99ec8900dc5f88775a04ef93145a7e4053f25e7d68c3dbdaa7d572346c5b923a

Sharing

Copy URL

Twitter E-mail

General

Target

99ec8900dc5f88775a04ef93145a7e4053f25e7d68c3dbdaa7d572346c5b923a
Size

1.1MB
MD5

3af326910a6725fa7fdaf928f16f8c78
SHA1

e407995846394b7c6e8acf50b7934da80bf2a470
SHA256

99ec8900dc5f88775a04ef93145a7e4053f25e7d68c3dbdaa7d572346c5b923a
SHA512

bec9e480088bfadeb6efdf44b44438da59b750478a7c83fab66cacf29791fc44df000ce08860a269ac8cae8c6a48a415aa98d4c20bfc28cd26d2f26e35a95c04
SSDEEP

24576:ss/C6v4bAyBdlqr9ve3vCtjcKVNGOyowwRGUHDoj6T/4bsNt1zsJQrEH7S:5CAiAyBHqrRe36tjBodwRGUHMj6TgbsF

Score

1^/10

Malware Config

Signatures

Files

99ec8900dc5f88775a04ef93145a7e4053f25e7d68c3dbdaa7d572346c5b923a
.dll windows:5 windows x86 arch:x86

566608fc4e739807cf78f375182a051b

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0e:98:2f:dd:f0:6e:93:e9:11:06:5d:03:7d:4d:d4:82
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

28/05/2024, 00:00

Not After

06/08/2027, 23:59

Subject

CN=Brave Software\, Inc.,O=Brave Software\, Inc.,L=San Francisco,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

97:71:dd:08:49:d3:8f:78:5c:3c:54:a2:fd:9c:62:03:1c:0e:ca:c0:6a:44:f2:a6:a2:3e:41:82:ee:84:16:d5
Signer

Actual PE Digest

97:71:dd:08:49:d3:8f:78:5c:3c:54:a2:fd:9c:62:03:1c:0e:ca:c0:6a:44:f2:a6:a2:3e:41:82:ee:84:16:d5

