bd04be14e049851157f920b46b80a9c285c0d235b9d61607ddaf39babfda9f68

Sharing

Copy URL

Twitter E-mail

General

Target

bd04be14e049851157f920b46b80a9c285c0d235b9d61607ddaf39babfda9f68
Size

848KB
MD5

180119ca8fe2735dec25d29001a256bb
SHA1

a3029f9d8ab506dd213c096dbcdc75cdeba82a05
SHA256

bd04be14e049851157f920b46b80a9c285c0d235b9d61607ddaf39babfda9f68
SHA512

e75f34d9c6d4861812fe605ab5d1904732db0fbbc0323a43b36e316923919251beb920166d112ce13204f7eabef57799fb7c41274af99ef2f5315a1246f6156c
SSDEEP

6144:oae+9H9S3FrAEsSAZqM5mvw6cPi/yJJzD0N5eHXfVlYUB/VAA1SMNsFV5JRV+SMo:J9SSusbiyc5e3d1/V71AVNV+Ssc3Y8

Score

1^/10

Malware Config

Signatures

Files

bd04be14e049851157f920b46b80a9c285c0d235b9d61607ddaf39babfda9f68
.dll windows:6 windows x64 arch:x64

420f1b1eba5d9f1de2ccc2b639e132cd

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

bc:f3:28:98:da:18:8f:c0:a1:fe:95:d8:9e:ec:4e:fb
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

16/03/2023, 00:00

Not After

15/06/2026, 23:59

Subject

CN=BELLSOFT,O=BELLSOFT,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11/05/2022, 00:00

Not After

10/08/2033, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

7c:d4:47:7a:b3:4e:11:3e:e6:2e:fe:4e:3a:c2:69:f8:ad:7b:9d:24
Signer

Actual PE Digest

7c:d4:47:7a:b3:4e:11:3e:e6:2e:fe:4e:3a:c2:69:f8:ad:7b:9d:24

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

jsvml.pdb

Imports

kernel32

QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent

vcruntime140

__C_specific_handler
__std_type_info_destroy_list
memset

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_execute_onexit_table
_cexit

