NL-Hybrid_901015[.]exe

Resubmissions

28/08/2024, 22:17

240828-17r5ga1dqj 3

28/08/2024, 22:12

240828-14rdrsyfqf 3

Sharing

Copy URL Twitter E-mail

General

Target

NL-Hybrid_901015.exe
Size

10.6MB
MD5

c464f24221e8c876d84f45238d123935
SHA1

f7f258dd7767a2a78ff1b05954bea9883c3e2315
SHA256

ea8b8fca27cf45f75898ccf9e046a746ffa01926c301fbc23436e9225bd59d2f
SHA512

5608eee7e4e2533db9722d20f98ce4b7769fbd4c60eb95a2097b82c0207226b07cb59a121dbd03b7baa786a1c12e326b5db5e4a2872e91105afbb5dcee97307b
SSDEEP

196608:qFYR0hyn/7NmkYmtbcW5ZLJiEnYD9j3yncUnI+Pr4lc6XO6tXg7lgcSkVXClCMSE:qFUZNmkYmtbcW5JJiEi3yncUnI+Pr4lN

Score

1^/10

Malware Config

Signatures

Files

NL-Hybrid_901015.exe
.exe windows:6 windows x86 arch:x86

fdbc5695f64ba8fd547b3979028617e2

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b3:d0:64:9e:4d:eb:45:e2:60:b5:3d:30:63:6d:e1:cb
Certificate

Issuer

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Not Before

09/01/2024, 00:00

Not After

08/01/2025, 23:59

Subject

SERIALNUMBER=20201775850,CN=Sharp Innovations Inc.,O=Sharp Innovations Inc.,ST=Colorado,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#1308436f6c6f7261646f,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3a:52:6a:2c:84:ce:55:e6:1d:65:fc:cc:12:d8:e9:89
Certificate

Issuer

CN=Sectigo Public Time Stamping CA R36,O=Sectigo Limited,C=GB

Not Before

15/01/2024, 00:00

Not After

14/04/2035, 23:59

Subject

CN=Sectigo Public Time Stamping Signer R35,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

7a:23:ae:da:53:69:96:0f:91:c8:3e:5c:f4:c7:e3:3f
Certificate

Issuer

CN=Sectigo Public Time Stamping Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Time Stamping CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

36:c2:b0:bd:7c:1b:3a:e7:a3:b3:dd:36:cb:c9:75:68
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

22/03/2021, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo Public Time Stamping Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:bf:f1:a7:69:84:dd:a9:14:e2:f1:34:51:c1:27:80:9f:23:97:ac:ec:cf:cd:1b:3f:31:b2:ab:cb:97:e0:5c
Signer

Actual PE Digest

0b:bf:f1:a7:69:84:dd:a9:14:e2:f1:34:51:c1:27:80:9f:23:97:ac:ec:cf:cd:1b:3f:31:b2:ab:cb:97:e0:5c

