ebda3c8b782b0f11d9dec2b0557878d0N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

ebda3c8b782b0f11d9dec2b0557878d0N.exe
Size

677KB
MD5

ebda3c8b782b0f11d9dec2b0557878d0
SHA1

80fa9f185b94a20f4acc44b8732d54ede81abf82
SHA256

cb2945e78fcaa5cabb380be328c4cab96436a657e7df73dddde7e20ab5274686
SHA512

ae82eed5eaca970d04ca41f47225890619959d4cff30847c9a10c67efd58964e2aa9dfe262277ba1fbe3237fd0dd847ed2d39331aed3224b563c068068c9ebb4
SSDEEP

12288:+v4TlL6OWC4x1uhu1XqpTggfyAXUmvFJ94Iu0K+TnLd2Q7:+v4TCCquYKyAkmdJVnLEQ7

Score

1^/10

Malware Config

Signatures

Files

ebda3c8b782b0f11d9dec2b0557878d0N.exe
.dll windows:6 windows x86 arch:x86

49497c493ea03407836418250b92612a

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

0e:d8:17:a6:10:c8:49:c9:ce:6d:5b:e6:6c:ed:fa:33
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

03/04/2023, 00:00

Not After

14/04/2025, 23:59

Subject

CN=中移互联网有限公司,O=中移互联网有限公司,L=广州市,ST=广东省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

c2:7a:43:fc:96:26:b6:29:74:07:dc:4c:8d:0d:06:7e:30:3d:de:2d
Signer

Actual PE Digest

c2:7a:43:fc:96:26:b6:29:74:07:dc:4c:8d:0d:06:7e:30:3d:de:2d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\work\code\SDP\SecBox\Sandboxie-1.1.3\Sandboxie-1.1.3\Sandboxie\Bin\Win32\SbieRelease\SbieDll.pdb

Imports

ntdll

RtlUnwind
NtSetInformationJobObject
NtClose
NtAssignProcessToJobObject
NtOpenJobObject
NtCreateJobObject
NtUnmapViewOfSection
NtMapViewOfSection
RtlEqualSid
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
RtlCreateSecurityDescriptor
RtlAddAccessAllowedAceEx
RtlCreateAcl
NtAdjustPrivilegesToken
NtFilterToken
NtDuplicateObject
NtSetInformationToken
NtOpenThread
NtOpenProcess
RtlConvertSidToUnicodeString
RtlSetSaclSecurityDescriptor
RtlSetDaclSecurityDescriptor
NtSetSecurityObject
NtQuerySecurityObject
NtQueryVirtualMemory
RtlNtStatusToDosError
NtLoadDriver
LdrQueryImageFileExecutionOptions
LdrQueryProcessModuleInformation
LdrUnloadDll
LdrLoadDll
NtYieldExecution
NtNotifyChangeMultipleKeys
NtNotifyChangeKey
NtEnumerateValueKey
NtQueryMultipleValueKey
NtSaveKey
NtLoadKey2
NtLoadKey
NtDeleteKey
NtSetInformationKey
NtQueryKey
NtImpersonateAnonymousToken
NtImpersonateThread
NtDuplicateToken
NtQueryInformationToken
NtOpenThreadToken
NtOpenSection
NtCreateSection
NtOpenSemaphore
NtCreateSemaphore
NtOpenMutant
NtCreateMutant
NtOpenEvent
NtCreateEvent
NtCreateSymbolicLinkObject
NtImpersonateClientOfPort
NtSecureConnectPort
NtCreatePort
NtAllocateVirtualMemory
RtlUnicodeStringToAnsiString
NtOpenProcessToken
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlInitString
NtQueryInformationProcess
NtSetInformationThread
RtlSetThreadErrorMode
RtlGetFullPathName_U
RtlSetCurrentDirectory_U
RtlGetCurrentDirectory_U
NtQuerySymbolicLinkObject
NtOpenSymbolicLinkObject
RtlCompareUnicodeString
NtQuerySystemInformation
NtSetInformationProcess
NtQueryVolumeInformationFile
NtCreateNamedPipeFile
NtCreateMailslotFile
NtFsControlFile
NtDeviceIoControlFile
NtWriteFile
NtReadFile
NtDeleteFile
NtSetInformationFile
NtQueryFullAttributesFile
NtQueryAttributesFile
NtQueryInformationFile
NtQueryDirectoryFile
NtOpenFile
NtCreateFile
NtOpenDirectoryObject
NtQueryObject
DbgPrint
NtProtectVirtualMemory
LdrGetProcedureAddress
NtDeleteValueKey
NtSetValueKey
NtEnumerateKey
NtCreateKey
NtOpenKey
NtQueryValueKey
RtlInitUnicodeString
NtRequestWaitReplyPort
NtRegisterThreadTerminatePort
NtConnectPort
strstr
memcpy
memset
_wcsicmp
_chkstk
_wcsnicmp
towlower
wcsstr
wcschr
_itow
memmove
wcscpy_s
wcsncpy
_wcslwr
wcstol
_wtoi
wcsncmp
_stricmp
wcsrchr
_alldiv
_allmul
_ultow
wcstoul
_wtoi64
strchr
strncmp
wcsncpy_s
tolower
iswctype
_strlwr

