d0d1889aa5fbfde0bec082fcfb1906a0N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

d0d1889aa5fbfde0bec082fcfb1906a0N.exe
Size

695KB
MD5

d0d1889aa5fbfde0bec082fcfb1906a0
SHA1

ef28e7fa0a17724e6dfed8389a7cbbaa0bf5e151
SHA256

70442020e35ff7a52b557572004c6fdee1bd35c7a1eacd79324dd54c27c239a8
SHA512

ebc38dcda28cbdb8d3255cdf54f517fa3fb8d9075981892fef5383a144ae588cf412e7ccc968b9db65cb3dc5682971cc6746ab73712441ba02d8176efe4eec4d
SSDEEP

12288:2HOdRMxXN8djw1ZotyVo0AZOCJ2W/ur702TEO3NBjvrEH7i:UOdR498dj6mtybKLJJmc2TEmrEH7i

Score

1^/10

Malware Config

Signatures

Files

d0d1889aa5fbfde0bec082fcfb1906a0N.exe
.dll windows:6 windows x86 arch:x86

effa0c49c40dcf088e6419119e346c4b

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:aa:64:92:de:9d:96:a9:0a:4b:ca:97:be:ad:b4:4a
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

13-05-2022 00:00

Not After

14-05-2025 23:59

Subject

CN=Notepad\+\+,O=Notepad\+\+,L=Saint Cloud,ST=Ile-de-France,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:47:35:27:3f:fb:cb:1c:3d:10:c8:c0:5e:d9:d4:1a:10:79:e5:67:76:64:4b:80:c8:82:84:d2:99:cb:cf:31
Signer

Actual PE Digest

04:47:35:27:3f:fb:cb:1c:3d:10:c8:c0:5e:d9:d4:1a:10:79:e5:67:76:64:4b:80:c8:82:84:d2:99:cb:cf:31

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

send
WSAGetLastError
bind
sendto
recvfrom
WSACleanup
WSAStartup
select
__WSAFDIsSet
htonl
ioctlsocket
WSAWaitForMultipleEvents
WSASetEvent
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
listen
accept
gethostname
freeaddrinfo
getaddrinfo
WSAIoctl
WSASetLastError
socket
setsockopt
recv
ntohs
htons
getsockopt
getsockname
getpeername
connect
closesocket

wldap32

ord46
ord217
ord211
ord301
ord200
ord30
ord79
ord35
ord33
ord32
ord27
ord26
ord22
ord41
ord50
ord45
ord60
ord143

advapi32

CryptAcquireContextA
CryptDestroyKey
CryptImportKey
CryptEncrypt
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptReleaseContext

crypt32

CertFreeCertificateContext
CryptDecodeObjectEx
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CryptStringToBinaryA
PFXImportCertStore
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringA
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFindCertificateInStore
CertFreeCertificateChain

normaliz

IdnToUnicode
IdnToAscii

bcrypt

BCryptGenRandom

kernel32

SetStdHandle
GetFileAttributesExW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
HeapAlloc
SetEndOfFile
GetConsoleOutputCP
WriteFile
ReadConsoleW
GetConsoleMode
GetModuleFileNameW
ExitProcess
SetFilePointerEx
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetCurrentDirectoryW
GetFullPathNameW
HeapReAlloc
FlushFileBuffers
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
DeleteFileW
GetStringTypeW
GetTimeZoneInformation
HeapSize
WriteConsoleW
HeapFree
Sleep
GetFileInformationByHandle
GetDriveTypeW
CreateFileW
RaiseException
EncodePointer
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
SleepEx
MultiByteToWideChar
WideCharToMultiByte
FreeLibrary
GetProcAddress
CloseHandle
WaitForSingleObjectEx
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
GetEnvironmentVariableA
DecodePointer
MoveFileExA
GetCurrentProcessId
GetLastError
SetLastError
FormatMessageW
QueryPerformanceFrequency
GetSystemDirectoryA
GetModuleHandleA
LoadLibraryA
GetStdHandle
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
QueryPerformanceCounter
GetTickCount
VerSetConditionMask
VerifyVersionInfoW
CreateFileA
GetFileSizeEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
LoadLibraryExW
InterlockedFlushSList
RtlUnwind
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree

