blogar-129[.]rar_493413[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

blogar-129.rar_493413.exe
Size

10.6MB
MD5

7dcde8ce9c29b7960594f56896bb093e
SHA1

f0a180d1d4c37ad694cdd5007476ed94d396f0fb
SHA256

e2872c560e8ea1a5da8223cbc2610a3b45183e62ddbceabf42b9c38f2cb43194
SHA512

1936a3a857aeb319946879e53007402f20c9ba523eafe0af681706b097c58ff7802c03d3cd4f2f8edfbb7b0a629e75e3665c45513285fb73639264eb00330e3a
SSDEEP

196608:8IGys4iA3WvuP21/0nW1LQtF/N4uiKDKNF/NluPPiUkRm+HqkRvPimkR4+HbTZ8Z:wlA3Wvuu1TQtF/N4uiKDKNF/NluPPiUs

Score

1^/10

Malware Config

Signatures

Files

blogar-129.rar_493413.exe
.exe windows:6 windows x86 arch:x86

d1eabac9406954f7444d25498bf1042d

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b3:d0:64:9e:4d:eb:45:e2:60:b5:3d:30:63:6d:e1:cb
Certificate

Issuer

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Not Before

09/01/2024, 00:00

Not After

08/01/2025, 23:59

Subject

SERIALNUMBER=20201775850,CN=Sharp Innovations Inc.,O=Sharp Innovations Inc.,ST=Colorado,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#1308436f6c6f7261646f,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3a:52:6a:2c:84:ce:55:e6:1d:65:fc:cc:12:d8:e9:89
Certificate

Issuer

CN=Sectigo Public Time Stamping CA R36,O=Sectigo Limited,C=GB

Not Before

15/01/2024, 00:00

Not After

14/04/2035, 23:59

Subject

CN=Sectigo Public Time Stamping Signer R35,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

7a:23:ae:da:53:69:96:0f:91:c8:3e:5c:f4:c7:e3:3f
Certificate

Issuer

CN=Sectigo Public Time Stamping Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Time Stamping CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

36:c2:b0:bd:7c:1b:3a:e7:a3:b3:dd:36:cb:c9:75:68
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

22/03/2021, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo Public Time Stamping Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

73:9b:fe:a4:48:00:a3:cc:65:e7:9d:30:e9:72:e7:eb:92:d0:8d:a8:d2:7b:e9:88:09:8f:52:d7:dd:42:8d:07
Signer

Actual PE Digest

73:9b:fe:a4:48:00:a3:cc:65:e7:9d:30:e9:72:e7:eb:92:d0:8d:a8:d2:7b:e9:88:09:8f:52:d7:dd:42:8d:07

