371ed733aa6d3fb4ce1880f302d27124fd8af14945c76cc9e7d1b83edc1fe57b

Sharing

Copy URL Twitter E-mail

General

Target

371ed733aa6d3fb4ce1880f302d27124fd8af14945c76cc9e7d1b83edc1fe57b
Size

808KB
MD5

3b99f91dd57074ddf920598a7595df21
SHA1

4c4d5846ddf1be053513f7fdda337c0b581f0343
SHA256

371ed733aa6d3fb4ce1880f302d27124fd8af14945c76cc9e7d1b83edc1fe57b
SHA512

a739691146f07a7c313fcd304cbc2260e0716850ade92234ad03b1eeeed5f96a2c89f015d988dd2a9eafbeaa1130115be467949001af5a879895756f843b24ca
SSDEEP

12288:oqGTLSvIFJs6KAc3lvxyPoFHikJ7msiBkk2ldiWc5C+OkcbOeWbp9:2Ja3lvxyPoFHikJ7mVRWcLXcMp9

Score

1^/10

Malware Config

Signatures

Files

371ed733aa6d3fb4ce1880f302d27124fd8af14945c76cc9e7d1b83edc1fe57b
.dll windows:6 windows x64 arch:x64

3f8baf693e3a69033a540ed54ebe7006

Code Sign

78:4a:a9:28:1d:59:6f:9c:d0:ce:b0:fe:a9:7a:64:9b
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

16/09/2020, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

55:e6:f0:69:a4:e4:66:8b:89:82:d2:dd
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

07/12/2023, 13:48

Not After

05/03/2027, 13:48

Subject

SERIALNUMBER=1037700085444,CN=CRYPTO-PRO LLC,O=CRYPTO-PRO LLC,STREET=proyezd Izmaylovskiy\, 10 / korpus 2 pomeshch 4/1,L=Moscow,ST=Moscow,C=RU,1.3.6.1.4.1.311.60.2.1.2=#13064d6f73636f77,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:19:75:74:71:c9:92:d7:44:df:a5:96:eb:b9:70:15
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

02/11/2023, 10:30

Not After

04/12/2034, 10:30

Subject

CN=Globalsign TSA for Advanced - G4 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

d7:e5:93:ea:44:83:c2:cf:df:a7:3b:7e:d9:46:b4:f1:5e:8f:62:88:cb:b4:8e:ae:1f:25:bc:85:eb:5b:25:71
Signer

Actual PE Digest

d7:e5:93:ea:44:83:c2:cf:df:a7:3b:7e:d9:46:b4:f1:5e:8f:62:88:cb:b4:8e:ae:1f:25:bc:85:eb:5b:25:71

