0ae9576e2c8df1719c4c62fcb972aad7cf460331efd8a4d44221484c0df31ae9

Sharing

Copy URL Twitter E-mail

General

Target

0ae9576e2c8df1719c4c62fcb972aad7cf460331efd8a4d44221484c0df31ae9
Size

536KB
MD5

193d12dfe11687c9583a835f0ef7f8b4
SHA1

88ac1564fa0fac045dd326efc8c8e2f4c0a0ede2
SHA256

0ae9576e2c8df1719c4c62fcb972aad7cf460331efd8a4d44221484c0df31ae9
SHA512

47cd5974d0b8ed3b881675152b13b3fcef7e77ed94ca46f301cea05d31b4c80363b2d669b00e20191088d56cd8f74334fdea154488fd5556e8a907ec8380d395
SSDEEP

6144:t39xjYhd+soHeBso9YzYFpBcNHW3LlItEKS3+E8lf/YPwaDb2O7fcCnDtVXP6VU0:ttF8o+io9YkFjxbqY3f8lf/GzP6oI55

Score

1^/10

Malware Config

Signatures

Files

0ae9576e2c8df1719c4c62fcb972aad7cf460331efd8a4d44221484c0df31ae9
.exe windows:6 windows x64 arch:x64

71a25b4fca6d3654d934997d194bf037

Code Sign

33:00:00:02:cd:f3:64:bf:f8:d4:4c:5d:51:00:00:00:00:02:cd
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/05/2022, 20:46

Not After

11/05/2023, 20:46

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

fc:d2:39:82:11:35:a4:95:d7:43:bc:f4:3b:c4:80:98:53:2b:e9:08:19:88:1a:90:bd:be:e0:8e:8c:34:16:bb
Signer

Actual PE Digest

fc:d2:39:82:11:35:a4:95:d7:43:bc:f4:3b:c4:80:98:53:2b:e9:08:19:88:1a:90:bd:be:e0:8e:8c:34:16:bb

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\_work\1\s\OSS_Microsoft_OpenSSH_Dev\bin\x64\Release\ssh-add.pdb

Imports

libcrypto

DSA_free
DSA_do_sign
DSA_get0_key
BN_bn2bin
DSA_do_verify
DSA_set0_key
DSA_SIG_get0
DSA_SIG_set0
DSA_SIG_new
DSA_set0_pqg
DSA_get0_pqg
DSA_generate_key
EC_POINT_point2oct
BN_bin2bn
DSA_SIG_free
BN_dup
RSA_generate_key_ex
BN_set_flags
RSA_public_decrypt
RSA_new
RSA_set0_crt_params
EC_POINT_oct2point
RSA_free
BN_free
BN_set_word
RSA_sign
BN_div
RSA_set0_factors
RSA_size
RSA_get0_factors
RSA_get0_crt_params
RSA_set0_key
BN_CTX_new
BN_CTX_free
EVP_CIPHER_CTX_key_length
EVP_CIPHER_CTX_new
EVP_aes_256_cbc
EVP_CipherInit
EVP_aes_128_ctr
EVP_aes_256_ctr
EVP_des_ede3_cbc
EVP_aes_192_cbc
EVP_CIPHER_CTX_ctrl
EVP_CIPHER_CTX_set_key_length
EVP_aes_192_ctr
EVP_Cipher
EVP_aes_256_gcm
EVP_aes_128_gcm
EVP_CIPHER_CTX_free
ECDSA_do_sign
EC_POINT_cmp
DSA_generate_parameters_ex
DSA_new
EC_KEY_set_private_key
EC_KEY_generate_key
ECDSA_SIG_get0
EC_KEY_set_public_key
EC_KEY_free
ECDSA_SIG_free
ECDSA_SIG_set0
EC_KEY_set_asn1_flag
ECDSA_do_verify
EC_KEY_new_by_curve_name
ECDSA_SIG_new
EVP_sha384
EVP_md5
EVP_sha256
EVP_Digest
EVP_sha1
EVP_sha512
RAND_status
SSLeay
RSA_blinding_on
EC_GROUP_get_order
BIO_new
BN_clear_free
ERR_peek_error
BN_value_one
EVP_PKEY_get1_EC_KEY
EC_METHOD_get_field_type
EC_POINT_mul
ERR_get_error
EC_POINT_get_affine_coordinates_GFp
ERR_peek_last_error
EC_KEY_set_group
EC_POINT_is_at_infinity
BIO_s_mem
RSA_get0_key
PEM_read_bio_PrivateKey
EC_POINT_free
EVP_aes_128_cbc
EVP_PKEY_free
EVP_PKEY_get1_RSA
EC_KEY_get0_public_key
EC_GROUP_free
EC_POINT_new
BIO_write
BIO_free
EC_GROUP_cmp
EVP_PKEY_get1_DSA
EC_GROUP_set_asn1_flag
EC_GROUP_get_curve_name
BN_new
EC_KEY_get0_private_key
EC_KEY_get0_group
BN_cmp
BN_sub
explicit_bzero
EC_GROUP_new_by_curve_name
EVP_PKEY_base_id
EC_GROUP_method_of
BN_num_bits
arc4random_buf

crypt32

CryptStringToBinaryA
CryptBinaryToStringA

ws2_32

WSACleanup
bind
WSAIoctl
WSASend
WSAStartup
getsockname
WSARecv
WSAGetOverlappedResult
setsockopt
closesocket
WSADuplicateSocketW
WSASocketW
WSAGetLastError
socket

kernel32

ExitThread
CreateThread
FindNextFileW
FindFirstFileExW
FindClose
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetCommandLineW
GetCommandLineA
GetCurrentDirectoryW
SetEnvironmentVariableW
GetFullPathNameW
SetStdHandle
GetModuleHandleExW
ExitProcess
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
RtlUnwindEx
GetModuleHandleW
GetStartupInfoW
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
FreeLibraryAndExitThread
HeapFree
HeapAlloc
CompareStringW
LCMapStringW
GetTimeZoneInformation
GetStringTypeW
GetNumberOfConsoleInputEvents
PeekConsoleInputA
ReadConsoleW
HeapReAlloc
GetFileSizeEx
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
HeapSize
RaiseException
GetLocalTime
CreateWaitableTimerA
CancelIoEx
CancelSynchronousIo
WriteFile
ReadFile
LoadLibraryExW
WaitForSingleObjectEx
WaitForMultipleObjectsEx
QueueUserAPC
SetConsoleCtrlHandler
CreateEventA
VerifyVersionInfoW
VerSetConditionMask
ResetEvent
SetEvent
GetDriveTypeW
SleepEx
ReadFileEx
GetFileAttributesExW
GetFileInformationByHandle
WriteFileEx
RtlPcToFileHeader
IsDebuggerPresent
WaitForSingleObject
DeviceIoControl
CreateNamedPipeA
CancelIo
GetFinalPathNameByHandleW
ReadConsoleOutputA
SetConsoleCursorPosition
GetConsoleWindow
Beep
WriteConsoleW
FillConsoleOutputAttribute
WriteConsoleOutputA
CreateFileA
ReadConsoleInputW
SetConsoleCursorInfo
GetConsoleMode
SetConsoleWindowInfo
GetConsoleCP
GetConsoleCursorInfo
ScrollConsoleScreenBufferA
SetConsoleScreenBufferSize
SetConsoleTextAttribute
FillConsoleOutputCharacterA
GetExitCodeProcess
MultiByteToWideChar
FlushFileBuffers
OpenThread
CreateProcessW
GetCurrentProcessId
SetFilePointerEx
GetTickCount64
DuplicateHandle
GetCurrentThreadId
GetModuleFileNameW
SetConsoleMode
ExpandEnvironmentStringsW
GetSystemDirectoryW
GetLastError
GetWindowsDirectoryW
LocalFree
GetComputerNameW
GetConsoleScreenBufferInfo
GetCurrentProcess
GetStdHandle
EncodePointer
CreateFileW
CloseHandle
GetProcAddress
FreeLibrary
WideCharToMultiByte
GetFileType
SetHandleInformation
TerminateProcess
SetEndOfFile

user32

ShowWindow
GetWindowPlacement

advapi32

IsValidSid
ConvertSidToStringSidA
EventWrite
EventRegister
GetSidIdentifierAuthority
RegQueryValueExW
LookupAccountSidW
ConvertSidToStringSidW
RegOpenKeyExW
CopySid
RegCloseKey
GetTokenInformation
LookupAccountNameW
IsValidAcl
GetLengthSid
ConvertStringSecurityDescriptorToSecurityDescriptorW
OpenProcessToken
IsValidSecurityDescriptor
IsWellKnownSid
GetNamedSecurityInfoW
CreateWellKnownSid
GetAce
CreateProcessAsUserW
EqualSid

Sections

.text
Size: 297KB - Virtual size: 297KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 201KB - Virtual size: 201KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 177KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

71a25b4fca6d3654d934997d194bf037

Code Sign

33:00:00:02:cd:f3:64:bf:f8:d4:4c:5d:51:00:00:00:00:02:cdCertificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

fc:d2:39:82:11:35:a4:95:d7:43:bc:f4:3b:c4:80:98:53:2b:e9:08:19:88:1a:90:bd:be:e0:8e:8c:34:16:bbSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

libcrypto

crypt32

ws2_32

kernel32

user32

advapi32

Sections

.text Size: 297KB - Virtual size: 297KB

.rdata Size: 201KB - Virtual size: 201KB

.data Size: 4KB - Virtual size: 177KB

.pdata Size: 17KB - Virtual size: 17KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 2KB - Virtual size: 2KB

33:00:00:02:cd:f3:64:bf:f8:d4:4c:5d:51:00:00:00:00:02:cd
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

fc:d2:39:82:11:35:a4:95:d7:43:bc:f4:3b:c4:80:98:53:2b:e9:08:19:88:1a:90:bd:be:e0:8e:8c:34:16:bb
Signer

.text
Size: 297KB - Virtual size: 297KB

.rdata
Size: 201KB - Virtual size: 201KB

.data
Size: 4KB - Virtual size: 177KB

.pdata
Size: 17KB - Virtual size: 17KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 2KB - Virtual size: 2KB