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

OleUninitialize
RevokeDragDrop
RegisterDragDrop
OleInitialize
CoCreateInstance

kernel32

SetThreadPriority
IsValidLocale
WaitForSingleObjectEx
TlsGetValue
GetTickCount
EnterCriticalSection
HeapAlloc
UnhandledExceptionFilter
GetModuleHandleExW
CreateThread
WaitForMultipleObjects
FreeEnvironmentStringsW
TerminateProcess
GetStringTypeW
GetFileSizeEx
LoadLibraryA
InitializeCriticalSection
MultiByteToWideChar
EnumSystemLocalesW
GetFileSize
CompareStringOrdinal
WakeAllConditionVariable
WakeConditionVariable
SleepEx
WideCharToMultiByte
PeekNamedPipe
RaiseException
FreeLibraryAndExitThread
LoadLibraryExW
QueryPerformanceCounter
GlobalAlloc
GetCurrentDirectoryW
SetStdHandle
LoadLibraryW
AttachConsole
HeapSize
LCMapStringW
GetModuleHandleW
OutputDebugStringW
IsProcessorFeaturePresent
IsValidCodePage
TryEnterCriticalSection
ReleaseSRWLockExclusive
GetACP
GetModuleHandleA
SetEnvironmentVariableW
MoveFileExW
HeapFree
GetLastError
ReadConsoleW
GetFileAttributesW
GetFileType
VerSetConditionMask
ExitProcess
LeaveCriticalSection
FindNextFileW
Sleep
GetFileAttributesExW
GetCurrentThread
SetEvent
GlobalSize
SetFilePointer
LCMapStringEx
GetSystemDirectoryW
FileTimeToSystemTime
FindClose
GetModuleFileNameW
GetEnvironmentVariableA
IsDebuggerPresent
FreeLibrary
TerminateThread
GetStdHandle
FindFirstFileExW
TlsFree
GlobalLock
InitializeCriticalSectionEx
GetSystemTimeAsFileTime
GetCPInfo
ResumeThread
SetEndOfFile
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetCommandLineW
SleepConditionVariableCS
QueryPerformanceFrequency
GetCurrentThreadId
SetPriorityClass
CreateFileW
GetProcessHeap
GetCommandLineA
InitializeSListHead
GetUserDefaultLCID
FormatMessageW
SystemTimeToTzSpecificLocalTime
GetFileInformationByHandle
lstrlenA
TlsSetValue
GlobalUnlock
GetOEMCP
HeapReAlloc
AcquireSRWLockExclusive
ReleaseMutex
DecodePointer
SetLastError
InitializeConditionVariable
ExitThread
SetUnhandledExceptionFilter
CreateEventW
GetDateFormatW
GetLocaleInfoW
WaitForSingleObject
GetCurrentProcessId
GetTickCount64
CreateMutexW
GetTimeFormatW
GetDriveTypeW
GetEnvironmentStringsW
ResetEvent
VerifyVersionInfoW
InitializeSRWLock
GetStartupInfoW
GetCurrentProcess
DeleteFileW
GetTimeZoneInformation
lstrcatA
SetThreadAffinityMask
GetConsoleOutputCP
FlushFileBuffers
GetProcAddress
ReadFile
SleepConditionVariableSRW
EncodePointer
TlsAlloc
CloseHandle
GetFullPathNameW
GetConsoleMode
CompareStringW
RtlUnwind
WriteFile
WriteConsoleW
SetFilePointerEx

gdi32

DeleteDC
SetMapMode
RestoreDC
CreateCompatibleDC
StretchDIBits
SetMapperFlags
CreateRectRgn
GetDeviceCaps
CreateBitmap
GetTextMetricsW
GetGlyphOutlineW
GetGlyphIndicesW
CreateDIBSection
SelectObject
GetOutlineTextMetricsW
CreateRectRgnIndirect
CombineRgn
CreateFontIndirectW
RemoveFontMemResourceEx
ExcludeClipRect
SaveDC
GetRegionData
GetKerningPairsW
DeleteObject

shell32

ExtractAssociatedIconW
ShellExecuteW
DragQueryFileW

oleaut32

SysAllocString
SafeArrayPutElement
SafeArrayUnaccessData
SafeArrayCreateVector
SafeArrayAccessData
SafeArrayDestroy

user32

AttachThreadInput
DefWindowProcW
GetWindowPlacement
OpenClipboard
EnableMenuItem
ToUnicode
GetCursorPos
IsChild
BeginPaint
UnregisterClassW
IsWindowVisible
GetAncestor
RegisterClassExW
RedrawWindow
DestroyWindow
LoadCursorW
SendMessageTimeoutW
GetMessagePos
GetForegroundWindow
GetWindowLongW
InvalidateRect
SetClipboardData
CallNextHookEx
WindowFromPoint
MapVirtualKeyW
IsWindow
SetCaretPos
GetMessageTime
GetClipboardData
GetWindowThreadProcessId
GetActiveWindow
SetCursor
MapWindowPoints
SystemParametersInfoW
UpdateLayeredWindow
SetWindowTextW
GetWindowRect
GetParent
GetSystemMenu
SetCapture
CloseClipboard
CreateCaret
GetDesktopWindow
wsprintfA
DestroyIcon
VkKeyScanW
DestroyCursor
SetWindowsHookExW
EnumDisplayMonitors
UnhookWindowsHookEx
SetLayeredWindowAttributes
CreateIconIndirect
EmptyClipboard
GetWindowInfo
GetMessageW
SendMessageW
GetFocus
PostMessageW
GetMonitorInfoW
ReleaseDC
BringWindowToTop
SetCursorPos
EnumWindows
ShowWindow
SetFocus
DestroyCaret
MessageBeep
GetCapture
SendNotifyMessageW
TranslateMessage
SetWindowLongW
EnumChildWindows
GetMessageExtraInfo
GetAsyncKeyState
GetKeyboardState
MonitorFromWindow
TrackMouseEvent
PeekMessageW
DispatchMessageW
GetUpdateRgn
SetWindowPos
EndPaint
GetWindowTextW
GetDC
ReleaseCapture
CreateWindowExW
ShowCaret