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

e:\trunk\trunk_0\csp\out\x64\release\cpanel.pdb

Imports

netapi32

NetLocalGroupDelMembers
NetLocalGroupAddMembers
NetLocalGroupAdd

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

msi

ord90
ord113
ord111
ord10
ord129
ord190
ord70
ord37
ord141
ord173

rpcrt4

UuidToStringW
RpcStringFreeW
UuidFromStringW

imagehlp

MapAndLoad
UnMapAndLoad

ntdll

RtlGetNtProductType
RtlGetNtVersionNumbers

mfc42u

ord3484
ord1004
ord4787
ord3177
ord5082
ord3740
ord2408
ord2427
ord1574
ord286
ord3830
ord3790
ord999
ord5077
ord4699
ord822
ord867
ord911
ord1035
ord3783
ord912
ord1033
ord2532
ord4779
ord3518
ord2059
ord5710
ord4752
ord1699
ord4771
ord3517
ord5227
ord5709
ord1777
ord6437
ord2517
ord5406
ord5246
ord4722
ord5687
ord5352
ord5114
ord5304
ord5583
ord5585
ord5584
ord564
ord1441
ord1126
ord1647
ord1428
ord6767
ord6418
ord2666
ord1909
ord2979
ord1366
ord6102
ord2132
ord5382
ord554
ord2329
ord2325
ord2384
ord4582
ord2657
ord1930
ord4599
ord3894
ord4014
ord2900
ord6243
ord3174
ord4131
ord1287
ord1262
ord4836
ord2948
ord2044
ord2586
ord4741
ord3743
ord3774
ord3892
ord2371
ord2376
ord307
ord823
ord6540
ord1124
ord1453
ord3178
ord6632
ord6614
ord4262
ord6395
ord2593
ord4747
ord3501
ord3806
ord4257
ord3417
ord1284
ord6199
ord2328
ord852
ord1830
ord372
ord2311
ord2518
ord3652
ord4127
ord5702
ord3487
ord5226
ord5244
ord4720
ord5426
ord4968
ord5123
ord5083
ord4967
ord4996
ord5487
ord1774
ord6801
ord2425
ord2024
ord4543
ord2592
ord4746
ord3805
ord3631
ord3630
ord3319
ord4860
ord3396
ord370
ord877
ord3262
ord3258
ord6385
ord4548
ord3761
ord3491
ord5245
ord4721
ord1907
ord6660
ord644
ord2411
ord2559
ord2393
ord2784
ord4436
ord4601
ord1261
ord2319
ord1677
ord2676
ord617
ord1038
ord6846
ord1996
ord339
ord4217
ord4557
ord2378
ord2515
ord1585
ord1477
ord355
ord1544
ord1491
ord1577
ord1553
ord1555
ord1586
ord812
ord6071
ord4191
ord1388
ord5615
ord2412
ord3468
ord5722
ord5724
ord2752
ord4368
ord5065
ord5730
ord5711
ord6053
ord4214
ord3534
ord4983
ord1445
ord620
ord1812
ord4375
ord2242
ord827
ord311
ord1803
ord1483
ord1563
ord2793
ord287
ord5949
ord1379
ord940
ord445
ord1063
ord659
ord1947
ord2906
ord2020
ord1463
ord5887
ord2975
ord1259
ord622
ord1122
ord2629
ord3437
ord624
ord2661
ord1387
ord2138
ord1055
ord650
ord6813
ord832
ord665
ord1067
ord3751
ord4770
ord4988
ord4371
ord3164
ord4077
ord4083
ord4082
ord3535
ord3046
ord3166
ord3052
ord3366
ord3231
ord4815
ord3362
ord3243
ord3049
ord5699
ord2140
ord2457
ord5683
ord1736
ord5484
ord3933
ord6814
ord2060
ord2670
ord4789
ord5229
ord4017
ord5712
ord4694
ord6812
ord5586
ord2399
ord5663
ord4743
ord1778
ord4365
ord6440
ord2589
ord4542
ord2023
ord2422
ord1499
ord1562
ord1566
ord2846
ord1040
ord626
ord1583
ord1472
ord1416
ord288
ord1082
ord1264
ord2379

msvcrt

memmove
memcpy
calloc
towupper
iswctype
wcsncmp
strstr
?terminate@@YAXXZ
rand
_snwprintf
srand
wcschr
memset
wcsncpy
_callnewh
_CxxThrowException
??0exception@@QEAA@AEBQEBDH@Z
_wcsicmp
_wcsnicmp
wcsrchr
fread
rewind
ftell
fclose
fseek
_wfopen
wcsstr
_msize
realloc
_purecall
_wcsdup
malloc
free
_vscwprintf
atoi
_mbscmp
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
memcmp
mbtowc
__mb_cur_max
isleadbyte
_iob
_snprintf
_itoa
ferror
__badioinfo
__pioinfo
_wcsupr
_wcslwr
_errno
__CxxFrameHandler
sscanf
_fileno
_lseeki64
_write
_isatty
??1type_info@@UEAA@XZ
_unlock
__dllonexit
_lock
_onexit
_XcptFilter
_initterm
_amsg_exit
strcmp
__C_specific_handler
??8type_info@@QEBAHAEBV0@@Z
wcscmp

kernel32

Sleep
VirtualProtect
CompareFileTime
GlobalAlloc
GlobalLock
GlobalUnlock
RaiseException
GetLongPathNameW
lstrcmpW
LoadLibraryExW
WaitForSingleObject
TerminateProcess
LoadLibraryA
SetErrorMode
ReleaseActCtx
FindFirstFileW
FindNextFileW
FindClose
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
UnhandledExceptionFilter
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetLastError
GetCurrentProcess
LocalAlloc
CloseHandle
LocalFree
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
GetModuleFileNameW
SetLastError
DeactivateActCtx
LoadLibraryW
ActivateActCtx
FindActCtxSectionStringW
CreateActCtxW
GetModuleHandleExW
QueryActCtxW
OutputDebugStringA
GetProcAddress
FreeLibrary
lstrcmpiW
lstrcpyW
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetVersionExA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetModuleHandleW
GetSystemTime
FormatMessageW
SystemTimeToFileTime
GetDateFormatW
GetTimeFormatW
GetWindowsDirectoryW

