006f934a975e62b1f3433bedd462b990N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

006f934a975e62b1f3433bedd462b990N.exe
Size

633KB
MD5

006f934a975e62b1f3433bedd462b990
SHA1

7cdd3d949a4ab8fd32d25ef7c094a95bd14df2d9
SHA256

436ba2750bb208f818506490d1dec9afc8dc265451e866b37a0f6ab87875f548
SHA512

3074be83c76f014f5ce2510936b6816ba226b7b8fef99ff975c7bd63fd2051e7609b397b0334dd6cf61db4e2ee79860ab1448a30be8199db330d7d706901905a
SSDEEP

12288:yRTT6ynURdOsdQLoxCvON8NpNtLsb2VLhazu3vyf1My+d:yRTuynUWxYCcPshaFf1My+d

Score

1^/10

Malware Config

Signatures

Files

006f934a975e62b1f3433bedd462b990N.exe
.dll windows:4 windows x64 arch:x64

c342d6d599b47ae19cd53a82000c725a

Code Sign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

31/05/2021, 06:43

Not After

17/09/2029, 06:43

Subject

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5e:ea:80:be:d6:eb:e6:b7:74:0d:b8:36:28:34:5d:b8
Certificate

Issuer

CN=SSL.com Code Signing Intermediate CA RSA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Not Before

20/06/2022, 16:45

Not After

19/06/2025, 16:45

Subject

CN=Rekordcloud,O=Rekordcloud,L=Enschede,ST=Overijssel,C=NL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

64:33:51:d3:c7:38:9f:08
Certificate

Issuer

CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

24/06/2016, 20:44

Not After

24/06/2031, 20:44

Subject

CN=SSL.com Code Signing Intermediate CA RSA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:c5:cc:f8:bb:66:7d:71:37:aa:c1:59:80:06:cb:31
Certificate

Issuer

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

02/11/2023, 08:32

Not After

30/10/2034, 08:32

Subject

CN=Certum Timestamp 2023,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

c1:60:91:c6:8b:a2:09:58:ed:8a:35:ee:f7:c7:7a:c7:0b:2b:e4:82:85:97:9a:7a:52:df:99:9d:11:72:ba:29
Signer

Actual PE Digest

c1:60:91:c6:8b:a2:09:58:ed:8a:35:ee:f7:c7:7a:c7:0b:2b:e4:82:85:97:9a:7a:52:df:99:9d:11:72:ba:29

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
CreateEventA
CreateFileA
DeleteCriticalSection
EnterCriticalSection
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetFileInformationByHandle
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetSystemTimeAsFileTime
GetTempPathA
GetTickCount
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
MultiByteToWideChar
QueryPerformanceCounter
RaiseException
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlUnwindEx
RtlVirtualUnwind
SetEndOfFile
SetEvent
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte

msvcrt

___lc_codepage_func
__dllonexit
__iob_func
__mb_cur_max
_access
_amsg_exit
_close
_dup
_errno
_exit
_fstat64
_get_osfhandle
_initterm
_isatty
_lock
_lseek
_lseeki64
_onexit
_open
_read
_setmode
_snwprintf
_sopen
_stat64
_strdup
_strnicmp
_unlock
_vsnprintf
_write
abort
atoi
bsearch
calloc
exit
fflush
fputc
fputwc
free
fwprintf
fwrite
getenv
isalnum
isupper
localeconv
malloc
memcmp
memcpy
memmove
memset
putc
raise
rand
realloc
remove
setlocale
signal
strchr
strcmp
strerror
strlen
strncmp
tolower
toupper
vfprintf
wcscpy
wcslen

