dfc8168dda5b8d70d53c9141b2d5a458b4d4b269a5e4190272c1e98f1fe25af1

Sharing

Copy URL Twitter E-mail

General

Target

dfc8168dda5b8d70d53c9141b2d5a458b4d4b269a5e4190272c1e98f1fe25af1
Size

353KB
MD5

98b2907827a35ded25b8a0113d0a8574
SHA1

7e35e88b2595a25f34ddda100fb427a14c4e6459
SHA256

dfc8168dda5b8d70d53c9141b2d5a458b4d4b269a5e4190272c1e98f1fe25af1
SHA512

524e9123f40ab810e95f7751a05fb07e05f5760d7dc0c9902c48ba327650c9262b404a3499aaf8590d26f6397655468b1b1b3b82be5dadd720b00d3a2779c083
SSDEEP

6144:9BwGOXu/0chc11PefQ2+yt0pJAOv/opoijsj7RBVm:9LEu/0H11LytaB/ooj7RG

Score

1^/10

Malware Config

Signatures

Files

dfc8168dda5b8d70d53c9141b2d5a458b4d4b269a5e4190272c1e98f1fe25af1
.dll windows:5 windows x86 arch:x86

346c25ef967c39f51424b745ff6df150

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

19/09/2018, 00:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5c:cd:0f:b9:8c:2c:d0:02:95:96:28:d9
Certificate

Issuer

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

05/04/2022, 07:50

Not After

05/04/2025, 07:50

Subject

CN=MUSARUBRA US LLC,O=MUSARUBRA US LLC,L=New Castle,ST=Delaware,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7f:74:b6:09:09:9d:9f:d1:ac:98:4b:63:2e:de:fe:f2:4d:04:2a:a4:91:0a:e0:df:ff:3f:8a:7e:1f:20:4d:43
Signer

Actual PE Digest

7f:74:b6:09:09:9d:9f:d1:ac:98:4b:63:2e:de:fe:f2:4d:04:2a:a4:91:0a:e0:df:ff:3f:8a:7e:1f:20:4d:43

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

psapi

GetProcessImageFileNameA
EnumProcessModules

shlwapi

StrStrIW
StrTrimW
StrStrIA
StrRStrIW
StrCatW
StrCmpIW
StrCmpW
PathUnquoteSpacesW
PathRemoveArgsW
StrCpyW

kernel32

LoadLibraryA
lstrlenW
GetTickCount
GetCommandLineW
GetCurrentProcess
GetSystemDirectoryW
GetSystemWow64DirectoryW
OutputDebugStringW
GetWindowsDirectoryW
OutputDebugStringA
FindFirstFileW
FindClose
LocalFree
SetLastError
HeapLock
HeapWalk
GetLastError
GetProcessHeaps
HeapUnlock
VirtualQuery
VirtualFree
TerminateThread
FreeLibrary
CreateEventA
GetModuleFileNameA
VirtualProtect
VirtualAlloc
WaitForSingleObject
ResumeThread
GetModuleHandleW
Sleep
SetEvent
GetVersionExA
GetSystemInfo
GetComputerNameW
GetProcessId
InitializeCriticalSectionAndSpinCount
RaiseException
DecodePointer
DeleteCriticalSection
ReadFile
CreateFileA
GetCurrentProcessId
lstrcmpiA
Process32First
OpenProcess
CreateToolhelp32Snapshot
FileTimeToSystemTime
Process32Next
GetSystemTime
GetProcessTimes
GetFileAttributesExW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetProcAddress
CloseHandle
SetEnvironmentVariableW
GetProcessHeap
HeapSize
SetStdHandle
WriteFile
GetConsoleCP
GetConsoleMode
SetFilePointerEx
FlushFileBuffers
CreateFileW
WriteConsoleW
GetOEMCP
IsValidCodePage
FindNextFileA
GetModuleHandleA
FindFirstFileExA
HeapReAlloc
MultiByteToWideChar
WideCharToMultiByte
GetStringTypeW
EnterCriticalSection
LeaveCriticalSection
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
EncodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
InitializeSListHead
RtlUnwind
InterlockedFlushSList
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetACP
HeapFree
HeapAlloc
GetStdHandle
GetFileType
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW

advapi32

RegOpenKeyExW
RegQueryValueExA
RegCloseKey
RegQueryValueExW
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptGetHashParam
CryptReleaseContext
RegOpenKeyA
RegOpenKeyExA

