d61e654c68b4a7ec8c32aa9218435540N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

d61e654c68b4a7ec8c32aa9218435540N.exe
Size

156KB
MD5

d61e654c68b4a7ec8c32aa9218435540
SHA1

b22c025acf45103627fbabee8af0019924205655
SHA256

098f58425f5eef4cf3e038f43f8b35c8b78a6f97acb2438295eb842d5f31b67b
SHA512

ff7d8aa2b3ae6ad16bbd5b6ed1b3cbe12091dbf372e970e829f9747dc4ca5e2476268a8aa03681daaccc9354d408ddadfe3b9c38dc469e8e1b289c0bd151c6a1
SSDEEP

3072:O2fAZcouUJ71jjd+EtzyWSv5OQBSB63ML/sK9:j4codXv3SvHBScI/z9

Score

1^/10

Malware Config

Signatures

Files

d61e654c68b4a7ec8c32aa9218435540N.exe
.dll windows:6 windows x64 arch:x64

cc052d7ae2b4bf00f2da3c2bb97dd8ca

Code Sign

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

20:c1:88:80:ce:b5:61:19:64:5b:f6:7f
Certificate

Issuer

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

08/02/2024, 14:45

Not After

10/03/2027, 14:45

Subject

CN=IP Zinukhov Stanislav Igorevich,O=IP Zinukhov Stanislav Igorevich,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:00:00:00:05:e5:cf:0f:ff:66:2e:c9:87:00:00:00:00:00:05
Certificate

Issuer

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Not Before

19/11/2020, 20:32

Not After

19/11/2035, 20:42

Subject

CN=Microsoft Public RSA Timestamping CA 2020,O=Microsoft Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:3f:04:1a:e9:7e:6d:27:fe:eb:00:00:00:00:00:3f
Certificate

Issuer

CN=Microsoft Public RSA Timestamping CA 2020,O=Microsoft Corporation,C=US

Not Before

18/04/2024, 17:59

Not After

17/04/2025, 17:59

Subject

CN=Microsoft Public RSA Time Stamping Authority,OU=Microsoft Ireland Operations Limited+OU=Thales TSS ESN:F5D6-96D6-909E,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

ba:de:d1:9c:11:19:ee:81:ca:e8:de:54:6d:6e:a5:4d:5f:d3:1d:51:57:64:eb:f2:c9:37:b7:0f:41:c0:ed:ad
Signer

Actual PE Digest

ba:de:d1:9c:11:19:ee:81:ca:e8:de:54:6d:6e:a5:4d:5f:d3:1d:51:57:64:eb:f2:c9:37:b7:0f:41:c0:ed:ad

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\StartAllBack\StartIsBack11\Release\DarkMagicX64.pdb

Imports

api-ms-win-core-atoms-l1-1-0

AddAtomW
DeleteAtom
FindAtomW
GlobalFindAtomW

api-ms-win-core-largeinteger-l1-1-0

MulDiv

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiA
lstrcmpiW
lstrcmpW
lstrcmpA
lstrlenW

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
SizeofResource
GetModuleHandleW
GetModuleHandleA
LoadLibraryExW
GetModuleHandleExW
GetProcAddress
GetModuleFileNameW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringA

api-ms-win-core-processthreads-l1-1-0

GetProcessIdOfThread
GetCurrentProcessId
GetCurrentProcess
TerminateProcess
GetCurrentThreadId
GetCurrentThread
SetThreadPriority
ResumeThread
GetThreadId
OpenProcessToken
CreateThread

api-ms-win-core-synch-l1-1-0

SetEvent
CreateEventW
WaitForSingleObject
SleepEx
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
WaitForSingleObjectEx
OpenEventW

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-security-base-l1-1-0

GetTokenInformation
CreateWellKnownSid

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-sidebyside-l1-1-0

GetCurrentActCtx
ActivateActCtx
DeactivateActCtx
FindActCtxSectionStringW

api-ms-win-core-registry-l1-1-0

RegNotifyChangeKeyValue
RegOpenKeyExW
RegGetValueW
RegCreateKeyExW
RegSetValueExW
RegCloseKey

api-ms-win-core-memory-l1-1-0

OpenFileMappingW
CreateFileMappingW
VirtualProtect
MapViewOfFile

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
WakeAllConditionVariable
SleepConditionVariableSRW

