6ca75f425887df2b3c3398a7bd0cbf30N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

6ca75f425887df2b3c3398a7bd0cbf30N.exe
Size

835KB
MD5

6ca75f425887df2b3c3398a7bd0cbf30
SHA1

36c4de6a5aae731c9d619153607664065900704f
SHA256

9a9ea4e3354d61b23fd9a4421ff20b38797b8bb93502d5e3be93d291d6dd0186
SHA512

17bc49ba6a40c79548b4452e1481df9a91414651b3164a5844bb566997abe20bd2e3f436e241bf7fd1ca0827493ca6db3f099c992da37e88c350523475d7452a
SSDEEP

12288:dwrnIfqfAaUMhUhLupXshh1PEd5hOoMSACGOi68dG9TWRzS:dwMfoUMihIXCE5uEGOivI

Score

1^/10

Malware Config

Signatures

Files

6ca75f425887df2b3c3398a7bd0cbf30N.exe
.exe windows:5 windows x64 arch:x64

ab5d97aed117a09cb2947ad3775add66

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:0f:78:4d:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/08/2007, 00:23

Not After

23/02/2009, 00:33

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:14:2c:a7:00:00:00:00:00:06
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/06/2007, 23:54

Not After

13/06/2012, 00:04

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:27F4-D440-54F3,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:14:2c:a7:00:00:00:00:00:06
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/06/2007, 23:54

Not After

13/06/2012, 00:04

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:27F4-D440-54F3,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b0:ba:4e:a5:aa:dc:7a:67:2c:65:8d:6c:ee:5b:0e:37:b5:73:4b:c2
Signer

Actual PE Digest

b0:ba:4e:a5:aa:dc:7a:67:2c:65:8d:6c:ee:5b:0e:37:b5:73:4b:c2

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetLastError
LeaveCriticalSection
UnmapViewOfFile
DeleteCriticalSection
GetTempPathW
GetCurrentProcess
GetCurrentThread
CreateDirectoryW
GetFileSize
WideCharToMultiByte
WriteFile
FlushFileBuffers
GetModuleFileNameW
GetCommandLineW
DeleteFileW
lstrlenA
MultiByteToWideChar
MapViewOfFile
ResetEvent
RaiseException
FlushInstructionCache
WaitForMultipleObjects
FormatMessageW
MulDiv
lstrlenW
GetDriveTypeW
GlobalHandle
lstrcmpW
TerminateThread
GetModuleHandleW
lstrcmpiW
LoadLibraryExW
HeapSetInformation
GetUserDefaultLangID
CreateFileMappingW
EnterCriticalSection
InitializeCriticalSection
SizeofResource
LockResource
LoadResource
FindResourceW
GetSystemDirectoryW
SetEvent
CreateThread
CreateEventW
Sleep
SetLastError
GetTickCount
GetExitCodeProcess
WaitForSingleObject
CreateProcessW
GetProcAddress
GetVersionExW
LoadLibraryW
FreeLibrary
SetFilePointer
GlobalAlloc
LocalFree
LocalAlloc
GlobalUnlock
ReadFile
GlobalLock
GlobalReAlloc
GlobalFree
CloseHandle
GetCurrentThreadId
CreateFileW
GetDriveTypeA
GetCurrentDirectoryA
GetFullPathNameW
ResumeThread
ExitThread
FileTimeToLocalFileTime
FileTimeToSystemTime
SetEndOfFile
FindFirstFileW
FindNextFileW
FindClose
GetTempFileNameW
CopyFileW
CreateMutexW
DuplicateHandle
GetSystemDefaultLCID
ReleaseMutex
GetPrivateProfileStringW
GetPrivateProfileSectionW
GetCurrentDirectoryW
SetCurrentDirectoryW
RemoveDirectoryW
GetWindowsDirectoryW
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
GetProcessHeap
InterlockedPushEntrySList
SetEnvironmentVariableA
CompareStringW
CompareStringA
CreateFileA
GetTimeZoneInformation
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringA
GetConsoleMode
GetConsoleCP
InitializeCriticalSectionAndSpinCount
HeapReAlloc
HeapSize
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
RtlPcToFileHeader
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
GetCurrentProcessId
QueryPerformanceCounter
HeapCreate
FlsAlloc
FlsFree
FlsSetValue
FlsGetValue
DecodePointer
EncodePointer
GetStartupInfoA
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
RtlUnwindEx
GetModuleFileNameA
GetStdHandle
ExitProcess
SetUnhandledExceptionFilter
GetLocalTime
GetFileAttributesW
GetSystemTimeAsFileTime
HeapFree
HeapAlloc
GetStartupInfoW
LoadLibraryA

gdi32

GetStockObject
CreateSolidBrush
GetObjectW
GetTextExtentPoint32W
CreateCompatibleBitmap
CreateFontIndirectW
GetDeviceCaps
SetBkMode
SetTextColor
SetBkColor
CreatePalette
DeleteObject
SetDIBitsToDevice
PatBlt
DeleteDC
BitBlt
SelectObject
CreateCompatibleDC
CreateDIBitmap
RealizePalette
SelectPalette

