5adad1d4925e8753d7e29331dfec959431d9c6b0f34feb541f4bc85316f35c9a[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

5adad1d4925e8753d7e29331dfec959431d9c6b0f34feb541f4bc85316f35c9a.exe
Size

551KB
MD5

c0f12fb677fbaaf2be09ef30a96885c6
SHA1

72417ff8600b82c0b9b84261791b6b4c2d4147d3
SHA256

5adad1d4925e8753d7e29331dfec959431d9c6b0f34feb541f4bc85316f35c9a
SHA512

79d6436a3a30bbbc85ef9c93f6dd7fb863c741348ce0bae463972e0d84cb1aa84e9f270a4b384fe309d9cf05dc7f0d628936321a2f31bcd2d2eb07f2fa5c3174
SSDEEP

6144:9S70pxSueayOde3PHEqQDyYBObz0Wx8sA7SIBBBee7FQ2pG69P4bhD7ipUyTyWyv:A7GMH8BObo1Xke7LPlgN

Score

1^/10

Malware Config

Signatures

Files

5adad1d4925e8753d7e29331dfec959431d9c6b0f34feb541f4bc85316f35c9a.exe
.dll windows:6 windows x64 arch:x64

904685bf2c01fcd49bda88fdfb4e1747

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:23

Not After

01/09/2022, 18:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4b:9a:6e:1a:69:f2:80:f8:dd:89:0c:f2:01:e4:ff:4f:ff:36:81:d2:f2:75:62:d0:0d:41:81:5a:ac:8b:c8:01
Signer

Actual PE Digest

4b:9a:6e:1a:69:f2:80:f8:dd:89:0c:f2:01:e4:ff:4f:ff:36:81:d2:f2:75:62:d0:0d:41:81:5a:ac:8b:c8:01

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetProcessHeap
GetNativeSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
FreeLibrary
lstrlenA
IsBadReadPtr
GetThreadLocale
GetSystemInfo
Sleep
CreateThread
FreeLibraryAndExitThread
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExA
SwitchToFiber
DeleteFiber
ConvertFiberToThread
CreateFiberEx
ConvertThreadToFiberEx
CloseHandle
WaitForSingleObject
GetCurrentProcess
HeapFree
InitializeProcThreadAttributeList
DeleteProcThreadAttributeList
UpdateProcThreadAttribute
CreateRemoteThreadEx
GetLogicalProcessorInformationEx
CreateFileA
GetFileSize
ReadFile
SetUnhandledExceptionFilter
GetLastError
SetErrorMode
ConnectNamedPipe
DisconnectNamedPipe
GetOverlappedResult
InitializeCriticalSection
DeleteCriticalSection
SetEvent
WaitForSingleObjectEx
CreateEventA
GetTickCount
IsWow64Process
GlobalAlloc
GlobalFree
CreateNamedPipeA
DecodePointer
HeapAlloc
SetLastError
LocalFree
LoadLibraryA
GetProcAddress
GetCurrentThread
LocalAlloc
LoadLibraryW
UnregisterWaitEx
QueryDepthSList
InterlockedPopEntrySList
ReleaseSemaphore
GetVersionExW
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
ResetEvent
CreateEventW
GetModuleHandleW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
WideCharToMultiByte
QueryPerformanceFrequency
DuplicateHandle
SwitchToThread
TryEnterCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
RtlPcToFileHeader
RaiseException
RtlUnwindEx
InterlockedPushEntrySList
InterlockedFlushSList
EncodePointer
LoadLibraryExW
TerminateProcess
ExitProcess
GetModuleHandleExW
GetStdHandle
GetFileType
HeapReAlloc
MultiByteToWideChar
LCMapStringW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetFileSizeEx
SetFilePointerEx
GetStringTypeW
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
HeapSize
CreateFileW
WriteConsoleW
CreateTimerQueue
SignalObjectAndWait

advapi32

RegQueryValueExA
RegQueryInfoKeyA
RegOpenKeyExA
RegEnumKeyExA
RegCloseKey
RegQueryValueExW

shell32

CommandLineToArgvW

winhttp

WinHttpOpen
WinHttpCloseHandle
WinHttpGetProxyForUrl
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpAddRequestHeaders
WinHttpOpenRequest
WinHttpSetTimeouts
WinHttpSetOption
WinHttpWriteData
WinHttpReadData
WinHttpConnect

urlmon

ObtainUserAgentString

ws2_32

WSAStartup
WSACleanup

Exports

Exports

AppXUpdatePackage
UpdatePackage
functionInDll

Sections

.text
Size: 393KB - Virtual size: 392KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 111KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

904685bf2c01fcd49bda88fdfb4e1747

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3cCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

4b:9a:6e:1a:69:f2:80:f8:dd:89:0c:f2:01:e4:ff:4f:ff:36:81:d2:f2:75:62:d0:0d:41:81:5a:ac:8b:c8:01Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shell32

winhttp

urlmon

ws2_32

Exports

Exports

Sections

.text Size: 393KB - Virtual size: 392KB

.rdata Size: 111KB - Virtual size: 110KB

.data Size: 10KB - Virtual size: 31KB

.pdata Size: 21KB - Virtual size: 21KB

.reloc Size: 3KB - Virtual size: 3KB

.rsrc Size: 1KB - Virtual size: 1KB

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

4b:9a:6e:1a:69:f2:80:f8:dd:89:0c:f2:01:e4:ff:4f:ff:36:81:d2:f2:75:62:d0:0d:41:81:5a:ac:8b:c8:01
Signer

.text
Size: 393KB - Virtual size: 392KB

.rdata
Size: 111KB - Virtual size: 110KB

.data
Size: 10KB - Virtual size: 31KB

.pdata
Size: 21KB - Virtual size: 21KB

.reloc
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 1KB