5c963934d8bb0b5658171b0f3f3d46a0N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

5c963934d8bb0b5658171b0f3f3d46a0N.exe
Size

2.6MB
MD5

5c963934d8bb0b5658171b0f3f3d46a0
SHA1

235bbd3d64b8922c84b0786896e3048cda397798
SHA256

fc8f2cb0d6c921e85c7b4cfac67eca675db3a54ac651e87f7b588dabde0c35c8
SHA512

382189418f546f63c04d11d2a1dbb01585a1e25666f3e1aa03aefaa3879163d765fed13a207ba1022057e264de977054e96f033ea9419c3d3d8c81dd05c8dbb9
SSDEEP

49152:srAhv/bODYYh++R6VHqjco9dx//LcYFJO7LvHU3sD+guT4osH0s7o90v:uYd+/j9PVY7LvHU3sD+ooyv

Score

1^/10

Malware Config

Signatures

Files

5c963934d8bb0b5658171b0f3f3d46a0N.exe
.dll windows:6 windows x86 arch:x86

959c9c5dfde538d1de361612b7aad26a

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

13:bf:f1:25:c6:50:d7:c5:a0:82:20:8f
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

04/08/2022, 10:44

Not After

04/08/2025, 10:44

Subject

SERIALNUMBER=1027739867473,CN=AO Kaspersky Lab,O=AO Kaspersky Lab,STREET=sh Leningradskoe\, 39A / str 2,L=Moscow,ST=Moscow,C=RU,1.3.6.1.4.1.311.60.2.1.2=#13064d6f73636f77,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1a:cc:0c:ca:0c:2c:b1:40:61:6e:db:ac:81:b9:6e
Certificate

Issuer

CN=Kaspersky Lab,O=Kaspersky Lab,L=Moscow,C=RU

Not Before

25/08/2021, 14:06

Not After

25/08/2036, 14:06

Subject

CN=Kaspersky Lab,O=Kaspersky Lab,L=Moscow,C=RU

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4d:4f:9c:97:71:b6:10:bb:d5:cd:b2:4a:70:5d:e9:74:76:5a:52:44:1b:19:3a:bb:7c:89:f1:bd:08:2b:67:07
Signer

Actual PE Digest

4d:4f:9c:97:71:b6:10:bb:d5:cd:b2:4a:70:5d:e9:74:76:5a:52:44:1b:19:3a:bb:7c:89:f1:bd:08:2b:67:07

Digest Algorithm

sha256

PE Digest Matches

true

4d:4f:9c:97:71:b6:10:bb:d5:cd:b2:4a:70:5d:e9:74:76:5a:52:44:1b:19:3a:bb:7c:89:f1:bd:08:2b:67:07
Signer

Actual PE Digest

4d:4f:9c:97:71:b6:10:bb:d5:cd:b2:4a:70:5d:e9:74:76:5a:52:44:1b:19:3a:bb:7c:89:f1:bd:08:2b:67:07

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\a\b\d_00000000_\b\b\execroot\k\bazel-out\x86_32-windows-opt\bin\component\crypto\crypto_components\crypto_components.pdb

Imports

crypt32

CertCloseStore
CertFindCertificateInStore
CertFreeCertificateContext
CertOpenStore
CertAddStoreToCollection

kernel32

GetModuleFileNameA
HeapFree
GetModuleHandleExA
GetLastError
RaiseException
HeapAlloc
GetProcAddress
GetProcessHeap
GetModuleHandleW
lstrlenA
CloseHandle
GetCurrentProcessId
ReadFile
GetFileSizeEx
FindFirstFileExW
EnterCriticalSection
GetFullPathNameW
FindNextFileW
WriteFile
LeaveCriticalSection
InitializeCriticalSection
FindClose
CreateFileW
SetFilePointerEx
LocalFree
DeleteCriticalSection
FlushFileBuffers
FileTimeToSystemTime
GetSystemTimeAsFileTime
GetTempPathW
GetFileAttributesW
DeleteFileW
SwitchToThread
Sleep
TlsSetValue
TlsAlloc
TlsGetValue
TlsFree
MultiByteToWideChar
GetCurrentThreadId
GetModuleHandleA
lstrcmpA
WaitForSingleObject
CreateEventW
SetEvent
TerminateThread
WaitForSingleObjectEx
CreateThread
ResetEvent
GetTickCount
LoadLibraryW
GetModuleHandleExW
GetTimeZoneInformation
FileTimeToLocalFileTime
VerSetConditionMask
SystemTimeToFileTime
VerifyVersionInfoW
UnmapViewOfFile
FlushViewOfFile
CreateFileMappingW
MapViewOfFile
MoveFileW
GetEnvironmentVariableW
FreeLibrary
GetModuleFileNameW
FindAtomW
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
QueryPerformanceCounter
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InitializeCriticalSectionAndSpinCount

