42e39134ed0552e07d5890bbacec8b5f6e25d4205b69159ca8fbd975119a8783

Sharing

Copy URL

Twitter E-mail

General

Target

42e39134ed0552e07d5890bbacec8b5f6e25d4205b69159ca8fbd975119a8783
Size

742KB
MD5

cdb35d4f1941fc21dcb346d146a310ab
SHA1

e081f6f08565922d0714888d634f9c05d14a5af2
SHA256

42e39134ed0552e07d5890bbacec8b5f6e25d4205b69159ca8fbd975119a8783
SHA512

f0a586ccc922647211e6e790de1d26aa20a5d29aa34bcf95be4b0e693395bc957a278debdc30d6bce64663187a11e2bfd0f4a611b9c755cc050b191b6fedbc19
SSDEEP

12288:QDtUcgSXHnBCb34VUbx9PjVvx0VxnK75kT2gK+nV/PyYEcJU5AQYB:QpJKx9uxK75kT1V/PyYEcJUuQ8

Score

1^/10

Malware Config

Signatures

Files

42e39134ed0552e07d5890bbacec8b5f6e25d4205b69159ca8fbd975119a8783
.exe windows:5 windows x86 arch:x86

178eeaad319a2483e7f5f304e2a852d1

Code Sign

33:00:00:04:0c:12:00:67:8b:16:b2:65:db:00:00:00:00:04:0c
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

05/01/2023, 19:22

Not After

15/12/2023, 19:22

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

47:7e:9d:05:d7:93:2b:28:2c:fa:34:44:03:79:88:92:cb:40:aa:95:5c:e9:7c:c1:f5:97:50:13:a3:b1:1a:1e
Signer

Actual PE Digest

47:7e:9d:05:d7:93:2b:28:2c:fa:34:44:03:79:88:92:cb:40:aa:95:5c:e9:7c:c1:f5:97:50:13:a3:b1:1a:1e

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\mailmaster\mailmaster\src\chromium\out\Release\initialexe\mailmaster.exe.pdb

Imports

advapi32

CreateProcessAsUserW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
SystemFunction036
OpenProcessToken
GetAce
GetKernelObjectSecurity
GetLengthSid
GetSecurityDescriptorSacl
SetKernelObjectSecurity
SetTokenInformation
SetSecurityInfo
ConvertStringSidToSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RevertToSelf
RegDisablePredefinedCache
CopySid
CreateWellKnownSid
CreateRestrictedToken
DuplicateToken
DuplicateTokenEx
EqualSid
GetTokenInformation
LookupPrivilegeValueW
SetThreadToken
ConvertSidToStringSidW
SetEntriesInAclW
GetSecurityInfo
RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceEnableFlags
GetTraceLoggerHandle
TraceEvent
UnregisterTraceGuids

iphlpapi

GetAdaptersAddresses
GetAdaptersInfo

psapi

GetMappedFileNameW

user32

GetActiveWindow
CharUpperW
CloseDesktop
RegisterWindowMessageW
CloseWindowStation
CreateDesktopW
GetThreadDesktop
CreateWindowStationW
SetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW
SendMessageTimeoutW
FindWindowW

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

ws2_32

WSAGetLastError
gethostbyname
inet_ntoa
WSAStartup
gethostname

wininet

InternetConnectW
InternetOpenW
InternetSetOptionW
FtpPutFileW
InternetCloseHandle

