9c1e0c8c5b9b9fe9d0aa533fb7d9d1b57db98fd70c4f66a26a3ed9e06ac132a7

Sharing

Copy URL

Twitter E-mail

General

Target

9c1e0c8c5b9b9fe9d0aa533fb7d9d1b57db98fd70c4f66a26a3ed9e06ac132a7
Size

432KB
MD5

623c11f1cc569ccfd93108ebf4133413
SHA1

16b9fa77c4f84ec4db8016e71a0c3872a7386691
SHA256

9c1e0c8c5b9b9fe9d0aa533fb7d9d1b57db98fd70c4f66a26a3ed9e06ac132a7
SHA512

d081e4333c29b97488d1fa3431770fdf5741e2ba4fd737307ee3f1dad8c1e60499cd8baa8ae1169c3c083072b7eb95cc11dbcdd40b91ed6e3c9523e077a8624a
SSDEEP

6144:WF3ZDTacQi3u1dKwUycSRxz3CeRrkDpwohLqqDG/hzIGkfIEa+V34:8DtLuRvcWxbRg1woAq6pzIJfRfVI

Score

1^/10

Malware Config

Signatures

Files

9c1e0c8c5b9b9fe9d0aa533fb7d9d1b57db98fd70c4f66a26a3ed9e06ac132a7
.exe windows:6 windows x64 arch:x64

cd70821d98f88c43b12e7452f20ee35f

Code Sign

23:d2:ca:ae:31:b7:54:60:ac:db:d1:b4:2d:6e:77:43
Certificate

Issuer

CN=SSL.com EV Code Signing Intermediate CA RSA R3,O=SSL Corp,L=Houston,ST=Texas,C=US

Not Before

15-06-2024 03:34

Not After

14-06-2025 04:12

Subject

SERIALNUMBER=91522730MA6DJY9R40,CN=Guizhou Qi'ang Kangyuan Rosa Roxburghii Development Co.\, Ltd.,O=Guizhou Qi'ang Kangyuan Rosa Roxburghii Development Co.\, Ltd.,L=Qiannan Buyi and Miao Autonomous Prefecture,ST=Guizhou,C=CN,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

42:4b:6a:53:ce:c7:66:14:1c:2a:63:b1:a5:1c:41:04
Certificate

Issuer

CN=SSL.com EV Root Certification Authority RSA R2,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

26-03-2019 17:44

Not After

22-03-2034 17:44

Subject

CN=SSL.com EV Code Signing Intermediate CA RSA R3,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

50:ec:92:9b:2c:aa:90:a9:75:3d:48:17:7b:43:44:b8:66:e8:4d:77:3f:f4:4a:88:25:0c:4e:05:60:55:80:ae
Signer

Actual PE Digest

50:ec:92:9b:2c:aa:90:a9:75:3d:48:17:7b:43:44:b8:66:e8:4d:77:3f:f4:4a:88:25:0c:4e:05:60:55:80:ae

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\benja\source\repos\AppControl\APEXScan\x64\Release\APEXScan.pdb

Imports

kernel32

WideCharToMultiByte
GetCurrentProcess
GetModuleHandleA
GetProcAddress
GetCurrentProcessId
GetSystemDirectoryW
GlobalFree
LoadLibraryW
FreeLibrary
FindFirstFileW
FindClose
GetModuleHandleW
FindNextFileW
FormatMessageW
FormatMessageA
TerminateProcess
GetFileSizeEx
GetFileAttributesW
MultiByteToWideChar
SetFilePointer
LockFileEx
UnlockFileEx
FlushFileBuffers
WriteConsoleW
GetConsoleMode
GetConsoleCP
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
GetModuleFileNameW
SetFilePointerEx
ResetEvent
SetEvent
Sleep
CreateEventW
LocalFree
CreateThread
LocalAlloc
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetSystemTimeAsFileTime
SystemTimeToFileTime
SetLastError
GetProcessHeap
DeleteCriticalSection
GetFileSize
HeapDestroy
DecodePointer
HeapAlloc
RaiseException
CloseHandle
ReadFile
HeapReAlloc
GetLastError
HeapSize
GetFileType
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetCommandLineW
GetCommandLineA
GetStdHandle
GetModuleHandleExW
ExitProcess
FindFirstFileExW
GetFileAttributesExW
LoadLibraryExW
RtlPcToFileHeader
CreateFileW
InitializeCriticalSectionEx
WriteFile
RtlUnwindEx
InitializeSListHead
GetCurrentThreadId
QueryPerformanceCounter
GetStartupInfoW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WaitForSingleObjectEx
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
EncodePointer
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SwitchToThread
InitializeCriticalSectionAndSpinCount
OutputDebugStringW
IsDebuggerPresent
HeapFree
CopyFileW
RtlUnwind

