b63625340eead682c10fbf1d2d5e7700fa143d7b9d46ddc5adb442dad37316fb

Sharing

Copy URL Twitter E-mail

General

Target

b63625340eead682c10fbf1d2d5e7700fa143d7b9d46ddc5adb442dad37316fb
Size

926KB
MD5

025dcdeb5c73dc903529491adde32a04
SHA1

539ca3b983b7bd4e516d5d20babb6ea4871efdab
SHA256

b63625340eead682c10fbf1d2d5e7700fa143d7b9d46ddc5adb442dad37316fb
SHA512

97911cc005087158216db386d5a97ca5b623a03734c063a34b6f2c37278510ccb8135b5d7de0b9d929bf156fff9752d770b0e39e3770024f2d3f9f956e0aa5bf
SSDEEP

12288:nbOTweGSaL21t3/S23NaVf6rmIefdkdwzNykvph0lhSMXl+FpTu/fGsnxpqjq+:nCTwNSJt30nIeamykhh0lhSMXlqWh67

Score

1^/10

Malware Config

Signatures

Files

b63625340eead682c10fbf1d2d5e7700fa143d7b9d46ddc5adb442dad37316fb
.dll windows:5 windows x64 arch:x64

63e3f6325e5b64ece1f8254a52721c65

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:02:b3:6b:32:51:c3:28:08:3f:77:7c:a0:84:28:ff
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

16/09/2022, 00:00

Not After

17/09/2025, 23:59

Subject

CN=Avast Software s.r.o.,O=Avast Software s.r.o.,L=Praha,C=CZ

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a3:44:7d:02:cf:77:63:e9:82:fe:6c:f3:97:25:67:f0:a9:b7:aa:4e:2b:22:30:72:73:6a:f8:c8:a7:29:32:9c
Signer

Actual PE Digest

a3:44:7d:02:cf:77:63:e9:82:fe:6c:f3:97:25:67:f0:a9:b7:aa:4e:2b:22:30:72:73:6a:f8:c8:a7:29:32:9c

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\BUILD\work\e0dd96435fde7cb0\COMPILEIDP\Release_Unicode-x64-gqcavrq\bin\Release_Unicode_vs143\x64\aswcomm.pdb

Imports

ntdll

LdrLoadDll
RtlDosPathNameToNtPathName_U
LdrUnloadDll
LdrGetProcedureAddress
RtlGetFullPathName_U
ZwFsControlFile
RtlGetDaclSecurityDescriptor
RtlCreateSecurityDescriptor
RtlSetGroupSecurityDescriptor
RtlEqualSid
ZwOpenFile
RtlCreateAcl
RtlAddAccessDeniedAceEx
RtlCopySid
RtlValidSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlLengthSid
ZwOpenThreadToken
RtlGetOwnerSecurityDescriptor
RtlAddAccessAllowedAceEx
RtlFreeUnicodeString
RtlGetAce
RtlGetSaclSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlSetOwnerSecurityDescriptor
RtlSetSaclSecurityDescriptor
ZwQueryVirtualMemory
ZwOpenProcessToken
ZwQueryInformationToken
RtlGetCurrentDirectory_U
RtlGetNativeSystemInformation
RtlInitUnicodeString
RtlCreateUnicodeString
RtlFreeHeap
RtlAllocateHeap
ZwQuerySystemInformation
RtlTimeFieldsToTime
ZwResetEvent
ZwSetEvent
ZwCreateEvent
RtlLeaveCriticalSection
RtlInitializeCriticalSection
RtlEnterCriticalSection
RtlDeleteCriticalSection
ZwResumeThread
ZwClose
ZwDelayExecution
ZwTerminateProcess
RtlCreateUserThread
ZwSetInformationThread
ZwQueryInformationThread
CsrClientCallServer
ZwReadFile
ZwWriteFile
ZwSetInformationFile
ZwFlushBuffersFile
ZwReleaseMutant
ZwCreateNamedPipeFile
ZwCancelIoFile
RtlExitUserThread
ZwTerminateThread
ZwWaitForSingleObject
RtlxOemStringToUnicodeSize
RtlOemStringToUnicodeString
NlsMbOemCodePageTag
RtlNtStatusToDosError
RtlxAnsiStringToUnicodeSize
NlsMbCodePageTag
RtlAnsiStringToUnicodeString
LdrGetDllHandle
RtlReAllocateHeap
RtlTimeToTimeFields
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