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

goopdate_unsigned.pdb

Imports

kernel32

TransactNamedPipe
SetNamedPipeHandleState
VirtualQueryEx
WaitNamedPipeW
InitOnceComplete
InitOnceBeginInitialize
CreateDirectoryW
SizeofResource
SetLastError
lstrlenW
WriteFile
GetPrivateProfileIntW
OutputDebugStringA
SetFilePointer
GetEnvironmentVariableW
WaitForSingleObject
CreateFileW
GetCurrentThreadId
ReleaseMutex
Sleep
GetFileInformationByHandle
GetFileAttributesExW
OutputDebugStringW
LockResource
CloseHandle
FindResourceExW
LoadResource
FindResourceW
GetLocalTime
GetCurrentProcessId
lstrcmpiW
lstrcmpW
FindFirstFileW
FindNextFileW
GetCurrentProcess
RemoveDirectoryW
WaitForMultipleObjects
FindClose
GetFileAttributesW
DuplicateHandle
FormatMessageW
GetCurrentThread
DeleteFileW
LoadLibraryW
GetCurrentDirectoryW
GetProcAddress
LocalFree
GetModuleHandleW
FreeLibrary
GetTempFileNameW
OpenMutexW
GetTickCount
LoadLibraryExW
GetExitCodeProcess
ReadFile
CompareFileTime
SetEndOfFile
SetFileAttributesW
FileTimeToSystemTime
MoveFileExW
GetFileSize
CopyFileW
GetSystemTimeAsFileTime
GetFileTime
FlushFileBuffers
lstrcpynW
ExitProcess
IsDebuggerPresent
WideCharToMultiByte
MultiByteToWideChar
GetTimeZoneInformation
FileTimeToLocalFileTime
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
GetModuleFileNameW
GetTempPathW
GetSystemDirectoryW
VirtualQuery
TryEnterCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
CreateMutexW
CreateEventW
SetEvent
ResetEvent
GetLongPathNameW
SetPriorityClass
TerminateProcess
WaitForMultipleObjectsEx
OpenProcess
CreateToolhelp32Snapshot
ProcessIdToSessionId
Process32NextW
WaitForSingleObjectEx
ReadProcessMemory
SetHandleInformation
CreatePipe
GetSystemPowerStatus
GlobalMemoryStatusEx
CreateProcessW
SetProcessWorkingSetSize
GetVersionExW
VerSetConditionMask
VerifyVersionInfoW
LocalAlloc
HeapSetInformation
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
GetStdHandle
QueryDosDeviceW
GetLogicalDriveStringsW
OpenEventW
CreateThread
SetCurrentDirectoryW
OpenThread
QueryPerformanceCounter
GetCommandLineW
GetStringTypeExW
GetThreadLocale
lstrcmpA
GetStringTypeExA
SetFilePointerEx
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetStartupInfoW
InitializeSListHead
GetStringTypeW
TryAcquireSRWLockExclusive
CompareStringEx
InitializeCriticalSectionEx
EncodePointer
LCMapStringEx
GetCPInfo
QueryPerformanceFrequency
RtlUnwind
InterlockedPushEntrySList
InterlockedFlushSList
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemInfo
VirtualAlloc
VirtualProtect
GetModuleHandleExW
GetFileType
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetFileSizeEx
SetStdHandle
GetConsoleOutputCP
GetConsoleMode
ReadConsoleW
WriteConsoleW
GetProcessId
ReleaseSemaphore
RtlCaptureContext
DeleteTimerQueueTimer
CreateTimerQueueTimer
LoadLibraryExA
VirtualFree
FlushInstructionCache
InterlockedPopEntrySList
MulDiv
GlobalHandle
CreateTimerQueue
DeleteTimerQueueEx
GetSystemDefaultLangID
GetUserDefaultLangID
GetComputerNameExW
GetPrivateProfileStringW
DeviceIoControl
GetProcessHeap
DeleteCriticalSection
HeapDestroy
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
GetLastError
HeapSize
InitializeCriticalSectionAndSpinCount
GetSystemTime
UnregisterWaitEx
RegisterWaitForSingleObject
QueueUserWorkItem
Thread32First
Thread32Next
SetProcessShutdownParameters
GetProcessShutdownParameters
CreateSemaphoreW
Process32FirstW
HeapFree

oleaut32

SysReAllocStringLen
SysAllocString
SystemTimeToVariantTime
LoadRegTypeLi
OleCreateFontIndirect
VarBstrCmp
VariantChangeType
SafeArrayRedim
SafeArrayDestroy
SafeArrayGetUBound
SafeArrayUnlock
SafeArrayGetLBound
SafeArrayCopy
SafeArrayGetVartype
SafeArrayLock
SafeArrayCreate
LoadTypeLi
VariantClear
VariantInit
SysAllocStringLen
SysFreeString
SysAllocStringByteLen
OleLoadPicturePath
SysStringLen
VarUI4FromStr
VariantTimeToSystemTime
SysStringByteLen

user32

GetClientRect
TranslateMessage
MapWindowPoints
PeekMessageW
GetMonitorInfoW
DispatchMessageW
CreateWindowExW
CloseClipboard
EmptyClipboard
SetClipboardData
SetCapture
UnregisterClassW
GetParent
SetForegroundWindow
GetClassNameW
SetWindowContextHelpId
GetMenuState
InflateRect
SetActiveWindow
OffsetRect
IsMenu
SetFocus
FrameRect
IsRectEmpty
GetSysColorBrush
SystemParametersInfoW
UpdateWindow
GetCursorPos
EnumChildWindows
EnableMenuItem
EnableWindow
IsDialogMessageW
GetWindowTextLengthW
GetSystemMenu
GetFocus
GetDC
FillRect
ScreenToClient
EndDialog
SetWindowTextW
ShowWindow
InvalidateRgn
MapDialogRect
RemoveMenu
GetDlgItem
GetDesktopWindow
CreateDialogIndirectParamW
CreateAcceleratorTableW
RedrawWindow
RegisterWindowMessageW
FlashWindow
ReleaseCapture
PostQuitMessage
SetLayeredWindowAttributes
OpenClipboard
LoadImageW
EnumWindows
GetSystemMetrics
SendMessageW
IsWindowVisible
GetWindowThreadProcessId
PostThreadMessageW
CharNextW
LoadStringW
IsWindow
CharLowerBuffA
CopyRect
CharNextA
DestroyIcon
ClientToScreen
DestroyAcceleratorTable
IsChild
GetTopWindow
GetSysColor
MoveWindow
InvalidateRect
CharUpperW
CharLowerW
CharLowerBuffW
MessageBoxW
wvsprintfW
wsprintfW
GetWindowLongW
GetMessageW
AllowSetForegroundWindow
GetWindow
GetWindowRect
DestroyWindow
SetWindowPos
MonitorFromWindow
PostMessageW
WaitForInputIdle
SendDlgItemMessageW
CopyImage
GetClassInfoExW
KillTimer
SetWindowLongW
LoadCursorW
SetTimer
RegisterClassExW
CallWindowProcW
DefWindowProcW
CharUpperBuffW
GetWindowTextW
EndPaint
BeginPaint
ReleaseDC