Exports

Exports

curl_easy_cleanup
curl_easy_duphandle
curl_easy_escape
curl_easy_getinfo
curl_easy_header
curl_easy_init
curl_easy_nextheader
curl_easy_option_by_id
curl_easy_option_by_name
curl_easy_option_next
curl_easy_pause
curl_easy_perform
curl_easy_recv
curl_easy_reset
curl_easy_send
curl_easy_setopt
curl_easy_strerror
curl_easy_unescape
curl_easy_upkeep
curl_escape
curl_formadd
curl_formfree
curl_formget
curl_free
curl_getdate
curl_getenv
curl_global_cleanup
curl_global_init
curl_global_init_mem
curl_global_sslset
curl_global_trace
curl_maprintf
curl_mfprintf
curl_mime_addpart
curl_mime_data
curl_mime_data_cb
curl_mime_encoder
curl_mime_filedata
curl_mime_filename
curl_mime_free
curl_mime_headers
curl_mime_init
curl_mime_name
curl_mime_subparts
curl_mime_type
curl_mprintf
curl_msnprintf
curl_msprintf
curl_multi_add_handle
curl_multi_assign
curl_multi_cleanup
curl_multi_fdset
curl_multi_get_handles
curl_multi_info_read
curl_multi_init
curl_multi_perform
curl_multi_poll
curl_multi_remove_handle
curl_multi_setopt
curl_multi_socket
curl_multi_socket_action
curl_multi_socket_all
curl_multi_strerror
curl_multi_timeout
curl_multi_wait
curl_multi_wakeup
curl_mvaprintf
curl_mvfprintf
curl_mvprintf
curl_mvsnprintf
curl_mvsprintf
curl_pushheader_byname
curl_pushheader_bynum
curl_share_cleanup
curl_share_init
curl_share_setopt
curl_share_strerror
curl_slist_append
curl_slist_free_all
curl_strequal
curl_strnequal
curl_unescape
curl_url
curl_url_cleanup
curl_url_dup
curl_url_get
curl_url_set
curl_url_strerror
curl_version
curl_version_info
curl_ws_meta
curl_ws_recv
curl_ws_send

Sections

.text
Size: 481KB - Virtual size: 480KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

effa0c49c40dcf088e6419119e346c4b

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

03:aa:64:92:de:9d:96:a9:0a:4b:ca:97:be:ad:b4:4aCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

04:47:35:27:3f:fb:cb:1c:3d:10:c8:c0:5e:d9:d4:1a:10:79:e5:67:76:64:4b:80:c8:82:84:d2:99:cb:cf:31Signer

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

wldap32

advapi32

crypt32

normaliz

bcrypt

kernel32

Exports

Exports

Sections

.text Size: 481KB - Virtual size: 480KB

.rdata Size: 95KB - Virtual size: 95KB

.data Size: 9KB - Virtual size: 12KB

.rsrc Size: 1024B - Virtual size: 1016B

.reloc Size: 21KB - Virtual size: 20KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

03:aa:64:92:de:9d:96:a9:0a:4b:ca:97:be:ad:b4:4a
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

04:47:35:27:3f:fb:cb:1c:3d:10:c8:c0:5e:d9:d4:1a:10:79:e5:67:76:64:4b:80:c8:82:84:d2:99:cb:cf:31
Signer

.text
Size: 481KB - Virtual size: 480KB

.rdata
Size: 95KB - Virtual size: 95KB

.data
Size: 9KB - Virtual size: 12KB

.rsrc
Size: 1024B - Virtual size: 1016B

.reloc
Size: 21KB - Virtual size: 20KB