shell32

CommandLineToArgvW

iphlpapi

ParseNetworkString

dbghelp

ImageNtHeader

ws2_32

ntohs
inet_addr

Exports

Exports

Amsi_Aos_VirtualProtect_Enter_Handler
Amsi_As_VirtualProtect_Enter_Handler
Amsi_Dgco_VirtualProtect_Enter_Handler
Amsi_SetThreadContext_Enter_Handler
Amsi_VirtualProtect_Enter_Handler
CElement_mergeAttribute_Enter_Handler
CInput_createTextRange_Enter_Handler
CLSIDFromProgID_Enter_Handler
COMSafety_CoGetClassObject_Exit_Handler
COMSafety_CoInitializeEx_Exit_Handler
COMSafety_CoInitialize_Exit_Handler
CObjectElement_put_classid_Enter_Handler
CTORCH_CLSIDFromProgID_Enter_Handler
CTORCH_CreateProcessInternalW_Enter_Handler
ChangedSubscription_Enter_Handler
CoCreateInstanceEx_Enter_Handler
CoGetClassObjectFromURL_Enter_Handler
CoGetClassObject_Enter_Handler
CoInternetParseUrlIE_Exit_Handler
CompatFlagsFromClsid_Enter_Handler
CopyMediaType_Enter_Handler
CopyUrlForParser_Enter_Handler
CreateProcessW_Enter_Handler
CreateProcessW_Enter_Handler_CVE_2007_3896
CreateProcessW_Enter_Handler_CVE_2014_4114
CreateProcessW_Enter_Handler_URI_Injection
CreateUri_Enter_Handler
CryptAcquireContext_Enter_Handler
CryptEncrypt_Enter_Handler
CryptGenRandom_Enter_Handler
Curl_Recv_Enter_Handler
DpAPI_CryptUnprotectData_Exit_Handler
Excel_Macro_QueueUserAPC_Enter_Handler
Excel_Macro_VirtualAlloc_Exit_Handler
FindFirstFileW_Exit_Handler
FindNextFileW1_Enter_Handler
GetAsyncKeyState_Enter_Handler
GetSystemTimeAsFileTime2_Enter_Handler
GetSystemTimeAsFileTime_Mimikatz_Enter_Handler
GetSystemTimeAsFileTime_PCR1_Enter_Handler
GetSystemTimeAsFileTime_PCR2_Enter_Handler
GetSystemTimeAsFileTime_PCR3_Enter_Handler
GetSystemTimeAsFileTime_PCR4_Enter_Handler
GetSystemTimeAsFileTime_PCR5_Enter_Handler
GetSystemTimeAsFileTime_PCR6_Enter_Handler
GetSystemTimeAsFileTime_PCR7_Enter_Handler
GetSystemTimeAsFileTime_PCR8_Enter_Handler
GetSystemTimeAsFileTime_PCR99_Enter_Handler
GetSystemTimeAsFileTime_PCR9_Enter_Handler
GetSystemTimeAsFileTime_PCR_Enter_Handler
GetVersionExA_CW_BM_Enter_Handler
GetVersionExA_CW_UE_Enter_Handler
IcmCreateColorSpaceByName_Enter_Handler
Inj_CreateDirectoryW_Enter_Handler
Inj_DeviceIOControl_Enter_Handler
Inj_RemoveDirectoryW_Exit_Handler
Java_CreateRemoteThread_Enter_Handler
Java_VirtualAllocEx_Exit_Handler
Java_WriteProcessMemory_Enter_Handler
L_CreateFileW_Exit_Handler
L_LoadLibraryExW_Enter_Handler
MIMIDOTNET2JSCRIPT_CLSIDFromProgID_Enter_Handler
MIMIDOTNET2JSCRIPT_GetProcAddress_Enter_Handler
Macro_CreateThread_Entry_Handler
Macro_VirtualAlloc_Exit_Handler
Mktz_ReadProcessMemory_Exit_Handler
Motw_CLSIDFromString_Enter_Handler
MoveFileExW_Enter_Handler
MoveFileW_Enter_Handler
NOP_Handler
NdrConformantStringUnmarshall_Enter_Handler
NetpwPathCanonicalize_2K_Enter_Handler
NetpwPathCanonicalize_CVE_2008_4250_Enter_Handler
NetpwPathCanonicalize_XP_Enter_Handler
Outlook_Moniker_Enter_Handler
PSBC_GetModuleHandleA_Enter_Handler
PSBC_GetProcAddress_Enter_Handler
PSBC_LoadLibraryA_Enter_Handler
PSBC_RegSetValueExW_Enter_Handler
PSBC_SetEnvironmentVariableW_Enter_Handler
PSBC_ShowWindow_Enter_Handler
PSBC_SysAllocString_Enter_Handler
PSBC_WinHttpGetProxyForUrl_Enter_Handler
PSH_CreateProcessInternalW_Exit_Handler
PSH_ReadProcessMemory_Exit_Handler
PSH_ResumeThread_Enter_Handler
PSH_SetThreadContext_Enter_Handler
PSS_CreateProcessInternalW_Enter_Handler
PSS_UpdateProcThreadAttribute_Exit_Handler
PS_CreateFileMappingW_Enter_Handler
PS_CreateFileW_Exit_Handler
PS_CreateRemoteThread_Enter_Handler
PS_CreateThread_Enter_Handler
PS_HeapAlloc_Exit_Handler
PS_IsWow64Process_Enter_Handler
PS_LsaConnectUntrusted_Enter_Handler
PS_LsaLookupAuthenticationPackage_Enter_Handler
PS_NtCreateThreadEx_Enter_Handler
PS_NtQueryInformationProcess_Enter_Handler
PS_OpenProcess_Exit_Handler
PS_ReadProcessMemory_Enter_Handler
PS_VaultGetItem_Exit_Handler
PS_VirtualAllocEx_Exit_Handler
PS_VirtualAlloc_Exit_Handler
PS_VirtualProtect_Enter_Handler
PS_WriteProcessMemory_Enter_Handler
QMCreateObjectInternal_Enter_Handler
QMGetRemoteQueueName_Enter_Handler
QMObjectPathToObjectFormat_Enter_Handler
RCE_CLSIDFromProgID_Enter_Handler
RCE_CopyFileW_Enter_Handler
RCE_CreateFileW_Exit_Handler
RCE_CreateProcessA_Enter_Handler
RCE_CreateProcessAsUserA_Enter_Handler
RCE_CreateProcessAsUserW_Enter_Handler
RCE_CreateProcessInternalA_Enter_Handler
RCE_CreateProcessInternalW_Enter_Handler
RCE_CreateProcessW_Enter_Handler
RCE_CreateRemoteThread_Enter_Handler
RCE_GetTempPathA_Enter_Handler
RCE_GetTempPathW_Enter_Handler
RCE_InternetConnectW_Enter_Handler
RCE_LoadLibraryExW_Enter_Handler
RCE_URLDownloadToFileA_Enter_Handler
RCE_URLDownloadToFileW_Enter_Handler
RCE_VirtualAllocEx_Enter_Handler
RCE_VirtualAllocEx_Exit_Handler
RCE_VirtualProtect_Exit_Handler
RCE_WinExec_Enter_Handler
RCE_WriteProcessMemory_Enter_Handler
RCE_connect_Enter_Handler
RCE_recv_Exit_Handler
RCE_send_Exit_Handler
RD_CreateProcessInternalW_Enter_Handler
RegOps_RegOpenKeyExW_Enter_Handler
ScrUnescape_Enter_Handler
ScrUnescape_Enter_Handler_New
Scr_DeviceIOControl_Enter_Handler
SetConsoleCtrlHandler_PWSHCR10_Enter_Handler
SetConsoleCtrlHandler_PWSHCR1_Enter_Handler
SetConsoleCtrlHandler_PWSHCR2_Enter_Handler
SetConsoleCtrlHandler_PWSHCR3_Enter_Handler
SetConsoleCtrlHandler_PWSHCR4_Enter_Handler
SetConsoleCtrlHandler_PWSHCR5_Enter_Handler
SetConsoleCtrlHandler_PWSHCR6_Enter_Handler
SetConsoleCtrlHandler_PWSHCR7_Enter_Handler
SetConsoleCtrlHandler_PWSHCR8_Enter_Handler
SetConsoleCtrlHandler_PWSHCR9_Enter_Handler
SetConsoleCtrlHandler_PWSHCR_Enter_Handler
Spool_LdrLoadDll_Enter_Handler
Spool_NTCreateFile_Enter_Handler
Start_Printer_Enter_Handler
Vba_GetDiskFreeSpaceW_Enter_Handler
WMCreateEditor_Enter_Handler
_CreateDirectoryW_Enter_Handler
_LoadCPLModule_Enter_Handler
_LoadLibraryExW_Enter_Handler
_fcvt_Enter_Handler
_fcvt_Exit_Handler
dllInj_RTLUserThreadStart_Enter_Handler
lateBindingOn
outlook_CLSIDFromProgID_Enter_Handler
outlook_CoCreateInstance_Enter_Handler
outlook_CreateProcessW_Enter_Handler
shellInj_RTLUserThreadStart_Enter_Handler

