3fec8c03672071eb860587afd38b37558df9062b5fad45712e78e1824fd92a4c

Sharing

Copy URL

Twitter E-mail

General

Target

3fec8c03672071eb860587afd38b37558df9062b5fad45712e78e1824fd92a4c
Size

4.3MB
MD5

08573d1045cd1eae7c3773050d8bdd73
SHA1

189f45df62d884472433880d637707aac9781b1d
SHA256

3fec8c03672071eb860587afd38b37558df9062b5fad45712e78e1824fd92a4c
SHA512

8a82a470a1f6a3d22092ce3090c2441faac173ede9d21adc6557a4e32399db573b5dee6d4732aa8f65bc2eb9e619e9be878901dec73f8a5f99a8cc08cea40908
SSDEEP

24576:yuQHXpOaQoVl+l5PF8cqRNGa6WXDRFmXPDfkf8qPRD1rhO+f75fGv:yuTo6zPF8cqRJtbmXbf5att7dw

Score

1^/10

Malware Config

Signatures

Files

3fec8c03672071eb860587afd38b37558df9062b5fad45712e78e1824fd92a4c
.exe windows:6 windows x64 arch:x64

7a830ff0871d56a47b4581739d967421

Code Sign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10-12-2014 00:00

Not After

10-12-2034 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20-06-2018 00:00

Not After

10-12-2034 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:48:90:3d:c2:8a:bc:a7:a1:19:4d:0c:1c:57:b8:29
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06-04-2022 07:41

Not After

08-05-2033 07:41

Subject

CN=Globalsign TSA for MS Authenticode Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:14:23:0e:d1:80:3b:d5:31:34:4d:a6:1a:6a:70:1c
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

10-12-2021 00:00

Not After

04-01-2024 23:59

Subject

CN=MariaDB Corporation Ab,OU=Connectors,O=MariaDB Corporation Ab,L=Espoo,C=FI

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

00:a4:d7:63:a0:69:6a:f9:8d:cb:e6:75:a6:e2:b7:3c:52:56:1b:c9
Signer

Actual PE Digest

00:a4:d7:63:a0:69:6a:f9:8d:cb:e6:75:a6:e2:b7:3c:52:56:1b:c9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\winx64-packages\build\storage\myisam\RelWithDebInfo\myisam_ftdump.pdb

Imports

kernel32

GetCurrentThreadId
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetACP
GetConsoleCP
GetConsoleOutputCP
SetConsoleCP
SetConsoleOutputCP
InitializeSRWLock
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
LockFileEx
UnlockFileEx
GetLastError
SetLastError
Sleep
GetFileAttributesA
GetFullPathNameA
FlushFileBuffers
GetVolumeInformationByHandleW
CloseHandle
MapViewOfFile
FlushViewOfFile
UnmapViewOfFile
CreateFileMappingA
CreateFileA
DeleteFileA
InitializeCriticalSection
MoveFileA
InitOnceExecuteOnce
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
QueryPerformanceCounter
QueryPerformanceFrequency
GetSystemTimeAsFileTime
VirtualAlloc
VirtualFree
GetFileAttributesExA
ReadFile
SetFilePointerEx
WriteFile
GetCurrentProcess
GetLogicalDrives
GetTempPathA
GetTempFileNameA
RtlLookupFunctionEntry
DeleteCriticalSection
LeaveCriticalSection
SetFileInformationByHandle
EnterCriticalSection
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
LoadLibraryExW
GetCurrentProcessId
GetProcAddress
FreeLibrary
InitializeCriticalSectionAndSpinCount
RtlUnwindEx
GetModuleHandleW
IsDebuggerPresent
InitializeSListHead
RtlCaptureContext

ws2_32

WSAGetLastError
WSAStartup

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm
_get_initial_narrow_environment
_initialize_narrow_environment
_configure_narrow_argv
__p___argc
_set_app_type
__p___argv
strerror_s
_getpid
__fpe_flt_rounds
exit
_cexit
terminate
_errno
_exit
abort
_c_exit
_seh_filter_exe
_crt_atexit
_set_abort_behavior
_initialize_onexit_table
signal
_register_onexit_function
_beginthreadex
_set_invalid_parameter_handler
_register_thread_local_exe_atexit_callback

api-ms-win-crt-stdio-l1-1-0

fflush
fputc
_setmode
_getcwd
fputs
__stdio_common_vsprintf
__stdio_common_vfprintf
setbuf
__acrt_iob_func
_fileno
_isatty
_set_fmode
__p__commode
putchar

api-ms-win-crt-convert-l1-1-0

_strtoi64
strtol
strtoul
_strtoui64

api-ms-win-crt-math-l1-1-0

_dclass
log
__setusermatherr

api-ms-win-crt-time-l1-1-0

_tzset

api-ms-win-crt-heap-l1-1-0

_set_new_mode
calloc
malloc
free
realloc

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-locale-l1-1-0

setlocale
_configthreadlocale

api-ms-win-crt-string-l1-1-0

iscntrl
isspace
strnlen
toupper
strncmp
_strnicmp
wcsncmp

api-ms-win-crt-filesystem-l1-1-0

_stat64
_umask

api-ms-win-crt-utility-l1-1-0

qsort

Sections

.text
Size: 423KB - Virtual size: 423KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2.0MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7a830ff0871d56a47b4581739d967421

Code Sign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51Certificate

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

01:48:90:3d:c2:8a:bc:a7:a1:19:4d:0c:1c:57:b8:29Certificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0d:14:23:0e:d1:80:3b:d5:31:34:4d:a6:1a:6a:70:1cCertificate

Extended Key Usages

Key Usages

00:a4:d7:63:a0:69:6a:f9:8d:cb:e6:75:a6:e2:b7:3c:52:56:1b:c9Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

ws2_32

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-utility-l1-1-0

Sections

.text Size: 423KB - Virtual size: 423KB

.rdata Size: 1.9MB - Virtual size: 1.9MB

.data Size: 2.0MB - Virtual size: 2.5MB

.pdata Size: 17KB - Virtual size: 16KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 13KB - Virtual size: 13KB

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

01:48:90:3d:c2:8a:bc:a7:a1:19:4d:0c:1c:57:b8:29
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0d:14:23:0e:d1:80:3b:d5:31:34:4d:a6:1a:6a:70:1c
Certificate

00:a4:d7:63:a0:69:6a:f9:8d:cb:e6:75:a6:e2:b7:3c:52:56:1b:c9
Signer

.text
Size: 423KB - Virtual size: 423KB

.rdata
Size: 1.9MB - Virtual size: 1.9MB

.data
Size: 2.0MB - Virtual size: 2.5MB

.pdata
Size: 17KB - Virtual size: 16KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 13KB - Virtual size: 13KB