a909bef708a47ae428fedbc566132c56f15ae7511dc460cf22055ec1a72d485a[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

a909bef708a47ae428fedbc566132c56f15ae7511dc460cf22055ec1a72d485a.exe
Size

801KB
MD5

41dcc29d7eaba7b84fd54323394712af
SHA1

ddc0100723cc2dc9ae8b02a0cb7fe4a86c02d54b
SHA256

a909bef708a47ae428fedbc566132c56f15ae7511dc460cf22055ec1a72d485a
SHA512

5a3e8c1eda558e0b90470d752490bc4d04610f93e453cbfd9013a363cfdf5e607974d526c49efe2ef0440e241d775b66bd7c48c74ee9e8677a37cdedc30c42ee
SSDEEP

6144:xmbuKA33X1rgMuu+xdaXkW+zF6m8XZPELSrPzA:x6XA33X1rTuuyrVZ6m8XGH

Score

1^/10

Malware Config

Signatures

Files

a909bef708a47ae428fedbc566132c56f15ae7511dc460cf22055ec1a72d485a.exe
.exe windows:6 windows x64 arch:x64

4e6daa53b6a4296d290f063798771713

Code Sign

0b:de:83:ae:2f:95:07:36:d3:b5:9b:0e:0d:23:c2:16
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

31-10-2019 00:00

Not After

04-11-2022 12:00

Subject

CN=OpenVPN Inc.,O=OpenVPN Inc.,L=Pleasanton,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29-03-2022 00:00

Not After

14-03-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:15:60:47:93:98:09:ec:e0:d6:95:0d:62:41:48:a5:32:98:da:c5:9e:93:16:49:2b:5f:dc:e6:be:43:f7:d3
Signer

Actual PE Digest

2f:15:60:47:93:98:09:ec:e0:d6:95:0d:62:41:48:a5:32:98:da:c5:9e:93:16:49:2b:5f:dc:e6:be:43:f7:d3

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

wtsapi32

WTSUnRegisterSessionNotification
WTSRegisterSessionNotification

netapi32

NetLocalGroupGetMembers
NetApiBufferFree

ws2_32

ioctlsocket
recv
WSACleanup
connect
send
socket
closesocket
WSAAsyncSelect
inet_addr
htons
ntohs
inet_ntoa
WSAStartup

winhttp

WinHttpCloseHandle
WinHttpDetectAutoProxyConfigUrl
WinHttpGetProxyForUrl
WinHttpGetIEProxyConfigForCurrentUser
WinHttpOpen

secur32

GetUserNameExW

comctl32

InitMUILanguage
PropertySheetW

crypt32

CryptBinaryToStringA
CryptStringToBinaryA
CryptUnprotectData
CryptProtectData

shlwapi

StrTrimA
PathIsRelativeW
UrlUnescapeA

advapi32

RegGetValueW
StartServiceW
QueryServiceStatus
OpenServiceW
OpenSCManagerW
ControlService
CloseServiceHandle
RegCopyTreeW
RegDeleteTreeW
RegSetValueExW
RegQueryValueExW
CryptGenRandom
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
ReportEventW
RegisterEventSourceW
DeregisterEventSource
RegOpenKeyExW
RegDeleteValueW
RegCreateKeyExW
RegCloseKey
LookupAccountNameW
LookupAccountSidW
GetTokenInformation
EqualSid
CreateWellKnownSid
CopySid
OpenProcessToken

shell32

Shell_NotifyIconW
SHCreateItemFromParsingName
ShellExecuteW
ShellExecuteExW

gdi32

SetPixel
SelectObject
GetPixel
DeleteObject
DeleteDC
CreateCompatibleDC
LPtoDP
SetTextColor
GetTextExtentPoint32W
GetDeviceCaps
GetStockObject

