6eb343442c4b82a7dfc582cc68f1d80577ad9f1508c1af0d9e3413fe2837b398[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

6eb343442c4b82a7dfc582cc68f1d80577ad9f1508c1af0d9e3413fe2837b398.exe
Size

12.3MB
MD5

3f4ccbd47c16fd6d7995f2f47fc3f2cc
SHA1

01e75f9aff42a568c74699c476542f948c155d60
SHA256

6eb343442c4b82a7dfc582cc68f1d80577ad9f1508c1af0d9e3413fe2837b398
SHA512

f0ed1ef7dcd21356424be5dd8e246d2f90d9261cf3a902e5632c9e3000d04732c036f8fc8b0941864cfee4ce765f47114a439204a6dbdb67dc1c29c6a1c146d5
SSDEEP

196608:dS2qTXFxRBBt5wJsv6tWKFdu9Cdm7+JBrfRwuBH2ASt0Byq33OV2+wJjh:lqTXdt5wJsv6tWKFdu9CdBL2rvDgt

Score

1^/10

Malware Config

Signatures

Files

6eb343442c4b82a7dfc582cc68f1d80577ad9f1508c1af0d9e3413fe2837b398.exe
.exe windows:5 windows x86 arch:x86

6c5b6bf3beb2ad22701b42d7c8ce32c1

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9b:f9:6b:e5:3b:d9:0d:aa:bc:c5:b4:ae:c9:44:97:de
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

16/08/2018, 00:00

Not After

15/08/2021, 23:59

Subject

CN=Morovia Corporation,OU=Software Products,O=Morovia Corporation,POSTALCODE=L3R 9X3,STREET=7725 Birchmount Road\, Unit 42,L=Markham,ST=Ontario,C=CA,2.5.4.18=#13074c335220395833

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

66:ca:68:fb:a5:39:4f:1c:fc:d0:f6:e5:a9:44:77:f0:33:13:d4:39
Signer

Actual PE Digest

66:ca:68:fb:a5:39:4f:1c:fc:d0:f6:e5:a9:44:77:f0:33:13:d4:39

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

GetTokenInformation
OpenProcessToken
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegFlushKey
RegQueryValueExW
RegSetValueExW
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegDeleteKeyW
RegDeleteValueW

gdi32

OffsetRgn
CombineRgn
GetPaletteEntries
RealizePalette
SelectPalette
CreatePalette
GetRegionData
CreateRectRgn
CreateEllipticRgn
GetObjectW
GetStockObject
PtInRegion
GetDIBits
CreateDIBSection
CreateBitmap
DeleteDC
SelectObject
CreateCompatibleDC
BitBlt
CreateCompatibleBitmap
GetOutlineTextMetricsW
ExtTextOutW
SetTextAlign
SetBkMode
SetTextColor
GetGlyphOutlineW
SetWorldTransform
SetGraphicsMode
GetTextMetricsW
CreateFontIndirectW
GetTextExtentPoint32W
GetCharABCWidthsFloatW
GetCharABCWidthsI
GetCharABCWidthsW
GetFontData
GetTextFaceW
EnumFontFamiliesExW
GdiFlush
SelectClipRgn
DeleteObject
GetDeviceCaps

imm32

ImmReleaseContext
ImmNotifyIME
ImmGetCompositionStringW
ImmAssociateContext
ImmGetContext
ImmSetCompositionWindow
ImmSetCompositionFontW
ImmGetDefaultIMEWnd
ImmSetCandidateWindow

ws2_32

WSASend
WSAAsyncSelect
htonl
getsockopt
WSANtohl
WSANtohs
WSAGetLastError
WSAStartup
WSACleanup
WSAIoctl
WSASocketW
setsockopt
getpeername
getsockname
listen
WSAAccept
WSARecvFrom
WSARecv
__WSAFDIsSet
closesocket
WSAHtonl
inet_addr
gethostbyaddr
ntohl
gethostbyname
WSAHtons
WSASendTo
bind
WSAConnect
select

shell32

ShellExecuteW

winmm

timeBeginPeriod
timeEndPeriod
PlaySoundW

ole32

CoGetMalloc
CoTaskMemFree
OleIsCurrentClipboard
OleFlushClipboard
OleSetClipboard
OleGetClipboard
DoDragDrop
ReleaseStgMedium
OleUninitialize
OleInitialize
RevokeDragDrop
CoUninitialize
CoInitialize
CoCreateInstance
StringFromGUID2
CoCreateGuid
RegisterDragDrop
CoLockObjectExternal

crypt32

CertGetNameStringW

wintrust

WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain
WTHelperGetProvCertFromChain
WinVerifyTrust