Sections

.text
Size: 219KB - Virtual size: 219KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

346c25ef967c39f51424b745ff6df150

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6aCertificate

Key Usages

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54Certificate

Extended Key Usages

Key Usages

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47Certificate

Extended Key Usages

Key Usages

5c:cd:0f:b9:8c:2c:d0:02:95:96:28:d9Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

7f:74:b6:09:09:9d:9f:d1:ac:98:4b:63:2e:de:fe:f2:4d:04:2a:a4:91:0a:e0:df:ff:3f:8a:7e:1f:20:4d:43Signer

Headers

DLL Characteristics

File Characteristics

Imports

psapi

shlwapi

kernel32

advapi32

shell32

iphlpapi

dbghelp

ws2_32

Exports

Exports

Sections

.text Size: 219KB - Virtual size: 219KB

.rdata Size: 99KB - Virtual size: 98KB

.data Size: 4KB - Virtual size: 31KB

.rsrc Size: 1024B - Virtual size: 992B

.reloc Size: 16KB - Virtual size: 15KB

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

5c:cd:0f:b9:8c:2c:d0:02:95:96:28:d9
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

7f:74:b6:09:09:9d:9f:d1:ac:98:4b:63:2e:de:fe:f2:4d:04:2a:a4:91:0a:e0:df:ff:3f:8a:7e:1f:20:4d:43
Signer

.text
Size: 219KB - Virtual size: 219KB

.rdata
Size: 99KB - Virtual size: 98KB

.data
Size: 4KB - Virtual size: 31KB

.rsrc
Size: 1024B - Virtual size: 992B

.reloc
Size: 16KB - Virtual size: 15KB