a12152d0a5f97c92c82bbb02d1ea3e97bb55ca868b2e1452c4fb82af61f4ca96[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

a12152d0a5f97c92c82bbb02d1ea3e97bb55ca868b2e1452c4fb82af61f4ca96.exe
Size

557KB
MD5

9b119a77393756bbe260344cc9f5de80
SHA1

bb49b30892704736eb99a3cafad1dd437ae73f50
SHA256

a12152d0a5f97c92c82bbb02d1ea3e97bb55ca868b2e1452c4fb82af61f4ca96
SHA512

ef60c99be2315fdd900ae16240fee008f2eec5bfc7e931731e2f05c2658a493faa7d91ea2fd28fe27614c8ab19dacd9ea2255589d0231875ebb178d7262c954b
SSDEEP

12288:tN85cknVPh3gIJQVS6gVbEl1z0EdosGFx54C/MfEC5BjvrEH7y:85L73gIeS6giQpnFnWnrEH7y

Score

1^/10

Malware Config

Signatures

Files

a12152d0a5f97c92c82bbb02d1ea3e97bb55ca868b2e1452c4fb82af61f4ca96.exe
.dll regsvr32 windows:10 windows x86 arch:x86

4e04ed2f1404316557819ebaae8dc5e2

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c3:f9:e5:0c:f0:29:5a:f6:62:51:8b:12:19:cb:47:52:9a:93:f7:49:fa:ed:c5:64:c9:18:91:6f:81:fe:b9:91
Signer

Actual PE Digest

c3:f9:e5:0c:f0:29:5a:f6:62:51:8b:12:19:cb:47:52:9a:93:f7:49:fa:ed:c5:64:c9:18:91:6f:81:fe:b9:91

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

tiptsf.pdb

Imports

msvcrt

realloc
__dllonexit
_unlock
_lock
??1type_info@@UAE@XZ
_except_handler4_common
?terminate@@YAXXZ
malloc
_onexit
__CxxFrameHandler3
_amsg_exit
free
_XcptFilter
memcpy_s
wcsncpy_s
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
_callnewh
wcsrchr
calloc
_purecall
_errno
_vsnwprintf
_initterm
_resetstkoflw
memmove_s
??0exception@@QAE@XZ
_wcsicmp
wcschr
wcsstr
_beginthreadex
swprintf_s
memcmp
_CxxThrowException
memcpy
memset

rpcrt4

IUnknown_QueryInterface_Proxy
IUnknown_Release_Proxy
IUnknown_AddRef_Proxy
NdrStubCall2
NdrStubForwardingFunction
NdrOleAllocate
NdrOleFree
NdrDllCanUnloadNow
NdrDllGetClassObject

api-ms-win-core-synch-l1-1-0

OpenMutexW
WaitForSingleObject
TryEnterCriticalSection
LeaveCriticalSection
CreateMutexExW
ReleaseMutex
OpenSemaphoreW
InitializeCriticalSection
WaitForSingleObjectEx
SetEvent
CreateEventW
InitializeCriticalSectionAndSpinCount
ReleaseSemaphore
EnterCriticalSection
ReleaseSRWLockShared
AcquireSRWLockShared
CreateSemaphoreExW
AcquireSRWLockExclusive
ResetEvent
OpenEventW
InitializeCriticalSectionEx
DeleteCriticalSection
ReleaseSRWLockExclusive

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-libraryloader-l1-2-0

FindResourceExW
FreeLibrary
GetModuleFileNameA
LoadLibraryExA
LoadResource
LoadLibraryExW
GetProcAddress
GetModuleHandleW
SizeofResource
GetModuleFileNameW
GetModuleHandleExW

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
RaiseException
SetLastError
GetLastError
UnhandledExceptionFilter

api-ms-win-core-heap-l1-1-0

HeapSize
GetProcessHeap
HeapFree
HeapAlloc
HeapReAlloc
HeapDestroy

api-ms-win-core-string-l1-1-0

CompareStringW
WideCharToMultiByte
MultiByteToWideChar
CompareStringOrdinal

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventUnregister
EventRegister
EventSetInformation

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-processthreads-l1-1-0

TlsSetValue
TlsGetValue
GetCurrentProcessId
TlsAlloc
TlsFree
ProcessIdToSessionId
GetCurrentThreadId
GetCurrentProcess
TerminateProcess

api-ms-win-core-debug-l1-1-0

OutputDebugStringA
IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CloseThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegCloseKey
RegOpenKeyExW
RegSetValueExW
RegDeleteValueW
RegEnumKeyExW
RegGetValueW
RegQueryInfoKeyW
RegCreateKeyExW

