88a45c926edecd28b4a1633378eb80d20c3177f28d6c53d4f5ddcddc0cbfc58f[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

88a45c926edecd28b4a1633378eb80d20c3177f28d6c53d4f5ddcddc0cbfc58f.exe
Size

1.1MB
MD5

1313f6e38171d884ad40a9d2347a049f
SHA1

f0597ff8b7b617f45c09c2bbc19137f4f060e772
SHA256

88a45c926edecd28b4a1633378eb80d20c3177f28d6c53d4f5ddcddc0cbfc58f
SHA512

f29cf2d5c846790839d8e10135ae021fc7ef6c3baa0fde1ff15f3d52e3183133abc116490cf09d4b17bd691f3a031bc1c467cc217eca6a676c51b1f63786ffbe
SSDEEP

24576:85rFQBJMJF3Uh+QVLUrxoP6bfbJcvKQEu0:8hCB6j3RQVLUbbf9

Score

1^/10

Malware Config

Signatures

Files

88a45c926edecd28b4a1633378eb80d20c3177f28d6c53d4f5ddcddc0cbfc58f.exe
.exe windows:6 windows x64 arch:x64

17fcf7d6ba5b8f018aaa4828f0547769

Code Sign

01
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01/01/2004, 00:00

Not After

31/12/2028, 23:59

Subject

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6f:2e:41:26:46:eb:90:5b:c4:c5:60:b4:3a:a7:ec:91
Certificate

Issuer

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Not Before

13/03/2023, 00:00

Not After

12/03/2026, 23:59

Subject

SERIALNUMBER=P027396,CN=SynerComm\, Inc.,O=SynerComm\, Inc.,ST=Wisconsin,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#1309576973636f6e73696e,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

49:98:91:c6:46:59:3e:e8:27:14:04:6e:cc:1a:2d:da:c4:75:e2:0a
Signer

Actual PE Digest

49:98:91:c6:46:59:3e:e8:27:14:04:6e:cc:1a:2d:da:c4:75:e2:0a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

Authenticator.pdb

Imports

api-ms-win-core-synch-l1-2-0

WaitOnAddress
WakeByAddressAll
WakeByAddressSingle

user32

MessageBoxA

kernel32

MultiByteToWideChar
WriteConsoleW
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
GetModuleHandleW
GetConsoleMode
HeapAlloc
ReleaseMutex
lstrlenW
HeapReAlloc
TerminateProcess
GetCurrentProcessId
GetStdHandle
GetCurrentProcess
GetEnvironmentVariableW
GetCurrentDirectoryW
QueryPerformanceCounter
GetCurrentThread
SetThreadStackGuarantee
AddVectoredExceptionHandler
CloseHandle
GetCurrentThreadId
GetSystemTimeAsFileTime
VirtualProtect
CreateThread
Sleep
WaitForSingleObject
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualQuery
VirtualFree
VirtualAlloc
FormatMessageA
GetProcAddress
GetModuleHandleExA
GetModuleHandleA
GetModuleFileNameA
FreeLibrary
RaiseException
RtlVirtualUnwind
RtlUnwindEx
RtlRestoreContext
RtlLookupFunctionEntry
RtlCaptureContext
SetLastError
FormatMessageW
LoadLibraryExA
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
HeapFree
GetProcessHeap
SetUnhandledExceptionFilter
GetLastError
IsProcessorFeaturePresent

ntdll

RtlNtStatusToDosError
NtWriteFile

vcruntime140

memchr
__CxxFrameHandler3
memcpy
memmove
memcmp
memset
strchr
strstr
__current_exception_context
__current_exception
__DestructExceptionObject
__C_specific_handler
strrchr
_CxxThrowException

api-ms-win-crt-math-l1-1-0

ldexp
__setusermatherr
sqrt
atan
tan
modf
log
frexp
atan2
pow
log10
exp
sin
cos
asin
acos
sinh
cosh
tanh
fmod

api-ms-win-crt-string-l1-1-0

strncmp
strlen
strncpy

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_exit
_register_thread_local_exe_atexit_callback
_c_exit
strerror
_configure_narrow_argv
__p___argc
_initialize_narrow_environment
system
_errno
_get_initial_narrow_environment
_initterm
_set_app_type
_initialize_onexit_table
_seh_filter_exe
_register_onexit_function
_crt_atexit
exit
_cexit
terminate
__p___argv

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vfprintf_s
__stdio_common_vfprintf_p
__p__fmode
__stdio_common_vfprintf
fputs
fputc
fflush
__stdio_common_vswscanf
__stdio_common_vswprintf_p
__stdio_common_vsnwprintf_s
__stdio_common_vswprintf_s
_set_fmode
__stdio_common_vswprintf
__stdio_common_vfwscanf
__stdio_common_vfwprintf_p
__stdio_common_vfwprintf_s
__stdio_common_vfwprintf
__acrt_iob_func
__stdio_common_vfscanf
tmpnam
__stdio_common_vsprintf
__stdio_common_vsprintf_s
__p__commode
__stdio_common_vsnprintf_s
__stdio_common_vsprintf_p
__stdio_common_vsscanf
fwrite
putchar
ungetc
fclose
feof
ferror
fopen
fread
clearerr
fgets
_fseeki64
_ftelli64
getc
_pclose
_popen
setvbuf
tmpfile

api-ms-win-crt-convert-l1-1-0

strtoul

api-ms-win-crt-time-l1-1-0

_localtime64
_mktime64
clock
_time64
_gmtime64
_difftime64
strftime

api-ms-win-crt-filesystem-l1-1-0

rename
remove

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-locale-l1-1-0

setlocale
_configthreadlocale

api-ms-win-crt-heap-l1-1-0

_set_new_mode
free

Exports

Exports

__swprintf_l
__vswprintf_l
_fprintf_l
_fprintf_p
_fprintf_p_l
_fprintf_s_l
_fscanf_l
_fscanf_s_l
_fwprintf_l
_fwprintf_p
_fwprintf_p_l
_fwprintf_s_l
_fwscanf_l
_fwscanf_s_l
_printf_l
_printf_p
_printf_p_l
_printf_s_l
_scanf_l
_scanf_s_l
_scprintf
_scprintf_l
_scprintf_p
_scprintf_p_l
_scwprintf
_scwprintf_l
_scwprintf_p
_scwprintf_p_l
_snprintf
_snprintf_c
_snprintf_c_l
_snprintf_l
_snprintf_s
_snprintf_s_l
_snscanf
_snscanf_l
_snscanf_s
_snscanf_s_l
_snwprintf
_snwprintf_l
_snwprintf_s
_snwprintf_s_l
_snwscanf
_snwscanf_l
_snwscanf_s
_snwscanf_s_l
_sprintf_l
_sprintf_p
_sprintf_p_l
_sprintf_s_l
_sscanf_l
_sscanf_s_l
_swprintf
_swprintf_c
_swprintf_c_l
_swprintf_l
_swprintf_p
_swprintf_p_l
_swprintf_s_l
_swscanf_l
_swscanf_s_l
_vfprintf_l
_vfprintf_p
_vfprintf_p_l
_vfprintf_s_l
_vfscanf_l
_vfscanf_s_l
_vfwprintf_l
_vfwprintf_p
_vfwprintf_p_l
_vfwprintf_s_l
_vfwscanf_l
_vfwscanf_s_l
_vprintf_l
_vprintf_p
_vprintf_p_l
_vprintf_s_l
_vscanf_l
_vscanf_s_l
_vscprintf
_vscprintf_l
_vscprintf_p
_vscprintf_p_l
_vscwprintf
_vscwprintf_l
_vscwprintf_p
_vscwprintf_p_l
_vsnprintf
_vsnprintf_c
_vsnprintf_c_l
_vsnprintf_l
_vsnprintf_s
_vsnprintf_s_l
_vsnwprintf
_vsnwprintf_l
_vsnwprintf_s
_vsnwprintf_s_l
_vsnwscanf_l
_vsnwscanf_s_l
_vsprintf_l
_vsprintf_p
_vsprintf_p_l
_vsprintf_s_l
_vsscanf_l
_vsscanf_s_l
_vswprintf
_vswprintf_c
_vswprintf_c_l
_vswprintf_l
_vswprintf_p
_vswprintf_p_l
_vswprintf_s_l
_vswscanf_l
_vswscanf_s_l
_vwprintf_l
_vwprintf_p
_vwprintf_p_l
_vwprintf_s_l
_vwscanf_l
_vwscanf_s_l
_wprintf_l
_wprintf_p
_wprintf_p_l
_wprintf_s_l
_wscanf_l
_wscanf_s_l
fprintf
fprintf_s
fscanf
fscanf_s
fwprintf
fwprintf_s
fwscanf
fwscanf_s
printf
printf_s
scanf
scanf_s
snprintf
sprintf
sprintf_s
sscanf
sscanf_s
swprintf
swprintf_s
swscanf
swscanf_s
vfprintf
vfprintf_s
vfscanf
vfscanf_s
vfwprintf
vfwprintf_s
vfwscanf
vfwscanf_s
vprintf
vprintf_s
vscanf
vscanf_s
vsnprintf
vsnprintf_s
vsprintf
vsprintf_s
vsscanf
vsscanf_s
vswprintf
vswprintf_s
vswscanf
vswscanf_s
vwprintf
vwprintf_s
vwscanf
vwscanf_s
wprintf
wprintf_s
wscanf
wscanf_s

Sections

.text
Size: 653KB - Virtual size: 652KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 377KB - Virtual size: 377KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

17fcf7d6ba5b8f018aaa4828f0547769

Code Sign

01Certificate

Key Usages

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6eCertificate

Extended Key Usages

Key Usages

6f:2e:41:26:46:eb:90:5b:c4:c5:60:b4:3a:a7:ec:91Certificate

Extended Key Usages

Key Usages

49:98:91:c6:46:59:3e:e8:27:14:04:6e:cc:1a:2d:da:c4:75:e2:0aSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-core-synch-l1-2-0

user32

kernel32

ntdll

vcruntime140

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Exports

Exports

Sections

.text Size: 653KB - Virtual size: 652KB

.rdata Size: 377KB - Virtual size: 377KB

.data Size: 1024B - Virtual size: 2KB

.pdata Size: 33KB - Virtual size: 33KB

.rsrc Size: 28KB - Virtual size: 27KB

.reloc Size: 3KB - Virtual size: 2KB

01
Certificate

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

6f:2e:41:26:46:eb:90:5b:c4:c5:60:b4:3a:a7:ec:91
Certificate

49:98:91:c6:46:59:3e:e8:27:14:04:6e:cc:1a:2d:da:c4:75:e2:0a
Signer

.text
Size: 653KB - Virtual size: 652KB

.rdata
Size: 377KB - Virtual size: 377KB

.data
Size: 1024B - Virtual size: 2KB

.pdata
Size: 33KB - Virtual size: 33KB

.rsrc
Size: 28KB - Virtual size: 27KB

.reloc
Size: 3KB - Virtual size: 2KB