c5bbe93c4eced378b37a62af552909e0N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

c5bbe93c4eced378b37a62af552909e0N.exe
Size

5.1MB
MD5

c5bbe93c4eced378b37a62af552909e0
SHA1

3cbf9941286e4295810c25d975c2f7764d4e3d9c
SHA256

b2167ff4efb91e151229b429d49927dc933dcd07a9473b908fdb461b8711f173
SHA512

77352f454026212ef0229e1cbf32fc016cdb5e747c53395c51137d6e491ce8033bf9b9e0720df548ca4fcd1600fbd11f36d030e1da39ff157a6c79d7738d7145
SSDEEP

98304:x3SKUm9RLwc3FaXN8nncenhKwOuS4rfhfvPam59zMCr5lkWA:RPUd1uncenhKDuSYfvPluC9ldA

Score

1^/10

Malware Config

Signatures

Files

c5bbe93c4eced378b37a62af552909e0N.exe
.exe windows:6 windows x86 arch:x86

480c3099c3c955cc3fa732a8304ab39e

Code Sign

76:53:fe:ac:75:46:48:93:f5:e5:d7:4a:48:3a:4e:f8
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

18/03/2020, 00:00

Not After

18/03/2045, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

76:60:20:e0:a6:f4:43:1b:86:96:6f:44
Certificate

Issuer

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

21/09/2023, 14:59

Not After

21/09/2024, 14:59

Subject

CN=SCRYDE TECH DMCC,O=SCRYDE TECH DMCC,L=Dubai,ST=Dubai,C=AE,1.2.840.113549.1.9.1=#0c0e5274407363727964652e74656368

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:9b:ea:de:c8:4d:6b:8f:f7:6c:3a:9f:2e:01:24:16
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

07/11/2023, 17:13

Not After

09/12/2034, 17:13

Subject

CN=Globalsign TSA for CodeSign1 - R6 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3d:9f:93:4b:c8:b8:07:ae:4e:21:04:78:a5:7a:c6:c1:4f:98:5f:5b:e2:22:b2:35:07:a9:5c:b7:15:92:56:a3
Signer

Actual PE Digest

3d:9f:93:4b:c8:b8:07:ae:4e:21:04:78:a5:7a:c6:c1:4f:98:5f:5b:e2:22:b2:35:07:a9:5c:b7:15:92:56:a3

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

OpenProcessToken
GetTokenInformation
RegisterEventSourceW
CryptEncrypt
CryptImportKey
CryptHashData
CryptGenRandom
CryptGetHashParam
CryptAcquireContextA
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
ReportEventW
DeregisterEventSource

kernel32

WaitForSingleObjectEx
MoveFileExA
Sleep
GetTickCount
GetModuleHandleA
GetSystemDirectoryA
QueryPerformanceFrequency
SleepEx
InitializeCriticalSectionEx
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
FindNextFileW
FindFirstFileW
FindClose
LoadLibraryW
LoadLibraryA
FreeLibrary
ReadConsoleW
ReadConsoleA
SetConsoleMode
GetConsoleMode
ConvertFiberToThread
GetSystemTimeAsFileTime
GetCurrentProcessId
WriteConsoleW
HeapSize
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
GetFileAttributesExW
SetEndOfFile
GetFullPathNameW
GetCurrentDirectoryW
SetStdHandle
HeapReAlloc
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
HeapAlloc
HeapFree
GetConsoleOutputCP
SetFilePointerEx
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetFileInformationByHandle
GetDriveTypeW
CreateFileW
SetConsoleCtrlHandler
GetTimeZoneInformation
MoveFileExW
DeleteFileW
QueryPerformanceCounter
WideCharToMultiByte
FreeLibraryAndExitThread
ExitThread
CreateThread
GetEnvironmentVariableA
ReadFile
PeekNamedPipe
ExitProcess
LoadLibraryExW
DeleteFiber
GetModuleHandleExW
RtlUnwind
GetCPInfo
LCMapStringEx
DecodePointer
EncodePointer
CloseThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolWork
FreeLibraryWhenCallbackReturns
TryAcquireSRWLockExclusive
InitOnceBeginInitialize
InitOnceComplete
RaiseException
GetStringTypeW
GetExitCodeThread
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SleepConditionVariableSRW
WakeAllConditionVariable
GetFileSizeEx
CreateFileA
VerifyVersionInfoW
VerSetConditionMask
FormatMessageW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetCurrentThreadId
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
SetLastError
GetProcAddress
GetModuleHandleW
TerminateProcess
Process32NextW
QueryFullProcessImageNameW
OpenProcess
Process32FirstW
GlobalUnlock
CreateToolhelp32Snapshot
GetCurrentProcess
MultiByteToWideChar
GetLastError
CreateDirectoryW
GetFileAttributesW
GetModuleFileNameW
WritePrivateProfileStringW
GetPrivateProfileIntW
WriteFile
GlobalFree
GlobalLock
GlobalAlloc
SizeofResource
LockResource
LoadResource
FindResourceW
CloseHandle
ReleaseMutex
CreateMutexW
OpenMutexW
GetStdHandle
GetEnvironmentVariableW
GetFileType
WaitForMultipleObjects