comdlg32

GetOpenFileNameW

ole32

CoCreateInstance
CoInitializeEx
CoUninitialize
CoTaskMemFree

wininet

HttpOpenRequestW
HttpQueryInfoA
HttpQueryInfoW
InternetReadFile
InternetConnectW
InternetCloseHandle
InternetOpenW
HttpSendRequestW
InternetSetOptionW
InternetSetOptionA

libcrypto-1_1-x64

i2d_PKCS12_fp
PKCS12_free
OPENSSL_init_crypto
d2i_PKCS12_fp
PKCS12_create
PKCS12_parse
OPENSSL_sk_pop_free
EVP_aes_256_cbc
EVP_PKEY_new
EVP_PKEY_free
X509_free
X509_alias_get0
PEM_read_PrivateKey
PEM_write_PrivateKey
PEM_write_PKCS8PrivateKey
ERR_get_error

kernel32

ExpandEnvironmentStringsW
ExitThread
GlobalFree
GetWindowsDirectoryW
RtlCaptureContext
RtlLookupFunctionEntry
SetEvent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetFileInformationByHandle
IsProcessorFeaturePresent
QueryPerformanceCounter
LocalFree
GetTempPathW
FormatMessageW
GetSystemTimeAsFileTime
InitializeSListHead
CreateEventW
CancelIo
PeekNamedPipe
SetNamedPipeHandleState
CreatePipe
SetHandleInformation
FindNextFileW
FindFirstFileW
FindClose
GetTickCount
OpenProcess
GetStartupInfoW
CreateProcessW
ResumeThread
GetCurrentThreadId
CreateThread
TerminateProcess
IsDebuggerPresent
RtlVirtualUnwind
GetCurrentProcessId
WriteFile
ReadFileEx
MulDiv
ReadFile
GetStdHandle
WideCharToMultiByte
MultiByteToWideChar
CopyFileW
CreateSemaphoreW
GetFileAttributesW
CreateFileW
CreateDirectoryW
VerifyVersionInfoW
LoadLibraryW
GetProcAddress
GetModuleHandleW
FreeLibrary
Sleep
GetCommandLineW
VerSetConditionMask
GetUserDefaultUILanguage
GetTimeFormatW
GetDateFormatW
FileTimeToSystemTime
EnumResourceLanguagesW
FindResourceW
SizeofResource
LoadResource
GetModuleFileNameW
FindResourceExW
FileTimeToLocalFileTime
CompareStringOrdinal
FreeEnvironmentStringsW
CloseHandle
GetLastError
ReleaseSemaphore
WaitForSingleObject
GetCurrentProcess
GetExitCodeProcess
GetSystemDirectoryW
GetEnvironmentStringsW

user32

PeekMessageW
PostMessageW
MoveWindow
EndDialog
GetDlgCtrlID
SetFocus
MsgWaitForMultipleObjectsEx
SetTimer
keybd_event
EnableWindow
IsWindowEnabled
SetPropW
GetPropW
RemovePropW
GetWindowTextW
CreateWindowExW
EnumThreadWindows
IsDialogMessageW
SetDlgItemTextA
LoadCursorW
FindWindowW
ReleaseDC
GetDC
GetMenuInfo
GetMenuItemID
GetDlgItemTextW
SetDlgItemTextW
GetWindowTextLengthW
KillTimer
SetDlgItemInt
GetDlgItemInt
CreatePopupMenu
DestroyMenu
CheckMenuItem
EnableMenuItem
AppendMenuW
SetMenuItemBitmaps
TrackPopupMenu
SetMenuInfo
GetCursorPos
GetIconInfo
SetCursor
DestroyWindow
GetClientRect
RegisterClassExW
GetSysColor
SetForegroundWindow
MessageBoxW
SendMessageW
SendMessageTimeoutW
ShowWindow
SetWindowPos
GetDlgItem
GetSystemMetrics
InvalidateRect
SetWindowTextW
GetWindowRect
HideCaret
ShowCaret
OffsetRect
CreateDialogIndirectParamW
DialogBoxIndirectParamW
CheckRadioButton
IsDlgButtonChecked
MessageBoxExW
SetWindowLongPtrW
LookupIconIdFromDirectory
CreateIconFromResourceEx
LoadImageW
RegisterWindowMessageW
GetMessageW
TranslateMessage
DispatchMessageW
DefWindowProcW
PostQuitMessage

