80ebf3c7c61f491099d52a3e805469e796c04cc62dc5d9985d7b346c07965d0b

Sharing

Copy URL

Twitter E-mail

General

Target

80ebf3c7c61f491099d52a3e805469e796c04cc62dc5d9985d7b346c07965d0b
Size

1.4MB
MD5

3eae4e35610fa86963eb5af57ce9354f
SHA1

cf5baa458d48983c88063ffa474858c06879e2cd
SHA256

80ebf3c7c61f491099d52a3e805469e796c04cc62dc5d9985d7b346c07965d0b
SHA512

317d6faf5e2c4c09e98e122c5d2658aed360b7fb560563c71c1fe6057a89f26c79adeb74db194f7a49e758838e8a37ad98d2bc8143f0e3ebbadf42f4d5965f93
SSDEEP

12288:xAnFW6PpNvla8//pC4+HoTuedVkKBMHN3D1nqsH5Wf:xcW6Pnvx+ITuedrWdRqsUf

Score

1^/10

Malware Config

Signatures

Files

80ebf3c7c61f491099d52a3e805469e796c04cc62dc5d9985d7b346c07965d0b
.dll windows:6 windows x86 arch:x86

2a2ed153e9feaa701a98d5803b2a06ff

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:d6:b8:67:cd:cc:c9:83:68:c8:52:53:4b:d3:0d:34
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

25-04-2023 00:00

Not After

24-04-2026 23:59

Subject

CN=Bitdefender SRL,OU=DEVSUP LABS,O=Bitdefender SRL,L=Bucharest,C=RO

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23-12-2017 00:00

Not After

22-03-2029 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

33:00:00:01:09:5e:de:a2:12:7e:92:81:cc:00:00:00:00:01:09
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

14-09-2023 19:14

Not After

04-09-2024 19:14

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18-04-2012 23:48

Not After

18-04-2027 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

57:ac:01:77:86:96:b8:5f:f0:7e:da:27:97:4f:b6:62:e5:c3:e8:5b:45:cf:8d:3a:f9:b1:71:15:71:1c:da:a5
Signer

Actual PE Digest

57:ac:01:77:86:96:b8:5f:f0:7e:da:27:97:4f:b6:62:e5:c3:e8:5b:45:cf:8d:3a:f9:b1:71:15:71:1c:da:a5

Digest Algorithm

sha256

PE Digest Matches

true

57:ac:01:77:86:96:b8:5f:f0:7e:da:27:97:4f:b6:62:e5:c3:e8:5b:45:cf:8d:3a:f9:b1:71:15:71:1c:da:a5
Signer

Actual PE Digest

57:ac:01:77:86:96:b8:5f:f0:7e:da:27:97:4f:b6:62:e5:c3:e8:5b:45:cf:8d:3a:f9:b1:71:15:71:1c:da:a5

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\builds\ATC-DEFAULT-SOURCES\bin\Win32\Release\atcuf32\atcuf32.pdb

Imports

ntdll

memset
RtlEqualString
ZwQueryInformationProcess
RtlCompareString
NtQueryObject
NtQueryInformationThread
NtDuplicateObject
NtQueryInformationToken
NtQueryInformationProcess
NtOpenProcessToken
RtlCompareUnicodeString
RtlCompareUnicodeStrings
wcsnlen
RtlIpv6AddressToStringExW
RtlIpv4AddressToStringExW
ZwQueryVirtualMemory
_wcsicmp
RtlxAnsiStringToUnicodeSize
RtlAnsiStringToUnicodeString
RtlHashUnicodeString
RtlAppendUnicodeStringToString
RtlDestroyHeap
EtwUnregisterTraceGuids
EtwGetTraceEnableFlags
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwRegisterTraceGuidsW
ZwQueryObject
RtlCreateHeap
ZwFreeVirtualMemory
RtlFreeHeap
RtlDowncaseUnicodeString
ZwAllocateVirtualMemory
RtlAllocateHeap
RtlConvertSidToUnicodeString
EtwTraceMessage
RtlEqualUnicodeString
_alldvrm
_allmul
_allshl
_allshr
_aulldiv
_aulldvrm
_aullrem
_aullshr
memcpy