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

OleInitialize
OleUninitialize
RevokeDragDrop
CoCreateInstance
RegisterDragDrop

kernel32

CreateMutexW
GetLocaleInfoW
GetSystemTimeAsFileTime
DecodePointer
Sleep
WriteConsoleW
GetFileSize
lstrlenA
IsDebuggerPresent
GetTimeFormatW
WakeAllConditionVariable
ExitProcess
GetCurrentProcess
GetTimeZoneInformation
CompareStringW
ReleaseSRWLockExclusive
GetCurrentDirectoryW
SetPriorityClass
GetCommandLineW
TlsFree
LoadLibraryA
GetProcessHeap
GetFileType
TerminateProcess
GetOEMCP
CreateEventW
GetDateFormatW
GetTickCount64
OutputDebugStringW
AcquireSRWLockExclusive
GetFileSizeEx
GetFileInformationByHandle
LCMapStringEx
SetUnhandledExceptionFilter
HeapAlloc
SetEndOfFile
SleepConditionVariableSRW
GetConsoleOutputCP
ResetEvent
WakeConditionVariable
DeleteFileW
MoveFileExW
GetFullPathNameW
FreeEnvironmentStringsW
SetFilePointer
WriteFile
CompareStringOrdinal
GetCPInfo
IsValidLocale
GetUserDefaultLCID
FindClose
MultiByteToWideChar
ResumeThread
SetThreadPriority
GetCommandLineA
ExitThread
LeaveCriticalSection
FileTimeToSystemTime
TerminateThread
GlobalAlloc
GetEnvironmentVariableA
SleepEx
SetThreadAffinityMask
IsValidCodePage
PeekNamedPipe
VerifyVersionInfoW
ReleaseMutex
GetModuleFileNameW
GetStdHandle
WaitForSingleObject
LoadLibraryW
HeapSize
LoadLibraryExW
GetFileAttributesW
GlobalUnlock
SetFilePointerEx
SystemTimeToTzSpecificLocalTime
RaiseException
FindNextFileW
GetACP
GlobalSize
GetFileAttributesExW
SetStdHandle
LCMapStringW
FreeLibrary
FindFirstFileExW
IsProcessorFeaturePresent
TlsAlloc
GetLastError
GetEnvironmentStringsW
FreeLibraryAndExitThread
lstrcatA
TryEnterCriticalSection
GetCurrentThread
HeapReAlloc
RtlUnwind
GetStringTypeW
GetProcAddress
GlobalLock
QueryPerformanceCounter
DeleteCriticalSection
InitializeSListHead
SetEnvironmentVariableW
InitializeConditionVariable
QueryPerformanceFrequency
TlsGetValue
InitializeCriticalSectionEx
SleepConditionVariableCS
UnhandledExceptionFilter
HeapFree
GetCurrentProcessId
EncodePointer
FlushFileBuffers
InitializeSRWLock
VerSetConditionMask
ReadFile
CloseHandle
WideCharToMultiByte
GetModuleHandleExW
InitializeCriticalSectionAndSpinCount
GetModuleHandleA
SetEvent
GetStartupInfoW
GetConsoleMode
CreateThread
EnterCriticalSection
GetModuleHandleW
TlsSetValue
AttachConsole
GetTickCount
GetSystemDirectoryW
ReadConsoleW
FormatMessageW
SetLastError
InitializeCriticalSection
GetDriveTypeW
WaitForSingleObjectEx
EnumSystemLocalesW
WaitForMultipleObjects
CreateFileW
GetCurrentThreadId

gdi32

GetTextMetricsW
CreateFontIndirectW
DeleteDC
CreateDIBSection
GetGlyphOutlineW
GetOutlineTextMetricsW
SetMapperFlags
GetGlyphIndicesW
CreateBitmap
StretchDIBits
GetRegionData
GetDeviceCaps
CreateRectRgn
CreateCompatibleDC
CreateRectRgnIndirect
CombineRgn
SelectObject
DeleteObject
RemoveFontMemResourceEx
ExcludeClipRect
RestoreDC
SaveDC
SetMapMode
GetKerningPairsW

shell32

ShellExecuteW
DragQueryFileW
ExtractAssociatedIconW

oleaut32

SysAllocString
SafeArrayPutElement
SafeArrayUnaccessData
SafeArrayCreateVector
SafeArrayAccessData
SafeArrayDestroy

user32

ShowWindow
OpenClipboard
IsChild
GetMessageTime
GetMessageW
MapVirtualKeyW
GetForegroundWindow
EmptyClipboard
CreateWindowExW
PostMessageW
DestroyCaret
DispatchMessageW
EnumChildWindows
TrackMouseEvent
GetActiveWindow
DestroyWindow
GetWindowLongW
GetCursorPos
RegisterClassExW
LoadCursorW
SetCaretPos
GetDesktopWindow
BringWindowToTop
UpdateLayeredWindow
GetWindowTextW
MapWindowPoints
SetClipboardData
SetWindowLongW
GetAsyncKeyState
CallNextHookEx
SetWindowsHookExW
GetFocus
ReleaseCapture
RedrawWindow
WindowFromPoint
SetFocus
EnableMenuItem
SendMessageW
InvalidateRect
GetWindowThreadProcessId
MonitorFromWindow
GetCapture
BeginPaint
GetUpdateRgn
TranslateMessage
EndPaint
GetMonitorInfoW
IsWindowVisible
GetDC
wsprintfA
PeekMessageW
GetSystemMenu
SetWindowTextW
SystemParametersInfoW
ShowCaret
UnhookWindowsHookEx
GetWindowRect
GetAncestor
GetClipboardData
MessageBeep
SetWindowPos
CreateIconIndirect
GetKeyboardState
GetParent
SendNotifyMessageW
UnregisterClassW
SetCursorPos
SetCursor
SetCapture
EnumWindows
AttachThreadInput
GetWindowInfo
ToUnicode
GetMessageExtraInfo
DestroyCursor
VkKeyScanW
ReleaseDC
DestroyIcon
IsWindow
CloseClipboard
DefWindowProcW
SendMessageTimeoutW
SetLayeredWindowAttributes
GetMessagePos
GetWindowPlacement
EnumDisplayMonitors
CreateCaret

