5bb45f55d24db959fa2d2dd59bbe335470bbba83835d49275e39a9be83f95e13

Sharing

Copy URL Twitter E-mail

General

Target

5bb45f55d24db959fa2d2dd59bbe335470bbba83835d49275e39a9be83f95e13
Size

1.3MB
MD5

e0e12a8891f5585ce1ad55dbffb4f9c2
SHA1

480c5a601d98e2ac3e31e8a6fc366d5cae145573
SHA256

5bb45f55d24db959fa2d2dd59bbe335470bbba83835d49275e39a9be83f95e13
SHA512

d64a7cfeff25f2a52b8f7426f672a59875470e8408983583863e9323b1e57347ac0bdde15b4ecbdc9cbd1f165e44cc8fc80aad840daa6a9419cd75f7746b5885
SSDEEP

12288:+C91aDapbi0xtnZ0jDCinG9sLd5oF/eYPn/TmHejf0QXEmz4i:rGOpbi0zZCeinGo5oFGe/Km9p

Score

1^/10

Malware Config

Signatures

Files

5bb45f55d24db959fa2d2dd59bbe335470bbba83835d49275e39a9be83f95e13
.exe windows:4 windows x64 arch:x64

c121ce38aff2a19e4970c1ca0554a7d1

Code Sign

33:00:00:03:a4:cb:e3:56:b8:cb:7f:e4:27:00:00:00:00:03:a4
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2023, 19:51

Not After

16/10/2024, 19:51

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

81:f6:7b:42:d7:43:4d:8f:0d:17:b0:87:5d:9f:2e:98:bf:19:df:59:ae:68:c5:9f:d0:6c:32:cb:ef:7d:5f:c5
Signer

Actual PE Digest

81:f6:7b:42:d7:43:4d:8f:0d:17:b0:87:5d:9f:2e:98:bf:19:df:59:ae:68:c5:9f:d0:6c:32:cb:ef:7d:5f:c5

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

GetUserNameW

kernel32

AddAtomA
AddVectoredExceptionHandler
CloseHandle
CreateEventA
CreateEventW
CreateMutexA
CreateSemaphoreA
CreateThread
CreateTimerQueue
CreateTimerQueueTimer
DeleteAtom
DeleteCriticalSection
DeleteTimerQueue
DuplicateHandle
EnterCriticalSection
FindAtomA
FormatMessageA
GetAtomNameA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetExitCodeThread
GetHandleInformation
GetLastError
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetProcessAffinityMask
GetStartupInfoA
GetSystemTimeAsFileTime
GetThreadContext
GetThreadPriority
GetTickCount
InitializeCriticalSection
IsDBCSLeadByteEx
IsDebuggerPresent
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
LocalFree
MultiByteToWideChar
OpenProcess
OutputDebugStringA
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReleaseMutex
ReleaseSemaphore
RemoveVectoredExceptionHandler
ResetEvent
ResumeThread
RtlLookupFunctionEntry
RtlUnwindEx
RtlVirtualUnwind
SetEvent
SetLastError
SetProcessAffinityMask
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
SuspendThread
TlsAlloc
TlsGetValue
TlsSetValue
TryEnterCriticalSection
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
__C_specific_handler

msvcrt

___lc_codepage_func
___mb_cur_max_func
__getmainargs
__initenv
__iob_func
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_beginthreadex
_cexit
_close
_commode
_endthreadex
_errno
_fdopen
_filelengthi64
_fileno
_fileno
_fmode
_fstat64
_initterm
_lock
_lseeki64
_memccpy
_onexit
_read
_setjmp
_strdup
_stricmp
_strnicmp
_ultoa
_unlock
_wfopen
_write
abort
calloc
exit
fclose
fflush
fgetpos
fopen
fprintf
fputc
fputs
fread
free
fsetpos
fwrite
getc
getwc
isspace
iswctype
localeconv
longjmp
malloc
memchr
memcmp
memcpy
memmove
memset
printf
putc
puts
putwc
realloc
setlocale
setvbuf
signal
strcmp
strcoll
strerror
strftime
strlen
strncmp
strxfrm
toupper
towlower
towupper
ungetc
ungetwc
vfprintf
wcscoll
wcsftime
wcslen
wcsstr
wcsxfrm

ntdll

NtCreateThreadEx
RtlCaptureContext

user32

DispatchMessageA
GetMessageA
KillTimer
SetTimer
TranslateMessage

Sections

.text
Size: 753KB - Virtual size: 753KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/4
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/31
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/45
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/57
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/70
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/81
Size: 154KB - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/92
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c121ce38aff2a19e4970c1ca0554a7d1

Code Sign

33:00:00:03:a4:cb:e3:56:b8:cb:7f:e4:27:00:00:00:00:03:a4Certificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

81:f6:7b:42:d7:43:4d:8f:0d:17:b0:87:5d:9f:2e:98:bf:19:df:59:ae:68:c5:9f:d0:6c:32:cb:ef:7d:5f:c5Signer

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

ntdll

user32

Sections

.text Size: 753KB - Virtual size: 753KB

.data Size: 12KB - Virtual size: 12KB

.rdata Size: 66KB - Virtual size: 66KB

.pdata Size: 48KB - Virtual size: 48KB

.xdata Size: 65KB - Virtual size: 64KB

.bss Size: - Virtual size: 3KB

.idata Size: 6KB - Virtual size: 6KB

.CRT Size: 512B - Virtual size: 112B

.tls Size: 512B - Virtual size: 16B

.rsrc Size: 11KB - Virtual size: 10KB

.reloc Size: 6KB - Virtual size: 5KB

/4 Size: 3KB - Virtual size: 2KB

/19 Size: 123KB - Virtual size: 123KB

/31 Size: 21KB - Virtual size: 20KB

/45 Size: 57KB - Virtual size: 57KB

/57 Size: 14KB - Virtual size: 14KB

/70 Size: 3KB - Virtual size: 3KB

/81 Size: 154KB - Virtual size: 154KB

/92 Size: 9KB - Virtual size: 9KB

33:00:00:03:a4:cb:e3:56:b8:cb:7f:e4:27:00:00:00:00:03:a4
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

81:f6:7b:42:d7:43:4d:8f:0d:17:b0:87:5d:9f:2e:98:bf:19:df:59:ae:68:c5:9f:d0:6c:32:cb:ef:7d:5f:c5
Signer

.text
Size: 753KB - Virtual size: 753KB

.data
Size: 12KB - Virtual size: 12KB

.rdata
Size: 66KB - Virtual size: 66KB

.pdata
Size: 48KB - Virtual size: 48KB

.xdata
Size: 65KB - Virtual size: 64KB

.bss
Size: - Virtual size: 3KB

.idata
Size: 6KB - Virtual size: 6KB

.CRT
Size: 512B - Virtual size: 112B

.tls
Size: 512B - Virtual size: 16B

.rsrc
Size: 11KB - Virtual size: 10KB

.reloc
Size: 6KB - Virtual size: 5KB

/4
Size: 3KB - Virtual size: 2KB

/19
Size: 123KB - Virtual size: 123KB

/31
Size: 21KB - Virtual size: 20KB

/45
Size: 57KB - Virtual size: 57KB

/57
Size: 14KB - Virtual size: 14KB

/70
Size: 3KB - Virtual size: 3KB

/81
Size: 154KB - Virtual size: 154KB

/92
Size: 9KB - Virtual size: 9KB