25272f1b987ce1d8dc881c94d4c86c50N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

25272f1b987ce1d8dc881c94d4c86c50N.exe
Size

2.7MB
MD5

25272f1b987ce1d8dc881c94d4c86c50
SHA1

361abbbc1dfb43e2d7252a2b915cf1c871beec05
SHA256

5069ac12361cf7e1aa87d6029de6960856ff7d64924821bf36b0cf8d3942eb57
SHA512

495b35f0a099648e59bdf507cbe57578d3069588cea7eda5c7b3fa2317297890008d495596b4a20ddc98460f73dd07f4d75bff7c2c4c1823605e485cac64f3f2
SSDEEP

49152:lZBuCjt/SyZlrIrm+s4nSyNdIfQieBKwUZsU3hJQG99W2wXT0bzMlr/aG:d7xKwAm+VSkIIH2ZsU3lfq24lp

Score

1^/10

Malware Config

Signatures

Files

25272f1b987ce1d8dc881c94d4c86c50N.exe
.exe windows:5 windows x86 arch:x86

09377e8a1d8e13fd232912ef9d6d63b2

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

19/09/2018, 00:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

32:7a:0e:dc:4e:6f:47:da:bd:74:9f:6e
Certificate

Issuer

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

09/10/2023, 07:40

Not After

09/10/2026, 07:40

Subject

CN=ZOHO Corporation Private Limited,O=ZOHO Corporation Private Limited,L=Chennai,ST=Tamil Nadu,C=IN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

91:f5:fc:24:34:c7:48:4c:a5:7c:97:1f:d4:1c:b9:32:43:f9:52:0e:47:cc:36:f7:f0:33:9c:e3:65:10:3e:05
Signer

Actual PE Digest

91:f5:fc:24:34:c7:48:4c:a5:7c:97:1f:d4:1c:b9:32:43:f9:52:0e:47:cc:36:f7:f0:33:9c:e3:65:10:3e:05

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Webhost\28-06-2024\WindowsBuilds\BSP_NATIVE\8615208\browsermanagement_msi\SA_SRC\native\agent\Release\bmagent.pdb

Imports

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoA

dclibxml2

xmlCleanupParser
xmlFreeDoc
xmlDocGetRootElement
xmlParseFile
xmlFreeTextReader
xmlNewTextReaderFilename
xmlTextReaderName
xmlTextReaderDepth
xmlTextReaderAttributeCount
xmlTextReaderValue
xmlTextReaderGetAttribute
xmlFree
xmlTextReaderRead
xmlStrcmp
xmlParseMemory
xmlNodeListGetString

dcagenthttp

AgentSendRequestEx

iphlpapi

GetAdaptersInfo

userenv

CreateEnvironmentBlock
RefreshPolicyEx
UnloadUserProfile
DestroyEnvironmentBlock
LoadUserProfileA

crypt32

CertDeleteCertificateFromStore
CertVerifyTimeValidity
CertNameToStrW
CertFreeCertificateContext
CertGetNameStringA
CertFindCertificateInStore
CertCloseStore
CertAddCertificateContextToStore
CertEnumCertificatesInStore
CertOpenStore
CryptStringToBinaryA
CertCreateCertificateContext
PFXImportCertStore
PFXVerifyPassword