kernel32

CreateEventW
SetLocaleInfoW
SetLocaleInfoA
PostQueuedCompletionStatus
EnumResourceNamesW
FormatMessageW
LoadLibraryExW
GetVersionExW
GetLongPathNameW
GetFullPathNameW
WinExec
OpenProcess
CreateProcessA
TerminateProcess
QueueUserWorkItem
CreateFileA
SizeofResource
WriteProcessMemory
ReadProcessMemory
DuplicateHandle
GetProcessId
MapViewOfFile
OpenFileMappingW
CreateFileMappingW
GetWindowsDirectoryW
HeapDestroy
HeapCreate
SetThreadPriority
GetExitCodeProcess
OpenEventW
DeleteCriticalSection
RaiseException
GlobalAddAtomW
UnmapViewOfFile
MapViewOfFileEx
GetThreadTimes
SleepEx
GetTickCount64
FindResourceA
FindResourceW
LockResource
LoadResource
GlobalLock
GlobalUnlock
GlobalSize
GetConsoleWindow
SetConsoleTitleW
SetConsoleTitleA
GetConsoleTitleW
GetConsoleTitleA
AllocConsole
GetStartupInfoW
OpenThread
WaitForMultipleObjects
WideCharToMultiByte
GetSystemInfo
ReplaceFileW
MoveFileWithProgressW
MoveFileExW
GetPrivateProfileStringW
GetSystemWindowsDirectoryW
GetTickCount
QueueUserAPC
OpenMutexW
CreateMutexW
ReleaseMutex
TryEnterCriticalSection
GetFileSizeEx
GetFileAttributesW
FindNextChangeNotification
FindFirstChangeNotificationW
DeleteFileW
CreateDirectoryW
GetEnvironmentVariableW
GetEnvironmentStringsW
QueryPerformanceFrequency
QueryPerformanceCounter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
TlsSetValue
TlsGetValue
TlsAlloc
GetModuleHandleA
ProcessIdToSessionId
GetCurrentProcessId
Sleep
SetEvent
IsDebuggerPresent
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
OutputDebugStringW
GetModuleFileNameW
CreateProcessW
CreateThread
ExitProcess
SetEnvironmentVariableW
GetCommandLineW
LocalFree
LocalAlloc
GetSystemTimeAsFileTime
LoadLibraryW
GetModuleHandleW
FreeLibrary
ExpandEnvironmentStringsW
WaitForSingleObject
GlobalFree
GlobalAlloc
GetLastError
HeapAlloc
HeapFree
GetProcessHeap
GetCurrentProcess
GetCurrentThread
GetCurrentThreadId
SuspendThread
ResumeThread
GetThreadContext
SetThreadContext
FlushInstructionCache
VirtualAlloc
VirtualProtect
VirtualFree
VirtualQuery
VirtualProtectEx
VirtualQueryEx
SetLastError
CreateFileW
ReadFile
SetFilePointerEx
CloseHandle
GetProcAddress

