1a84fe11d3ab2131a507fb9070683ed0N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

1a84fe11d3ab2131a507fb9070683ed0N.exe
Size

560KB
MD5

1a84fe11d3ab2131a507fb9070683ed0
SHA1

ea1956533585e0e02fb911f41c2f04e0ddd10dcd
SHA256

e9392b71ca738b1f150a6cbea6461cb90b9dae28aad5be985644380429f2263b
SHA512

dcc5c6e335c61ab232382647e66d97d3d03688f84482578191a4709a9cffe63181369640325cec5265f4baada0e96864cc8aaceffcb66a865af17e042fa09bf5
SSDEEP

12288:vzCT0KNFQ8sK1hFT91tozm7ilsS49j4c0bTV4VnoBAh:vzCT/hl1hn1tbS8j12uoBq

Score

1^/10

Malware Config

Signatures

Files

1a84fe11d3ab2131a507fb9070683ed0N.exe
.exe windows:10 windows x64 arch:x64

1f142745b4b4ddc8794d78aa95adc986

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

94:4f:3d:2b:fa:05:a9:ef:6b:85:8a:8e:1e:f5:e8:60:ee:48:98:c3:f7:20:16:d1:0b:7c:ab:5f:ef:d9:ae:d0
Signer

Actual PE Digest

94:4f:3d:2b:fa:05:a9:ef:6b:85:8a:8e:1e:f5:e8:60:ee:48:98:c3:f7:20:16:d1:0b:7c:ab:5f:ef:d9:ae:d0

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

MoNotificationUx.pdb

Imports

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventWriteTransfer
EventActivityIdControl
EventSetInformation
EventRegister

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetStartupInfoW
GetCurrentProcessId
OpenProcessToken
GetCurrentThreadId

api-ms-win-core-localization-l1-2-0

LCMapStringEx
GetLocaleInfoEx
FormatMessageW
FormatMessageA

api-ms-win-core-errorhandling-l1-1-0

RaiseException
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError
GetLastError

api-ms-win-core-version-l1-1-0

GetFileVersionInfoExW
GetFileVersionInfoSizeExW
VerQueryValueW

api-ms-win-core-version-l1-1-1

GetFileVersionInfoW
GetFileVersionInfoSizeW

api-ms-win-core-com-l1-1-0

CoCreateGuid
CoTaskMemFree
CoTaskMemAlloc
CoInitializeEx
CoUninitialize
CoCreateInstance

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameW
GetModuleHandleW
LoadStringW
LoadLibraryExW
FreeLibrary
GetModuleFileNameA
GetModuleHandleExW
GetProcAddress

api-ms-win-core-psapi-l1-1-0

K32GetModuleFileNameExW
QueryFullProcessImageNameW

api-ms-win-core-console-l1-2-0

FreeConsole
AttachConsole

api-ms-win-shcore-obsolete-l1-1-0

CommandLineToArgvW

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle
ExpandEnvironmentStringsW
GetCommandLineW

api-ms-win-core-console-l1-1-0

WriteConsoleW

rpcrt4

UuidCreate

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete
Sleep

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-synch-l1-1-0

CreateMutexExW
OpenSemaphoreW
DeleteCriticalSection
WaitForSingleObjectEx
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
AcquireSRWLockExclusive
CreateEventW
CreateSemaphoreExW
ReleaseSemaphore
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
ReleaseSRWLockExclusive
ReleaseMutex
WaitForSingleObject

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-handle-l1-1-0

CloseHandle

shell32

SHQueryUserNotificationState

api-ms-win-crt-string-l1-1-0

wcsnlen
__strncnt
strcspn

api-ms-win-crt-locale-l1-1-0

_unlock_locales
_lock_locales

api-ms-win-crt-private-l1-1-0

_o__exit
_o__free_base
_o__get_wide_winmain_command_line
_o__gmtime64_s
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__malloc_base
_o__mkgmtime64
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_errno
_o__set_fmode
_o__set_new_mode
_o__W_Getdays
_o__W_Getmonths
_o__wcsdup
_o__wcsicmp
_o_abort
_o_calloc
_o_exit
_o_free
_o_frexp
_o_islower
_o_isspace
_o_isupper
_o_iswspace
_o_localeconv
_o_malloc
_o_realloc
_o_setlocale
_o_strncpy_s
_o_strtol
_o_terminate
_o_tolower
_o_wcsftime
_o_wcstol
_o__crt_atexit
_o__configure_wide_argv
_o____mb_cur_max_func
_o____lc_locale_name_func
_o____lc_collate_cp_func
_o__configthreadlocale
_o____lc_codepage_func
_o__errno
_o__cexit
_o__calloc_base
_o__callnewh
_o___std_exception_destroy
_o___std_exception_copy
_o___pctype_func
_o___stdio_common_vswprintf
_o___p__commode
_o___stdio_common_vsprintf_s
_o___stdio_common_vsnprintf_s

ntdll

NtQueryWnfStateData
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlSubscribeWnfStateChangeNotification

api-ms-win-core-string-l1-1-0

GetStringTypeW
MultiByteToWideChar
CompareStringEx
WideCharToMultiByte

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-rtlsupport-l1-1-0

RtlUnwindEx
RtlLookupFunctionEntry
RtlUnwind
RtlVirtualUnwind
RtlCaptureContext
RtlPcToFileHeader

api-ms-win-core-processthreads-l1-1-1

OpenProcess
IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-sysinfo-l1-1-0