comctl32

ImageList_ReplaceIcon
_TrackMouseEvent
ImageList_Create
InitCommonControlsEx
ImageList_Destroy

imm32

ImmGetContext
ImmAssociateContext
ImmReleaseContext

ole32

CLSIDFromString
OleInitialize
CoTaskMemFree
CLSIDFromProgID
CoGetClassObject
CoCreateInstance
CreateStreamOnHGlobal
OleLockRunning
StringFromGUID2
CoTaskMemAlloc
OleUninitialize
CoUninitialize
CoInitialize
CoTaskMemRealloc

oleaut32

SysAllocStringByteLen
SysFreeString
SysAllocString
OleCreateFontIndirect
SysStringLen
LoadRegTypeLi
LoadTypeLi
VariantClear
VariantInit
SysAllocStringLen
VarBstrCmp
VarUI4FromStr
SysStringByteLen

shell32

SHGetSpecialFolderLocation
SHGetDesktopFolder
ShellExecuteW

shlwapi

PathCombineW
PathIsRootW
PathStripToRootW
PathRemoveBackslashW
PathAddBackslashW
PathRemoveBlanksW
PathCanonicalizeW

user32

InvalidateRect
SetCursor
DrawFocusRect
DrawTextW
GetWindowTextW
EnableWindow
GetCursor
GetSysColor
EndDialog
KillTimer
SetTimer
GetDlgItem
SetDlgItemTextW
SendDlgItemMessageW
SetWindowTextW
CallWindowProcW
GetWindowLongPtrW
SetWindowLongPtrW
DialogBoxParamW
CreateDialogParamW
CreateWindowExW
LoadCursorW
GetClassInfoExW
RegisterClassExW
MessageBoxW
IsWindow
IsDialogMessageW
ShowWindow
RedrawWindow
PostMessageW
GetWindowLongW
MonitorFromWindow
GetMonitorInfoW
GetWindowRect
GetParent
GetSysColorBrush
MapWindowPoints
SetWindowPos
LoadIconW
GetDesktopWindow
GetSystemMenu
EnableMenuItem
SetFocus
GetFocus
SendMessageW
DestroyWindow
DefWindowProcW
ExitWindowsEx
GetSystemMetrics
CharPrevW
CharNextW
DispatchMessageW
TranslateMessage
PeekMessageW
MsgWaitForMultipleObjects
ReleaseDC
GetDC
IsDlgButtonChecked
UnregisterClassA
MapDialogRect
SetWindowContextHelpId
DestroyIcon
LoadImageW
CreateAcceleratorTableW
ClientToScreen
MoveWindow
SetCapture
ReleaseCapture
FillRect
InvalidateRgn
DestroyAcceleratorTable
SetWindowLongW
DialogBoxIndirectParamW
GetActiveWindow
ScreenToClient
PtInRect
GetCursorPos
RegisterWindowMessageW
GetWindowTextLengthW
BeginPaint
IsChild
EndPaint
GetClientRect
GetClassNameW
SystemParametersInfoW
PostQuitMessage
GetWindow

setupapi

SetupIterateCabinetW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 566KB - Virtual size: 566KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 190KB - Virtual size: 190KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ab5d97aed117a09cb2947ad3775add66

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

2e:ab:11:dc:50:ff:5c:9d:cb:c0Certificate

Extended Key Usages

Key Usages

61:0f:78:4d:00:00:00:00:00:03Certificate

Extended Key Usages

Key Usages

61:14:2c:a7:00:00:00:00:00:06Certificate

Extended Key Usages

Key Usages

61:14:2c:a7:00:00:00:00:00:06Certificate

Extended Key Usages

Key Usages

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2Certificate

Extended Key Usages

Key Usages

b0:ba:4e:a5:aa:dc:7a:67:2c:65:8d:6c:ee:5b:0e:37:b5:73:4b:c2Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

gdi32

comctl32

imm32

ole32

oleaut32

shell32

shlwapi

user32

setupapi

version

Sections

.text Size: 566KB - Virtual size: 566KB

.rdata Size: 190KB - Virtual size: 190KB

.data Size: 16KB - Virtual size: 36KB

.pdata Size: 43KB - Virtual size: 43KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 6KB - Virtual size: 5KB

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

61:0f:78:4d:00:00:00:00:00:03
Certificate

61:14:2c:a7:00:00:00:00:00:06
Certificate

61:14:2c:a7:00:00:00:00:00:06
Certificate

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

b0:ba:4e:a5:aa:dc:7a:67:2c:65:8d:6c:ee:5b:0e:37:b5:73:4b:c2
Signer

.text
Size: 566KB - Virtual size: 566KB

.rdata
Size: 190KB - Virtual size: 190KB

.data
Size: 16KB - Virtual size: 36KB

.pdata
Size: 43KB - Virtual size: 43KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 6KB - Virtual size: 5KB