b8553107cf19adc1e1497373343ec011f242bcb539bfeef2141ee76e96e1c587

Sharing

Copy URL

Twitter E-mail

General

Target

b8553107cf19adc1e1497373343ec011f242bcb539bfeef2141ee76e96e1c587
Size

1.8MB
MD5

cfa2e50059c683c6ef2b2d49d9cbd6c2
SHA1

0d6d133fcf7d11b420b79062160169b36677a58a
SHA256

b8553107cf19adc1e1497373343ec011f242bcb539bfeef2141ee76e96e1c587
SHA512

457c0f93fdecb5094e4bb43c4dd3c6ce558c16a499b2b7aba1bc371121fd7868206e619c0d94655dbbf17d387dd70705d6ec87470ca58f120f7ef3e1f306b2d0
SSDEEP

24576:VOZaRyOCjUQyG8NNg+oIMP+EyOHMC4SV8jY15yieFMBPCUlil1JssOzVwOoYtGzy:Ho5HMCP8jYX2uilsXVJowGMO6X

Score

1^/10

Malware Config

Signatures

Files

b8553107cf19adc1e1497373343ec011f242bcb539bfeef2141ee76e96e1c587
.exe windows:5 windows x86 arch:x86

55f72e328129fa7f14b73ecb3e96e079

Code Sign

42:75:18:d2:13:53:cd:9b:4c:68:4e:b8:08:85:65:f0
Certificate

Issuer

CN=Joe's-Software-Emporium

Not Before

24/05/2019, 08:55

Not After

31/12/2039, 23:59

Subject

CN=Joe's-Software-Emporium

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

a2:d9:d4:17:cb:c1:d5:a9:fc:0b:76:f5:96:6c:31:90:66:60:91:56
Signer

Actual PE Digest

a2:d9:d4:17:cb:c1:d5:a9:fc:0b:76:f5:96:6c:31:90:66:60:91:56

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\runfromreg no SimpleUpload & SFTP libssh\FilelessLauncher\Release\ConsoleApplication1.pdb

Imports

ws2_32

recv
send
WSAStartup
getservbyname
getpeername
getsockname
select
WSASetLastError
bind
connect
inet_addr
setsockopt
htons
socket
gethostbyaddr
gethostbyname
getservbyport
ioctlsocket
closesocket
getsockopt
gethostname
__WSAFDIsSet
WSAStringToAddressA
htonl
ntohl
WSAGetLastError
ntohs
inet_ntoa

kernel32

FindNextFileW
SetLastError
GetCurrentProcess
OpenProcess
IsWow64Process
LocalLock
QueryPerformanceFrequency
QueryPerformanceCounter
GetConsoleWindow
GetComputerNameA
GetComputerNameExW
GetComputerNameW
GetStdHandle
GetConsoleMode
SetConsoleMode
GetCurrentDirectoryA
GetModuleFileNameA
GetCurrentDirectoryW
SetCurrentDirectoryW
GetVersionExW
GetSystemInfo
SetProcessAffinityMask
SetPriorityClass
GetCurrentProcessId
GetSystemDirectoryA
GetSystemWow64DirectoryA
GetEnvironmentVariableA
DeleteFileA
GetNativeSystemInfo
GetEnvironmentStringsW
FindClose
CopyFileW
Sleep
GetSystemTimeAsFileTime
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
FreeLibrary
LoadLibraryA
FormatMessageA
GetStringTypeW
lstrcmpA
GetModuleHandleA
SetThreadAffinityMask
GetProcessAffinityMask
SetThreadContext
GetTickCount
SystemTimeToFileTime
GetLocalTime
UnmapViewOfFile
WriteFile
SetFilePointer
GetFileInformationByHandle
FileTimeToSystemTime
HeapSize
HeapReAlloc
FreeLibraryAndExitThread
ReadFile
GetFileSize
WaitForSingleObject
FindFirstFileW
CreateFileW
CloseHandle
FindResourceW
LockResource
LoadResource
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetThreadContext
GetThreadPriority
CreateEventA
DuplicateHandle
SetEndOfFile
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindFirstFileExA
WriteConsoleW
GetTimeZoneInformation
GetCPInfo
CreateEventW
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CompareStringW
CreateDirectoryW
SetStdHandle
SetFilePointerEx
FlushFileBuffers
GetFileAttributesExW
GetExitCodeProcess
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetCurrentThread
GetACP
FindNextFileA
CreateProcessA
FileTimeToLocalFileTime
FindFirstFileA
DecodePointer
GetProcAddress
GetModuleHandleW
GetLastError
RaiseException
WideCharToMultiByte
MultiByteToWideChar
LocalFree
LocalAlloc
HeapFree
GetProcessHeap
HeapAlloc
FormatMessageW
InterlockedDecrement
ExitThread
GetCommandLineW
GetCommandLineA
GetConsoleCP
ReadConsoleW
GetFileType
GetModuleHandleExW
ExitProcess
LoadLibraryExW
RtlUnwind
InitializeSListHead
GetStartupInfoW
SetEvent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
OutputDebugStringW
IsDebuggerPresent
GetLocaleInfoW
LCMapStringW
EncodePointer

