941e22c9b92b5c2b5d8fc56e2078945c0bb24bb580d13922e367ae6368010fb2

Sharing

Copy URL Twitter E-mail

General

Target

941e22c9b92b5c2b5d8fc56e2078945c0bb24bb580d13922e367ae6368010fb2
Size

3.4MB
MD5

681e380aa759199f7172d94b3f15f2e3
SHA1

90d2b4d3e3004c5daa8aa9c62099edc01d24caa9
SHA256

941e22c9b92b5c2b5d8fc56e2078945c0bb24bb580d13922e367ae6368010fb2
SHA512

04e8226d18771ed56647c23aa029437dbcc3384ab9d32e3241262dcc5e042f8fc5351324cc859c5615f901db001fc0623a24a1971e5ec93685b19284e5207916
SSDEEP

49152:dGtlqaIU6iyaVwASOyA3bFhkyQr4lXWwhT+scjF/BmnFlcLMxl+uXGBMcck2vAqZ:9+AAZ/ljcPgvcal+d7Cs6

Score

1^/10

Malware Config

Signatures

Files

941e22c9b92b5c2b5d8fc56e2078945c0bb24bb580d13922e367ae6368010fb2
.exe windows:5 windows x64 arch:x64

6016770a67b40663707dd4a8411f7999

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:77:47:43:6f:b5:61:06:48:55:d0:9a:31:7c:3e:cf
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

07/06/2022, 00:00

Not After

01/06/2023, 23:59

Subject

SERIALNUMBER=HRB 742261,CN=Avira Operations GmbH,O=Avira Operations GmbH,L=Tettnang,ST=Baden-Württemberg,C=DE,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#1303556c6d,1.3.6.1.4.1.311.60.2.1.2=#0c12426164656e2d57c3bc727474656d62657267,1.3.6.1.4.1.311.60.2.1.3=#13024445

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

de:08:3b:2c:78:7e:19:1c:f1:a1:55:38:7f:f9:21:2e:3a:76:77:79:78:5c:7c:18:f8:af:10:3e:cb:f2:0b:95
Signer

Actual PE Digest

de:08:3b:2c:78:7e:19:1c:f1:a1:55:38:7f:f9:21:2e:3a:76:77:79:78:5c:7c:18:f8:af:10:3e:cb:f2:0b:95

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\bamboo-build\WPPSDK-RTPSDK-BRTPX64R\rtp-sdk\BuildOutput\Bin\Release\x64\rtp_setup.exe.pdb

Imports

kernel32

WideCharToMultiByte
MultiByteToWideChar
GetSystemDirectoryW
GetVolumeNameForVolumeMountPointW
QueryDosDeviceW
GetLogicalDrives
ExpandEnvironmentStringsW
GetVersionExW
GetNativeSystemInfo
GetSystemWow64DirectoryW
GetModuleHandleW
GetProcAddress
VerifyVersionInfoW
CreateFileW
GetShortPathNameW
ReadFile
CloseHandle
Sleep
OpenProcess
LocalFree
MoveFileExW
GetCurrentProcess
LoadLibraryA
SetHandleInformation
CreatePipe
PeekNamedPipe
HeapAlloc
GetProcessHeap
WaitForSingleObject
GetCurrentProcessId
TerminateProcess
GetCurrentThread
CreateProcessW
QueryFullProcessImageNameW
SetLastError
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStdHandle
GetEnvironmentVariableW
GetFileType
WriteFile
QueryPerformanceCounter
GetSystemTimeAsFileTime
DeleteFiber
ConvertFiberToThread
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
LoadLibraryW
FindClose
FindFirstFileW
FindNextFileW
FreeLibrary
FormatMessageA
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
GetCurrentDirectoryW
FindFirstFileExW
GetFileAttributesW
GetFileAttributesExW
GetFileInformationByHandle
GetFullPathNameW
SetEndOfFile
SetFileInformationByHandle
SetFilePointerEx
GetTempPathW
AreFileApisANSI
CopyFileW
GetFileInformationByHandleEx
GetStringTypeW
WaitForSingleObjectEx
InitializeCriticalSectionEx
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
WakeAllConditionVariable
EncodePointer
DecodePointer
LCMapStringEx
CompareStringEx
GetCPInfo
GetLocaleInfoEx
GetThreadTimes
LoadLibraryExW
SetEvent
InitializeSListHead
CreateEventW
ResetEvent
RtlCaptureContext
RtlLookupFunctionEntry
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
RtlPcToFileHeader
RaiseException
RtlUnwindEx
ExitProcess
GetModuleHandleExW
SetConsoleCtrlHandler
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetCommandLineA
GetCommandLineW
HeapFree
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
GetConsoleOutputCP
GetFileSizeEx
GetTimeZoneInformation
HeapReAlloc
SetStdHandle
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
HeapSize
WriteConsoleW
GetModuleFileNameW
GetCurrentThreadId
QueryPerformanceFrequency
GetLastError
RtlUnwind