user32

MessageBoxW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

advapi32

RegOpenKeyExW
RegCloseKey
RegQueryValueExW

oleaut32

VariantClear

shlwapi

PathFindFileNameW
PathAddBackslashW

crypt32

CertGetCertificateContextProperty
CertGetNameStringW

wintrust

WTHelperGetProvCertFromChain
WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData
WinVerifyTrust

wininet

InternetCloseHandle
InternetOpenA
HttpQueryInfoW
HttpOpenRequestA
InternetConnectA
InternetSetOptionW
InternetReadFile
HttpSendRequestA

ws2_32

send
WSASetLastError
WSAStartup
inet_addr
WSAGetLastError
setsockopt
htons
recv
connect
closesocket
socket

winhttp

WinHttpOpen
WinHttpReceiveResponse
WinHttpQueryDataAvailable
WinHttpConnect
WinHttpQueryHeaders
WinHttpSendRequest
WinHttpGetProxyForUrl
WinHttpGetIEProxyConfigForCurrentUser
WinHttpCloseHandle
WinHttpSetOption
WinHttpOpenRequest
WinHttpReadData

Exports

Exports

?AESDecrypt@@YAXPEAE0H0H@Z
?AESEncrypt@@YAXPEAE0H0H@Z
DisableFsRedirection
DisableWow64FsRedirection
IsWow64
RevertFsRedirection
RevertWow64FsRedirection
get_error_message_s

Sections

.text
Size: 271KB - Virtual size: 271KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 123KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cd70821d98f88c43b12e7452f20ee35f

Code Sign

23:d2:ca:ae:31:b7:54:60:ac:db:d1:b4:2d:6e:77:43Certificate

Extended Key Usages

Key Usages

42:4b:6a:53:ce:c7:66:14:1c:2a:63:b1:a5:1c:41:04Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

50:ec:92:9b:2c:aa:90:a9:75:3d:48:17:7b:43:44:b8:66:e8:4d:77:3f:f4:4a:88:25:0c:4e:05:60:55:80:aeSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

version

advapi32

oleaut32

shlwapi

crypt32

wintrust

wininet

ws2_32

winhttp

Exports

Exports

Sections

.text Size: 271KB - Virtual size: 271KB

.rdata Size: 123KB - Virtual size: 122KB

.data Size: 9KB - Virtual size: 30KB

.pdata Size: 13KB - Virtual size: 12KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 3KB

23:d2:ca:ae:31:b7:54:60:ac:db:d1:b4:2d:6e:77:43
Certificate

42:4b:6a:53:ce:c7:66:14:1c:2a:63:b1:a5:1c:41:04
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

50:ec:92:9b:2c:aa:90:a9:75:3d:48:17:7b:43:44:b8:66:e8:4d:77:3f:f4:4a:88:25:0c:4e:05:60:55:80:ae
Signer

.text
Size: 271KB - Virtual size: 271KB

.rdata
Size: 123KB - Virtual size: 122KB

.data
Size: 9KB - Virtual size: 30KB

.pdata
Size: 13KB - Virtual size: 12KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 3KB