advapi32

CryptDestroyHash
CryptImportKey
CryptReleaseContext
CryptGetHashParam
CryptHashData
CryptAcquireContextW
CryptCreateHash
CryptDestroyKey
CryptEncrypt
CloseServiceHandle

ws2_32

freeaddrinfo
WSAIoctl
WSACreateEvent
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
__WSAFDIsSet
bind
closesocket
select
listen
WSAEventSelect
WSAStartup
getpeername
getaddrinfo
getsockname
send
WSASetLastError
ntohs
connect
recvfrom
recv
getsockopt
htonl
htons
WSACloseEvent
sendto
ioctlsocket
setsockopt
WSAGetLastError
WSACleanup
WSAResetEvent
gethostname
accept
socket

winmm

timeBeginPeriod
timeGetTime

imm32

ImmNotifyIME
ImmGetContext
ImmIsUIMessageW
ImmAssociateContext
ImmSetCandidateWindow
ImmGetCompositionStringW
ImmReleaseContext
ImmAssociateContextEx

dxgi

CreateDXGIFactory

bcrypt

BCryptGenRandom

crypt32

CryptStringToBinaryW
CertCloseStore
CertFindExtension
CertFreeCertificateContext
PFXImportCertStore
CryptQueryObject
CertEnumCertificatesInStore
CertGetNameStringW
CertFreeCertificateChain
CertAddCertificateContextToStore
CertGetCertificateChain
CertFreeCertificateChainEngine
CertOpenStore
CryptDecodeObjectEx
CertCreateCertificateChainEngine
CertFindCertificateInStore

Sections

.text
Size: 9.9MB - Virtual size: 9.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 410KB - Virtual size: 409KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 33KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 161KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d1eabac9406954f7444d25498bf1042d

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6eCertificate

Extended Key Usages

Key Usages

b3:d0:64:9e:4d:eb:45:e2:60:b5:3d:30:63:6d:e1:cbCertificate

Extended Key Usages

Key Usages

3a:52:6a:2c:84:ce:55:e6:1d:65:fc:cc:12:d8:e9:89Certificate

Extended Key Usages

Key Usages

7a:23:ae:da:53:69:96:0f:91:c8:3e:5c:f4:c7:e3:3fCertificate

Extended Key Usages

Key Usages

36:c2:b0:bd:7c:1b:3a:e7:a3:b3:dd:36:cb:c9:75:68Certificate

Extended Key Usages

Key Usages

73:9b:fe:a4:48:00:a3:cc:65:e7:9d:30:e9:72:e7:eb:92:d0:8d:a8:d2:7b:e9:88:09:8f:52:d7:dd:42:8d:07Signer

Headers

DLL Characteristics

File Characteristics

Imports

ole32

kernel32

gdi32

shell32

oleaut32

user32

advapi32

ws2_32

winmm

imm32

dxgi

bcrypt

crypt32

Sections

.text Size: 9.9MB - Virtual size: 9.9MB

.rdata Size: 410KB - Virtual size: 409KB

.data Size: 33KB - Virtual size: 39KB

.rsrc Size: 68KB - Virtual size: 67KB

.reloc Size: 161KB - Virtual size: 161KB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

b3:d0:64:9e:4d:eb:45:e2:60:b5:3d:30:63:6d:e1:cb
Certificate

3a:52:6a:2c:84:ce:55:e6:1d:65:fc:cc:12:d8:e9:89
Certificate

7a:23:ae:da:53:69:96:0f:91:c8:3e:5c:f4:c7:e3:3f
Certificate

36:c2:b0:bd:7c:1b:3a:e7:a3:b3:dd:36:cb:c9:75:68
Certificate

73:9b:fe:a4:48:00:a3:cc:65:e7:9d:30:e9:72:e7:eb:92:d0:8d:a8:d2:7b:e9:88:09:8f:52:d7:dd:42:8d:07
Signer

.text
Size: 9.9MB - Virtual size: 9.9MB

.rdata
Size: 410KB - Virtual size: 409KB

.data
Size: 33KB - Virtual size: 39KB

.rsrc
Size: 68KB - Virtual size: 67KB

.reloc
Size: 161KB - Virtual size: 161KB