user32

MessageBoxW

Exports

Exports

_GCC_specific_handler
_Unwind_Backtrace
_Unwind_DeleteException
_Unwind_FindEnclosingFunction
_Unwind_ForcedUnwind
_Unwind_GetCFA
_Unwind_GetDataRelBase
_Unwind_GetGR
_Unwind_GetIP
_Unwind_GetIPInfo
_Unwind_GetLanguageSpecificData
_Unwind_GetRegionStart
_Unwind_GetTextRelBase
_Unwind_RaiseException
_Unwind_Resume
_Unwind_Resume_or_Rethrow
_Unwind_SetGR
_Unwind_SetIP
__quadmath_do_pad
__quadmath_fpioconst_pow10
__quadmath_mpn_add_n
__quadmath_mpn_addmul_1
__quadmath_mpn_cmp
__quadmath_mpn_divrem
__quadmath_mpn_extract_flt128
__quadmath_mpn_impn_mul_n
__quadmath_mpn_impn_mul_n_basecase
__quadmath_mpn_lshift
__quadmath_mpn_mul
__quadmath_mpn_mul_1
__quadmath_mpn_rshift
__quadmath_mpn_sub_n
__quadmath_mpn_submul_1
__quadmath_printf_fp
__quadmath_printf_fphex
__quadmath_tens
_gfortran_adjustl
_gfortran_adjustl_char4
_gfortran_adjustr
_gfortran_adjustr_char4
_gfortran_arandom_r10
_gfortran_arandom_r16
_gfortran_arandom_r4
_gfortran_arandom_r8
_gfortran_backtrace
_gfortran_compare_string
_gfortran_compare_string_char4
_gfortran_concat_string
_gfortran_concat_string_char4
_gfortran_generate_error
_gfortran_os_error
_gfortran_random_r10
_gfortran_random_r16
_gfortran_random_r4
_gfortran_random_r8
_gfortran_random_seed_i4
_gfortran_random_seed_i8
_gfortran_runtime_error
_gfortran_runtime_error_at
_gfortran_runtime_warning_at
_gfortran_set_args
_gfortran_set_convert
_gfortran_set_fpe
_gfortran_set_max_subrecord_length
_gfortran_set_options
_gfortran_set_record_marker
_gfortran_st_iolength
_gfortran_st_iolength_done
_gfortran_st_open
_gfortran_st_read
_gfortran_st_read_done
_gfortran_st_set_nml_var
_gfortran_st_set_nml_var_dim
_gfortran_st_wait
_gfortran_st_write
_gfortran_st_write_done
_gfortran_store_exe_path
_gfortran_string_index
_gfortran_string_index_char4
_gfortran_string_len_trim
_gfortran_string_len_trim_char4
_gfortran_string_minmax
_gfortran_string_minmax_char4
_gfortran_string_scan
_gfortran_string_scan_char4
_gfortran_string_trim
_gfortran_string_trim_char4
_gfortran_string_verify
_gfortran_string_verify_char4
_gfortran_transfer_array
_gfortran_transfer_array_write
_gfortran_transfer_character
_gfortran_transfer_character_wide
_gfortran_transfer_character_wide_write
_gfortran_transfer_character_write
_gfortran_transfer_complex
_gfortran_transfer_complex_write
_gfortran_transfer_integer
_gfortran_transfer_integer_write
_gfortran_transfer_logical
_gfortran_transfer_logical_write
_gfortran_transfer_real
_gfortran_transfer_real_write
_gfortrani_backtrace_handler
_gfortrani_big_endian
_gfortrani_cf_strcpy
_gfortrani_close_unit
_gfortrani_close_units
_gfortrani_compare_file_filename
_gfortrani_compile_options
_gfortrani_convert_infnan
_gfortrani_convert_real
_gfortrani_error_stream
_gfortrani_estr_write
_gfortrani_exit_error
_gfortrani_fbuf_alloc
_gfortrani_fbuf_destroy
_gfortrani_fbuf_flush
_gfortrani_fbuf_flush_list
_gfortrani_fbuf_getc_refill
_gfortrani_fbuf_init
_gfortrani_fbuf_read
_gfortrani_fbuf_reset
_gfortrani_fbuf_seek
_gfortrani_fc_strdup
_gfortrani_fc_strdup_notrim
_gfortrani_file_exists
_gfortrani_file_size
_gfortrani_filename_from_unit
_gfortrani_find_file
_gfortrani_find_option
_gfortrani_find_or_create_unit
_gfortrani_find_unit
_gfortrani_finish_last_advance_record
_gfortrani_finish_list_read
_gfortrani_flush_all_units
_gfortrani_flush_if_preconnected
_gfortrani_format_error
_gfortrani_free_format
_gfortrani_free_format_data
_gfortrani_free_format_hash_table
_gfortrani_free_internal_unit
_gfortrani_free_ionml
_gfortrani_fstrcpy
_gfortrani_fstrlen
_gfortrani_generate_warning
_gfortrani_get_args