Exports

Exports

__jsvml_acos1_ha_e9
__jsvml_acos1_ha_ex
__jsvml_acos1_ha_l9
__jsvml_acos2_ha_e9
__jsvml_acos2_ha_ex
__jsvml_acos2_ha_l9
__jsvml_acos4_ha_e9
__jsvml_acos4_ha_l9
__jsvml_acos8_ha_z0
__jsvml_acosf16_ha_z0
__jsvml_acosf4_ha_e9
__jsvml_acosf4_ha_ex
__jsvml_acosf4_ha_l9
__jsvml_acosf8_ha_e9
__jsvml_acosf8_ha_l9
__jsvml_asin1_ha_e9
__jsvml_asin1_ha_ex
__jsvml_asin1_ha_l9
__jsvml_asin2_ha_e9
__jsvml_asin2_ha_ex
__jsvml_asin2_ha_l9
__jsvml_asin4_ha_e9
__jsvml_asin4_ha_l9
__jsvml_asin8_ha_z0
__jsvml_asinf16_ha_z0
__jsvml_asinf4_ha_e9
__jsvml_asinf4_ha_ex
__jsvml_asinf4_ha_l9
__jsvml_asinf8_ha_e9
__jsvml_asinf8_ha_l9
__jsvml_atan1_ha_e9
__jsvml_atan1_ha_ex
__jsvml_atan1_ha_l9
__jsvml_atan21_ha_e9
__jsvml_atan21_ha_ex
__jsvml_atan21_ha_l9
__jsvml_atan22_ha_e9
__jsvml_atan22_ha_ex
__jsvml_atan22_ha_l9
__jsvml_atan24_ha_e9
__jsvml_atan24_ha_l9
__jsvml_atan28_ha_z0
__jsvml_atan2_ha_e9
__jsvml_atan2_ha_ex
__jsvml_atan2_ha_l9
__jsvml_atan2f16_ha_z0
__jsvml_atan2f4_ha_e9
__jsvml_atan2f4_ha_ex
__jsvml_atan2f4_ha_l9
__jsvml_atan2f8_ha_e9
__jsvml_atan2f8_ha_l9
__jsvml_atan4_ha_e9
__jsvml_atan4_ha_l9
__jsvml_atan8_ha_z0
__jsvml_atanf16_ha_z0
__jsvml_atanf4_ha_e9
__jsvml_atanf4_ha_ex
__jsvml_atanf4_ha_l9
__jsvml_atanf8_ha_e9
__jsvml_atanf8_ha_l9
__jsvml_cbrt1_ha_e9
__jsvml_cbrt1_ha_ex
__jsvml_cbrt1_ha_l9
__jsvml_cbrt2_ha_e9
__jsvml_cbrt2_ha_ex
__jsvml_cbrt2_ha_l9
__jsvml_cbrt4_ha_e9
__jsvml_cbrt4_ha_l9
__jsvml_cbrt8_ha_z0
__jsvml_cbrtf16_ha_z0
__jsvml_cbrtf4_ha_e9
__jsvml_cbrtf4_ha_ex
__jsvml_cbrtf4_ha_l9
__jsvml_cbrtf8_ha_e9
__jsvml_cbrtf8_ha_l9
__jsvml_cos1_ha_e9
__jsvml_cos1_ha_ex
__jsvml_cos1_ha_l9
__jsvml_cos2_ha_e9
__jsvml_cos2_ha_ex
__jsvml_cos2_ha_l9
__jsvml_cos4_ha_e9
__jsvml_cos4_ha_l9
__jsvml_cos8_ha_z0
__jsvml_cosf16_ha_z0
__jsvml_cosf4_ha_e9
__jsvml_cosf4_ha_ex
__jsvml_cosf4_ha_l9
__jsvml_cosf8_ha_e9
__jsvml_cosf8_ha_l9
__jsvml_cosh1_ha_e9
__jsvml_cosh1_ha_ex
__jsvml_cosh1_ha_l9
__jsvml_cosh2_ha_e9
__jsvml_cosh2_ha_ex
__jsvml_cosh2_ha_l9
__jsvml_cosh4_ha_e9
__jsvml_cosh4_ha_l9
__jsvml_cosh8_ha_z0
__jsvml_coshf16_ha_z0
__jsvml_coshf4_ha_e9
__jsvml_coshf4_ha_ex
__jsvml_coshf4_ha_l9
__jsvml_coshf8_ha_e9
__jsvml_coshf8_ha_l9
__jsvml_exp1_ha_e9
__jsvml_exp1_ha_ex
__jsvml_exp1_ha_l9
__jsvml_exp2_ha_e9
__jsvml_exp2_ha_ex
__jsvml_exp2_ha_l9
__jsvml_exp4_ha_e9
__jsvml_exp4_ha_l9
__jsvml_exp8_ha_z0
__jsvml_expf16_ha_z0
__jsvml_expf4_ha_e9
__jsvml_expf4_ha_ex
__jsvml_expf4_ha_l9
__jsvml_expf8_ha_e9
__jsvml_expf8_ha_l9
__jsvml_expm11_ha_e9
__jsvml_expm11_ha_ex
__jsvml_expm11_ha_l9
__jsvml_expm12_ha_e9
__jsvml_expm12_ha_ex
__jsvml_expm12_ha_l9
__jsvml_expm14_ha_e9
__jsvml_expm14_ha_l9
__jsvml_expm18_ha_z0
__jsvml_expm1f16_ha_z0
__jsvml_expm1f4_ha_e9
__jsvml_expm1f4_ha_ex
__jsvml_expm1f4_ha_l9
__jsvml_expm1f8_ha_e9
__jsvml_expm1f8_ha_l9
__jsvml_hypot1_ha_e9
__jsvml_hypot1_ha_ex
__jsvml_hypot1_ha_l9
__jsvml_hypot2_ha_e9
__jsvml_hypot2_ha_ex
__jsvml_hypot2_ha_l9
__jsvml_hypot4_ha_e9
__jsvml_hypot4_ha_l9
__jsvml_hypot8_ha_z0
__jsvml_hypotf16_ha_z0
__jsvml_hypotf4_ha_e9
__jsvml_hypotf4_ha_ex
__jsvml_hypotf4_ha_l9
__jsvml_hypotf8_ha_e9
__jsvml_hypotf8_ha_l9
__jsvml_log101_ha_e9
__jsvml_log101_ha_ex
__jsvml_log101_ha_l9
__jsvml_log102_ha_e9
__jsvml_log102_ha_ex
__jsvml_log102_ha_l9
__jsvml_log104_ha_e9
__jsvml_log104_ha_l9
__jsvml_log108_ha_z0
__jsvml_log10f16_ha_z0
__jsvml_log10f4_ha_e9
__jsvml_log10f4_ha_ex
__jsvml_log10f4_ha_l9
__jsvml_log10f8_ha_e9
__jsvml_log10f8_ha_l9
__jsvml_log1_ha_e9
__jsvml_log1_ha_ex
__jsvml_log1_ha_l9
__jsvml_log1p1_ha_e9
__jsvml_log1p1_ha_ex
__jsvml_log1p1_ha_l9
__jsvml_log1p2_ha_e9
__jsvml_log1p2_ha_ex
__jsvml_log1p2_ha_l9
__jsvml_log1p4_ha_e9
__jsvml_log1p4_ha_l9
__jsvml_log1p8_ha_z0
__jsvml_log1pf16_ha_z0
__jsvml_log1pf4_ha_e9
__jsvml_log1pf4_ha_ex
__jsvml_log1pf4_ha_l9
__jsvml_log1pf8_ha_e9
__jsvml_log1pf8_ha_l9
__jsvml_log2_ha_e9
__jsvml_log2_ha_ex
__jsvml_log2_ha_l9
__jsvml_log4_ha_e9
__jsvml_log4_ha_l9
__jsvml_log8_ha_z0
__jsvml_logf16_ha_z0
__jsvml_logf4_ha_e9
__jsvml_logf4_ha_ex
__jsvml_logf4_ha_l9
__jsvml_logf8_ha_e9
__jsvml_logf8_ha_l9
__jsvml_pow1_ha_e9
__jsvml_pow1_ha_ex
__jsvml_pow1_ha_l9
__jsvml_pow2_ha_e9
__jsvml_pow2_ha_ex
__jsvml_pow2_ha_l9
__jsvml_pow4_ha_e9
__jsvml_pow4_ha_l9
__jsvml_pow8_ha_z0
__jsvml_powf16_ha_z0
__jsvml_powf4_ha_e9
__jsvml_powf4_ha_ex
__jsvml_powf4_ha_l9
__jsvml_powf8_ha_e9
__jsvml_powf8_ha_l9
__jsvml_sin1_ha_e9
__jsvml_sin1_ha_ex
__jsvml_sin1_ha_l9
__jsvml_sin2_ha_e9
__jsvml_sin2_ha_ex
__jsvml_sin2_ha_l9
__jsvml_sin4_ha_e9
__jsvml_sin4_ha_l9
__jsvml_sin8_ha_z0
__jsvml_sinf16_ha_z0
__jsvml_sinf4_ha_e9
__jsvml_sinf4_ha_ex
__jsvml_sinf4_ha_l9
__jsvml_sinf8_ha_e9
__jsvml_sinf8_ha_l9
__jsvml_sinh1_ha_e9
__jsvml_sinh1_ha_ex
__jsvml_sinh1_ha_l9
__jsvml_sinh2_ha_e9
__jsvml_sinh2_ha_ex
__jsvml_sinh2_ha_l9
__jsvml_sinh4_ha_e9
__jsvml_sinh4_ha_l9
__jsvml_sinh8_ha_z0
__jsvml_sinhf16_ha_z0
__jsvml_sinhf4_ha_e9
__jsvml_sinhf4_ha_ex
__jsvml_sinhf4_ha_l9
__jsvml_sinhf8_ha_e9
__jsvml_sinhf8_ha_l9
__jsvml_tan1_ha_e9
__jsvml_tan1_ha_ex
__jsvml_tan1_ha_l9
__jsvml_tan2_ha_e9
__jsvml_tan2_ha_ex
__jsvml_tan2_ha_l9
__jsvml_tan4_ha_e9
__jsvml_tan4_ha_l9
__jsvml_tan8_ha_z0
__jsvml_tanf16_ha_z0
__jsvml_tanf4_ha_e9
__jsvml_tanf4_ha_ex
__jsvml_tanf4_ha_l9
__jsvml_tanf8_ha_e9
__jsvml_tanf8_ha_l9
__jsvml_tanh1_ha_e9
__jsvml_tanh1_ha_ex
__jsvml_tanh1_ha_l9
__jsvml_tanh2_ha_e9
__jsvml_tanh2_ha_ex
__jsvml_tanh2_ha_l9
__jsvml_tanh4_ha_e9
__jsvml_tanh4_ha_l9
__jsvml_tanh8_ha_z0
__jsvml_tanhf16_ha_z0
__jsvml_tanhf4_ha_e9
__jsvml_tanhf4_ha_ex
__jsvml_tanhf4_ha_l9
__jsvml_tanhf8_ha_e9
__jsvml_tanhf8_ha_l9

