OnVSSShutdown@CVssWriter@@UAG_NXZ
?SetWriterFailure@CVssJetWriter@@IAGJJ@Z
?SetWriterFailure@CVssWriter@@IAGJJ@Z
?Subscribe@CVssWriter@@QEAAJK@Z
?Uninitialize@CVssJetWriter@@QAGXXZ
?Unsubscribe@CVssWriter@@QEAAJXZ
CreateVssBackupComponentsInternal
CreateVssExamineWriterMetadataInternal
CreateVssExpressWriterInternal
CreateWriter
CreateWriterEx
DllCanUnloadNow
DllGetClassObject
GetProviderMgmtInterface
GetProviderMgmtInterfaceInternal
IsVolumeSnapshotted
IsVolumeSnapshottedInternal
ShouldBlockRevert
ShouldBlockRevertInternal
VssFreeSnapshotProperties
VssFreeSnapshotPropertiesInternal

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rodata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 1024B - Virtual size: 672B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 1024B - Virtual size: 540B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 592B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e0a6d389d5588ad619c02b1d74279c39

Code Sign

10:88:f7:f1:fb:07:56:9c:3b:58:6d:01:2a:6e:46:4bCertificate

Extended Key Usages

Key Usages

42:4b:6a:53:ce:c7:66:14:1c:2a:63:b1:a5:1c:41:04Certificate

Extended Key Usages

Key Usages

5a:5a:ac:e8:1a:35:6e:b4:62:86:8d:57:7d:e0:3d:c7Certificate

Extended Key Usages

Key Usages

6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56Certificate

Extended Key Usages

Key Usages

27:c8:37:52:cd:c6:0f:e5:66:d0:39:02:24:91:5d:32:c9:6b:4b:8d:6d:08:ce:57:84:a1:b3:45:02:61:e7:30Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

ntdll

Exports

Exports

Sections

.text Size: 10KB - Virtual size: 9KB

.data Size: 512B - Virtual size: 192B

.rodata Size: 4KB - Virtual size: 3KB

.rdata Size: 2KB - Virtual size: 1KB

.pdata Size: 1024B - Virtual size: 672B

.xdata Size: 1024B - Virtual size: 540B

.bss Size: - Virtual size: 592B

.edata Size: 8KB - Virtual size: 8KB

.idata Size: 2KB - Virtual size: 1KB

.CRT Size: 512B - Virtual size: 88B

.tls Size: 512B - Virtual size: 16B

.reloc Size: 512B - Virtual size: 104B

10:88:f7:f1:fb:07:56:9c:3b:58:6d:01:2a:6e:46:4b
Certificate

42:4b:6a:53:ce:c7:66:14:1c:2a:63:b1:a5:1c:41:04
Certificate

5a:5a:ac:e8:1a:35:6e:b4:62:86:8d:57:7d:e0:3d:c7
Certificate

6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56
Certificate

27:c8:37:52:cd:c6:0f:e5:66:d0:39:02:24:91:5d:32:c9:6b:4b:8d:6d:08:ce:57:84:a1:b3:45:02:61:e7:30
Signer

.text
Size: 10KB - Virtual size: 9KB

.data
Size: 512B - Virtual size: 192B

.rodata
Size: 4KB - Virtual size: 3KB

.rdata
Size: 2KB - Virtual size: 1KB

.pdata
Size: 1024B - Virtual size: 672B

.xdata
Size: 1024B - Virtual size: 540B

.bss
Size: - Virtual size: 592B

.edata
Size: 8KB - Virtual size: 8KB

.idata
Size: 2KB - Virtual size: 1KB

.CRT
Size: 512B - Virtual size: 88B

.tls
Size: 512B - Virtual size: 16B

.reloc
Size: 512B - Virtual size: 104B