YwVbJ8og8ODc6RD[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

YwVbJ8og8ODc6RD.exe
Size

7.5MB
MD5

7ce2377bbd24db6389f4bd72f68eb420
SHA1

1efba8a48ad9a615e851e98ca8b881e05d6e6cf3
SHA256

7493d5a54f66c7d8ba8356b5c7c97a1358622c24c86e75ce39bc6e6c4226aa39
SHA512

d253792f5aee9934377c47815111904a17d38de764ce1f991db09ddc832da1f71c38732443144eaf3a4524ea848ff49c5abbddfecc1f32ab95041514d5f199c2
SSDEEP

98304:ny2FtTV93e8zq8iX2oNYaIxpgvGilKYI84+C4DUxiGc/Fw3ritov8767OQr79NUX:nBFehNVIKvGiiP+Ci6iN7otqCYclqv5F

Score

1^/10

Malware Config

Signatures

Files

YwVbJ8og8ODc6RD.exe
.exe windows:6 windows x64 arch:x64

811f933de115d83eadab3d622278546f

Code Sign

7b:2c:9b:d3:16:80:32:99
Certificate

Issuer

CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

12/02/2016, 17:39

Not After

12/02/2041, 17:39

Subject

CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:6d:d8:ba:31:61:8b:7c:58:9f:78:f4:f0:68:1e:0e
Certificate

Issuer

CN=SSL.com Code Signing Intermediate CA RSA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Not Before

23/08/2023, 06:51

Not After

22/08/2024, 06:51

Subject

CN=Gaston Dallavalle,O=Gaston Dallavalle,L=Córdoba,ST=Córdoba Province,C=AR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

64:33:51:d3:c7:38:9f:08
Certificate

Issuer

CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

24/06/2016, 20:44

Not After

24/06/2031, 20:44

Subject

CN=SSL.com Code Signing Intermediate CA RSA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5a:5a:ac:e8:1a:35:6e:b4:62:86:8d:57:7d:e0:3d:c7
Certificate

Issuer

CN=SSL.com Timestamping Issuing RSA CA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Not Before

19/02/2024, 16:18

Not After

16/02/2034, 16:18

Subject

CN=SSL.com Timestamping Unit 2024 E1,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56
Certificate

Issuer

CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

13/11/2019, 18:50

Not After

12/11/2034, 18:50

Subject

CN=SSL.com Timestamping Issuing RSA CA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

22:2d:b6:52:86:00:1b:7d:04:a6:55:a2:bb:71:6a:95:08:50:00:25:df:40:65:fa:67:28:ae:51:b9:62:e1:d5
Signer

Actual PE Digest

22:2d:b6:52:86:00:1b:7d:04:a6:55:a2:bb:71:6a:95:08:50:00:25:df:40:65:fa:67:28:ae:51:b9:62:e1:d5

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

AdjustTokenPrivileges

kernel32

GetVersionExA
GetVersionExW
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

msvcrt

___lc_codepage_func

wintrust

WinVerifyTrust

Exports

Exports

_cgo_dummy_export
authorizerTrampoline
callbackTrampoline
commitHookTrampoline
compareTrampoline
compilerCallback
doneTrampoline
freeCallback
includeCallback
memoryBlockFetch
memoryBlockFetchNull
memoryBlockIteratorFilesize
memoryBlockIteratorFirst
memoryBlockIteratorNext
preUpdateHookTrampoline
rollbackHookTrampoline
scanCallbackFunc
stepTrampoline
streamRead
streamWrite
updateHookTrampoline

Sections

.text
Size: - Virtual size: 5.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 517KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 5.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 583KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: - Virtual size: 656B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.r7|
Size: - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.??_
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.!W,
Size: 7.5MB - Virtual size: 7.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

811f933de115d83eadab3d622278546f

Code Sign

7b:2c:9b:d3:16:80:32:99Certificate

Key Usages

39:6d:d8:ba:31:61:8b:7c:58:9f:78:f4:f0:68:1e:0eCertificate

Extended Key Usages

Key Usages

64:33:51:d3:c7:38:9f:08Certificate

Extended Key Usages

Key Usages

5a:5a:ac:e8:1a:35:6e:b4:62:86:8d:57:7d:e0:3d:c7Certificate

Extended Key Usages

Key Usages

6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56Certificate

Extended Key Usages

Key Usages

22:2d:b6:52:86:00:1b:7d:04:a6:55:a2:bb:71:6a:95:08:50:00:25:df:40:65:fa:67:28:ae:51:b9:62:e1:d5Signer

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

wintrust

Exports

Exports

Sections

.text Size: - Virtual size: 5.3MB

.data Size: - Virtual size: 517KB

.rdata Size: - Virtual size: 5.5MB

.pdata Size: - Virtual size: 125KB

.xdata Size: - Virtual size: 37KB

.bss Size: - Virtual size: 583KB

.edata Size: - Virtual size: 656B

.idata Size: - Virtual size: 8KB

.CRT Size: - Virtual size: 96B

.tls Size: - Virtual size: 16B

.r7| Size: - Virtual size: 2.2MB

.??_ Size: 4KB - Virtual size: 3KB

.!W, Size: 7.5MB - Virtual size: 7.5MB

.rsrc Size: 1KB - Virtual size: 1KB

7b:2c:9b:d3:16:80:32:99
Certificate

39:6d:d8:ba:31:61:8b:7c:58:9f:78:f4:f0:68:1e:0e
Certificate

64:33:51:d3:c7:38:9f:08
Certificate

5a:5a:ac:e8:1a:35:6e:b4:62:86:8d:57:7d:e0:3d:c7
Certificate

6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56
Certificate

22:2d:b6:52:86:00:1b:7d:04:a6:55:a2:bb:71:6a:95:08:50:00:25:df:40:65:fa:67:28:ae:51:b9:62:e1:d5
Signer

.text
Size: - Virtual size: 5.3MB

.data
Size: - Virtual size: 517KB

.rdata
Size: - Virtual size: 5.5MB

.pdata
Size: - Virtual size: 125KB

.xdata
Size: - Virtual size: 37KB

.bss
Size: - Virtual size: 583KB

.edata
Size: - Virtual size: 656B

.idata
Size: - Virtual size: 8KB

.CRT
Size: - Virtual size: 96B

.tls
Size: - Virtual size: 16B

.r7|
Size: - Virtual size: 2.2MB

.??_
Size: 4KB - Virtual size: 3KB

.!W,
Size: 7.5MB - Virtual size: 7.5MB

.rsrc
Size: 1KB - Virtual size: 1KB