GetLocalTime
GetSystemTime
GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-fibers-l1-1-0

FlsAlloc
FlsSetValue
FlsGetValue
FlsFree

api-ms-win-eventing-controller-l1-1-0

StartTraceW
ControlTraceW
EnableTraceEx2

api-ms-win-eventing-legacy-l1-1-0

QueryTraceW

api-ms-win-core-featurestaging-l1-1-0

UnsubscribeFeatureStateChangeNotification
SubscribeFeatureStateChangeNotification
RecordFeatureUsage

api-ms-win-power-base-l1-1-0

CallNtPowerInformation

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime
TzSpecificLocalTimeToSystemTime

oleaut32

SetErrorInfo
SysFreeString
SysStringLen

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW

api-ms-win-security-base-l1-1-0

AdjustTokenPrivileges

api-ms-win-core-shutdown-l1-1-1

InitiateShutdownW

api-ms-win-power-setting-l1-1-0

PowerSettingUnregisterNotification
PowerSettingRegisterNotification

api-ms-win-core-windowserrorreporting-l1-1-0

GetApplicationRestartSettings

ext-ms-win-shell32-shellfolders-l1-1-0

SHGetKnownFolderPath

api-ms-win-core-registry-l1-1-0

RegEnumValueW
RegCloseKey
RegOpenKeyExW

shlwapi

ord354

user32

EnumWindows
GetWindowThreadProcessId
GetWindowLongPtrW

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_c_exit
_initterm_e
_initterm

api-ms-win-core-file-l1-1-0

FindFirstFileW
CreateDirectoryW
FindFirstFileExW
CreateFileW
FindClose
FindNextFileW
GetFileAttributesExW
SetFileInformationByHandle
CompareFileTime

api-ms-win-core-file-l2-1-0

GetFileInformationByHandleEx

api-ms-win-core-sysinfo-l1-2-0

GetSystemTimePreciseAsFileTime

Sections

.text
Size: 423KB - Virtual size: 422KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1f142745b4b4ddc8794d78aa95adc986

Code Sign

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60Certificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

94:4f:3d:2b:fa:05:a9:ef:6b:85:8a:8e:1e:f5:e8:60:ee:48:98:c3:f7:20:16:d1:0b:7c:ab:5f:ef:d9:ae:d0Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-version-l1-1-0

api-ms-win-core-version-l1-1-1

api-ms-win-core-com-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-psapi-l1-1-0

api-ms-win-core-console-l1-2-0

api-ms-win-shcore-obsolete-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-console-l1-1-0

rpcrt4

api-ms-win-core-synch-l1-2-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-handle-l1-1-0

shell32

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-private-l1-1-0

ntdll

api-ms-win-core-string-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-fibers-l1-1-0

api-ms-win-eventing-controller-l1-1-0

api-ms-win-eventing-legacy-l1-1-0

api-ms-win-core-featurestaging-l1-1-0

api-ms-win-power-base-l1-1-0

api-ms-win-core-timezone-l1-1-0

oleaut32

api-ms-win-security-lsalookup-l2-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-shutdown-l1-1-1

api-ms-win-power-setting-l1-1-0

api-ms-win-core-windowserrorreporting-l1-1-0

ext-ms-win-shell32-shellfolders-l1-1-0

api-ms-win-core-registry-l1-1-0

shlwapi

user32

api-ms-win-crt-runtime-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-file-l2-1-0

api-ms-win-core-sysinfo-l1-2-0

Sections

.text Size: 423KB - Virtual size: 422KB

.rdata Size: 102KB - Virtual size: 102KB

.data Size: 2KB - Virtual size: 6KB

.pdata Size: 18KB - Virtual size: 18KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

33:00:00:04:60:cf:42:a9:12:31:5f:6f:b3:00:00:00:00:04:60
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

94:4f:3d:2b:fa:05:a9:ef:6b:85:8a:8e:1e:f5:e8:60:ee:48:98:c3:f7:20:16:d1:0b:7c:ab:5f:ef:d9:ae:d0
Signer

.text
Size: 423KB - Virtual size: 422KB

.rdata
Size: 102KB - Virtual size: 102KB

.data
Size: 2KB - Virtual size: 6KB

.pdata
Size: 18KB - Virtual size: 18KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB