24a8bdf728dfb21eaca876b76c4350e0N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

24a8bdf728dfb21eaca876b76c4350e0N.exe
Size

459KB
MD5

24a8bdf728dfb21eaca876b76c4350e0
SHA1

c53122c4aeea101a1b5c53776384ed71dd716ccd
SHA256

6d6f32d497afd78299dc6a1d4e8759743f6bbbbd727c85c3827d7c744b071aa3
SHA512

22977473c85f75fbc5ced0d939d905086fac81b654a693e4f6f2f8e1d9f2756aee354c0ece72d7371b1128c4e40ee3d2c016780a6fb56b589e3190efb9affd13
SSDEEP

12288:C4MRWhqKM56ynH7W+t6exNwvq6Tsb3ILX2h5:C4MQhqK062H7UtvzTa3ILGh5

Score

1^/10

Malware Config

Signatures

Files

24a8bdf728dfb21eaca876b76c4350e0N.exe
.dll windows:4 windows x86 arch:x86

17f33081839701102825742cd63d18d2

Code Sign

01
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01/01/2004, 00:00

Not After

31/12/2028, 23:59

Subject

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e9:95:06:50:72:c4:04:c2:12:72:2c:53:c0:23:72:26
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

11/11/2022, 00:00

Not After

10/11/2025, 23:59

Subject

CN=GR KOMPLETE PRODUCTIONS\, LLC.,O=GR KOMPLETE PRODUCTIONS\, LLC.,ST=Florida,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01/01/2004, 00:00

Not After

31/12/2028, 23:59

Subject

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e9:95:06:50:72:c4:04:c2:12:72:2c:53:c0:23:72:26
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

11/11/2022, 00:00

Not After

10/11/2025, 23:59

Subject

CN=GR KOMPLETE PRODUCTIONS\, LLC.,O=GR KOMPLETE PRODUCTIONS\, LLC.,ST=Florida,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ab:02:23:49:74:21:61:1b:b6:90:2f:86:c9:69:0b:89:a8:22:78:ba:ef:ef:00:06:60:4d:11:96:3c:c3:b5:14
Signer

Actual PE Digest

ab:02:23:49:74:21:61:1b:b6:90:2f:86:c9:69:0b:89:a8:22:78:ba:ef:ef:00:06:60:4d:11:96:3c:c3:b5:14

Digest Algorithm

sha256

PE Digest Matches

true

1c:9e:f7:96:39:8c:ab:f8:a1:f0:bd:f6:1a:e7:2f:e6:17:17:5c:0e
Signer

Actual PE Digest

1c:9e:f7:96:39:8c:ab:f8:a1:f0:bd:f6:1a:e7:2f:e6:17:17:5c:0e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

memset
_wcsicmp
wcslen
wcscpy
wcscat
floor
ceil
fread
longjmp
_setjmp3
memcpy
memmove
_wcsdup
free
wcsncmp
wcscmp
wcsncpy
tolower
localtime
mktime
_wcsnicmp
_itow
gmtime
cos
fmod
sin
abs
fabs
malloc
fseek
ftell
fclose
pow
??3@YAXPAX@Z
??2@YAPAXI@Z
wcsstr
frexp
modf
memcmp
fopen
_errno
strerror
abort
atof
strlen
fflush
fwrite
_vsnwprintf
??1type_info@@UAE@XZ

kernel32

HeapCreate
HeapDestroy
GetWindowsDirectoryW
GetTempFileNameW
RemoveDirectoryW
Sleep
WritePrivateProfileStringW
GetCurrentProcess
GetSystemDirectoryW
SetLastError
CreateProcessW
GetExitCodeThread
GetExitCodeProcess
CloseHandle
GetVersionExW
GetModuleHandleW
UnregisterWait
EnterCriticalSection
LeaveCriticalSection
HeapFree
TlsFree
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
TlsGetValue
HeapAlloc
GetCurrentThread
DuplicateHandle
RegisterWaitForSingleObject
TlsSetValue
WaitForSingleObject
CreateThread
TerminateThread
GetCurrentProcessId
GetCurrentThreadId
GetCommandLineW
GetEnvironmentVariableW
SetEnvironmentVariableW
CreatePipe
GetStdHandle
FreeLibrary
LoadLibraryW
WideCharToMultiByte
GetProcAddress
HeapReAlloc
QueryPerformanceFrequency
QueryPerformanceCounter
GetTickCount
GetDriveTypeW
FindFirstFileW
FindClose
GetFileAttributesW
GetTempPathW
SetFileAttributesW
DeleteFileW
CopyFileW
WriteFile
ReadFile
CreateFileW
SetFilePointer
GetFileSize
MulDiv
GetLocalTime
GlobalFree
GlobalAlloc
MultiByteToWideChar
InterlockedCompareExchange
InterlockedExchange
ExitProcess

gdiplus

GdipDeleteFont
GdipDeleteGraphics
GdipDeletePath
GdipDeleteMatrix
GdipDeletePen
GdipDeleteStringFormat
GdipFree
GdipGetDpiX
GdipGetDpiY
GdiplusStartup
GdipCreateFontFromDC
GdipCreateFromHDC
GdipCreatePath
GdipCreateMatrix
GdipCreatePen1
GdipCreateSolidFill
GdipDeleteBrush
GdipAlloc
GdipCloneBrush
GdipCloneStringFormat
GdipStringFormatGetGenericTypographic
GdipGetStringFormatFlags
GdipScaleMatrix
GdipSetCompositingMode
GdipSetStringFormatFlags
GdipSetInterpolationMode
GdipSetPageUnit
GdipSetSmoothingMode
GdipSetTextRenderingHint
GdipTranslateWorldTransform
GdipStartPathFigure
GdipAddPathLine
GdipSetPenColor
GdipDrawPath
GdipSetPenDashStyle
GdipSetPenLineCap197819
GdipSetPenLineJoin
GdipSetPenWidth
GdipCreateFontFromLogfontA
GdipCreateFont
GdipDeleteFontFamily
GdipGetFamily
GdipGetFontSize
GdipGetFontStyle
GdipResetPath
GdipSetPathFillMode

user32

SendMessageW
SystemParametersInfoW
ReleaseDC
GetDlgCtrlID
EnableWindow
SetForegroundWindow
SetFocus
PostMessageW
LoadIconW
GetSysColor
MessageBoxW
GetForegroundWindow
GetWindowThreadProcessId
IsWindowVisible
GetWindowLongW
IsWindowEnabled
EnumWindows
SetWindowPos
SetMenu
DestroyMenu
GetCursorPos
TrackPopupMenu
DestroyWindow
GetDC
GetWindowTextLengthW
GetWindowTextW
GetSystemMetrics
CreateWindowExW
GetSysColorBrush
CallWindowProcW
SetWindowLongW
GetWindowRect
GetWindow
InvalidateRect
SetWindowTextW
RemovePropW
SetPropW
SetRect
DrawTextW
GetClientRect
FillRect
DefWindowProcW
RedrawWindow
LoadCursorW
RegisterClassExW
SetClassLongW
GetPropW
SetScrollPos
GetParent
InflateRect
GetWindowDC
GetIconInfo
UpdateWindow
ReleaseCapture
BeginPaint
DrawStateW
EndPaint
SetCapture
ScreenToClient
MapWindowPoints
MoveWindow
GetKeyState
ClipCursor
GetMessagePos
ChildWindowFromPointEx
SetCursor
GetCapture
GetFocus
DrawFocusRect
ShowWindow
GetScrollPos
DrawFrameControl
SetActiveWindow
DestroyIcon
PeekMessageW
MsgWaitForMultipleObjects
GetMessageW
GetActiveWindow
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
DestroyAcceleratorTable
CreateAcceleratorTableW
ClientToScreen
RegisterClassW
AdjustWindowRectEx
UnregisterClassW
GetMenu
DefFrameProcW
EnumChildWindows
GetClassNameW
IsChild
RegisterWindowMessageW
DrawIconEx
CreateIconFromResourceEx
CreateIconFromResource
CharUpperW
CharLowerW

gdi32

CreateDCW
GetDeviceCaps
DeleteDC
SetBkMode
CreateSolidBrush
DeleteObject
GetStockObject
CreateFontIndirectW
SelectObject
GetTextExtentPoint32W
SetBkColor
SetTextColor
ExcludeClipRect
GetObjectType
GetObjectW
CreateCompatibleDC
BitBlt
CreateCompatibleBitmap
CreateDIBSection
GdiGetBatchLimit
GdiSetBatchLimit
SetStretchBltMode
StretchBlt
CreatePen
MoveToEx
LineTo
CreateRectRgnIndirect
GetClipRgn
ExtSelectClipRgn
SelectClipRgn
GetDIBits
SetTextAlign
TextOutW
SetBrushOrgEx
GetTextMetricsW
GetPixel
CreateBitmap
SetPixel
GetObjectA
CreateFontW

advapi32

RegOpenKeyExW
RegDeleteValueW
RegCloseKey
AllocateAndInitializeSid
FreeSid
RegSetValueExW
RegQueryValueExW
RegDeleteKeyW
RegEnumKeyExW

comctl32

ImageList_LoadImageW
InitCommonControlsEx
_TrackMouseEvent
ImageList_Replace
ImageList_Add
ImageList_ReplaceIcon
ImageList_Remove
ImageList_AddMasked
ImageList_Destroy
ImageList_Create
ImageList_GetIconSize

ole32

CoTaskMemFree
CoInitialize
RevokeDragDrop

shell32

ShellExecuteW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
ShellExecuteExW

winmm

timeBeginPeriod

Exports

Exports

AddDlgComponent
AddUninstLog
CheckFileProp
EvalVar
EvalVarBuf
ExecuteProgram
GetSpecialDirectory
InitSFX
InitUninstall
ManageUninstLog
PBDlgGetDlgItem
PBFindString
PBGetFileInfo
PBReadDataFromFile
PBRegDeleteKey
PBRegDeleteKeysRecursive
PBRegDeleteValue
PBRegisterServer
PBStringReplace
PBWriteDataToFile
ParamStr
PerformOpVar
PerformUninstall
ReplaceVarInFile
SetVar
ShowDialogBox
ShowProgressBox

Sections

.text
Size: 370KB - Virtual size: 369KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

17f33081839701102825742cd63d18d2

Code Sign

01Certificate

Key Usages

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

e9:95:06:50:72:c4:04:c2:12:72:2c:53:c0:23:72:26Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

01Certificate

Key Usages

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

e9:95:06:50:72:c4:04:c2:12:72:2c:53:c0:23:72:26Certificate

Extended Key Usages

Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

ab:02:23:49:74:21:61:1b:b6:90:2f:86:c9:69:0b:89:a8:22:78:ba:ef:ef:00:06:60:4d:11:96:3c:c3:b5:14Signer

1c:9e:f7:96:39:8c:ab:f8:a1:f0:bd:f6:1a:e7:2f:e6:17:17:5c:0eSigner

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

kernel32

gdiplus

user32

gdi32

advapi32

comctl32

ole32

shell32

winmm

Exports

Exports

Sections

.text Size: 370KB - Virtual size: 369KB

.rdata Size: 30KB - Virtual size: 29KB

.data Size: 14KB - Virtual size: 19KB

.rsrc Size: 1024B - Virtual size: 824B

.reloc Size: 19KB - Virtual size: 19KB

01
Certificate

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

e9:95:06:50:72:c4:04:c2:12:72:2c:53:c0:23:72:26
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

01
Certificate

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

e9:95:06:50:72:c4:04:c2:12:72:2c:53:c0:23:72:26
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

ab:02:23:49:74:21:61:1b:b6:90:2f:86:c9:69:0b:89:a8:22:78:ba:ef:ef:00:06:60:4d:11:96:3c:c3:b5:14
Signer

1c:9e:f7:96:39:8c:ab:f8:a1:f0:bd:f6:1a:e7:2f:e6:17:17:5c:0e
Signer

.text
Size: 370KB - Virtual size: 369KB

.rdata
Size: 30KB - Virtual size: 29KB

.data
Size: 14KB - Virtual size: 19KB

.rsrc
Size: 1024B - Virtual size: 824B

.reloc
Size: 19KB - Virtual size: 19KB