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

winmm

timeGetTime

shlwapi

PathFindFileNameW

kernel32

RtlCaptureStackBackTrace
HeapSize
WriteConsoleW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
GetProcessHeap
GetTimeZoneInformation
EnumSystemLocalesW
IsValidLocale
ReadConsoleW
HeapReAlloc
HeapFree
HeapAlloc
ExitProcess
SetStdHandle
GetFullPathNameW
CloseHandle
GetLastError
CreateMutexW
CreateDirectoryW
lstrcpyW
lstrlenW
GetCurrentProcess
GetModuleHandleW
FreeLibrary
GetProcAddress
LoadLibraryExW
SetLastError
GetCurrentProcessId
GetSystemInfo
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
WriteFile
OutputDebugStringA
GetModuleFileNameW
CreateFileW
DeleteFileW
FormatMessageA
GetTickCount
GetCommandLineW
LocalFree
ReadFile
QueryDosDeviceW
GetLongPathNameW
RemoveDirectoryW
GetTempPathW
GetFileAttributesW
SetFileAttributesW
GetFileAttributesExW
GetCurrentDirectoryW
MoveFileExW
CopyFileW
GetTempFileNameW
SetThreadPriority
Sleep
GetCurrentThread
QueryPerformanceFrequency
GetThreadPriority
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetUserDefaultLangID
TerminateProcess
WaitForSingleObject
DuplicateHandle
OpenProcess
GetExitCodeProcess
SetInformationJobObject
SetHandleInformation
GetStdHandle
AssignProcessToJobObject
ResumeThread
CreateProcessW
GetFileSizeEx
SetEndOfFile
SetFilePointerEx
FlushFileBuffers
GetCurrentThreadId
GetVersionExW
GetNativeSystemInfo
IsDebuggerPresent
RaiseException
CreateThread
FindFirstFileW
FindFirstFileExW
FindNextFileW
FindClose
GetProcessId
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
DeleteCriticalSection
GetSystemDirectoryW
GetWindowsDirectoryW
ExpandEnvironmentStringsW
GetModuleHandleA
CreateEventW
GetModuleHandleExW
SetEnvironmentVariableW
GetEnvironmentVariableW
RegisterWaitForSingleObject
UnregisterWaitEx
TlsSetValue
TlsAlloc
TlsGetValue
TlsFree
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
LoadLibraryW
GlobalMemoryStatusEx
HeapSetInformation
WaitForMultipleObjects
SetEvent
ResetEvent
VirtualQueryEx
RtlCaptureContext
ReleaseSemaphore
InitializeCriticalSection
SuspendThread
TerminateThread
GetThreadContext
CreateSemaphoreW
SetUnhandledExceptionFilter
GetDriveTypeW
VirtualAlloc
VirtualFree
ReleaseMutex
SwitchToThread
VirtualAllocEx
VirtualProtectEx
WriteProcessMemory
TerminateJobObject
GetUserDefaultLCID
GetFileType
ProcessIdToSessionId
GetProcessHandleCount
SignalObjectAndWait
VirtualFreeEx
CreateJobObjectW
CreateNamedPipeW
ReadProcessMemory
DebugBreak
SearchPathW
GetConsoleMode
GetConsoleOutputCP
RtlUnwind
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
UnhandledExceptionFilter
GetCPInfo
GetLocaleInfoW
LCMapStringW
CompareStringW
DecodePointer
FileTimeToSystemTime
EncodePointer
GetStringTypeW
MultiByteToWideChar
WideCharToMultiByte
LoadLibraryExA
VirtualQuery
VirtualProtect

ole32

CoTaskMemFree

winhttp

WinHttpCrackUrl
WinHttpCloseHandle
WinHttpConnect
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpReadData
WinHttpOpenRequest
WinHttpSendRequest
WinHttpOpen

Exports

Exports

GetHandleVerifier
IsSandboxedProcess

Sections

.text
Size: 457KB - Virtual size: 457KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 170KB - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 568B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

178eeaad319a2483e7f5f304e2a852d1

Code Sign

33:00:00:04:0c:12:00:67:8b:16:b2:65:db:00:00:00:00:04:0cCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

47:7e:9d:05:d7:93:2b:28:2c:fa:34:44:03:79:88:92:cb:40:aa:95:5c:e9:7c:c1:f5:97:50:13:a3:b1:1a:1eSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

iphlpapi

psapi

user32

userenv

ws2_32

wininet

version

winmm

shlwapi

kernel32

ole32

winhttp

Exports

Exports

Sections

.text Size: 457KB - Virtual size: 457KB

.rdata Size: 170KB - Virtual size: 170KB

.data Size: 4KB - Virtual size: 13KB

.gfids Size: 1024B - Virtual size: 568B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 61KB - Virtual size: 61KB

.reloc Size: 19KB - Virtual size: 18KB

33:00:00:04:0c:12:00:67:8b:16:b2:65:db:00:00:00:00:04:0c
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

47:7e:9d:05:d7:93:2b:28:2c:fa:34:44:03:79:88:92:cb:40:aa:95:5c:e9:7c:c1:f5:97:50:13:a3:b1:1a:1e
Signer

.text
Size: 457KB - Virtual size: 457KB

.rdata
Size: 170KB - Virtual size: 170KB

.data
Size: 4KB - Virtual size: 13KB

.gfids
Size: 1024B - Virtual size: 568B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 61KB - Virtual size: 61KB

.reloc
Size: 19KB - Virtual size: 18KB