user32

wsprintfA

ole32

StgOpenStorageOnILockBytes
CoTaskMemFree
CoCreateGuid

msvcp140

?_Xbad_alloc@std@@YAXXZ
?__ExceptionPtrDestroy@@YAXPAX@Z
?__ExceptionPtrCompare@@YA_NPBX0@Z
?__ExceptionPtrCurrentException@@YAXPAX@Z
?__ExceptionPtrRethrow@@YAXPBX@Z
?__ExceptionPtrCopy@@YAXPAXPBX@Z
?_Xlength_error@std@@YAXPBD@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?setprecision@std@@YA?AU?$_Smanip@_J@1@_J@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Init@ios_base@std@@IAEXXZ
??1ios_base@std@@UAE@XZ
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?clear@ios_base@std@@QAEXH_N@Z
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?widen@?$ctype@_W@std@@QBEPBDPBD0PA_W@Z
?widen@?$ctype@_W@std@@QBE_WD@Z
??1facet@locale@std@@MAE@XZ
??0facet@locale@std@@IAE@I@Z
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UAEXXZ
??Bid@locale@std@@QAEIXZ
?_Gettrue@_Locinfo@std@@QBEPBDXZ
?_Getfalse@_Locinfo@std@@QBEPBDXZ
??1_Locinfo@std@@QAE@XZ
??0_Locinfo@std@@QAE@PBD@Z
?_Xbad_function_call@std@@YAXXZ
?_Xinvalid_argument@std@@YAXPBD@Z
?id@?$ctype@D@std@@2V0locale@2@A
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?imbue@?$basic_ios@DU?$char_traits@D@std@@@std@@QAE?AVlocale@2@ABV32@@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?exceptions@ios_base@std@@QAEXH@Z
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?narrow@?$ctype@D@std@@QBEDDD@Z
?widen@?$ctype@D@std@@QBEDD@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_K@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
?__ExceptionPtrCreate@@YAXPAX@Z
_Mbrtowc
?__ExceptionPtrAssign@@YAXPAXPBX@Z
?uncaught_exception@std@@YA_NXZ
?_Getcvt@_Locinfo@std@@QBE?AU_Cvtvec@@XZ

vcruntime140

strchr
strstr
__std_type_info_compare
_CxxThrowException
memmove
memset
memcpy
__current_exception_context
__std_type_info_destroy_list
_except_handler4_common
strrchr
memchr
_purecall
memcmp
__current_exception
__CxxFrameHandler3
__std_terminate
__std_exception_destroy
__std_exception_copy

api-ms-win-crt-heap-l1-1-0

_callnewh
malloc
calloc
realloc
free

api-ms-win-crt-convert-l1-1-0

_itoa
strtoul
strtol
mbrtowc
strtoull
wcrtomb_s

api-ms-win-crt-runtime-l1-1-0

_crt_atexit
terminate
_invalid_parameter_noinfo_noreturn
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_errno
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initterm
_cexit
abort
exit

api-ms-win-crt-stdio-l1-1-0

_ftelli64
__acrt_iob_func
fflush
fwrite
fread
_fseeki64
ferror
fclose
__stdio_common_vfprintf
_wfopen
__stdio_common_vsnprintf_s
__stdio_common_vsprintf_s
__stdio_common_vsprintf
__stdio_common_vsscanf
fopen
_getcwd

api-ms-win-crt-math-l1-1-0

log2
_dclass
_CIfmod
floor
ceil
_CIlog10
_CIpow
frexp

api-ms-win-crt-string-l1-1-0

tolower
isspace
toupper
isdigit
strncpy
isalnum
strncmp
isalpha
isupper
strpbrk
strcspn
strnlen
ispunct
strcpy_s

api-ms-win-crt-locale-l1-1-0

localeconv

api-ms-win-crt-utility-l1-1-0

bsearch
srand

api-ms-win-crt-time-l1-1-0

_get_timezone
_mktime64
_time64
_difftime64

api-ms-win-crt-filesystem-l1-1-0

_stat64i32
_wstat64i32

api-ms-win-crt-environment-l1-1-0

getenv

Exports

Exports

ekaCanUnloadModule
ekaCreateObject
ekaGetObjectFactory

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 487KB - Virtual size: 486KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 74KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 146KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

959c9c5dfde538d1de361612b7aad26a

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54Certificate

Extended Key Usages

Key Usages

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

13:bf:f1:25:c6:50:d7:c5:a0:82:20:8fCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

1a:cc:0c:ca:0c:2c:b1:40:61:6e:db:ac:81:b9:6eCertificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

4d:4f:9c:97:71:b6:10:bb:d5:cd:b2:4a:70:5d:e9:74:76:5a:52:44:1b:19:3a:bb:7c:89:f1:bd:08:2b:67:07Signer

4d:4f:9c:97:71:b6:10:bb:d5:cd:b2:4a:70:5d:e9:74:76:5a:52:44:1b:19:3a:bb:7c:89:f1:bd:08:2b:67:07Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

crypt32

kernel32

user32

ole32

msvcp140

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-environment-l1-1-0

Exports

Exports

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rdata Size: 487KB - Virtual size: 486KB

.data Size: 74KB - Virtual size: 82KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 146KB - Virtual size: 145KB

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

13:bf:f1:25:c6:50:d7:c5:a0:82:20:8f
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

1a:cc:0c:ca:0c:2c:b1:40:61:6e:db:ac:81:b9:6e
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

4d:4f:9c:97:71:b6:10:bb:d5:cd:b2:4a:70:5d:e9:74:76:5a:52:44:1b:19:3a:bb:7c:89:f1:bd:08:2b:67:07
Signer

4d:4f:9c:97:71:b6:10:bb:d5:cd:b2:4a:70:5d:e9:74:76:5a:52:44:1b:19:3a:bb:7c:89:f1:bd:08:2b:67:07
Signer

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 487KB - Virtual size: 486KB

.data
Size: 74KB - Virtual size: 82KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 146KB - Virtual size: 145KB