iphlpapi

GetIfTable

netapi32

NetGetJoinInformation
NetApiBufferFree
NetWkstaUserGetInfo
NetWkstaGetInfo

psapi

EnumProcesses
GetModuleFileNameExW
EnumProcessModules

shlwapi

PathAddBackslashW
PathRemoveFileSpecW
PathRemoveExtensionW
PathStripPathW
PathCommonPrefixW
PathFindFileNameW
SHQueryValueExW
PathFileExistsW
PathAddExtensionW
UrlCombineW
PathFindExtensionW
PathIsDirectoryW
PathIsDirectoryEmptyW
UrlIsW
UrlUnescapeA
PathAppendA
UrlEscapeW
PathCreateFromUrlW
PathAppendW
PathCanonicalizeW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

userenv

LeaveCriticalPolicySection
EnterCriticalPolicySection
ExpandEnvironmentStringsForUserW
DestroyEnvironmentBlock
CreateEnvironmentBlock
GetProfileType
UnloadUserProfile

wtsapi32

WTSQuerySessionInformationW
WTSEnumerateSessionsW
WTSFreeMemory

advapi32

RegEnumKeyExW
ControlService
QueryServiceStatus
SystemFunction036
DuplicateToken
RegOverridePredefKey
GetUserNameW
SetSecurityDescriptorOwner
GetAce
RegOpenCurrentUser
IsTextUnicode
DeregisterEventSource
CreateServiceW
SetServiceStatus
ChangeServiceConfig2W
DeleteService
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW
QueryServiceConfigW
ChangeServiceConfigW
QueryServiceConfig2W
RegisterEventSourceW
ReportEventW
TraceEvent
GetSecurityInfo
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
GetTraceLoggerHandle
GetTraceEnableFlags
GetTraceEnableLevel
RegisterTraceGuidsW
UnregisterTraceGuids
GetSidSubAuthorityCount
GetSidIdentifierAuthority
AllocateAndInitializeSid
ImpersonateSelf
FreeSid
CheckTokenMembership
RegNotifyChangeKeyValue
RegQueryInfoKeyW
RegDeleteKeyW
RegCreateKeyExW
GetAclInformation
RegSetValueExW
RegDeleteValueW
RegEnumValueW
LookupPrivilegeValueW
AdjustTokenPrivileges
CreateProcessAsUserW
ConvertSidToStringSidW
DuplicateTokenEx
SetSecurityDescriptorDacl
RevertToSelf
MakeSelfRelativeSD
RegQueryValueExW
GetSecurityDescriptorLength
GetLengthSid
RegOpenKeyExW
InitializeAcl
AddAce
IsValidSid
GetSecurityDescriptorOwner
InitializeSid
CopySid
GetSecurityDescriptorControl
SetNamedSecurityInfoW
GetSidLengthRequired
GetSidSubAuthority
GetSecurityDescriptorGroup
RegCloseKey
GetSecurityDescriptorDacl
GetSecurityDescriptorSacl
GetTokenInformation
SetSecurityDescriptorGroup
MakeAbsoluteSD
OpenThreadToken
OpenServiceW
InitializeSecurityDescriptor
StartServiceW
OpenProcessToken
ImpersonateLoggedOnUser
ConvertStringSidToSidW
GetNamedSecurityInfoW
OpenSCManagerW
CloseServiceHandle
EqualSid

ntdll

NtDeleteKey

ole32

CoGetCallContext
CoRevertToSelf
CoTaskMemFree
CoSetProxyBlanket
IIDFromString
CoReleaseServerProcess
CoTaskMemAlloc
CoInitializeSecurity
CoRegisterClassObject
CoResumeClassObjects
CoImpersonateClient
CoTaskMemRealloc
CoInitializeEx
CoRevokeClassObject
CoRegisterPSClsid
OleSaveToStream
ReadClassStm
WriteClassStm
CoCreateInstance
StringFromGUID2
CoCreateGuid
CoSuspendClassObjects
CoGetObject
CoUninitialize
CreateStreamOnHGlobal
CoGetClassObject
OleUninitialize
CLSIDFromProgID
OleInitialize
CoAddRefServerProcess
CLSIDFromString
OleLockRunning

shell32

ShellExecuteExW
CommandLineToArgvW
SHGetFolderPathW
ord680

comctl32

InitCommonControlsEx
_TrackMouseEvent

crypt32

CryptHashCertificate
CryptUnprotectData
CryptProtectData
CertFreeCertificateContext
CryptQueryObject
CertDuplicateCertificateContext
CertCloseStore
CertFindCertificateInStore
CertGetNameStringW

msimg32

GradientFill

uxtheme

SetWindowTheme

wininet

InternetCrackUrlW
HttpSendRequestW
InternetCloseHandle
InternetConnectW
HttpQueryInfoW
InternetQueryDataAvailable
InternetReadFile
HttpAddRequestHeadersW
HttpOpenRequestW
InternetOpenW

wintrust

WinVerifyTrust

gdi32

CreateRectRgnIndirect
DPtoLP
CreateFontIndirectW
CreateSolidBrush
DeleteObject
GetObjectW
DeleteDC
GetDeviceCaps
GetStockObject
CreateCompatibleDC
SelectObject
CreateCompatibleBitmap
BitBlt
ExtTextOutW
FillRgn
CombineRgn
SetBkColor
SetViewportOrgEx
GetRegionData
SetTextColor
CreateRectRgn
OffsetRgn
GetTextMetricsW

Exports

Exports

DllEntry

Sections

.text
Size: 786KB - Virtual size: 786KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 169KB - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

566608fc4e739807cf78f375182a051b

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

0e:98:2f:dd:f0:6e:93:e9:11:06:5d:03:7d:4d:d4:82Certificate

Extended Key Usages

Key Usages

97:71:dd:08:49:d3:8f:78:5c:3c:54:a2:fd:9c:62:03:1c:0e:ca:c0:6a:44:f2:a6:a2:3e:41:82:ee:84:16:d5Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

oleaut32

user32

iphlpapi

netapi32

psapi

shlwapi

version

userenv

wtsapi32

advapi32

ntdll

ole32

shell32

comctl32

crypt32

msimg32

uxtheme

wininet

wintrust

gdi32

Exports

Exports

Sections

.text Size: 786KB - Virtual size: 786KB

.rdata Size: 169KB - Virtual size: 169KB

.data Size: 14KB - Virtual size: 23KB

.rsrc Size: 44KB - Virtual size: 43KB

.reloc Size: 36KB - Virtual size: 36KB

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

0e:98:2f:dd:f0:6e:93:e9:11:06:5d:03:7d:4d:d4:82
Certificate

97:71:dd:08:49:d3:8f:78:5c:3c:54:a2:fd:9c:62:03:1c:0e:ca:c0:6a:44:f2:a6:a2:3e:41:82:ee:84:16:d5
Signer

.text
Size: 786KB - Virtual size: 786KB

.rdata
Size: 169KB - Virtual size: 169KB

.data
Size: 14KB - Virtual size: 23KB

.rsrc
Size: 44KB - Virtual size: 43KB

.reloc
Size: 36KB - Virtual size: 36KB