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoCreateInstance

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW
K32GetMappedFileNameW

api-ms-win-core-registry-l2-1-0

RegOpenKeyW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFindFileNameW
PathRemoveBackslashW
PathAddBackslashW
PathFileExistsW
PathRemoveExtensionW
PathRemoveFileSpecW
PathAppendW

api-ms-win-core-processthreads-l1-1-1

OpenProcess
IsProcessorFeaturePresent

api-ms-win-core-kernel32-legacy-l1-1-0

RegisterWaitForSingleObject

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-file-l1-1-0

FindFirstFileW
ReadFile
SetFilePointer
FindClose
CreateFileW
CreateDirectoryW
FindNextFileW

api-ms-win-core-wow64-l1-1-1

IsWow64Process2

api-ms-win-mm-time-l1-1-0

timeGetTime
timeEndPeriod
timeBeginPeriod

api-ms-win-core-libraryloader-l1-2-1

FindResourceW

user32

SystemParametersInfoA
EnableWindow
LoadImageA
SystemParametersInfoForDpi
FillRect
GetDpiForWindow
EndPaint
BeginPaint
SetWindowLongW
WindowFromPoint
GetCursorPos
DrawEdge
GetWindow
GetDlgItem
RegisterClassExW
DeregisterShellHookWindow
DrawTextW
RegisterShellHookWindow
InternalGetWindowText
SetWindowCompositionAttribute
PtInRect
GetMenuItemRect
ord2557
LoadIconW
UnhookWindowsHookEx
UnhookWinEvent
SetWinEventHook
SetWindowsHookExW
GetDpiForMonitorInternal
IsWindowVisible
IsIconic
IsImmersiveProcess
EqualRect
MapWindowPoints
GetWindowTextW
AnimateWindow
UpdateWindow
GetIconInfo
GetThreadDpiAwarenessContext
GetWindowRect
EnumThreadWindows
GetClassInfoW
EnumChildWindows
SetWindowLongPtrW
SetClassLongPtrW
RegisterClassW
SetLayeredWindowAttributes
InvalidateRect
DefWindowProcW
GetUpdateRect
FindWindowW
IsWindow
GetParent
GetDesktopWindow
SendMessageW
SendMessageCallbackW
GetWindowThreadProcessId
SendNotifyMessageW
IsMenu
GetSystemMenu
RegisterWindowMessageW
GetClassWord
GetAncestor
GetPropW
GetSysColor
GetWindowLongPtrW
GetClassLongPtrW
MonitorFromWindow
GetCurrentInputMessageSource
GetMenuItemInfoW
GetMenuItemCount
InflateRect
PrintWindow
GetDC
WindowFromDC
ReleaseDC
DestroyIcon
GetSystemMetrics
GetSystemMetricsForDpi
DrawIconEx
GetMenu
GetSubMenu
GetDpiForSystem
CreateIconIndirect
GetCIMSSM
GetGUIThreadInfo
SystemParametersInfoW
GetWindowInfo
OffsetRect
KillTimer
SetPropW
DestroyWindow
CreateWindowExW
GetWindowLongW
CallNextHookEx
UpdateLayeredWindow
SetWindowPos
GetMessageExtraInfo
RemovePropW
GetMenuBarInfo
GetMenuInfo
PostMessageW
GetClientRect
SetMenuInfo
ShowWindow
FindWindowExW
SetMessageExtraInfo
SetMenuItemInfoW
SetTimer

gdi32

GetStockObject
ExcludeClipRect
DeleteDC
StretchDIBits
GdiAlphaBlend
CreateCompatibleDC
GetObjectW
GetObjectType
DeleteObject
GetLayout
SelectObject
RestoreDC
SaveDC
CreateFontW
CreateFontIndirectW
GetBitmapBits
GetTextExtentExPointW
CreateBitmap
GdiFlush
GetBitmapDimensionEx
SetBitmapDimensionEx
SetBitmapBits
SetLayout
GetTextColor
SetTextColor
GdiDrawStream
CreateDPIScaledDIBSection
GetDCDpiScaleValue
SetBkMode
GetCurrentObject
SetBkColor
ExtTextOutW
GetDCBrushColor
BitBlt
StretchBlt
CreateDIBSection

kernel32

GetApplicationUserModelId
GetCurrentApplicationUserModelId

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vswprintf_s
__stdio_common_vsprintf_s