advapi32

CryptDestroyHash
CryptAcquireContextW
CryptDestroyKey
CryptImportKey
CryptReleaseContext
CryptHashData
CryptEncrypt
CloseServiceHandle
CryptCreateHash
CryptGetHashParam

ws2_32

WSAEventSelect
WSAIoctl
WSACreateEvent
WSAWaitForMultipleEvents
getaddrinfo
__WSAFDIsSet
bind
closesocket
select
listen
WSAResetEvent
WSAStartup
getpeername
WSACloseEvent
getsockname
send
WSASetLastError
ntohs
connect
recvfrom
recv
getsockopt
htonl
htons
WSAEnumNetworkEvents
sendto
ioctlsocket
setsockopt
WSAGetLastError
WSACleanup
freeaddrinfo
gethostname
accept
socket

winmm

timeGetTime
timeBeginPeriod

imm32

ImmAssociateContextEx
ImmReleaseContext
ImmSetCandidateWindow
ImmGetCompositionStringW
ImmNotifyIME
ImmGetContext
ImmAssociateContext
ImmIsUIMessageW

dxgi

CreateDXGIFactory

bcrypt

BCryptGenRandom

crypt32

CertFreeCertificateChain
PFXImportCertStore
CertGetCertificateChain
CryptQueryObject
CertOpenStore
CertEnumCertificatesInStore
CertCloseStore
CertFreeCertificateContext
CryptStringToBinaryW
CertAddCertificateContextToStore
CryptDecodeObjectEx
CertGetNameStringW
CertFindCertificateInStore
CertFindExtension
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine

Sections

.text
Size: 10.0MB - Virtual size: 10.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 408KB - Virtual size: 407KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 33KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 161KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

fdbc5695f64ba8fd547b3979028617e2

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6eCertificate

Extended Key Usages

Key Usages

b3:d0:64:9e:4d:eb:45:e2:60:b5:3d:30:63:6d:e1:cbCertificate

Extended Key Usages

Key Usages

3a:52:6a:2c:84:ce:55:e6:1d:65:fc:cc:12:d8:e9:89Certificate

Extended Key Usages

Key Usages

7a:23:ae:da:53:69:96:0f:91:c8:3e:5c:f4:c7:e3:3fCertificate

Extended Key Usages

Key Usages

36:c2:b0:bd:7c:1b:3a:e7:a3:b3:dd:36:cb:c9:75:68Certificate

Extended Key Usages

Key Usages

0b:bf:f1:a7:69:84:dd:a9:14:e2:f1:34:51:c1:27:80:9f:23:97:ac:ec:cf:cd:1b:3f:31:b2:ab:cb:97:e0:5cSigner

Headers

DLL Characteristics

File Characteristics

Imports

ole32

kernel32

gdi32

shell32

oleaut32

user32

advapi32

ws2_32

winmm

imm32

dxgi

bcrypt

crypt32

Sections

.text Size: 10.0MB - Virtual size: 10.0MB

.rdata Size: 408KB - Virtual size: 407KB

.data Size: 33KB - Virtual size: 39KB

.rsrc Size: 68KB - Virtual size: 67KB

.reloc Size: 161KB - Virtual size: 160KB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

b3:d0:64:9e:4d:eb:45:e2:60:b5:3d:30:63:6d:e1:cb
Certificate

3a:52:6a:2c:84:ce:55:e6:1d:65:fc:cc:12:d8:e9:89
Certificate

7a:23:ae:da:53:69:96:0f:91:c8:3e:5c:f4:c7:e3:3f
Certificate

36:c2:b0:bd:7c:1b:3a:e7:a3:b3:dd:36:cb:c9:75:68
Certificate

0b:bf:f1:a7:69:84:dd:a9:14:e2:f1:34:51:c1:27:80:9f:23:97:ac:ec:cf:cd:1b:3f:31:b2:ab:cb:97:e0:5c
Signer

.text
Size: 10.0MB - Virtual size: 10.0MB

.rdata
Size: 408KB - Virtual size: 407KB

.data
Size: 33KB - Virtual size: 39KB

.rsrc
Size: 68KB - Virtual size: 67KB

.reloc
Size: 161KB - Virtual size: 160KB