13e4673843627a976530d26f0b966b6d6787c12c0bfca6e8a4e37e6ade64b52b

Sharing

Copy URL Twitter E-mail

General

Target

13e4673843627a976530d26f0b966b6d6787c12c0bfca6e8a4e37e6ade64b52b
Size

10.6MB
MD5

6c42b46d512664737211b6b1ec24a282
SHA1

49f2f489424e3c4e8b66d551c21337e1ac3b7e0c
SHA256

13e4673843627a976530d26f0b966b6d6787c12c0bfca6e8a4e37e6ade64b52b
SHA512

65d7f967c8ea2dcc7463932b5f45daa78bb943c8c9398cdcccfdbabd32daa4128c8da25b9cab8abdb971e57f0aedb55cb2fd2b5deaf2e485555be3a539f56841
SSDEEP

6144:AzHKQ7+GCdxpzv050bI4YL/zt7Ca9QIQORMp:w675M1gjIM

Score

1^/10

Malware Config

Signatures

Files

13e4673843627a976530d26f0b966b6d6787c12c0bfca6e8a4e37e6ade64b52b
.exe windows:5 windows x64 arch:x64

a96c4dd3f6f715829ceb0d350dbd66b6

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:fc:2a:6c:41:1d:88:e7:25:3c:3d:99:17:0e:ae:62
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/06/2020, 00:00

Not After

22/07/2022, 12:00

Subject

SERIALNUMBER=C1067879,CN=Logitech Inc,O=Logitech Inc,L=Newark,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130a43616c69666f726e6961,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ab:d1:46:e6:c6:d0:ad:4b:c6:10:78:13:3a:9e:3b:60:d8:d3:a6:ae
Signer

Actual PE Digest

ab:d1:46:e6:c6:d0:ad:4b:c6:10:78:13:3a:9e:3b:60:d8:d3:a6:ae

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

OutputDebugStringA
GetCurrentThreadId
CloseHandle
SetEvent
WaitForSingleObject
GetCurrentProcessId
ReleaseMutex
SetFilePointer
WriteFile
CreateFileA
MoveFileExA
CreateMutexA
GetLocalTime
CreateProcessA
GetStartupInfoA
GetModuleFileNameA
GetModuleHandleExA
CreateEventA
QueryPerformanceCounter
DebugBreak
MapViewOfFile
LocalFree
CreateFileMappingA
LocalAlloc
HeapAlloc
HeapValidate
HeapFree
CreateThread
GetProcessHeap
CreateDirectoryA
SetLastError
TerminateThread
WaitForMultipleObjects
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetModuleHandleW
ExitProcess
GetStdHandle
RtlUnwindEx
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
EncodePointer
DecodePointer
TlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetCurrentThread
FlsAlloc
HeapSetInformation
HeapCreate
HeapDestroy
GetTickCount
GetSystemTimeAsFileTime
LeaveCriticalSection
FatalAppExitA
EnterCriticalSection
SetConsoleCtrlHandler
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetConsoleCP
GetConsoleMode
HeapSize
GetLocaleInfoW
GetLocaleInfoA
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
HeapReAlloc
GetDateFormatA
GetTimeFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetTimeZoneInformation
FlushFileBuffers
CompareStringA
CompareStringW
SetEnvironmentVariableA
LoadLibraryA
GetLastError
GetProcAddress
FreeLibrary
VirtualAlloc
Sleep

setupapi

SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiGetClassDevsA
SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInterfaces

user32

UnregisterDeviceNotification
ShowWindow
CreateWindowExA
RegisterClassA
GetSystemMetrics
wsprintfA
RegisterDeviceNotificationA
SystemParametersInfoA

advapi32

RegCloseKey
RegOpenKeyA
FreeSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
AllocateAndInitializeSid
SetEntriesInAclA

shell32

SHGetSpecialFolderPathA

Sections

.text
Size: 155KB - Virtual size: 155KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 66KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a96c4dd3f6f715829ceb0d350dbd66b6

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

08:fc:2a:6c:41:1d:88:e7:25:3c:3d:99:17:0e:ae:62Certificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

ab:d1:46:e6:c6:d0:ad:4b:c6:10:78:13:3a:9e:3b:60:d8:d3:a6:aeSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

setupapi

user32

advapi32

shell32

Sections

.text Size: 155KB - Virtual size: 155KB

.rdata Size: 60KB - Virtual size: 60KB

.data Size: 66KB - Virtual size: 79KB

.pdata Size: 6KB - Virtual size: 6KB

.rsrc Size: 2KB - Virtual size: 1KB

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

08:fc:2a:6c:41:1d:88:e7:25:3c:3d:99:17:0e:ae:62
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

ab:d1:46:e6:c6:d0:ad:4b:c6:10:78:13:3a:9e:3b:60:d8:d3:a6:ae
Signer

.text
Size: 155KB - Virtual size: 155KB

.rdata
Size: 60KB - Virtual size: 60KB

.data
Size: 66KB - Virtual size: 79KB

.pdata
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 2KB - Virtual size: 1KB