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceBeginInitialize
SleepConditionVariableSRW
WakeAllConditionVariable
Sleep

api-ms-win-core-memory-l1-1-0

VirtualFree
UnmapViewOfFile
MapViewOfFile
OpenFileMappingW
VirtualAlloc

api-ms-win-core-version-l1-1-0

GetFileVersionInfoSizeExW
VerQueryValueW
GetFileVersionInfoExW

api-ms-win-core-sysinfo-l1-1-0

GetVersionExW
GetTickCount
GetSystemTimeAsFileTime
GetTickCount64

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-kernel32-legacy-l1-1-0

MulDiv

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW
lstrcmpW

user32

GetMessagePos
InSendMessageEx
CallWindowProcW
RegisterClassW
LoadCursorW
DispatchMessageW
TranslateMessage
GetMessageW
PostThreadMessageW
MapVirtualKeyW
MapVirtualKeyExW
IsIconic
SetPropW
RemovePropW
SendMessageW
SystemParametersInfoW
SendInput
GetMessageTime
GetSystemMetrics
CreateWindowExW
GetClassInfoExW
RegisterClassExW
UnregisterClassW
DestroyWindow
IsWindow
DefWindowProcW
SetWindowLongW
GetWindowBand
UnregisterClassA
IsRectEmpty
InflateRect
GetClassLongW
SetRectEmpty
GetWindow
GetDesktopWindow
GetGestureInfo
GetComboBoxInfo
UnhookWinEvent
SetWinEventHook
GetPropW
IntersectRect
OffsetRect
EqualRect
PtInRect
GetUserObjectInformationW
GetThreadDesktop
GetClassNameW
IsChild
KillTimer
SetTimer
IsWindowVisible
ReleaseDC
GetDC
MapWindowPoints
ScreenToClient
GetWindowRect
GetPointerInfo
EndMenu
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetKeyboardLayout
GetPointerPenInfo
GetPointerType
GetGUIThreadInfo
RealGetWindowClassW
GetAncestor
GetForegroundWindow
RegisterWindowMessageW
GetFocus
GetWindowThreadProcessId
GetParent
PostMessageW
GetWindowLongW
GetMessageExtraInfo

ntdll

RtlGetNtSystemRoot
RtlDllShutdownInProgress
RtlPublishWnfStateData

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-heap-l2-1-0

GlobalFree
GlobalAlloc

api-ms-win-core-com-midlproxystub-l1-1-0

ObjectStublessClient8
NdrProxyForwardingFunction5
ObjectStublessClient9
ObjectStublessClient10
ObjectStublessClient11
NdrProxyForwardingFunction6
ObjectStublessClient7
NdrProxyForwardingFunction4
NdrProxyForwardingFunction3

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-processthreads-l1-1-1

FlushInstructionCache
IsProcessorFeaturePresent

api-ms-win-core-interlocked-l1-1-0

InterlockedPopEntrySList
InterlockedPushEntrySList

api-ms-win-core-threadpool-legacy-l1-1-0

DeleteTimerQueueTimer
CreateTimerQueueTimer

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrChrW

api-ms-win-core-heap-obsolete-l1-1-0

GlobalUnlock
GlobalLock

Exports

Exports

AdviseHook
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
EndCaretTracking
ProcessCaretEvents
ProcessCiceroCaretEvent
RestrictedModeMsgWndProc
StartCaretTracking
UnadviseHook

Sections

.text
Size: 359KB - Virtual size: 359KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 380B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 79KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4e04ed2f1404316557819ebaae8dc5e2

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5fCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

c3:f9:e5:0c:f0:29:5a:f6:62:51:8b:12:19:cb:47:52:9a:93:f7:49:fa:ed:c5:64:c9:18:91:6f:81:fe:b9:91Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

rpcrt4

api-ms-win-core-synch-l1-1-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-string-l2-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-memory-l1-1-0

api-ms-win-core-version-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

user32

ntdll

api-ms-win-core-psapi-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-com-midlproxystub-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-threadpool-legacy-l1-1-0

api-ms-win-core-shlwapi-obsolete-l1-1-0

api-ms-win-core-heap-obsolete-l1-1-0

Exports

Exports

Sections

.text Size: 359KB - Virtual size: 359KB

.data Size: 2KB - Virtual size: 5KB

.idata Size: 9KB - Virtual size: 8KB

.didat Size: 512B - Virtual size: 380B

.rsrc Size: 79KB - Virtual size: 78KB

.reloc Size: 21KB - Virtual size: 20KB

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

c3:f9:e5:0c:f0:29:5a:f6:62:51:8b:12:19:cb:47:52:9a:93:f7:49:fa:ed:c5:64:c9:18:91:6f:81:fe:b9:91
Signer

.text
Size: 359KB - Virtual size: 359KB

.data
Size: 2KB - Virtual size: 5KB

.idata
Size: 9KB - Virtual size: 8KB

.didat
Size: 512B - Virtual size: 380B

.rsrc
Size: 79KB - Virtual size: 78KB

.reloc
Size: 21KB - Virtual size: 20KB