kernel32

GetTickCount
UnlockFileEx
GetProcessHeap
GetSystemTimeAsFileTime
FormatMessageA
WriteFile
InitializeCriticalSection
WideCharToMultiByte
FormatMessageW
GetVersionExW
HeapDestroy
LeaveCriticalSection
GetFileAttributesA
HeapCreate
HeapValidate
GetFileAttributesW
ReadFile
FlushFileBuffers
GetTempPathW
HeapSize
LockFileEx
EnterCriticalSection
GetDiskFreeSpaceW
LoadLibraryA
CreateFileMappingA
CreateFileMappingW
GetDiskFreeSpaceA
GetSystemInfo
GetFileAttributesExW
DeleteCriticalSection
GetCurrentThreadId
OutputDebugStringA
GetVersionExA
GetCurrentProcessId
GetTempPathA
LocalFree
AreFileApisANSI
GetUserDefaultLangID
FileTimeToSystemTime
GetFileTime
lstrlenW
GetLocalTime
CreateMutexA
SuspendThread
ResumeThread
GetModuleHandleA
FindFirstFileA
GetCurrentProcess
GetLocaleInfoA
Process32Next
Process32First
GetFileSizeEx
FindNextFileA
GetTimeZoneInformation
CreateProcessA
SetCurrentDirectoryA
GetCurrentDirectoryA
SystemTimeToTzSpecificLocalTime
CreateThread
CopyFileA
DeleteTimerQueue
CreateTimerQueue
CreateTimerQueueTimer
CreateDirectoryA
CopyFileW
OutputDebugStringW
GlobalFree
GlobalAlloc
GetComputerNameExW
SetLastError
ProcessIdToSessionId
GetSystemDirectoryA
GetVersion
lstrcmpiA
GetNativeSystemInfo
DisconnectNamedPipe
ConnectNamedPipe
CreateNamedPipeA
lstrcmpW
GetFileAttributesExA
GetWindowsDirectoryW
ResetEvent
CreateEventW
RemoveDirectoryW
GetModuleFileNameA
InterlockedIncrement
InterlockedExchange
GetStringTypeW
GetFullPathNameW
lstrcpyW
CreateToolhelp32Snapshot
FindNextFileW
Process32NextW
Process32FirstW
FindClose
LoadLibraryW
OpenProcess
CreateDirectoryW
CompareFileTime
FindFirstFileW
ReleaseMutex
GetProcAddress
FreeLibrary
CreateMutexW
GetEnvironmentVariableW
LockResource
SizeofResource
InterlockedDecrement
LoadResource
FindResourceW
FindResourceExW
lstrlenA
Sleep
DeleteFileA
DeleteFileW
CloseHandle
MultiByteToWideChar
CreateFileW
GetSystemTime
SetCurrentDirectoryW
GetCurrentDirectoryW
GetLastError
GetEnvironmentVariableA
TerminateProcess
GetExitCodeProcess
WaitForSingleObject
SetUnhandledExceptionFilter
CreateProcessW
WaitForSingleObjectEx
EncodePointer
LockFile
DecodePointer
FlushViewOfFile
GetFullPathNameA
UnlockFile
InterlockedCompareExchange
HeapFree
QueryPerformanceCounter
SystemTimeToFileTime
HeapAlloc
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
TryEnterCriticalSection
SetFilePointer
HeapCompact
GetFileSize
CreateFileA
HeapReAlloc
GetLocaleInfoW
SetEvent
OpenEventA
RaiseException
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
SetEnvironmentVariableA
VirtualQuery
GetDriveTypeW
CreatePipe
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
SetStdHandle
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteConsoleW
GetConsoleMode
GetConsoleCP
VirtualAlloc
GetCurrentThread
IsBadReadPtr
GetCPInfo
GetCommandLineA
TlsFree
TlsSetValue
HeapSetInformation
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
HeapQueryInformation
GetStartupInfoW
ExitThread
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileExA
GetModuleHandleW
ExitProcess
RtlUnwind
GetFileInformationByHandle
PeekNamedPipe
GetFileType
GetTimeFormatA
GetDateFormatA
DuplicateHandle
LCMapStringW
CompareStringW
UnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
SetHandleCount
GetStdHandle

user32

MessageBoxA
wsprintfW
LoadStringA

advapi32

SetThreadToken
RegDeleteTreeW
LookupPrivilegeValueW
RegSaveKeyW
RegCreateKeyExW
RegDeleteKeyExW
RegRestoreKeyW
RegEnumValueA
LookupAccountSidA
OpenSCManagerW
OpenServiceW
QueryServiceStatus
CryptGetHashParam
GetTokenInformation
LookupPrivilegeNameA
LookupPrivilegeValueA
AdjustTokenPrivileges
CreateProcessAsUserW
LogonUserA
CreateProcessAsUserA
OpenThreadToken
RegisterEventSourceA
ReportEventA
DeregisterEventSource
RegOpenKeyA
RegDeleteKeyA
RegDeleteValueW
RegDeleteValueA
RegSetValueExW
RegCreateKeyExA
CloseServiceHandle
ControlService
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptAcquireContextA
CryptGetUserKey
CryptGenKey
CryptReleaseContext
CryptDestroyKey
ImpersonateLoggedOnUser
RegOpenCurrentUser
RevertToSelf
RegSetValueExA
RegQueryValueExA
RegQueryValueExW
RegEnumValueW
GetUserNameW
RegEnumKeyA
RegGetValueW
RegQueryInfoKeyW
OpenProcessToken
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyA
RegOpenKeyExA

