7b5d16bcdfd2d33b1cc3eb6990f550139b678b02854391ca5eda120d23d75b3c

Sharing

Copy URL Twitter E-mail

General

Target

7b5d16bcdfd2d33b1cc3eb6990f550139b678b02854391ca5eda120d23d75b3c
Size

713KB
MD5

87426266adbffff04f7242b7b8f3b9e0
SHA1

20a4bd50ec4b5806aa0a7f76de8658fe3af5d806
SHA256

7b5d16bcdfd2d33b1cc3eb6990f550139b678b02854391ca5eda120d23d75b3c
SHA512

c5c9fb49d9effc0bd2963a893c369b248a89eef6c1c03bc6f726eaa41829bee1abbd73f9be1d040b2d669906832610542d7a21609975e154016ca61d9d311dc3
SSDEEP

12288:f9y5ayKFxcbTrC0JgrvDK7ph0lhSMXliXbf6Ora:f9y5ayyOnG0ovEh0lhSMXlIbf6OW

Score

1^/10

Malware Config

Signatures

Files

7b5d16bcdfd2d33b1cc3eb6990f550139b678b02854391ca5eda120d23d75b3c
.dll windows:6 windows x64 arch:x64

699ca80fc48607192e7c5e594007575e

Code Sign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2013, 12:00

Not After

15/01/2038, 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:5a:81:ef:1c:74:ca:ca:ee:c6:68:c7:39:04:a6:11
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

10/02/2023, 00:00

Not After

02/04/2024, 23:59

Subject

CN=Safetica a.s.,O=Safetica a.s.,L=Praha,C=CZ

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

19:f4:cc:eb:9c:dc:ec:99:0a:9c:6f:9a:a2:0a:e5:13:5d:29:ef:e4:a4:17:e8:cd:7a:58:59:8a:aa:a8:19:fa
Signer

Actual PE Digest

19:f4:cc:eb:9c:dc:ec:99:0a:9c:6f:9a:a2:0a:e5:13:5d:29:ef:e4:a4:17:e8:cd:7a:58:59:8a:aa:a8:19:fa

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\A001Agent-1\2\s\Endpoint\Compiled\x64\Release\Modules\ClassiTaggerService.pdb

Imports

netapi32

NetShareGetInfo
Netbios
NetApiBufferFree

mpr

WNetGetUniversalNameW

rpcrt4

RpcBindingSetOption
RpcBindingFromStringBindingW
RpcStringBindingComposeW
RpcStringFreeW
RpcBindingFree
NdrCStdStubBuffer_Release
NdrClientCall3
CStdStubBuffer_Invoke
IUnknown_AddRef_Proxy
RpcAsyncCompleteCall
NdrAsyncServerCall
CStdStubBuffer_DebugServerQueryInterface
NdrOleFree
CStdStubBuffer_AddRef
IUnknown_Release_Proxy
CStdStubBuffer_CountRefs
CStdStubBuffer_QueryInterface
NdrOleAllocate
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_Disconnect
IUnknown_QueryInterface_Proxy
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Connect
NdrServerCallAll
Ndr64AsyncServerCallAll
NdrServerCall2
NdrDllGetClassObject

mfc140u

ord3728
ord1492
ord324
ord1040
ord2327
ord2212
ord2369
ord2372
ord2338
ord2371
ord473
ord2234
ord2336
ord2161
ord2266
ord2360
ord14073
ord7068
ord936
ord1491
ord1489
ord266
ord265
ord2350
ord2346
ord323
ord1039
ord4947
ord285
ord2921
ord5709
ord4656
ord5674
ord1503
ord286
ord296
ord942
ord8179
ord1033
ord480
ord1119

kernel32

HeapAlloc
DeleteCriticalSection
GetProcessHeap
QueryDosDeviceW
GetVolumeInformationW
SetErrorMode
GetVolumePathNameW
WideCharToMultiByte
GetModuleHandleExW
GetModuleFileNameW
VerSetConditionMask
VerifyVersionInfoW
GetCurrentProcess
LocalAlloc
OpenProcess
GetProcAddress
LocalFree
WaitForMultipleObjects
InitializeCriticalSection
WaitForSingleObject
CreateEventW
SetEvent
CreateThread
ResetEvent
FormatMessageW
GetModuleHandleW
FreeLibraryAndExitThread
FileTimeToLocalFileTime
FileTimeToSystemTime
CreateProcessW
TerminateProcess
GetCurrentThreadId
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
SetLastError
CloseHandle
MultiByteToWideChar
HeapFree
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
OutputDebugStringW
FormatMessageA
GetLocaleInfoEx
EnterCriticalSection
QueueUserWorkItem
GetVolumePathNamesForVolumeNameW
GetDriveTypeW
GetLongPathNameW
CreateFileMappingW
MapViewOfFile
InitializeCriticalSectionEx
LeaveCriticalSection
GetTickCount
GetLastError
GetCurrentProcessId
UnmapViewOfFile
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockExclusive

advapi32

CryptAcquireContextW
CryptReleaseContext
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
LookupPrivilegeValueW
SetSecurityDescriptorDacl
AdjustTokenPrivileges
AllocateAndInitializeSid
OpenProcessToken
FreeSid
InitializeSecurityDescriptor
InitializeAcl
GetLengthSid
AddAccessAllowedAce

ole32

CoCreateInstance
CoRegisterClassObject
OleRun
CoRegisterPSClsid
CoInitializeEx
CoUninitialize

oleaut32

BSTR_UserSize
BSTR_UserFree
BSTR_UserUnmarshal64
BSTR_UserUnmarshal
BSTR_UserMarshal
BSTR_UserFree64
VariantClear
BSTR_UserMarshal64
BSTR_UserSize64