gdi32

GetObjectW
CreateFontIndirectW
GetDeviceCaps
GetStockObject

advapi32

ChangeServiceConfigW
StartServiceW
CloseServiceHandle
QueryServiceConfigW
QueryServiceStatus
OpenServiceW
OpenSCManagerW
GetUserNameW
CryptGetHashParam
RegEnumValueW
CryptGenRandom
CryptDeriveKey
CryptDuplicateKey
CryptSetKeyParam
CryptVerifySignatureW
CryptSignHashW
CryptSetHashParam
CryptCreateHash
CryptHashData
CryptImportKey
CryptExportKey
CryptContextAddRef
CryptGetKeyParam
CryptGetUserKey
CryptDestroyHash
RegSetValueExW
CryptGetDefaultProviderW
CryptEnumProvidersW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
CryptDestroyKey
CryptGenKey
CryptSetProvParam
CryptGetProvParam
CryptAcquireContextW
CryptReleaseContext
OpenProcessToken

ole32

CoInitialize
CoUninitialize

oleaut32

VariantClear
SysAllocString
SysAllocStringLen
VariantInit
SysStringByteLen
SysStringLen
VarCmp
SysAllocStringByteLen
SysFreeString
VarBstrCat
VarBstrCmp

Exports

Exports

CPlApplet
CalculateIntegrity
StartRdpSmartcardServiceW
UnregisterSmartCards
WizAuthOnContainer
WizCheckContainer
WizCopyContainer
WizDeleteContainer
WizInstallPrivateCertificate
WizViewCertificateInContainer
db_ctx

Sections

.text
Size: 400KB - Virtual size: 399KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 138KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 224KB - Virtual size: 224KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3f8baf693e3a69033a540ed54ebe7006

Code Sign

78:4a:a9:28:1d:59:6f:9c:d0:ce:b0:fe:a9:7a:64:9bCertificate

Extended Key Usages

Key Usages

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

55:e6:f0:69:a4:e4:66:8b:89:82:d2:ddCertificate

Extended Key Usages

Key Usages

01:19:75:74:71:c9:92:d7:44:df:a5:96:eb:b9:70:15Certificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51Certificate

Key Usages

d7:e5:93:ea:44:83:c2:cf:df:a7:3b:7e:d9:46:b4:f1:5e:8f:62:88:cb:b4:8e:ae:1f:25:bc:85:eb:5b:25:71Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

netapi32

version

msi

rpcrt4

imagehlp

ntdll

mfc42u

msvcrt

kernel32

gdi32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 400KB - Virtual size: 399KB

.rdata Size: 138KB - Virtual size: 138KB

.data Size: 3KB - Virtual size: 15KB

.pdata Size: 14KB - Virtual size: 14KB

.rsrc Size: 224KB - Virtual size: 224KB

.reloc Size: 8KB - Virtual size: 7KB

78:4a:a9:28:1d:59:6f:9c:d0:ce:b0:fe:a9:7a:64:9b
Certificate

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

55:e6:f0:69:a4:e4:66:8b:89:82:d2:dd
Certificate

01:19:75:74:71:c9:92:d7:44:df:a5:96:eb:b9:70:15
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

d7:e5:93:ea:44:83:c2:cf:df:a7:3b:7e:d9:46:b4:f1:5e:8f:62:88:cb:b4:8e:ae:1f:25:bc:85:eb:5b:25:71
Signer

.text
Size: 400KB - Virtual size: 399KB

.rdata
Size: 138KB - Virtual size: 138KB

.data
Size: 3KB - Virtual size: 15KB

.pdata
Size: 14KB - Virtual size: 14KB

.rsrc
Size: 224KB - Virtual size: 224KB

.reloc
Size: 8KB - Virtual size: 7KB