General

Malware Config

Signatures

Files

• DYMO.WebApi.Win.Host.exe

  .exe windows:6 windows x86 arch:x86

  0e4978c6d7358363a563494a824fabf2

  
  

  Code Sign

  48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16

  Certificate

  Issuer

  CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  25-05-2021 00:00

  Not After

  31-12-2028 23:59

  Subject

  CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a

  Certificate

  Issuer

  CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

  Not Before

  22-03-2021 00:00

  Not After

  21-03-2036 23:59

  Subject

  CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  b3:b8:f3:06:a1:bd:c7:47:13:b6:97:b1:44:9a:cb:8d

  Certificate

  Issuer

  CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

  Not Before

  24-08-2022 00:00

  Not After

  23-08-2025 23:59

  Subject

  CN=Newell Brands Inc,O=Newell Brands Inc,ST=Georgia,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  1c:dc:6e:db:09:b5:a3:ef:8d:5c:ad:06:08:0e:99:95:ee:78:86:73:51:47:ef:33:03:50:7e:27:fa:e7:25:1c

  Signer

  Actual PE Digest

  1c:dc:6e:db:09:b5:a3:ef:8d:5c:ad:06:08:0e:99:95:ee:78:86:73:51:47:ef:33:03:50:7e:27:fa:e7:25:1c

  Digest Algorithm

  sha256

  PE Digest Matches

  true

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_GUARD_CF

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  PDB Paths

  D:\a\_work\1\s\artifacts\obj\win-x86.Release\corehost\cli\apphost\Release\apphost.pdb

  Imports

  kernel32

  FindClose

  FindFirstFileExW

  FindNextFileW

  GetFileAttributesExW

  GetFullPathNameW

  GetTempPathW

  GetLastError

  InitializeCriticalSection

  EnterCriticalSection

  LeaveCriticalSection

  GetEnvironmentVariableW

  GetCurrentProcess

  IsWow64Process

  GetModuleFileNameW

  GetModuleHandleExW

  GetProcAddress

  LoadLibraryExW

  LoadLibraryA

  MultiByteToWideChar

  WideCharToMultiByte

  FreeLibrary

  TlsFree

  TlsSetValue

  TlsGetValue

  TlsAlloc

  OutputDebugStringW

  GetModuleHandleW

  GetCurrentProcessId

  Sleep

  RemoveDirectoryW

  DeleteCriticalSection

  CreateDirectoryW

  InitializeCriticalSectionAndSpinCount

  SetLastError

  RtlUnwind

  RaiseException

  InitializeSListHead

  GetSystemTimeAsFileTime

  GetCurrentThreadId

  QueryPerformanceCounter

  IsDebuggerPresent

  IsProcessorFeaturePresent

  TerminateProcess

  SetUnhandledExceptionFilter

  UnhandledExceptionFilter

  LCMapStringEx

  DecodePointer

  EncodePointer

  InitializeCriticalSectionEx

  GetStringTypeW

  user32

  MessageBoxW

  shell32

  ShellExecuteW

  advapi32

  RegOpenKeyExW

  RegCloseKey

  ReportEventW

  RegisterEventSourceW

  DeregisterEventSource

  RegGetValueW

  api-ms-win-crt-runtime-l1-1-0

  _configure_wide_argv

  _initialize_wide_environment

  _invalid_parameter_noinfo_noreturn

  _set_app_type

  _seh_filter_exe

  _cexit

  _crt_atexit

  _get_initial_wide_environment

  _register_onexit_function

  _initialize_onexit_table

  _controlfp_s

  _exit

  __p___argc

  __p___wargv

  _c_exit

  _initterm

  _initterm_e

  terminate

  _errno

  abort

  exit

  _register_thread_local_exe_atexit_callback

  api-ms-win-crt-stdio-l1-1-0

  fflush

  _wfopen

  __stdio_common_vswprintf

  fclose

  __stdio_common_vsprintf_s

  _set_fmode

  __p__commode

  fread

  fseek

  fwrite

  __acrt_iob_func

  fputwc

  fputws

  __stdio_common_vfwprintf

  api-ms-win-crt-string-l1-1-0

  wcsncmp

  _wcsicmp

  strcpy_s

  _wcsnicmp

  _wcsdup

  strcspn

  wcsnlen

  memset

  api-ms-win-crt-math-l1-1-0

  frexp

  __setusermatherr

  api-ms-win-crt-heap-l1-1-0

  malloc

  calloc

  free

  _callnewh

  _set_new_mode

  api-ms-win-crt-locale-l1-1-0

  ___mb_cur_max_func

  setlocale

  __pctype_func

  ___lc_codepage_func

  _unlock_locales

  _lock_locales

  _configthreadlocale

  ___lc_locale_name_func

  localeconv

  api-ms-win-crt-filesystem-l1-1-0

  _wrename

  _wremove

  api-ms-win-crt-convert-l1-1-0

  wcstoul

  _wtoi

  api-ms-win-crt-time-l1-1-0

  wcsftime

  _time64

  _gmtime64

  Sections

  .text

  Size: 84KB - Virtual size: 84KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 31KB - Virtual size: 30KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 3KB - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .reloc

  Size: 5KB - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 142KB - Virtual size: 142KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