703d4357fc6c84703499e5a7aad53600N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

703d4357fc6c84703499e5a7aad53600N.exe
Size

4.0MB
MD5

703d4357fc6c84703499e5a7aad53600
SHA1

80753a17a3e2a72ef0c4c536a65ee6b7bd0710d1
SHA256

16af5a3f405dd889a94934b4ecc7df058210f101a8432ecefc19917c114b0394
SHA512

fcab35c5d9dc3b7411766c3addce8c37c620c3b1af0aa69c64d668b9004387d7375fee0c71077d2a934a37d6b4278c3b34484c6319dfc0bc715b561fc41e88e5
SSDEEP

98304:/6666666666666666666666666666666x666666666666666fwwwwwwwwwwwwww8:TDsLDYLYhB

Score

1^/10

Malware Config

Signatures

Files

703d4357fc6c84703499e5a7aad53600N.exe
.dll windows:5 windows x86 arch:x86

93dfdf1ae9f2b7d9cb3ea68c27841569

Code Sign

33:00:00:03:3e:63:3a:86:bf:41:73:d7:e0:00:00:00:00:03:3e
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/02/2023, 20:10

Not After

31/01/2024, 20:10

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4d:b6:3f:86:88:59:19:d2:a6:0c:3d:f7:a7:8b:fe:a4:06:17:80:04:af:e1:63:e9:1b:8a:32:6d:c6:1c:8a:ae
Signer

Actual PE Digest

4d:b6:3f:86:88:59:19:d2:a6:0c:3d:f7:a7:8b:fe:a4:06:17:80:04:af:e1:63:e9:1b:8a:32:6d:c6:1c:8a:ae

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\a\_work\e\src\out\Release\EBWebView\x86\EmbeddedBrowserWebView.dll.pdb

Imports

kernel32

AcquireSRWLockExclusive
AcquireSRWLockShared
AssignProcessToJobObject
CancelIo
CloseHandle
CompareStringW
ConnectNamedPipe
CreateDirectoryW
CreateEventW
CreateFileA
CreateFileMappingW
CreateFileW
CreateIoCompletionPort
CreateNamedPipeW
CreateProcessW
CreateThread
CreateToolhelp32Snapshot
DecodePointer
DeleteCriticalSection
DeleteProcThreadAttributeList
DisconnectNamedPipe
DuplicateHandle
EncodePointer
EnterCriticalSection
EnumSystemLocalesW
ExitProcess
ExpandEnvironmentStringsW
FileTimeToSystemTime
FindClose
FindFirstFileExW
FindFirstFileW
FindNextFileW
FlushFileBuffers
FlushViewOfFile
FormatMessageA
FormatMessageW
FreeEnvironmentStringsW
FreeLibrary
FreeLibraryAndExitThread
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetComputerNameExW
GetConsoleMode
GetConsoleOutputCP
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDateFormatW
GetDriveTypeW
GetEnvironmentStringsW
GetEnvironmentVariableW
GetExitCodeProcess
GetFileAttributesExW
GetFileAttributesW
GetFileInformationByHandle
GetFileSizeEx
GetFileType
GetFinalPathNameByHandleW
GetFullPathNameW
GetLastError
GetLocalTime
GetLocaleInfoEx
GetLocaleInfoW
GetLogicalDriveStringsW
GetLogicalProcessorInformation
GetLongPathNameW
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExA
GetModuleHandleExW
GetModuleHandleW
GetNamedPipeClientProcessId
GetNativeSystemInfo
GetOEMCP
GetPriorityClass
GetProcAddress
GetProcessHeap
GetProcessId
GetProductInfo
GetQueuedCompletionStatus
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemDirectoryW
GetSystemInfo
GetSystemTimeAsFileTime
GetTempPathW
GetThreadId
GetThreadPriority
GetTickCount64
GetTickCount
GetTimeFormatW
GetTimeZoneInformation
GetUserDefaultLCID
GetUserDefaultLangID
GetVersionExW
GetWindowsDirectoryW
GlobalLock
GlobalSize
GlobalUnlock
HeapAlloc
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
InitOnceExecuteOnce
InitializeConditionVariable
InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx
InitializeProcThreadAttributeList
InitializeSListHead
InitializeSRWLock
InterlockedFlushSList
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocale
IsWow64Process
K32GetModuleInformation
K32GetProcessMemoryInfo
K32QueryWorkingSetEx
LCMapStringW
LeaveCriticalSection
LoadLibraryExA
LoadLibraryExW
LoadLibraryW
LocalAlloc
LocalFree
MapViewOfFile
MultiByteToWideChar
OpenProcess
OutputDebugStringA
OutputDebugStringW
PostQueuedCompletionStatus
Process32FirstW
Process32NextW
QueryDosDeviceW
QueryFullProcessImageNameW
QueryInformationJobObject
QueryPerformanceCounter
QueryPerformanceFrequency
QueryThreadCycleTime
RaiseException
ReadConsoleW
ReadFile
RegisterWaitForSingleObject
ReleaseSRWLockExclusive
ReleaseSRWLockShared
ResetEvent
ResumeThread
RtlCaptureStackBackTrace
RtlUnwind
SetCurrentDirectoryW
SetEndOfFile
SetEnvironmentVariableW
SetEvent
SetFilePointerEx
SetHandleInformation
SetLastError
SetStdHandle
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
SleepConditionVariableSRW
SwitchToThread
SystemTimeToTzSpecificLocalTime
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryAcquireSRWLockExclusive
UnhandledExceptionFilter
UnmapViewOfFile
UnregisterWaitEx
UpdateProcThreadAttribute
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WaitForSingleObjectEx
WaitNamedPipeW
WakeAllConditionVariable
WakeConditionVariable
WideCharToMultiByte
WriteConsoleW
WriteFile
lstrcmpiW