shell32

SHCreateDirectoryExA
SHGetKnownFolderPath
SHCreateDirectoryExW

ole32

CoCreateInstance
CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
CoTaskMemFree
CLSIDFromString
CoUninitialize

oleaut32

SysStringLen
SafeArrayGetUBound
SysFreeString
SafeArrayUnaccessData
VariantInit
SafeArrayDestroy
SafeArrayAccessData
VariantClear
SafeArrayGetLBound
SysAllocString
SysAllocStringByteLen

odbc32

ord39
ord29
ord36
ord8
ord4
ord13
ord26
ord72
ord43
ord49
ord3
ord19
ord20
ord2
ord1
ord31
ord41
ord9
ord11
ord48
ord12
ord18
ord16

shlwapi

SHDeleteKeyA
PathFindExtensionA
PathIsDirectoryW
StrStrIA
PathIsDirectoryA
StrTrimA

wevtapi

EvtRender
EvtSubscribe
EvtCreateRenderContext
EvtNext
EvtClose

wintrust

CryptCATAdminCalcHashFromFileHandle
CryptCATAdminReleaseCatalogContext
CryptCATAdminReleaseContext
CryptCATCatalogInfoFromContext
WinVerifyTrust
CryptCATAdminAcquireContext
CryptCATAdminEnumCatalogFromHash

ws2_32

WSAStartup
WSAGetLastError
WSACleanup

netapi32

NetGetJoinInformation
NetApiBufferFree
DsGetDcNameA

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationA
WTSEnumerateSessionsA

winhttp

WinHttpSetStatusCallback
WinHttpOpen
WinHttpConnect
WinHttpOpenRequest
WinHttpCloseHandle
WinHttpReceiveResponse
WinHttpSetOption
WinHttpQueryHeaders
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpSendRequest
WinHttpWriteData
WinHttpQueryOption
WinHttpSetCredentials
WinHttpAddRequestHeaders

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384KB - Virtual size: 383KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 95KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

09377e8a1d8e13fd232912ef9d6d63b2

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6aCertificate

Key Usages

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54Certificate

Extended Key Usages

Key Usages

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47Certificate

Extended Key Usages

Key Usages

32:7a:0e:dc:4e:6f:47:da:bd:74:9f:6eCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

91:f5:fc:24:34:c7:48:4c:a5:7c:97:1f:d4:1c:b9:32:43:f9:52:0e:47:cc:36:f7:f0:33:9c:e3:65:10:3e:05Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

dclibxml2

dcagenthttp

iphlpapi

userenv

crypt32

kernel32

user32

advapi32

shell32

ole32

oleaut32

odbc32

shlwapi

wevtapi

wintrust

ws2_32

netapi32

wtsapi32

winhttp

Sections

.text Size: 2.1MB - Virtual size: 2.1MB

.rdata Size: 384KB - Virtual size: 383KB

.data Size: 95KB - Virtual size: 107KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 107KB - Virtual size: 107KB

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

32:7a:0e:dc:4e:6f:47:da:bd:74:9f:6e
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

91:f5:fc:24:34:c7:48:4c:a5:7c:97:1f:d4:1c:b9:32:43:f9:52:0e:47:cc:36:f7:f0:33:9c:e3:65:10:3e:05
Signer

.text
Size: 2.1MB - Virtual size: 2.1MB

.rdata
Size: 384KB - Virtual size: 383KB

.data
Size: 95KB - Virtual size: 107KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 107KB - Virtual size: 107KB