_gfortrani_get_fpu_except_flags
_gfortrani_get_fpu_rounding_mode
_gfortrani_get_fpu_state
_gfortrani_get_fpu_trap_exceptions
_gfortrani_get_fpu_underflow_mode
_gfortrani_get_internal_unit
_gfortrani_get_unformatted_convert
_gfortrani_get_unique_unit_number
_gfortrani_get_unit
_gfortrani_gf_strerror
_gfortrani_gfc_itoa
_gfortrani_gfc_xtoa
_gfortrani_hit_eof
_gfortrani_init_compile_options
_gfortrani_init_loop_spec
_gfortrani_init_units
_gfortrani_init_variables
_gfortrani_input_stream
_gfortrani_inquire_direct
_gfortrani_inquire_formatted
_gfortrani_inquire_read
_gfortrani_inquire_readwrite
_gfortrani_inquire_sequential
_gfortrani_inquire_unformatted
_gfortrani_inquire_write
_gfortrani_internal_error
_gfortrani_library_start
_gfortrani_list_formatted_read
_gfortrani_list_formatted_write
_gfortrani_max_offset
_gfortrani_mem_alloc_r
_gfortrani_mem_alloc_r4
_gfortrani_mem_alloc_w
_gfortrani_mem_alloc_w4
_gfortrani_memcmp_char4
_gfortrani_namelist_read
_gfortrani_namelist_write
_gfortrani_new_unit
_gfortrani_next_array_record
_gfortrani_next_format
_gfortrani_next_record
_gfortrani_notification_std
_gfortrani_notify_std
_gfortrani_old_locale
_gfortrani_old_locale_ctr
_gfortrani_old_locale_lock
_gfortrani_open_external
_gfortrani_open_internal
_gfortrani_open_internal4
_gfortrani_options
_gfortrani_output_stream
_gfortrani_parse_format
_gfortrani_read_a
_gfortrani_read_block_form
_gfortrani_read_block_form4
_gfortrani_read_decimal
_gfortrani_read_f
_gfortrani_read_l
_gfortrani_read_radix
_gfortrani_read_x
_gfortrani_set_fpu
_gfortrani_set_fpu_except_flags
_gfortrani_set_fpu_rounding_mode
_gfortrani_set_fpu_state
_gfortrani_set_fpu_trap_exceptions
_gfortrani_set_fpu_underflow_mode
_gfortrani_set_integer
_gfortrani_show_backtrace
_gfortrani_show_locus
_gfortrani_si_max
_gfortrani_size_from_complex_kind
_gfortrani_size_from_real_kind
_gfortrani_st_printf
_gfortrani_st_vprintf
_gfortrani_stream_isatty
_gfortrani_stream_ttyname
_gfortrani_stupid_function_name_for_static_linking
_gfortrani_support_fpu_flag
_gfortrani_support_fpu_rounding_mode
_gfortrani_support_fpu_trap
_gfortrani_support_fpu_underflow_control
_gfortrani_sys_abort
_gfortrani_translate_error
_gfortrani_type_name
_gfortrani_unget_format
_gfortrani_unit_lock
_gfortrani_unit_root
_gfortrani_unit_to_fd
_gfortrani_unit_truncate
_gfortrani_unlock_unit
_gfortrani_write_a
_gfortrani_write_a_char4
_gfortrani_write_b
_gfortrani_write_block
_gfortrani_write_d
_gfortrani_write_e
_gfortrani_write_en
_gfortrani_write_es
_gfortrani_write_f
_gfortrani_write_i
_gfortrani_write_l
_gfortrani_write_o
_gfortrani_write_real
_gfortrani_write_real_g0
_gfortrani_write_x
_gfortrani_write_z
_gfortrani_xcalloc
_gfortrani_xmalloc
_gfortrani_xmallocarray
_gfortrani_xrealloc
_pthread_rel_time_in_ms
_pthread_time_in_ms
_pthread_time_in_ms_from_timespec
backtrace_alloc
backtrace_close
backtrace_create_state
backtrace_dwarf_add
backtrace_free
backtrace_full
backtrace_get_view
backtrace_initialize
backtrace_open
backtrace_pcinfo
backtrace_qsort
backtrace_release_view
backtrace_simple
backtrace_syminfo
backtrace_vector_finish
backtrace_vector_grow
backtrace_vector_release
diff_
g1_
h12_
isinfq
isnanq
nnls_
pthread_mutex_destroy
pthread_mutex_init
pthread_mutex_lock
pthread_mutex_timedlock
pthread_mutex_trylock
pthread_mutex_unlock
pthread_mutexattr_destroy
pthread_mutexattr_getprioceiling
pthread_mutexattr_getprotocol
pthread_mutexattr_getpshared
pthread_mutexattr_gettype
pthread_mutexattr_init
pthread_mutexattr_setprioceiling
pthread_mutexattr_setprotocol
pthread_mutexattr_setpshared
pthread_mutexattr_settype
quadmath_snprintf
read_a_char4
signbitq

