551478438d85c0f232b9cf2978e632d930f53530f272bc3a38fcf90da34b0993

Sharing

Copy URL

Twitter E-mail

General

Target

551478438d85c0f232b9cf2978e632d930f53530f272bc3a38fcf90da34b0993
Size

2.8MB
MD5

6b4ae078db3169c64d16e791385c8625
SHA1

1569bbea891c7cda8e146512f84d39448f434766
SHA256

551478438d85c0f232b9cf2978e632d930f53530f272bc3a38fcf90da34b0993
SHA512

69002e35d1577beeba6b44a3d75a41f1e01509f826822abeedf640031c874f41380332c729e6113405fd15458c46b106eb69569a17bd17f5a95a8db2fd12e62b
SSDEEP

49152:xEQpthkr5HkNfq609CA3h/OFopc9TP3HP5c+lElRceZErMv953:DXkrRKx0tRSos3WweJ95

Score

1^/10

Malware Config

Signatures

Files

551478438d85c0f232b9cf2978e632d930f53530f272bc3a38fcf90da34b0993
.exe windows:5 windows x86 arch:x86

0e1b4ee178445a7fd9be7d3078e24c6b

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2013 12:00

Not After

15-01-2038 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:6d:12:c5:e0:81:64:c6:1c:ca:17:f4:ef:1d:b0:78
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

01-07-2021 00:00

Not After

08-09-2023 23:59

Subject

CN=Source Dynamics Inc,O=Source Dynamics Inc,L=Issaquah,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

c4:21:af:58:ba:2a:bc:21:b2:6e:3e:57:0a:a5:9a:85:29:11:d2:74
Signer

Actual PE Digest

c4:21:af:58:ba:2a:bc:21:b2:6e:3e:57:0a:a5:9a:85:29:11:d2:74

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\si\ship\sourceinsight4.pdb

Imports

shell32

SHGetFileInfoW
DragAcceptFiles
DragQueryFileW
SHBrowseForFolderW
SHGetPathFromIDListW
SHFileOperationW
ShellExecuteW
SHGetMalloc

comctl32

PropertySheetW
ImageList_Destroy
ord17
ImageList_GetIconSize
InitCommonControlsEx
ImageList_SetBkColor
ImageList_GetImageInfo
ImageList_Create
ImageList_AddMasked
ImageList_Draw
ImageList_Remove

ws2_32

WSAStartup
closesocket
ioctlsocket
WSAGetLastError
recv
__WSAFDIsSet
htonl
bind
getsockname
listen
inet_addr
gethostbyname
htons
socket
setsockopt
send
connect
getsockopt
accept
select

crypt32

CryptStringToBinaryA
CryptDecodeObjectEx
CryptProtectData
CryptUnprotectData
CryptImportPublicKeyInfo

wininet

InternetCloseHandle
InternetReadFile
HttpQueryInfoW
InternetOpenUrlW
HttpAddRequestHeadersW
HttpOpenRequestW
InternetConnectW
InternetOpenW
HttpSendRequestW
InternetGetConnectedState

psapi

EmptyWorkingSet

advapi32

RegOpenKeyExA
RegFlushKey
CryptAcquireContextW
CryptCreateHash
CryptHashData
RegQueryValueExA
RegOpenKeyA
ConvertSidToStringSidW
GetTokenInformation
OpenProcessToken
GetUserNameW
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryValueExW
RegDeleteValueW
RegOpenKeyW
CryptReleaseContext
CryptDestroyHash
RegCloseKey
CryptVerifySignatureW

gdiplus

GdipCreateSolidFill
GdiplusShutdown
GdipDeleteGraphics
GdipDeletePen
GdipCreatePen1
GdipAlloc
GdipDeleteBrush
GdipCreateFromHDC
GdipSetSmoothingMode
GdipDrawLineI
GdipDrawBezierI
GdipDrawEllipseI
GdipFillEllipseI
GdiplusStartup
GdipCloneBrush
GdipFree