oleaut32

SafeArrayCreateVector
SafeArrayGetDim
SafeArrayGetElement
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetVartype
SafeArrayPutElement
SysAllocString
SysAllocStringLen
SysFreeString
VariantClear
VariantCopy
VariantInit

ntdll

NtClose
NtOpenKeyEx
NtQueryValueKey
RtlFormatCurrentUserKeyPath
RtlFreeUnicodeString
RtlInitUnicodeString

Exports

Exports

??0IDataFieldVisitor@telemetry_client@@QAE@ABV01@@Z
??0IDataFieldVisitor@telemetry_client@@QAE@XZ
??1IDataFieldVisitor@telemetry_client@@UAE@XZ
??4IDataFieldVisitor@telemetry_client@@QAEAAV01@ABV01@@Z
??_7IDataFieldVisitor@telemetry_client@@6B@
CreateWebViewEnvironmentWithOptionsInternal
DllCanUnloadNow
GetHandleVerifier

Sections

.text
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 624KB - Virtual size: 623KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rodata
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 165B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CPADinfo
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

malloc_h
Size: 512B - Virtual size: 193B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 126KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

93dfdf1ae9f2b7d9cb3ea68c27841569

Code Sign

33:00:00:03:3e:63:3a:86:bf:41:73:d7:e0:00:00:00:00:03:3eCertificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

4d:b6:3f:86:88:59:19:d2:a6:0c:3d:f7:a7:8b:fe:a4:06:17:80:04:af:e1:63:e9:1b:8a:32:6d:c6:1c:8a:aeSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

oleaut32

ntdll

Exports

Exports

Sections

.text Size: 3.1MB - Virtual size: 3.1MB

.rdata Size: 624KB - Virtual size: 623KB

.data Size: 21KB - Virtual size: 102KB

.00cfg Size: 512B - Virtual size: 8B

.rodata Size: 512B - Virtual size: 120B

.tls Size: 512B - Virtual size: 165B

CPADinfo Size: 512B - Virtual size: 40B

malloc_h Size: 512B - Virtual size: 193B

.rsrc Size: 66KB - Virtual size: 66KB

.reloc Size: 126KB - Virtual size: 125KB

33:00:00:03:3e:63:3a:86:bf:41:73:d7:e0:00:00:00:00:03:3e
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

4d:b6:3f:86:88:59:19:d2:a6:0c:3d:f7:a7:8b:fe:a4:06:17:80:04:af:e1:63:e9:1b:8a:32:6d:c6:1c:8a:ae
Signer

.text
Size: 3.1MB - Virtual size: 3.1MB

.rdata
Size: 624KB - Virtual size: 623KB

.data
Size: 21KB - Virtual size: 102KB

.00cfg
Size: 512B - Virtual size: 8B

.rodata
Size: 512B - Virtual size: 120B

.tls
Size: 512B - Virtual size: 165B

CPADinfo
Size: 512B - Virtual size: 40B

malloc_h
Size: 512B - Virtual size: 193B

.rsrc
Size: 66KB - Virtual size: 66KB

.reloc
Size: 126KB - Virtual size: 125KB