msvcp140

?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@K@Z
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?good@ios_base@std@@QEBA_NXZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?_Incref@facet@locale@std@@UEAAXXZ
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??1_Lockit@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
??0_Lockit@std@@QEAA@H@Z
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?id@?$ctype@_W@std@@2V0locale@2@A
??Bid@locale@std@@QEAA_KXZ
?widen@?$ctype@_W@std@@QEBA_WD@Z
?_Gettrue@_Locinfo@std@@QEBAPEBDXZ
?_Getfalse@_Locinfo@std@@QEBAPEBDXZ
?id@?$numpunct@_W@std@@2V0locale@2@A
?id@?$numpunct@D@std@@2V0locale@2@A
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@H@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
?uncaught_exceptions@std@@YAHXZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
?_Xbad_alloc@std@@YAXXZ
_Mbrtowc
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@_N@Z
??0_Locinfo@std@@QEAA@HPEBD@Z
?_Getname@_Locinfo@std@@QEBAPEBDXZ
?_Makeloc@_Locimp@locale@std@@CAPEAV123@AEBV_Locinfo@3@HPEAV123@PEBV23@@Z
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
?_Xruntime_error@std@@YAXPEBD@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Xbad_function_call@std@@YAXXZ
_Xtime_get_ticks
_Thrd_join
_Thrd_id
_Mtx_lock
_Mtx_unlock
_Mtx_init_in_situ
_Mtx_destroy_in_situ
?_Xlength_error@std@@YAXPEBD@Z
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?__ExceptionPtrCreate@@YAXPEAX@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrToBool@@YA_NPEBX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
_Query_perf_frequency
?classic@locale@std@@SAAEBV12@XZ
?_Winerror_map@std@@YAHH@Z
?id@?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@2V0locale@2@A
?_Syserror_map@std@@YAPEBDH@Z
_Query_perf_counter
?_Getcat@?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?put@?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEBA?AV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@2@V32@AEAVios_base@2@_WPEBUtm@@PEB_W4@Z
?imbue@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAA?AVlocale@2@AEBV32@@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
_Cnd_do_broadcast_at_thread_exit
??1_Locinfo@std@@QEAA@XZ
?_Throw_Cpp_error@std@@YAXH@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_J@Z
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z

ws2_32

GetAddrInfoW
GetNameInfoW
InetNtopW
WSACleanup
WSAStartup
ntohl
FreeAddrInfoW
htonl

iphlpapi

GetAdaptersInfo

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__std_type_info_name
__RTDynamicCast
__std_type_info_compare
__std_terminate
__std_exception_destroy
wcsrchr
__C_specific_handler
memset
__current_exception
__current_exception_context
__std_type_info_destroy_list
memmove
_CxxThrowException
memcpy
__std_exception_copy
memcmp
_purecall

api-ms-win-crt-runtime-l1-1-0

_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_invalid_parameter_noinfo_noreturn
_cexit
terminate
_initterm
_initterm_e
_errno
_seh_filter_dll
_beginthreadex
abort
_configure_narrow_argv

api-ms-win-crt-heap-l1-1-0

calloc
_recalloc
_msize
free
malloc
realloc

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__stdio_common_vfwprintf
__stdio_common_vsprintf
__stdio_common_vswprintf
__stdio_common_vswprintf_s
__stdio_common_vsprintf_s

api-ms-win-crt-convert-l1-1-0

strtod
strtoll
strtoull
atoi
wcstol
strtol

api-ms-win-crt-string-l1-1-0

wcscpy_s
_wcsnicmp
wcsncpy_s
wcsncmp
toupper
towlower
_wcsicmp

api-ms-win-crt-locale-l1-1-0

localeconv

api-ms-win-crt-math-l1-1-0

_fdsign
_dsign
_fdclass
_ldclass
_ldsign
_dclass

msvcp140_atomic_wait

__std_atomic_wait_direct
__std_atomic_notify_all_direct

Exports

Exports

CreateDCService
InitDCService

Sections

.text
Size: 371KB - Virtual size: 371KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 512B - Virtual size: 240B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 257KB - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

699ca80fc48607192e7c5e594007575e

Code Sign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5cCertificate

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0e:5a:81:ef:1c:74:ca:ca:ee:c6:68:c7:39:04:a6:11Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

19:f4:cc:eb:9c:dc:ec:99:0a:9c:6f:9a:a2:0a:e5:13:5d:29:ef:e4:a4:17:e8:cd:7a:58:59:8a:aa:a8:19:faSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

netapi32

mpr

rpcrt4

mfc140u

kernel32

advapi32

ole32

oleaut32

msvcp140

ws2_32

iphlpapi

vcruntime140_1

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

msvcp140_atomic_wait

Exports

Exports

Sections

.text Size: 371KB - Virtual size: 371KB

.orpc Size: 512B - Virtual size: 240B

.rdata Size: 257KB - Virtual size: 256KB

.data Size: 48KB - Virtual size: 50KB

.pdata Size: 17KB - Virtual size: 17KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 3KB

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0e:5a:81:ef:1c:74:ca:ca:ee:c6:68:c7:39:04:a6:11
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

19:f4:cc:eb:9c:dc:ec:99:0a:9c:6f:9a:a2:0a:e5:13:5d:29:ef:e4:a4:17:e8:cd:7a:58:59:8a:aa:a8:19:fa
Signer

.text
Size: 371KB - Virtual size: 371KB

.orpc
Size: 512B - Virtual size: 240B

.rdata
Size: 257KB - Virtual size: 256KB

.data
Size: 48KB - Virtual size: 50KB

.pdata
Size: 17KB - Virtual size: 17KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 3KB