Exports

Exports

SbieApi_Call
SbieApi_CheckInternetAccess
SbieApi_DisableForceProcess
SbieApi_EnumBoxes
SbieApi_EnumProcessEx
SbieApi_GetFileName
SbieApi_GetHomePath
SbieApi_GetMessage
SbieApi_GetUnmountHive
SbieApi_GetVersion
SbieApi_GetVersionEx
SbieApi_HookTramp
SbieApi_IsBoxEnabled
SbieApi_Log
SbieApi_LogEx
SbieApi_MonitorControl
SbieApi_MonitorGetEx
SbieApi_MonitorPut
SbieApi_MonitorPut2
SbieApi_OpenProcess
SbieApi_QueryBoxPath
SbieApi_QueryConf
SbieApi_QueryConfBool
SbieApi_QueryPathList
SbieApi_QueryProcess
SbieApi_QueryProcessEx
SbieApi_QueryProcessInfo
SbieApi_QueryProcessPath
SbieApi_ReloadConf
SbieApi_SessionLeader
SbieApi_SetUserName
SbieDll_AssocQueryCommand
SbieDll_AssocQueryProgram
SbieDll_CallServer
SbieDll_ComCreateProxy
SbieDll_ComCreateStub
SbieDll_DeviceChange
SbieDll_DisableElevationHook
SbieDll_ExpandAndRunProgram
SbieDll_FormatMessage
SbieDll_FormatMessage0
SbieDll_FormatMessage1
SbieDll_FormatMessage2
SbieDll_FreeMem
SbieDll_GetDrivePath
SbieDll_GetHandlePath
SbieDll_GetLanguage
SbieDll_GetServiceRegistryValue
SbieDll_GetStartError
SbieDll_GetTokenElevationType
SbieDll_GetUserPathEx
SbieDll_Hook
SbieDll_InitPStore
SbieDll_IsBoxedService
SbieDll_IsDirectory
SbieDll_IsOpenCOM
SbieDll_IsOpenClsid
SbieDll_KillAll
SbieDll_KillOne
SbieDll_PortName
SbieDll_QueueCreate
SbieDll_QueueGetReq
SbieDll_QueueGetRpl
SbieDll_QueuePutReq
SbieDll_QueuePutRpl
SbieDll_RegisterDllCallback
SbieDll_RunFromHome
SbieDll_RunSandboxed
SbieDll_StartBoxedService
SbieDll_StartCOM
SbieDll_StartSbieSvc
SbieDll_TranslateNtToDosPath
SbieDll_UpdateConf
Sbie_snprintf
Sbie_snwprintf
_File_GetName@20
_Key_GetName@20
_SbieApi_CheckInternetAccess@12
_SbieApi_DisableForceProcess@8
_SbieApi_EnumBoxes@8
_SbieApi_EnumBoxesEx
_SbieApi_EnumBoxesEx@12
_SbieApi_EnumProcessEx
_SbieApi_EnumProcessEx@20
_SbieApi_GetBlockedDll@8
_SbieApi_GetFileName@12
_SbieApi_GetHomePath@16
_SbieApi_GetMessage@24
_SbieApi_GetUnmountHive@4
_SbieApi_GetVersion@4
_SbieApi_GetVersionEx@8
_SbieApi_HookTramp@8
_SbieApi_Ioctl@4
_SbieApi_IsBoxEnabled
_SbieApi_IsBoxEnabled@4
_SbieApi_LogMsgEx@16
_SbieApi_LogMsgExt@8
_SbieApi_MonitorControl@8
_SbieApi_MonitorGetEx@16
_SbieApi_MonitorPut2@12
_SbieApi_MonitorPut@8
_SbieApi_MonitorPutMsg@8
_SbieApi_OpenProcess@8
_SbieApi_ProcessExemptionControl@16
_SbieApi_QueryBoxPath@28
_SbieApi_QueryConf
_SbieApi_QueryConf@20
_SbieApi_QueryConfBool@12
_SbieApi_QueryPathList@20
_SbieApi_QueryProcess@20
_SbieApi_QueryProcessEx
_SbieApi_QueryProcessEx2@28
_SbieApi_QueryProcessEx@24
_SbieApi_QueryProcessInfo@8
_SbieApi_QueryProcessInfoEx@16
_SbieApi_QueryProcessPath@28
_SbieApi_ReloadConf
_SbieApi_ReloadConf@8
_SbieApi_SessionLeader@8
_SbieApi_SetUserName@8
_SbieApi_vLogEx@16
_SbieDll_AssocQueryCommand@4
_SbieDll_AssocQueryProgram@4
_SbieDll_CallServer
_SbieDll_CallServer@4
_SbieDll_CallServerQueue@16
_SbieDll_CheckPatternInList@16
_SbieDll_CheckProcessLocalSystem@4
_SbieDll_CheckStringInList@12
_SbieDll_ComCreateProxy@16
_SbieDll_ComCreateStub@16
_SbieDll_DeviceChange@8
_SbieDll_DisableCHPE@0
_SbieDll_DisableElevationHook@0
_SbieDll_ExpandAndRunProgram@4
_SbieDll_FormatMessage
_SbieDll_FormatMessage0
_SbieDll_FormatMessage0@4
_SbieDll_FormatMessage1
_SbieDll_FormatMessage1@8
_SbieDll_FormatMessage2
_SbieDll_FormatMessage2@12
_SbieDll_FormatMessage@8
_SbieDll_FreeMem
_SbieDll_FreeMem@4
_SbieDll_GetBorderColor
_SbieDll_GetBorderColor@16
_SbieDll_GetDrivePath@4
_SbieDll_GetHandlePath@12
_SbieDll_GetLanguage@4
_SbieDll_GetServiceRegistryValue@12
_SbieDll_GetSettingsForName@24
_SbieDll_GetSettingsForName_bool@16
_SbieDll_GetStartError@0
_SbieDll_GetStringForStringList@20
_SbieDll_GetSysFunction@4
_SbieDll_GetTokenElevationType@0
_SbieDll_GetUserPathEx@4
_SbieDll_Hook@16
_SbieDll_HookInit@0
_SbieDll_InitPStore@0
_SbieDll_InjectLow@12
_SbieDll_InjectLow_InitHelper@0
_SbieDll_InjectLow_InitSyscalls@4
_SbieDll_InjectLow_SendHandle@4
_SbieDll_IsBoxedService@4
_SbieDll_IsDirectory@4
_SbieDll_IsDllSkipHook@4
_SbieDll_IsOpenCOM@0
_SbieDll_IsOpenClsid@12
_SbieDll_IsReservedFileName@4
_SbieDll_KillAll
_SbieDll_KillAll@8
_SbieDll_KillOne@4
_SbieDll_MatchImage@12
_SbieDll_OpenProcess@8
_SbieDll_PortName@0
_SbieDll_QueryConf@20
_SbieDll_QueueCreate@8
_SbieDll_QueueGetReq@24
_SbieDll_QueueGetRpl@16
_SbieDll_QueuePutReq@20
_SbieDll_QueuePutRpl@16
_SbieDll_RegisterDllCallback@4
_SbieDll_RunFromHome@16
_SbieDll_RunSandboxed@24
_SbieDll_RunStartExe@8
_SbieDll_StartBoxedService@8
_SbieDll_StartCOM@4
_SbieDll_StartSbieSvc@4
_SbieDll_TranslateNtToDosPath@4
_SbieDll_UnHookModule@4
_SbieDll_UpdateConf@20

