885d245b2eddc9c215578e1d66c9d00880e895f3765811ae3c8ae6b5dc072e3a

Sharing

Copy URL Twitter E-mail

General

Target

885d245b2eddc9c215578e1d66c9d00880e895f3765811ae3c8ae6b5dc072e3a
Size

1.7MB
MD5

cca936b0c4a54afd700ab3ce1986a7d7
SHA1

2ac14562be12c56b978d6ec1f506af413d3457d5
SHA256

885d245b2eddc9c215578e1d66c9d00880e895f3765811ae3c8ae6b5dc072e3a
SHA512

3876e4226de0b1c0e268af0b9ad59c340fd42490538cedf7b03fc2ed89d8d06860d6a328d75381154278b37a347e01ad0d7c96458140177491272699c8bbdd0c
SSDEEP

24576:BEArgAbIO+p9cqC96O52BczsdmUc23Cugt5KTR1WhLn6QzQl2qHd8dYiusn/AKTM:BEArlmKqC9oJRW9zE2qCRusn/AKTRtZe

Score

1^/10

Malware Config

Signatures

Files

885d245b2eddc9c215578e1d66c9d00880e895f3765811ae3c8ae6b5dc072e3a
.dll windows:5 windows x86 arch:x86

56ac39adf8eecc64c76dbf5719ce3744

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:28:96:11:07:88:b1:29:82:5f:b1:d1:f6:ba:ac:a3
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

29/04/2022, 00:00

Not After

01/05/2024, 23:59

Subject

SERIALNUMBER=2748129,CN=Adobe Inc.,OU=AAM 256,O=Adobe Inc.,L=San Jose,ST=ca,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c8:e3:02:6d:17:71:ed:02:98:47:7f:c5:c2:a7:b6:f7:8c:9e:da:b5:87:a8:83:46:7b:88:e0:09:d9:79:e4:68
Signer

Actual PE Digest

c8:e3:02:6d:17:71:ed:02:98:47:7f:c5:c2:a7:b6:f7:8c:9e:da:b5:87:a8:83:46:7b:88:e0:09:d9:79:e4:68

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Jenkins\workspace\ccd-hyperdrive\main\native\win32\build\msvs_win32_x86\Release\x86\sym\HUM\HUM\HUM.pdb

Imports

kernel32

Sleep
InitializeCriticalSectionEx
GetModuleHandleW
GetProcAddress
WaitForSingleObject
GetCurrentProcess
ReadFile
DecodePointer
lstrcmpW
lstrcmpiW
GetVersionExW
MoveFileExW
VirtualAlloc
VirtualFree
GetUserDefaultUILanguage
OpenMutexW
ReleaseMutex
CreateDirectoryW
LocalFree
CloseHandle
DeleteFileW
GetLastError
FormatMessageW
SetFileAttributesW
GetFileAttributesW
CreateFileW
LocalAlloc
FindClose
GetTempPathW
GetModuleFileNameW
RemoveDirectoryW
lstrlenW
FindNextFileW
SetLastError
FindFirstFileW
DeleteCriticalSection
WriteConsoleW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
SetStdHandle
EnumSystemLocalesW
IsValidLocale
GetLocaleInfoW
CompareStringW
GetStdHandle
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
GetTimeZoneInformation
GetFileType
LoadLibraryExW
TlsFree
TlsSetValue
FreeLibrary
LoadLibraryA
LCMapStringW
GetUserDefaultLCID
MultiByteToWideChar
WideCharToMultiByte
GetFullPathNameW
WriteFile
GetFileSize
FlushFileBuffers
HeapFree
CreateEventW
GetCurrentThread
GlobalFree
HeapAlloc
VerSetConditionMask
GetProcessHeap
VerifyVersionInfoW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
LoadLibraryW
GetFileInformationByHandle
GetCurrentProcessId
GetFileSizeEx
FileTimeToSystemTime
GetLocalTime
GetTimeFormatW
SystemTimeToFileTime
GetDateFormatW
TerminateProcess
OpenProcess
HeapSize
CreateToolhelp32Snapshot
ProcessIdToSessionId
Process32NextW
SetEvent
TerminateThread
Process32FirstW
HeapReAlloc
CreateThread
ResetEvent
HeapDestroy
GetUserDefaultLangID
AreFileApisANSI
TryEnterCriticalSection
HeapCreate
GetDiskFreeSpaceW
OutputDebugStringA
LockFile
SetFilePointer
GetFullPathNameA
SetEndOfFile
UnlockFileEx
CreateMutexW
GetCurrentThreadId
UnmapViewOfFile
HeapValidate
GetTempPathA
GetDiskFreeSpaceA
GetFileAttributesA
GetFileAttributesExW
OutputDebugStringW
FlushViewOfFile
CreateFileA
WaitForSingleObjectEx
DeleteFileA
GetSystemInfo
HeapCompact
UnlockFile
LockFileEx
GetSystemTimeAsFileTime
GetSystemTime
FormatMessageA
CreateFileMappingW
MapViewOfFile
QueryPerformanceCounter
GetTickCount
SetFilePointerEx
ResumeThread
SetThreadPriority
GetStringTypeW
GetExitCodeThread
EncodePointer
LCMapStringEx
QueryPerformanceFrequency
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
RaiseException
RtlUnwind
InterlockedFlushSList
TlsAlloc
TlsGetValue