advapi32

OpenProcessToken
RegCloseKey
RegOpenKeyExW
RegSetValueExW
CryptAcquireContextW
CryptEnumProvidersW
CryptSignHashW
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptReleaseContext
CryptGetHashParam
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
ReportEventW
RegisterEventSourceW
DeregisterEventSource
StartServiceW
QueryServiceStatus
QueryServiceConfigW
OpenServiceW
OpenSCManagerW
DeleteService
CryptCreateHash
ControlService
ChangeServiceConfigW
CloseServiceHandle
RegQueryValueExW
RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
LookupPrivilegeValueW
AdjustTokenPrivileges
TraceMessage
CryptDestroyHash
CryptHashData

ntdll

NtQueryKey
NtOpenKey
RtlInitUnicodeString
NtDeleteKey
VerSetConditionMask
RtlVirtualUnwind
RtlNtStatusToDosError
NtCreateKey

fltlib

FilterUnload
FilterLoad

setupapi

SetupOpenFileQueue
SetupOpenInfFileW
SetupCommitFileQueueW
SetupInstallFromInfSectionW
SetupInstallFilesFromInfSectionW
SetupInstallServicesFromInfSectionW
SetupCloseFileQueue
SetupCloseInfFile

ws2_32

WSAGetLastError
WSACleanup
recv
send
WSASetLastError
closesocket

wintrust

WinVerifyTrust

crypt32

CertDuplicateCertificateContext
CertGetCertificateContextProperty
CryptMsgGetParam
CertEnumCertificatesInStore
CertOpenStore
CryptQueryObject
CertGetNameStringW
CertFreeCertificateContext
CertFindCertificateInStore
CryptMsgClose
CertCloseStore

bcrypt

BCryptGenRandom

user32

GetUserObjectInformationW
GetProcessWindowStation
MessageBoxW

shell32

SHGetSpecialFolderPathW

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 686KB - Virtual size: 686KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 85KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6016770a67b40663707dd4a8411f7999

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

02:77:47:43:6f:b5:61:06:48:55:d0:9a:31:7c:3e:cfCertificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

de:08:3b:2c:78:7e:19:1c:f1:a1:55:38:7f:f9:21:2e:3a:76:77:79:78:5c:7c:18:f8:af:10:3e:cb:f2:0b:95Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

ntdll

fltlib

setupapi

ws2_32

wintrust

crypt32

bcrypt

user32

shell32

Sections

.text Size: 2.4MB - Virtual size: 2.4MB

.rdata Size: 686KB - Virtual size: 686KB

.data Size: 25KB - Virtual size: 45KB

.pdata Size: 85KB - Virtual size: 85KB

_RDATA Size: 512B - Virtual size: 512B

.rsrc Size: 92KB - Virtual size: 92KB

.reloc Size: 24KB - Virtual size: 24KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

02:77:47:43:6f:b5:61:06:48:55:d0:9a:31:7c:3e:cf
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

de:08:3b:2c:78:7e:19:1c:f1:a1:55:38:7f:f9:21:2e:3a:76:77:79:78:5c:7c:18:f8:af:10:3e:cb:f2:0b:95
Signer

.text
Size: 2.4MB - Virtual size: 2.4MB

.rdata
Size: 686KB - Virtual size: 686KB

.data
Size: 25KB - Virtual size: 45KB

.pdata
Size: 85KB - Virtual size: 85KB

_RDATA
Size: 512B - Virtual size: 512B

.rsrc
Size: 92KB - Virtual size: 92KB

.reloc
Size: 24KB - Virtual size: 24KB