Sections

.text
Size: 489KB - Virtual size: 489KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 121KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 270B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

49497c493ea03407836418250b92612a

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

0e:d8:17:a6:10:c8:49:c9:ce:6d:5b:e6:6c:ed:fa:33Certificate

Extended Key Usages

Key Usages

c2:7a:43:fc:96:26:b6:29:74:07:dc:4c:8d:0d:06:7e:30:3d:de:2dSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntdll

kernel32

Exports

Exports

Sections

.text Size: 489KB - Virtual size: 489KB

.rdata Size: 121KB - Virtual size: 120KB

.data Size: 4KB - Virtual size: 163KB

.idata Size: 9KB - Virtual size: 8KB

.detourc Size: 6KB - Virtual size: 5KB

.detourd Size: 512B - Virtual size: 270B

.rsrc Size: 8KB - Virtual size: 8KB

.reloc Size: 29KB - Virtual size: 29KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

0e:d8:17:a6:10:c8:49:c9:ce:6d:5b:e6:6c:ed:fa:33
Certificate

c2:7a:43:fc:96:26:b6:29:74:07:dc:4c:8d:0d:06:7e:30:3d:de:2d
Signer

.text
Size: 489KB - Virtual size: 489KB

.rdata
Size: 121KB - Virtual size: 120KB

.data
Size: 4KB - Virtual size: 163KB

.idata
Size: 9KB - Virtual size: 8KB

.detourc
Size: 6KB - Virtual size: 5KB

.detourd
Size: 512B - Virtual size: 270B

.rsrc
Size: 8KB - Virtual size: 8KB

.reloc
Size: 29KB - Virtual size: 29KB