09d44cada639abe13106b207ef234f50N

Sharing

Copy URL Twitter E-mail

General

Target

09d44cada639abe13106b207ef234f50N
Size

5.0MB
MD5

09d44cada639abe13106b207ef234f50
SHA1

7a0bb11363f16d8733b8b30ed8f208b6f594dff0
SHA256

aa438fb8dcfe17a5985903c166c61a06220f05e3d445f0d7fc10355d10f37396
SHA512

a04cdf28147c1723cf093167dbeffdbc1a9382cef36183e48f371c5757344bf1af17996f1c4faead611fa8b7005418344e82255bf85b3a6b6186941c436868a1
SSDEEP

98304:RmSU8U5D/aM64WCGabFTurAQ6xIkNnwIGG/nWRF8NO:RnILaH4WCGaFirtw3+IGWWRFD

Score

1^/10

Malware Config

Signatures

Files

09d44cada639abe13106b207ef234f50N
.exe windows:6 windows x86 arch:x86

547be18db0c6e939d41e66ecf3b45cd8

Code Sign

31:de:21:8a:16:c9:bc:af:4e:31:dc:78:5f:d8:43:f9
Certificate

Issuer

CN=Tiny Midwife,L=Demopolis,C=US

Not Before

25/02/2023, 04:00

Not After

25/02/2026, 04:00

Subject

CN=Decent Hoist,L=Flemington,C=US

1e:6b:9d:d4:64:76:fc:5a:b4:49:6d:83:7d:27:ce:f6
Certificate

Issuer

CN=Decent Hoist,L=Flemington,C=US

Not Before

20/01/2024, 04:00

Not After

20/01/2025, 04:00

Subject

CN=Look Hunch,L=Pittsfield,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

15:67:40:84:05:1e:b6:35:10:e4:aa:f7:e1:38:29:e9:77:ad:e5:68:92:2a:e1:79:de:b5:f9:80:a8:df:c5:85
Signer

Actual PE Digest

15:67:40:84:05:1e:b6:35:10:e4:aa:f7:e1:38:29:e9:77:ad:e5:68:92:2a:e1:79:de:b5:f9:80:a8:df:c5:85

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
SetLastError
HeapAlloc
HeapFree
GetProcessHeap
GetNativeSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
FreeLibrary
GetProcAddress
LoadLibraryA
IsBadReadPtr
IsProcessorFeaturePresent
GetVersion
GetSystemDirectoryW
GetModuleHandleA
LoadLibraryExW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
CloseHandle
InitializeCriticalSection
SetEvent
ResetEvent
ReleaseSemaphore
WaitForSingleObject
CreateEventA
CreateSemaphoreA
AreFileApisANSI
MultiByteToWideChar
WideCharToMultiByte
GetModuleFileNameA
GetModuleFileNameW
LocalFree
FormatMessageA
FormatMessageW
SetCurrentDirectoryA
SetCurrentDirectoryW
GetCurrentDirectoryA
GetCurrentDirectoryW
CreateDirectoryA
CreateDirectoryW
CreateFileW
DeleteFileA
DeleteFileW
RemoveDirectoryA
RemoveDirectoryW
SetFileAttributesA
SetFileAttributesW
SetFileTime
GetTempPathW
GetTempPathA
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
GetModuleHandleW
FindClose
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
GetFileAttributesA
GetFileAttributesW
GetFileInformationByHandle
CreateFileA
GetFileSize
ReadFile
SetEndOfFile
SetFilePointer
WriteFile
GetCurrentProcess
GetSystemInfo
GlobalMemoryStatus
GetProcessAffinityMask
GetStdHandle
QueryPerformanceCounter
Sleep
GetCommandLineW
CreateProcessA
GetVersionExA
lstrlenW
WriteConsoleW
SetFilePointerEx
DecodePointer
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
HeapSize
GetStringTypeW
SetStdHandle
GetFileType
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
LCMapStringW
HeapReAlloc
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
EncodePointer
RtlUnwind
RaiseException
InitializeSListHead
GetSystemTimeAsFileTime
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsDebuggerPresent

user32

DestroyWindow
LoadIconA
KillTimer
SetTimer
EndDialog
PostMessageA
SendMessageA
MessageBoxW
SetWindowTextW
SetWindowTextA
LoadStringW
LoadStringA
SetWindowLongA
GetWindowLongA
GetDlgItem
DialogBoxParamW
DialogBoxParamA
CharUpperW
CharUpperA
ShowWindow

shell32

CommandLineToArgvW
ShellExecuteExA

oleaut32

VariantClear
SysAllocStringLen
SysStringLen

Sections

.text
Size: 292KB - Virtual size: 292KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

547be18db0c6e939d41e66ecf3b45cd8

Code Sign

31:de:21:8a:16:c9:bc:af:4e:31:dc:78:5f:d8:43:f9Certificate

1e:6b:9d:d4:64:76:fc:5a:b4:49:6d:83:7d:27:ce:f6Certificate

Extended Key Usages

15:67:40:84:05:1e:b6:35:10:e4:aa:f7:e1:38:29:e9:77:ad:e5:68:92:2a:e1:79:de:b5:f9:80:a8:df:c5:85Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

oleaut32

Sections

.text Size: 292KB - Virtual size: 292KB

.rdata Size: 42KB - Virtual size: 42KB

.data Size: 3KB - Virtual size: 22KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 10KB - Virtual size: 10KB

31:de:21:8a:16:c9:bc:af:4e:31:dc:78:5f:d8:43:f9
Certificate

1e:6b:9d:d4:64:76:fc:5a:b4:49:6d:83:7d:27:ce:f6
Certificate

15:67:40:84:05:1e:b6:35:10:e4:aa:f7:e1:38:29:e9:77:ad:e5:68:92:2a:e1:79:de:b5:f9:80:a8:df:c5:85
Signer

.text
Size: 292KB - Virtual size: 292KB

.rdata
Size: 42KB - Virtual size: 42KB

.data
Size: 3KB - Virtual size: 22KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 10KB - Virtual size: 10KB