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
GetUserNameW
ImpersonateLoggedOnUser
ConvertStringSidToSidW
RevertToSelf
AdjustTokenPrivileges
LookupPrivilegeValueW
CryptReleaseContext
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptCreateHash
SetEntriesInAclW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
OpenProcessToken
CreateWellKnownSid
CryptAcquireContextW
LookupAccountSidW

shell32

SHGetFolderPathW
SHCreateDirectoryExW
SHGetPathFromIDListW
ord680
SHGetSpecialFolderPathW
SHGetFolderLocation

ole32

CoCreateGuid
CoUninitialize
CoTaskMemFree
StringFromGUID2
CLSIDFromString
OleRun
CLSIDFromProgID
CoCreateInstance
CoInitialize

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

wtsapi32

WTSFreeMemory
WTSEnumerateSessionsW

winhttp

WinHttpReadData
WinHttpGetIEProxyConfigForCurrentUser
WinHttpSetTimeouts
WinHttpCloseHandle
WinHttpReceiveResponse
WinHttpOpen
WinHttpQueryHeaders
WinHttpQueryDataAvailable
WinHttpConnect
WinHttpSetCredentials
WinHttpSendRequest
WinHttpGetProxyForUrl
WinHttpQueryAuthSchemes
WinHttpSetOption
WinHttpOpenRequest

shlwapi

PathIsRootW
PathFileExistsW
PathFindFileNameW
PathIsFileSpecW
PathAddExtensionW
PathRemoveExtensionW
PathIsDirectoryW
PathIsSystemFolderW
PathAppendW
PathFileExistsA
PathRemoveFileSpecW
PathRenameExtensionW
PathStripPathW

oleaut32

VariantClear
VariantChangeType
SysStringLen
SysAllocString
SysFreeString
VariantInit
VariantCopy
GetErrorInfo

bcrypt

BCryptCloseAlgorithmProvider
BCryptCreateHash
BCryptHashData
BCryptDestroyHash
BCryptOpenAlgorithmProvider
BCryptFinishHash

crypt32

CertGetNameStringW

wintrust

WTHelperProvDataFromStateData
WinVerifyTrust
WTHelperGetProvCertFromChain
WTHelperGetProvSignerFromChain

Exports

Exports

humCreateSession
humDownloadProductFFC
humGetAllProducts
humGetLatestApplicableUpdates
humGetLatestProducts
humGetLatestUpdates
humParseProductFFC
humSetLoggerFnPtr
humTerminateSession

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 245KB - Virtual size: 244KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

56ac39adf8eecc64c76dbf5719ce3744

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0c:28:96:11:07:88:b1:29:82:5f:b1:d1:f6:ba:ac:a3Certificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

c8:e3:02:6d:17:71:ed:02:98:47:7f:c5:c2:a7:b6:f7:8c:9e:da:b5:87:a8:83:46:7b:88:e0:09:d9:79:e4:68Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

shell32

ole32

version

wtsapi32

winhttp

shlwapi

oleaut32

bcrypt

crypt32

wintrust

Exports

Exports

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 245KB - Virtual size: 244KB

.data Size: 14KB - Virtual size: 22KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 52KB - Virtual size: 51KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0c:28:96:11:07:88:b1:29:82:5f:b1:d1:f6:ba:ac:a3
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

c8:e3:02:6d:17:71:ed:02:98:47:7f:c5:c2:a7:b6:f7:8c:9e:da:b5:87:a8:83:46:7b:88:e0:09:d9:79:e4:68
Signer

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 245KB - Virtual size: 244KB

.data
Size: 14KB - Virtual size: 22KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 52KB - Virtual size: 51KB