ole32

OleInitialize
CoInitializeSecurity
CoCreateGuid

kernel32

FindClose
GetTickCount
Sleep
GetProcAddress
LoadLibraryW
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetCurrentProcessId
GetLastError
CloseHandle
MapViewOfFile
UnmapViewOfFile
CompareFileTime
FlushViewOfFile
SetLastError
UnlockFile
LockFile
SetEndOfFile
SetFilePointer
GetDiskFreeSpaceW
GetModuleHandleW
GetSystemTime
GetFileInformationByHandle
FlushFileBuffers
WriteFile
ReadFile
GetFileSize
LocalFree
SetFileTime
GetUserDefaultLCID
FileTimeToSystemTime
FileTimeToLocalFileTime
GetCPInfo
GlobalMemoryStatusEx
GetVersionExA
MultiByteToWideChar
WaitForSingleObject
GetExitCodeProcess
CreatePipe
GetStdHandle
HeapFree
GetProcessHeap
HeapAlloc
lstrlenW
WideCharToMultiByte
FreeLibrary
QueryPerformanceCounter
lstrlenA
lstrcmpA
LocalAlloc
VerifyVersionInfoW
VerSetConditionMask
GetComputerNameW
GetSystemPowerStatus
GetLocalTime
GetModuleHandleA
GetVersion
GetVolumeNameForVolumeMountPointW
GetCurrentProcess
GetVolumeInformationW
GlobalSize
GetSystemInfo
GlobalMemoryStatus
GetVersionExW
GetCurrentDirectoryW
GetWindowsDirectoryW
GlobalGetAtomNameW
GetModuleFileNameW
GetTempPathW
FindResourceW
DeleteFileW
GetTempFileNameW
SetCurrentDirectoryW
GetFileAttributesW
SetFileAttributesW
RemoveDirectoryW
GetDateFormatW
GetTimeFormatW
FindFirstFileW
FindNextFileW
LockResource
GetDriveTypeW
CreateFileW
GetProfileStringW
CreateProcessW
GetEnvironmentVariableW
GlobalAddAtomW
CreateFileMappingW
SearchPathW
CopyFileW
MoveFileW
OpenFileMappingW
CreateEventW
GetCurrentThreadId
GetCurrentThread
GlobalDeleteAtom
TryEnterCriticalSection
SetHandleCount
GetCommandLineW
WinExec
SetEvent
FreeResource
LoadResource
ExpandEnvironmentStringsA
LoadLibraryA
RtlUnwind
EncodePointer
DecodePointer
MoveFileA
HeapSize
HeapReAlloc
ExitThread
ResumeThread
CreateThread
RaiseException
GetSystemTimeAsFileTime
CreateDirectoryW
ExitProcess
GetConsoleCP
GetConsoleMode
GetCommandLineA
HeapSetInformation
GetStartupInfoW
IsProcessorFeaturePresent
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
SetEnvironmentVariableW
GetOEMCP
IsValidCodePage
LCMapStringW
SetStdHandle
GetFileType
GetFileAttributesA
HeapCreate
GetTimeZoneInformation
WriteConsoleW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetStringTypeW
CompareStringW
SetEnvironmentVariableA
LeaveCriticalSection
EnterCriticalSection
GlobalAlloc
GlobalLock
GlobalUnlock
FindFirstFileExW
GlobalFree
SystemTimeToFileTime
GetACP

user32

KillTimer
PeekMessageW
SetTimer
IsChild
CheckRadioButton
CheckDlgButton
SendDlgItemMessageW
DefDlgProcW
SystemParametersInfoW
CreateDialogIndirectParamW
MoveWindow
GetComboBoxInfo
GetWindowDC
ReleaseCapture
GetCursorPos
ScreenToClient
IsIconic
WindowFromPoint
GetAsyncKeyState
SetCapture
SetCursor
ClientToScreen
DestroyCursor
FillRect
InvertRect
DefWindowProcW
SubtractRect
UpdateWindow
ScrollWindowEx
RedrawWindow
WindowFromDC
DestroyIcon
SetWindowPos
GetKeyState
GetMessageW
IsWindowVisible
SetScrollPos
GetDlgCtrlID
DrawFocusRect
CloseClipboard
EmptyClipboard
OpenClipboard
SetParent
DestroyMenu
DefFrameProcW
DefMDIChildProcW
IsZoomed
GetSubMenu
GetMenu
CreateMenu
DrawMenuBar
DeleteMenu
CreatePopupMenu
TrackPopupMenu
CheckMenuItem
SetMenuDefaultItem
EnableMenuItem
SetMenuItemBitmaps
AppendMenuW
GetMenuItemCount
GetSystemMetrics
GetWindowPlacement
SystemParametersInfoA
IntersectRect
OffsetRect
FrameRect
GetClientRect
HideCaret
AdjustWindowRect
SetCaretPos
GetForegroundWindow
GetActiveWindow
CreateCaret
DestroyCaret
TranslateMessage
TrackMouseEvent
GetWindowThreadProcessId
GetCursor
GetScrollInfo
SetScrollInfo
SetScrollRange
RegisterWindowMessageW
FindWindowW
SetClipboardData
GetClipboardData
ValidateRect
BeginDeferWindowPos
EndDeferWindowPos
DeferWindowPos
GetWindowTextW
RegisterClassW
GetClassNameW
SetWindowTextW
LoadBitmapW
LoadImageW
CreateWindowExW
SetDlgItemTextW
GetDlgItemTextW
DrawTextW
MessageBoxW
LoadCursorW
LoadIconW
GetTabbedTextExtentW
InsertMenuW
TabbedTextOutW
WinHelpW
SetActiveWindow
GetClipboardOwner
RemoveClipboardFormatListener
PostQuitMessage
PackDDElParam
ExitWindowsEx
SetForegroundWindow
AddClipboardFormatListener
SetWindowRgn
DrawIcon
GetScrollPos
GetScrollRange
GetClipboardSequenceNumber
MapWindowPoints
ShowWindow
IsDialogMessageW
GetLastActivePopup
GetDC
ReleaseDC
CallWindowProcW
SendMessageW
GetSysColor
BeginPaint
EndPaint
PostMessageW
GetNextDlgTabItem
GetWindow
IsWindowEnabled
EnableWindow
DestroyWindow
EndDialog
SetFocus
SetWindowLongW
GetFocus
GetWindowLongW
GetDlgItem
DispatchMessageW
WaitMessage
MessageBeep
InvalidateRect
GetWindowRect
ShowCaret
GetParent

