f19757a1ea68f619315f7480b329ad70N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

f19757a1ea68f619315f7480b329ad70N.exe
Size

1.9MB
MD5

f19757a1ea68f619315f7480b329ad70
SHA1

7b0afda1fa01a6af012ec21c3a8e451685ab1865
SHA256

a56480398bd479d6e3395b4fe428cde21cd30043f0fda733f2e9304dbcd1a851
SHA512

7c3f6872a7c8e32722ff4f6582a00a7674fb5d59b4c2f56aa482227052032206914f1a2babb9c0824a30c46d6c1a85ba04a8818a3075f1d252d6c099d76c4b68
SSDEEP

49152:ADGZRFJMRFJMRFJMRFJ0r5GQsMzr5GQsMD:eGjGGGwsM9sMD

Score

1^/10

Malware Config

Signatures

Files

f19757a1ea68f619315f7480b329ad70N.exe
.exe windows:4 windows x86 arch:x86

fa6172b2c7144c0c4c3047023c019acd

Code Sign

08:fe:4d:eb:33:ad:cc:d2
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,C=US

Not Before

23/09/2023, 00:00

Not After

23/09/2028, 00:00

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

af:45:1b:fd:61:98:a5:5a:3e:b8:6e:8d:2e:74:52:0d:09:44:eb:2c:af:d4:f2:23:b5:7e:21:5c:ff:97:81:a8
Signer

Actual PE Digest

af:45:1b:fd:61:98:a5:5a:3e:b8:6e:8d:2e:74:52:0d:09:44:eb:2c:af:d4:f2:23:b5:7e:21:5c:ff:97:81:a8

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\df8ds0f8ds8f90sd8f90ds8f8df

Imports

kernel32

GetThreadLocale
GetVersion
MultiByteToWideChar
WideCharToMultiByte
GetLocaleInfoA
lstrlenA
HeapAlloc
GetProcessHeap
GetProcAddress
LoadLibraryA
GetLocalTime
GetLastError
DeleteCriticalSection
RaiseException
GetACP
InterlockedExchange
GetVersionExA
GetModuleFileNameW
OpenFileMappingA
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
WaitForSingleObject
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
DebugBreak
GetStdHandle
WriteFile
OutputDebugStringA
GetModuleFileNameA
RtlUnwind
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
IsBadWritePtr
IsBadReadPtr
HeapValidate
GetCPInfo
LCMapStringA
LCMapStringW
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
GetModuleHandleA
SetLastError
GetCurrentThread
HeapFree
SetUnhandledExceptionFilter
HeapReAlloc
VirtualFree
SetFilePointer
FlushFileBuffers
CloseHandle
IsBadCodePtr
GetStringTypeA
GetStringTypeW
IsValidLocale
IsValidCodePage
EnumSystemLocalesA
GetUserDefaultLCID
GetOEMCP
SetStdHandle
ReadFile
GetLocaleInfoW
SetEvent
OpenEventA
lstrcpyA
lstrcpyW
OutputDebugStringW
lstrcpynW

user32

DispatchMessageA
DispatchMessageW
TranslateMessage
GetMessageA
GetMessageW
IsWindowUnicode
PeekMessageA
MsgWaitForMultipleObjects

winspool.drv

ConfigurePortW

advapi32

SetThreadToken
OpenThreadToken
RevertToSelf

ole32

CoReleaseMarshalData
CoMarshalInterface
CreateStreamOnHGlobal
CoUnmarshalInterface
CoRevokeClassObject
CoRegisterClassObject

Sections

.text
Size: 292KB - Virtual size: 289KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

fa6172b2c7144c0c4c3047023c019acd

Code Sign

08:fe:4d:eb:33:ad:cc:d2Certificate

Extended Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

af:45:1b:fd:61:98:a5:5a:3e:b8:6e:8d:2e:74:52:0d:09:44:eb:2c:af:d4:f2:23:b5:7e:21:5c:ff:97:81:a8Signer

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

winspool.drv

advapi32

ole32

Sections

.text Size: 292KB - Virtual size: 289KB

.rdata Size: 32KB - Virtual size: 31KB

.data Size: 8KB - Virtual size: 54KB

08:fe:4d:eb:33:ad:cc:d2
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

af:45:1b:fd:61:98:a5:5a:3e:b8:6e:8d:2e:74:52:0d:09:44:eb:2c:af:d4:f2:23:b5:7e:21:5c:ff:97:81:a8
Signer

.text
Size: 292KB - Virtual size: 289KB

.rdata
Size: 32KB - Virtual size: 31KB

.data
Size: 8KB - Virtual size: 54KB