49a9d9fa8d345b7de53c53c917d21200N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

49a9d9fa8d345b7de53c53c917d21200N.exe
Size

541KB
MD5

49a9d9fa8d345b7de53c53c917d21200
SHA1

e4fd919b994946f5183d210f759477efbe05d996
SHA256

857eab9ddbc2e97b0171a814ea224b984d2330bd1a8d9baf80c8b67f06d2b3eb
SHA512

8fcf940474646a66ed838f04ec3692d3cd5ae5cee488a0924d32f740ffc6685dc4704929bea5509f6edd2cea2d1acc20b6385b9a030e6fd29154f1fd4da867ce
SSDEEP

12288:pnUB9L1H9JPEck82QaP/lY5PHgvzgVQPsM1sSJUswArZi0C5:pnc9hnPNtZaPCgvqQURIUsxZiP5

Score

1^/10

Malware Config

Signatures

Files

49a9d9fa8d345b7de53c53c917d21200N.exe
.exe windows:5 windows x86 arch:x86

21132aa2b8c25e00cea9c4406165aac4

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28-07-2020 00:00

Not After

28-07-2030 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

79:cd:5e:96:2c:a0:d7:68:41:f9:78:ce
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

18-04-2022 14:35

Not After

15-07-2025 14:35

Subject

SERIALNUMBER=1026605606620,CN=AO Proizvodstvennaya Firma SKB Kontur,O=AO Proizvodstvennaya Firma SKB Kontur,STREET=Street Narodnaya Volya\, building 19A,L=Yekaterinburg,ST=Sverdlovskaya oblast,C=RU,1.3.6.1.4.1.311.60.2.1.2=#131453766572646c6f76736b617961206f626c617374,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23-12-2017 00:00

Not After

22-03-2029 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28-07-2020 00:00

Not After

28-07-2030 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

79:cd:5e:96:2c:a0:d7:68:41:f9:78:ce
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

18-04-2022 14:35

Not After

15-07-2025 14:35

Subject

SERIALNUMBER=1026605606620,CN=AO Proizvodstvennaya Firma SKB Kontur,O=AO Proizvodstvennaya Firma SKB Kontur,STREET=Street Narodnaya Volya\, building 19A,L=Yekaterinburg,ST=Sverdlovskaya oblast,C=RU,1.3.6.1.4.1.311.60.2.1.2=#131453766572646c6f76736b617961206f626c617374,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23-12-2017 00:00

Not After

22-03-2029 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

35:b6:fd:e2:81:6e:85:89:7f:d1:a7:93:f0:2a:0c:cc:66:ff:56:d3:9b:da:d9:7f:27:89:6b:5d:0c:81:bf:f0
Signer

Actual PE Digest

35:b6:fd:e2:81:6e:85:89:7f:d1:a7:93:f0:2a:0c:cc:66:ff:56:d3:9b:da:d9:7f:27:89:6b:5d:0c:81:bf:f0

Digest Algorithm

sha256

PE Digest Matches

true

e6:e6:f2:c1:75:14:7b:7a:0a:f9:e1:0a:2b:05:94:a6:71:41:f4:b3
Signer

Actual PE Digest

e6:e6:f2:c1:75:14:7b:7a:0a:f9:e1:0a:2b:05:94:a6:71:41:f4:b3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\gitlab-runner\builds\wU4BcDzV\0\cpp.studio\plugin\build\bin\Release\kontur.plugin.service.control.pdb

Imports

kernel32

GetFileAttributesExW
GetCurrentProcessId
GetModuleFileNameW
GetCommandLineW
GetVersionExW
FlushFileBuffers
SetEndOfFile
SetFilePointerEx
CreateFileW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
FindNextFileA
FindFirstFileExA
HeapReAlloc
ReadConsoleW
GetConsoleMode
GetModuleHandleA
GetCurrentProcess
WideCharToMultiByte
MultiByteToWideChar
IsDBCSLeadByteEx
GetCPInfo
GetACP
IsValidCodePage
LoadLibraryA
GetProcAddress
CreateFileA
CloseHandle
ReadFile
WriteFile
SetStdHandle
FormatMessageA
GetTickCount
Sleep
GetLastError
LocalFree
SetEnvironmentVariableA
GetProcessHeap
WriteConsoleW
HeapSize
GetFileInformationByHandle
DuplicateHandle
WaitForSingleObjectEx
SwitchToThread
GetCurrentThread
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
FormatMessageW
CreateDirectoryW
FindClose
FindFirstFileExW
GetFileAttributesW
GetTempPathW
AreFileApisANSI
SetLastError
GetModuleHandleW
QueryPerformanceCounter
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
EncodePointer
DecodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
CreateTimerQueue
SetEvent
SignalObjectAndWait
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
FreeLibrary
FreeLibraryAndExitThread
LoadLibraryExW
VirtualAlloc
VirtualProtect
VirtualFree
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
LoadLibraryW
RaiseException
RtlUnwind
GetFileType
ExitThread
GetModuleHandleExW
ExitProcess
GetModuleFileNameA
GetStdHandle
GetCommandLineA
HeapFree
HeapAlloc
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetConsoleCP

shell32

SHGetFolderPathW

ole32

CoTaskMemFree

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
GetFileSecurityW
MapGenericMask
OpenProcessToken
AccessCheck
DuplicateToken
StartServiceA
QueryServiceStatusEx
OpenServiceW
OpenSCManagerA
ControlService
CloseServiceHandle

Sections

.text
Size: 369KB - Virtual size: 369KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 113KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

21132aa2b8c25e00cea9c4406165aac4

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

79:cd:5e:96:2c:a0:d7:68:41:f9:78:ceCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

79:cd:5e:96:2c:a0:d7:68:41:f9:78:ceCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

35:b6:fd:e2:81:6e:85:89:7f:d1:a7:93:f0:2a:0c:cc:66:ff:56:d3:9b:da:d9:7f:27:89:6b:5d:0c:81:bf:f0Signer

e6:e6:f2:c1:75:14:7b:7a:0a:f9:e1:0a:2b:05:94:a6:71:41:f4:b3Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

shell32

ole32

advapi32

Sections

.text Size: 369KB - Virtual size: 369KB

.rdata Size: 113KB - Virtual size: 112KB

.data Size: 16KB - Virtual size: 35KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 23KB - Virtual size: 22KB

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

79:cd:5e:96:2c:a0:d7:68:41:f9:78:ce
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

79:cd:5e:96:2c:a0:d7:68:41:f9:78:ce
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

35:b6:fd:e2:81:6e:85:89:7f:d1:a7:93:f0:2a:0c:cc:66:ff:56:d3:9b:da:d9:7f:27:89:6b:5d:0c:81:bf:f0
Signer

e6:e6:f2:c1:75:14:7b:7a:0a:f9:e1:0a:2b:05:94:a6:71:41:f4:b3
Signer

.text
Size: 369KB - Virtual size: 369KB

.rdata
Size: 113KB - Virtual size: 112KB

.data
Size: 16KB - Virtual size: 35KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 23KB - Virtual size: 22KB