user32

RegisterClassExW
CreateWindowExW
LoadIconW
SetWindowRgn
UpdateWindow
EnumDisplaySettingsW
MessageBoxA
SetForegroundWindow
ShowWindow
LoadCursorW
FindWindowW
SetWindowLongW
GetProcessWindowStation
GetUserObjectInformationW
FlashWindowEx
KillTimer
GetMessageW
SetTimer
GetKeyState
ScreenToClient
GetCursorPos
SetCursor
PostQuitMessage
InvalidateRect
ReleaseCapture
SetCapture
MoveWindow
EndPaint
BeginPaint
GetMessagePos
GetWindowRect
DefWindowProcW
GetWindowLongW
DispatchMessageW
TranslateMessage
TranslateAcceleratorW
LoadAcceleratorsW
LoadStringW
GetSystemMetrics
ReleaseDC
GetDC
MessageBoxW

gdiplus

GdipNewPrivateFontCollection
GdipDeletePrivateFontCollection
GdipPrivateAddMemoryFont
GdiplusShutdown
GdiplusStartup
GdipGetImageHeight
GdipGetImageWidth
GdipCreateBitmapFromStream
GdipCreateCachedBitmap
GdipDeleteCachedBitmap
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetTextRenderingHint
GdipGetImageGraphicsContext
GdipCreateFont
GdipCreateStringFormat
GdipCreateSolidFill
GdipCreatePen1
GdipCreateBitmapFromScan0
GdipDeleteFont
GdipDeleteStringFormat
GdipCloneBrush
GdipDeleteBrush
GdipDeletePen
GdipCloneImage
GdipAlloc
GdipDisposeImage
GdipFree
GdipDrawImageRectI
GdipDrawRectangle
GdipFillRectangle
GdipDrawString
GdipFillPolygon
GdipDrawLineI
GdipFillRectangleI
GdipDrawCachedBitmap
GdipDeleteGraphics
GdipCreateFromHDC
GdipGetFontCollectionFamilyList
GdipCloneFontFamily
GdipDeleteFontFamily
GdipGetImagePixelFormat

shell32

ShellExecuteExW
ShellExecuteW

ole32

CreateStreamOnHGlobal
CoInitialize
CoUninitialize

gdi32

CreateRectRgn
GetStockObject

bcrypt

BCryptGenRandom

normaliz

IdnToAscii

ws2_32

sendto
recvfrom
htonl
select
__WSAFDIsSet
WSAIoctl
htons
getpeername
WSAWaitForMultipleEvents
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
socket
setsockopt
listen
connect
closesocket
bind
accept
WSASetLastError
send
recv
freeaddrinfo
getaddrinfo
WSAGetLastError
WSACleanup
WSAStartup
ntohs
gethostname
getsockname
ioctlsocket
getsockopt

wldap32

ord200
ord30
ord79
ord35
ord33
ord32
ord27
ord26
ord301
ord41
ord50
ord45
ord60
ord211
ord46
ord217
ord143
ord22

crypt32

CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertFindExtension
CertAddCertificateContextToStore
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryA
CertGetCertificateContextProperty
CertFreeCertificateContext
CertDuplicateCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 459KB - Virtual size: 458KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

480c3099c3c955cc3fa732a8304ab39e

Code Sign

76:53:fe:ac:75:46:48:93:f5:e5:d7:4a:48:3a:4e:f8Certificate

Key Usages

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47Certificate

Extended Key Usages

Key Usages

76:60:20:e0:a6:f4:43:1b:86:96:6f:44Certificate

Extended Key Usages

Key Usages

01:9b:ea:de:c8:4d:6b:8f:f7:6c:3a:9f:2e:01:24:16Certificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51Certificate

Key Usages

3d:9f:93:4b:c8:b8:07:ae:4e:21:04:78:a5:7a:c6:c1:4f:98:5f:5b:e2:22:b2:35:07:a9:5c:b7:15:92:56:a3Signer

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

user32

gdiplus

shell32

ole32

gdi32

bcrypt

normaliz

ws2_32

wldap32

crypt32

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 459KB - Virtual size: 458KB

.data Size: 14KB - Virtual size: 29KB

.rsrc Size: 2.9MB - Virtual size: 2.9MB

.reloc Size: 67KB - Virtual size: 66KB

76:53:fe:ac:75:46:48:93:f5:e5:d7:4a:48:3a:4e:f8
Certificate

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

76:60:20:e0:a6:f4:43:1b:86:96:6f:44
Certificate

01:9b:ea:de:c8:4d:6b:8f:f7:6c:3a:9f:2e:01:24:16
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

3d:9f:93:4b:c8:b8:07:ae:4e:21:04:78:a5:7a:c6:c1:4f:98:5f:5b:e2:22:b2:35:07:a9:5c:b7:15:92:56:a3
Signer

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 459KB - Virtual size: 458KB

.data
Size: 14KB - Virtual size: 29KB

.rsrc
Size: 2.9MB - Virtual size: 2.9MB

.reloc
Size: 67KB - Virtual size: 66KB