user32

ShowWindow
MessageBoxW
GetDesktopWindow

advapi32

RegOpenKeyExW
CryptGenRandom
RegCloseKey
RegQueryValueExW
LookupPrivilegeValueW
AdjustTokenPrivileges
CryptAcquireContextW
CryptCreateHash
CryptReleaseContext
CryptHashData
CryptDestroyHash
CryptGetHashParam
CloseServiceHandle
EnumServicesStatusExW
OpenSCManagerW
OpenProcessToken
GetUserNameW
GetUserNameA
ConvertSidToStringSidW
CryptAcquireContextA

shell32

SHGetSpecialFolderPathA
SHCreateDirectoryExW

ole32

CoInitializeEx
CoSetProxyBlanket
CoUninitialize
CoCreateInstance

oleaut32

SysAllocStringLen
SysFreeString
SysAllocString
SysStringLen
VariantClear
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayLock
SafeArrayUnlock
SafeArrayDestroy
SafeArrayGetElement

mpr

WNetCancelConnection2W
WNetAddConnection2W

netapi32

NetApiBufferFree
NetUserEnum
NetUserGetLocalGroups
NetUserGetInfo

wininet

InternetCloseHandle
InternetGetLastResponseInfoW
InternetOpenA
FtpPutFileW
InternetConnectW

psapi

GetModuleFileNameExW

version

GetFileVersionInfoA
VerQueryValueW
GetFileVersionInfoSizeA

iphlpapi

GetExtendedTcpTable
GetAdaptersAddresses
GetExtendedUdpTable

crypt32

CryptMsgOpenToDecode
CryptMsgUpdate
CertOpenStore
CryptMsgClose
CryptDecodeObject
CertGetNameStringA
CertFreeCertificateContext
CryptMsgGetParam
CertFindCertificateInStore
CertComparePublicKeyInfo
CryptQueryObject
CertCloseStore
CertOpenSystemStoreW
CertEnumCertificatesInStore
CryptHashCertificate
CryptBinaryToStringA

wintrust

CryptCATCatalogInfoFromContext
CryptCATAdminEnumCatalogFromHash
WinVerifyTrust
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminAcquireContext
CryptCATAdminReleaseContext
CryptCATAdminReleaseCatalogContext

Sections

.text
Size: 795KB - Virtual size: 794KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 313KB - Virtual size: 312KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 699KB - Virtual size: 699KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

55f72e328129fa7f14b73ecb3e96e079

Code Sign

42:75:18:d2:13:53:cd:9b:4c:68:4e:b8:08:85:65:f0Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

a2:d9:d4:17:cb:c1:d5:a9:fc:0b:76:f5:96:6c:31:90:66:60:91:56Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

kernel32

user32

advapi32

shell32

ole32

oleaut32

mpr

netapi32

wininet

psapi

version

iphlpapi

crypt32

wintrust

Sections

.text Size: 795KB - Virtual size: 794KB

.rdata Size: 313KB - Virtual size: 312KB

.data Size: 18KB - Virtual size: 32KB

.rsrc Size: 699KB - Virtual size: 699KB

.reloc Size: 37KB - Virtual size: 37KB

42:75:18:d2:13:53:cd:9b:4c:68:4e:b8:08:85:65:f0
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

a2:d9:d4:17:cb:c1:d5:a9:fc:0b:76:f5:96:6c:31:90:66:60:91:56
Signer

.text
Size: 795KB - Virtual size: 794KB

.rdata
Size: 313KB - Virtual size: 312KB

.data
Size: 18KB - Virtual size: 32KB

.rsrc
Size: 699KB - Virtual size: 699KB

.reloc
Size: 37KB - Virtual size: 37KB