vcruntime140

memset
strchr
memchr
memcpy
memmove
wcsstr
wcsrchr
strstr
wcschr
__current_exception_context
__current_exception
__C_specific_handler

api-ms-win-crt-string-l1-1-0

strncpy
iswctype
_wcsdup
isxdigit
strtok
strncmp
_wcsicmp
strspn
wcscspn
isalnum
wcsncat
wcsncpy_s
wcspbrk
wcsncmp
_wcsnicmp
_strdup
strcmp
_stricmp
strncpy_s
wcstok_s
wcsncpy

api-ms-win-crt-heap-l1-1-0

malloc
free
calloc
_set_new_mode
realloc

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vfwprintf
fclose
__p__commode
__stdio_common_vswprintf
__acrt_iob_func
clearerr
feof
ferror
fflush
fgets
_fileno
fopen
fread
fseek
ftell
fwrite
__stdio_common_vfprintf
_close
_lseek
_read
_setmode
_write
_open
_set_fmode
__stdio_common_vswscanf
_wfopen
__stdio_common_vsprintf
__stdio_common_vsscanf

api-ms-win-crt-time-l1-1-0

_wctime64
_time64

api-ms-win-crt-utility-l1-1-0

rand
srand

api-ms-win-crt-convert-l1-1-0

wcstol
strtod
_wtoi
strtol
strtoul
atoi

api-ms-win-crt-runtime-l1-1-0

_exit
exit
_register_onexit_function
_initialize_wide_environment
_initialize_onexit_table
_configure_wide_argv
_initterm
_cexit
_c_exit
_set_app_type
_seh_filter_exe
_register_thread_local_exe_atexit_callback
_crt_atexit
_get_wide_winmain_command_line
_initterm_e
terminate

api-ms-win-crt-filesystem-l1-1-0

_wstat64i32
_wunlink
_wsplitpath

api-ms-win-crt-environment-l1-1-0

_wgetenv_s
_wputenv_s

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Exports

Exports

OPENSSL_Applink
aslr_workaround

Sections

.text
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 658KB - Virtual size: 658KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4e6daa53b6a4296d290f063798771713

Code Sign

0b:de:83:ae:2f:95:07:36:d3:b5:9b:0e:0d:23:c2:16Certificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

2f:15:60:47:93:98:09:ec:e0:d6:95:0d:62:41:48:a5:32:98:da:c5:9e:93:16:49:2b:5f:dc:e6:be:43:f7:d3Signer

Headers

DLL Characteristics

File Characteristics

Imports

wtsapi32

netapi32

ws2_32

winhttp

secur32

comctl32

crypt32

shlwapi

advapi32

shell32

gdi32

comdlg32

ole32

wininet

libcrypto-1_1-x64

kernel32

user32

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Exports

Exports

Sections

.text Size: 91KB - Virtual size: 90KB

.rdata Size: 36KB - Virtual size: 35KB

.data Size: 1KB - Virtual size: 10KB

.pdata Size: 5KB - Virtual size: 5KB

.rsrc Size: 658KB - Virtual size: 658KB

.reloc Size: 512B - Virtual size: 136B

0b:de:83:ae:2f:95:07:36:d3:b5:9b:0e:0d:23:c2:16
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

2f:15:60:47:93:98:09:ec:e0:d6:95:0d:62:41:48:a5:32:98:da:c5:9e:93:16:49:2b:5f:dc:e6:be:43:f7:d3
Signer

.text
Size: 91KB - Virtual size: 90KB

.rdata
Size: 36KB - Virtual size: 35KB

.data
Size: 1KB - Virtual size: 10KB

.pdata
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 658KB - Virtual size: 658KB

.reloc
Size: 512B - Virtual size: 136B