Sections

.text
Size: 287KB - Virtual size: 286KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 514KB - Virtual size: 514KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

420f1b1eba5d9f1de2ccc2b639e132cd

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

bc:f3:28:98:da:18:8f:c0:a1:fe:95:d8:9e:ec:4e:fbCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43Certificate

Extended Key Usages

Key Usages

7c:d4:47:7a:b3:4e:11:3e:e6:2e:fe:4e:3a:c2:69:f8:ad:7b:9d:24Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

Exports

Exports

Sections

.text Size: 287KB - Virtual size: 286KB

.rdata Size: 28KB - Virtual size: 27KB

.data Size: 512B - Virtual size: 232B

.pdata Size: 6KB - Virtual size: 6KB

_RDATA Size: 514KB - Virtual size: 514KB

.rsrc Size: 1024B - Virtual size: 880B

.reloc Size: 512B - Virtual size: 20B

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

bc:f3:28:98:da:18:8f:c0:a1:fe:95:d8:9e:ec:4e:fb
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

7c:d4:47:7a:b3:4e:11:3e:e6:2e:fe:4e:3a:c2:69:f8:ad:7b:9d:24
Signer

.text
Size: 287KB - Virtual size: 286KB

.rdata
Size: 28KB - Virtual size: 27KB

.data
Size: 512B - Virtual size: 232B

.pdata
Size: 6KB - Virtual size: 6KB

_RDATA
Size: 514KB - Virtual size: 514KB

.rsrc
Size: 1024B - Virtual size: 880B

.reloc
Size: 512B - Virtual size: 20B