kernel32

CreateToolhelp32Snapshot
RtlUnwind
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetTickCount
CreateFileW
DeviceIoControl
CancelIo
InterlockedPopEntrySList
InitializeSListHead
InterlockedPushEntrySList
InterlockedFlushSList
FlushInstructionCache
GetConsoleWindow
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapDestroy
HeapCreate
VirtualQueryEx
OpenThread
OpenProcess
GlobalGetAtomNameW
GlobalGetAtomNameA
IsWow64Process
DebugBreak
GetStartupInfoW
GlobalFree
GetProcessIdOfThread
K32GetModuleInformation
GetFinalPathNameByHandleW
GetProcessId
MultiByteToWideChar
GetEnvironmentVariableA
GetEnvironmentVariableW
GetSystemTimeAsFileTime
AddVectoredExceptionHandler
WerRegisterRuntimeExceptionModule
InitializeSRWLock
TlsSetValue
VirtualProtect
SetLastError
VirtualFree
GetCurrentProcess
VirtualAlloc
GetCurrentThreadId
DuplicateHandle
GetLastError
ReleaseSRWLockExclusive
GetCurrentThread
AcquireSRWLockExclusive
TlsAlloc
CloseHandle
ReleaseSRWLockShared
GetProcAddress
GetThreadId
AcquireSRWLockShared
GetModuleHandleW
TlsGetValue
VirtualQuery
WideCharToMultiByte
GetModuleFileNameW
Thread32Next
Thread32First
WaitForSingleObject
ExitThread
GetModuleHandleA
RemoveVectoredExceptionHandler
CreateEventW
Sleep
GetNativeSystemInfo
GetSystemInfo
Module32FirstW
GetCurrentProcessId
Module32NextW
QueryPerformanceCounter
HeapFree
HeapAlloc
GetModuleHandleExW
FreeLibrary
SetEvent
ReadProcessMemory
GlobalSize
GlobalLock
GlobalUnlock

Exports

Exports

AtcQueryRegion

Sections

.text
Size: 542KB - Virtual size: 542KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 772KB - Virtual size: 771KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2a2ed153e9feaa701a98d5803b2a06ff

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0b:d6:b8:67:cd:cc:c9:83:68:c8:52:53:4b:d3:0d:34Certificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

33:00:00:01:09:5e:de:a2:12:7e:92:81:cc:00:00:00:00:01:09Certificate

Extended Key Usages

61:0b:aa:c1:00:00:00:00:00:09Certificate

Key Usages

57:ac:01:77:86:96:b8:5f:f0:7e:da:27:97:4f:b6:62:e5:c3:e8:5b:45:cf:8d:3a:f9:b1:71:15:71:1c:da:a5Signer

57:ac:01:77:86:96:b8:5f:f0:7e:da:27:97:4f:b6:62:e5:c3:e8:5b:45:cf:8d:3a:f9:b1:71:15:71:1c:da:a5Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntdll

kernel32

Exports

Exports

Sections

.text Size: 542KB - Virtual size: 542KB

.rdata Size: 772KB - Virtual size: 771KB

.data Size: 44KB - Virtual size: 54KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 73KB - Virtual size: 72KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0b:d6:b8:67:cd:cc:c9:83:68:c8:52:53:4b:d3:0d:34
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

33:00:00:01:09:5e:de:a2:12:7e:92:81:cc:00:00:00:00:01:09
Certificate

61:0b:aa:c1:00:00:00:00:00:09
Certificate

57:ac:01:77:86:96:b8:5f:f0:7e:da:27:97:4f:b6:62:e5:c3:e8:5b:45:cf:8d:3a:f9:b1:71:15:71:1c:da:a5
Signer

57:ac:01:77:86:96:b8:5f:f0:7e:da:27:97:4f:b6:62:e5:c3:e8:5b:45:cf:8d:3a:f9:b1:71:15:71:1c:da:a5
Signer

.text
Size: 542KB - Virtual size: 542KB

.rdata
Size: 772KB - Virtual size: 771KB

.data
Size: 44KB - Virtual size: 54KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 73KB - Virtual size: 72KB