Sections

.text
Size: 229KB - Virtual size: 229KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 440B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/4
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/31
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/45
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/57
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/70
Size: 1024B - Virtual size: 810B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/81
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/92
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c342d6d599b47ae19cd53a82000c725a

Code Sign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27Certificate

Key Usages

5e:ea:80:be:d6:eb:e6:b7:74:0d:b8:36:28:34:5d:b8Certificate

Extended Key Usages

Key Usages

64:33:51:d3:c7:38:9f:08Certificate

Extended Key Usages

Key Usages

09:c5:cc:f8:bb:66:7d:71:37:aa:c1:59:80:06:cb:31Certificate

Extended Key Usages

Key Usages

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87Certificate

Extended Key Usages

Key Usages

c1:60:91:c6:8b:a2:09:58:ed:8a:35:ee:f7:c7:7a:c7:0b:2b:e4:82:85:97:9a:7a:52:df:99:9d:11:72:ba:29Signer

Headers

File Characteristics

Imports

kernel32

msvcrt

user32

Exports

Exports

Sections

.text Size: 229KB - Virtual size: 229KB

.data Size: 1KB - Virtual size: 1KB

.rdata Size: 38KB - Virtual size: 37KB

.pdata Size: 7KB - Virtual size: 6KB

.xdata Size: 7KB - Virtual size: 6KB

.bss Size: - Virtual size: 5KB

.edata Size: 10KB - Virtual size: 10KB

.idata Size: 4KB - Virtual size: 3KB

.CRT Size: 512B - Virtual size: 88B

.tls Size: 512B - Virtual size: 104B

.reloc Size: 512B - Virtual size: 440B

/4 Size: 1024B - Virtual size: 784B

/19 Size: 69KB - Virtual size: 68KB

/31 Size: 6KB - Virtual size: 5KB

/45 Size: 11KB - Virtual size: 11KB

/57 Size: 2KB - Virtual size: 2KB

/70 Size: 1024B - Virtual size: 810B

/81 Size: 74KB - Virtual size: 73KB

/92 Size: 7KB - Virtual size: 6KB

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

5e:ea:80:be:d6:eb:e6:b7:74:0d:b8:36:28:34:5d:b8
Certificate

64:33:51:d3:c7:38:9f:08
Certificate

09:c5:cc:f8:bb:66:7d:71:37:aa:c1:59:80:06:cb:31
Certificate

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

c1:60:91:c6:8b:a2:09:58:ed:8a:35:ee:f7:c7:7a:c7:0b:2b:e4:82:85:97:9a:7a:52:df:99:9d:11:72:ba:29
Signer

.text
Size: 229KB - Virtual size: 229KB

.data
Size: 1KB - Virtual size: 1KB

.rdata
Size: 38KB - Virtual size: 37KB

.pdata
Size: 7KB - Virtual size: 6KB

.xdata
Size: 7KB - Virtual size: 6KB

.bss
Size: - Virtual size: 5KB

.edata
Size: 10KB - Virtual size: 10KB

.idata
Size: 4KB - Virtual size: 3KB

.CRT
Size: 512B - Virtual size: 88B

.tls
Size: 512B - Virtual size: 104B

.reloc
Size: 512B - Virtual size: 440B

/4
Size: 1024B - Virtual size: 784B

/19
Size: 69KB - Virtual size: 68KB

/31
Size: 6KB - Virtual size: 5KB

/45
Size: 11KB - Virtual size: 11KB

/57
Size: 2KB - Virtual size: 2KB

/70
Size: 1024B - Virtual size: 810B

/81
Size: 74KB - Virtual size: 73KB

/92
Size: 7KB - Virtual size: 6KB