msi

ord141
ord88

user32

ChangeClipboardChain
LoadIconW
GetMenu
GetKeyboardState
SetMenuItemInfoW
TrackPopupMenuEx
MapVirtualKeyW
ToAscii
ToUnicode
GetKeyboardLayout
DestroyCaret
SetCaretPos
CreateCaret
HideCaret
GetKeyboardLayoutList
RegisterWindowMessageW
GetAsyncKeyState
RegisterClipboardFormatW
GetIconInfo
DrawIconEx
CreateCursor
CreateIconIndirect
SetCursorPos
DestroyCursor
GetClassInfoW
LoadImageW
GetSysColorBrush
GetCursorPos
GetWindowRgn
ClipCursor
GetUpdateRect
InvalidateRgn
BeginPaint
EndPaint
WindowFromPoint
GetParent
GetDoubleClickTime
SetDoubleClickTime
SetCaretBlinkTime
GetKeyState
GetCaretBlinkTime
FlashWindowEx
MessageBeep
SystemParametersInfoW
GetDesktopWindow
GetSystemMenu
SetClipboardViewer
SetParent
ValidateRgn
GetClientRect
GetWindowPlacement
SetWindowPlacement
GetWindowRect
IsWindowVisible
IsIconic
IsZoomed
SetWindowRgn
MoveWindow
InvalidateRect
ShowWindow
GetSystemMetrics
SendMessageW
SetWindowTextW
ScreenToClient
ClientToScreen
SetCursor
SetCapture
AdjustWindowRectEx
ScrollWindowEx
UpdateWindow
SetWindowPos
SetForegroundWindow
ReleaseCapture
DestroyIcon
ReleaseDC
GetDC
GetActiveWindow
IsChild
GetFocus
SetFocus
MsgWaitForMultipleObjectsEx
TranslateMessage
DispatchMessageW
SetWindowsHookExW
UnhookWindowsHookEx
DestroyWindow
UnregisterClassW
RegisterClassW
CreateWindowExW
SetWindowLongW
GetWindowLongW
DefWindowProcW
KillTimer
GetQueueStatus
GetMessageTime
CallNextHookEx
SetTimer
PostMessageW
PeekMessageW
CharNextExA
GetForegroundWindow
MessageBoxA
GetClipboardFormatNameW
EnableMenuItem
GetSysColor

oleaut32

VariantInit
SysAllocStringByteLen
SysFreeString
SysStringLen
SysAllocString

kernel32

CompareStringA
EnumSystemLocalesA
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
GetProcessHeap
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetEnvironmentVariableA
IsValidCodePage
GetOEMCP
GetACP
HeapSize
InitializeCriticalSectionAndSpinCount
LoadLibraryA
HeapCreate
SetLastError
GetStartupInfoA
SetHandleCount
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
GetCPInfo
LCMapStringW
LCMapStringA
GetDateFormatA
GetTimeFormatA
GetStdHandle
WriteConsoleW
GetConsoleMode
GetConsoleCP
GetDriveTypeA
SetFileAttributesW
SetStdHandle
CreateThread
ExitThread
GetTimeZoneInformation
HeapReAlloc
ExitProcess
HeapAlloc
CreateDirectoryA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
HeapFree
RaiseException
RtlUnwind
GetSystemTimeAsFileTime
GetCommandLineA
GetEnvironmentStringsW
InterlockedExchange
QueryPerformanceFrequency
QueryPerformanceCounter
InterlockedIncrement
GetThreadTimes
VirtualFree
VirtualAlloc
SetFilePointer
GlobalFree
ExpandEnvironmentStringsW
GlobalSize
lstrcmpW
IsValidLanguageGroup
IsValidLocale
GetUserDefaultLangID
GlobalAlloc
GlobalLock
GlobalUnlock
InterlockedDecrement
FindNextFileW
CreateSemaphoreW
ReleaseSemaphore
ResetEvent
LoadLibraryW
GetSystemDirectoryW
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
SetErrorMode
GetLogicalDrives
SetEndOfFile
DeviceIoControl
GetFileAttributesW
RemoveDirectoryW
CreateDirectoryW
MoveFileW
CopyFileW
DeleteFileW
CreateFileW
GetFullPathNameW
GetCurrentDirectoryW
WriteFile
ReadFile
SetFilePointerEx
GetFileAttributesExW
FindFirstFileW
FindClose
GetFileInformationByHandle
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetFileType
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetStartupInfoW
TlsGetValue
DuplicateHandle
CreateEventW
SetEvent
WaitForMultipleObjects
GetThreadPriority
ResumeThread
TlsSetValue
SetThreadPriority
TerminateThread
GetCurrentThread
TlsAlloc
GetSystemInfo
TlsFree
GetCurrentThreadId
GetLocalTime
WideCharToMultiByte
MultiByteToWideChar
GetTimeFormatW
GetDateFormatW
GetLocaleInfoW
GetVersionExW
GetCurrentProcessId
GetUserDefaultLCID
CompareStringW
CreateProcessW
GetLastError
FormatMessageW
WaitForSingleObject
GetModuleHandleW
GetProcAddress
GetCurrentProcess
LocalAlloc
LocalFree
CreateFileA
GetFileTime
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
CloseHandle
GetTickCount
GetModuleHandleA
GetCurrentDirectoryA
GetModuleFileNameW
SetCurrentDirectoryW
GetTempPathA
SetCurrentDirectoryA
Sleep
FindResourceW
SizeofResource
LoadResource
LockResource

Sections

.text
Size: 5.3MB - Virtual size: 5.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 47KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5.3MB - Virtual size: 5.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6c5b6bf3beb2ad22701b42d7c8ce32c1

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

9b:f9:6b:e5:3b:d9:0d:aa:bc:c5:b4:ae:c9:44:97:deCertificate

Extended Key Usages

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

66:ca:68:fb:a5:39:4f:1c:fc:d0:f6:e5:a9:44:77:f0:33:13:d4:39Signer

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

gdi32

imm32

ws2_32

shell32

winmm

ole32

crypt32

wintrust

msi

user32

oleaut32

kernel32

Sections

.text Size: 5.3MB - Virtual size: 5.3MB

.rdata Size: 1.7MB - Virtual size: 1.7MB

.data Size: 47KB - Virtual size: 76KB

.rsrc Size: 5.3MB - Virtual size: 5.3MB

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

9b:f9:6b:e5:3b:d9:0d:aa:bc:c5:b4:ae:c9:44:97:de
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

66:ca:68:fb:a5:39:4f:1c:fc:d0:f6:e5:a9:44:77:f0:33:13:d4:39
Signer

.text
Size: 5.3MB - Virtual size: 5.3MB

.rdata
Size: 1.7MB - Virtual size: 1.7MB

.data
Size: 47KB - Virtual size: 76KB

.rsrc
Size: 5.3MB - Virtual size: 5.3MB