kernel32

GetProcAddress
FreeLibrary
CloseHandle
GetLastError
CompareStringW
ExpandEnvironmentStringsW
GetModuleFileNameW
GetShortPathNameW
GetFileAttributesW
GetSystemWindowsDirectoryW
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetModuleHandleW
InitializeSListHead
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetCurrentProcess
TerminateProcess
CreateFileW
DeviceIoControl
GetProcessAffinityMask
GetLongPathNameW
VirtualAlloc
VirtualFree
GlobalMemoryStatusEx
LocalFree
HeapAlloc
GetProcessHeap
InitializeCriticalSectionEx
DeleteCriticalSection
HeapFree
EnterCriticalSection
LeaveCriticalSection
GetSystemInfo
GetVersionExW
RaiseException
WideCharToMultiByte
DisableThreadLibraryCalls
SetLastError
GetTickCount
OutputDebugStringW
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
SetEnvironmentVariableW
InitializeCriticalSection
WaitForMultipleObjectsEx
GetEnvironmentVariableW
GetCurrentDirectoryW
CreateDirectoryW
GetFullPathNameW
GetFileInformationByHandle
GetWindowsDirectoryW
SetFilePointer
ReadFile

msvcp140

?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
?_Xlength_error@std@@YAXPEBD@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrCreate@@YAXPEAX@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xbad_function_call@std@@YAXXZ
?_Xbad_alloc@std@@YAXXZ
_Mbrtowc
?_Incref@facet@locale@std@@UEAAXXZ
??1_Locinfo@std@@QEAA@XZ
??1_Lockit@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
??0_Lockit@std@@QEAA@H@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Gettrue@_Locinfo@std@@QEBAPEBDXZ
?_Getfalse@_Locinfo@std@@QEBAPEBDXZ
??Bid@locale@std@@QEAA_KXZ
?id@?$numpunct@_W@std@@2V0locale@2@A
?_Getlconv@_Locinfo@std@@QEBAPEBUlconv@@XZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memcpy
memmove
__current_exception
__current_exception_context
memset
__std_exception_copy
_set_se_translator
__std_type_info_destroy_list
__std_exception_destroy
wcsstr
wcschr
__std_terminate
__C_specific_handler
memcmp
_CxxThrowException
wcsrchr
_purecall

api-ms-win-crt-heap-l1-1-0

_callnewh
malloc
free
calloc

api-ms-win-crt-runtime-l1-1-0

_initterm_e
terminate
_cexit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_invalid_parameter_noinfo_noreturn
_initterm

api-ms-win-crt-locale-l1-1-0

_free_locale
_create_locale
setlocale

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf
__stdio_common_vswprintf

api-ms-win-crt-string-l1-1-0

wcsncpy
_wcsicmp
_wcsnicmp
wcsncmp

api-ms-win-crt-utility-l1-1-0

srand

api-ms-win-crt-convert-l1-1-0

_wcstoui64

api-ms-win-crt-math-l1-1-0

_fdsign
_ldsign
_dsign
_ldclass
_dclass
_fdclass

advapi32

RegQueryValueExW
RegCloseKey
RegCreateKeyExW
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
FreeSid
GetSidSubAuthorityCount
GetSidSubAuthority
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetLengthSid
InitializeAcl
AddAce
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegOpenKeyExW

Exports

Exports

GetAvgObject
GetAvgObject2

Sections

.text
Size: 620KB - Virtual size: 620KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 257KB - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

63e3f6325e5b64ece1f8254a52721c65

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

09:02:b3:6b:32:51:c3:28:08:3f:77:7c:a0:84:28:ffCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

a3:44:7d:02:cf:77:63:e9:82:fe:6c:f3:97:25:67:f0:a9:b7:aa:4e:2b:22:30:72:73:6a:f8:c8:a7:29:32:9cSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntdll

kernel32

msvcp140

vcruntime140_1

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

advapi32

Exports

Exports

Sections

.text Size: 620KB - Virtual size: 620KB

.rdata Size: 257KB - Virtual size: 256KB

.data Size: 3KB - Virtual size: 11KB

.pdata Size: 29KB - Virtual size: 29KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 3KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

09:02:b3:6b:32:51:c3:28:08:3f:77:7c:a0:84:28:ff
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

a3:44:7d:02:cf:77:63:e9:82:fe:6c:f3:97:25:67:f0:a9:b7:aa:4e:2b:22:30:72:73:6a:f8:c8:a7:29:32:9c
Signer

.text
Size: 620KB - Virtual size: 620KB

.rdata
Size: 257KB - Virtual size: 256KB

.data
Size: 3KB - Virtual size: 11KB

.pdata
Size: 29KB - Virtual size: 29KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 3KB