gdi32

GetCharABCWidthsW
SetBkColor
PolyBezier
GetCharWidthW
SetViewportOrgEx
GetDeviceCaps
PtInRegion
FillRgn
LineDDA
GdiFlush
CombineRgn
GetRgnBox
CreateRectRgn
CreateRectRgnIndirect
CreatePolygonRgn
SetROP2
StretchBlt
Polyline
GetDCOrgEx
GetClipBox
EndPage
StartPage
StartDocW
SetAbortProc
EndDoc
GetCurrentObject
ExtTextOutW
CreateDCW
CreateICW
TextOutW
GetRegionData
OffsetRgn
GetCharacterPlacementW
ExtSelectClipRgn
SelectObject
CreateBitmap
BitBlt
GetPixel
SetPixel
DeleteObject
CreateSolidBrush
CreatePen
Ellipse
GetTextExtentPoint32W
ExcludeClipRect
SelectClipRgn
SetTextAlign
CreateFontIndirectW
GetCurrentPositionEx
SetTextColor
SetBkMode
GetTextMetricsW
MoveToEx
LineTo
GetStockObject
SelectPalette
RealizePalette
CreateDIBitmap
GetPaletteEntries
CreatePalette
CreateCompatibleBitmap
GetObjectW
CreateCompatibleDC
DeleteDC

comdlg32

ChooseColorW
PageSetupDlgW
CommDlgExtendedError
PrintDlgW
GetOpenFileNameW
GetSaveFileNameW
ChooseFontW

msimg32

AlphaBlend

imm32

ImmSetCompositionFontW
ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext

Exports

Exports

pcre_callout
pcre_compile
pcre_compile2
pcre_exec
pcre_free
pcre_malloc
pcre_stack_free
pcre_stack_guard
pcre_stack_malloc

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 295KB - Virtual size: 294KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 241KB - Virtual size: 449KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 41B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 345KB - Virtual size: 344KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 138KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0e1b4ee178445a7fd9be7d3078e24c6b

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5cCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

04:6d:12:c5:e0:81:64:c6:1c:ca:17:f4:ef:1d:b0:78Certificate

Extended Key Usages

Key Usages

c4:21:af:58:ba:2a:bc:21:b2:6e:3e:57:0a:a5:9a:85:29:11:d2:74Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shell32

comctl32

ws2_32

crypt32

wininet

psapi

advapi32

gdiplus

ole32

kernel32

user32

gdi32

comdlg32

msimg32

imm32

Exports

Exports

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rdata Size: 295KB - Virtual size: 294KB

.data Size: 241KB - Virtual size: 449KB

.tls Size: 512B - Virtual size: 41B

.rsrc Size: 345KB - Virtual size: 344KB

.reloc Size: 138KB - Virtual size: 138KB

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

04:6d:12:c5:e0:81:64:c6:1c:ca:17:f4:ef:1d:b0:78
Certificate

c4:21:af:58:ba:2a:bc:21:b2:6e:3e:57:0a:a5:9a:85:29:11:d2:74
Signer

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 295KB - Virtual size: 294KB

.data
Size: 241KB - Virtual size: 449KB

.tls
Size: 512B - Virtual size: 41B

.rsrc
Size: 345KB - Virtual size: 344KB

.reloc
Size: 138KB - Virtual size: 138KB