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e
_cexit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll

api-ms-win-crt-heap-l1-1-0

_callnewh
malloc
calloc
free

api-ms-win-crt-string-l1-1-0

memset
wcscmp
_wcsnicmp
wcsncmp
_wcsicmp
strcmp
wcsncpy_s
wcscat_s
wcscpy_s

ntdll

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext
NtResumeThread
RtlInitUnicodeString
RtlAdjustPrivilege
NtAlpcSendWaitReceivePort

api-ms-win-crt-private-l1-1-0

_CxxThrowException
wcschr
memcpy
__C_specific_handler
__CxxFrameHandler4
__std_type_info_destroy_list
__std_exception_destroy
__std_exception_copy

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemWindowsDirectoryW

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-shcore-stream-l1-1-0

SHCreateStreamOnFileW

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-crt-utility-l1-1-0

bsearch

api-ms-win-crt-math-l1-1-0

acos
cos
sin

Exports

Exports

Bootstrap
DllCanUnloadNow
DllGetClassObject
InitDarkMagic
IsCompositedTheme
LoadRemote
SetSmallScrollbar
UnroundPtr

Sections

.text
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 656B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cc052d7ae2b4bf00f2da3c2bb97dd8ca

Code Sign

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47Certificate

Extended Key Usages

Key Usages

20:c1:88:80:ce:b5:61:19:64:5b:f6:7fCertificate

Extended Key Usages

Key Usages

33:00:00:00:05:e5:cf:0f:ff:66:2e:c9:87:00:00:00:00:00:05Certificate

Extended Key Usages

Key Usages

33:00:00:00:3f:04:1a:e9:7e:6d:27:fe:eb:00:00:00:00:00:3fCertificate

Extended Key Usages

Key Usages

ba:de:d1:9c:11:19:ee:81:ca:e8:de:54:6d:6e:a5:4d:5f:d3:1d:51:57:64:eb:f2:c9:37:b7:0f:41:c0:ed:adSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-core-atoms-l1-1-0

api-ms-win-core-largeinteger-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-sidebyside-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-psapi-l1-1-0

api-ms-win-core-registry-l2-1-0

api-ms-win-core-shlwapi-legacy-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-kernel32-legacy-l1-1-0

api-ms-win-core-threadpool-legacy-l1-1-0

api-ms-win-core-synch-l1-2-1

api-ms-win-core-file-l1-1-0

api-ms-win-core-wow64-l1-1-1

api-ms-win-mm-time-l1-1-0

api-ms-win-core-libraryloader-l1-2-1

user32

gdi32

kernel32

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

ntdll

api-ms-win-crt-private-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

api-ms-win-core-file-l1-2-0

api-ms-win-shcore-stream-l1-1-0

api-ms-win-core-file-l2-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-math-l1-1-0

Exports

Exports

Sections

.text Size: 89KB - Virtual size: 89KB

.rdata Size: 42KB - Virtual size: 41KB

.data Size: 3KB - Virtual size: 5KB

.pdata Size: 4KB - Virtual size: 4KB

.didat Size: 1024B - Virtual size: 656B

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

20:c1:88:80:ce:b5:61:19:64:5b:f6:7f
Certificate

33:00:00:00:05:e5:cf:0f:ff:66:2e:c9:87:00:00:00:00:00:05
Certificate

33:00:00:00:3f:04:1a:e9:7e:6d:27:fe:eb:00:00:00:00:00:3f
Certificate

ba:de:d1:9c:11:19:ee:81:ca:e8:de:54:6d:6e:a5:4d:5f:d3:1d:51:57:64:eb:f2:c9:37:b7:0f:41:c0:ed:ad
Signer

.text
Size: 89KB - Virtual size: 89KB

.rdata
Size: 42KB - Virtual size: 41KB

.data
Size: 3KB - Virtual size: 5KB

.pdata
Size: 4KB - Virtual size: 4KB

.didat
Size: 1024B - Virtual size: 656B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB