9dc360d1063cf1975d75d74a909f86f1aeedaad81bc81a9a61e37b5b7775469f

Sharing

Copy URL

Twitter E-mail

General

Target

9dc360d1063cf1975d75d74a909f86f1aeedaad81bc81a9a61e37b5b7775469f
Size

2.8MB
MD5

9c36ce32befa3cb33d7745873c4db5b3
SHA1

51da096433142ebd6e04122a04760d3ff33b27ed
SHA256

9dc360d1063cf1975d75d74a909f86f1aeedaad81bc81a9a61e37b5b7775469f
SHA512

6d680fc3c94138514bec604e806c5a7404f310c123ba09e2f6caae686f6fdc26886acac5121c6f1892e276081230e69e66c5e5ca7b02e0f0c991713e2c028b65
SSDEEP

49152:1VUZMcNCu/aXwvg7CfUCOyzw4LxNPpOcQdRckhdIfTRfWG/Pm:1VgMsD+woufx1fWG/Pm

Score

1^/10

Malware Config

Signatures

Files

9dc360d1063cf1975d75d74a909f86f1aeedaad81bc81a9a61e37b5b7775469f
.dll regsvr32 windows:4 windows x86 arch:x86

2ac7a340a3aa040cc3a8e404720833a5

Code Sign

b2:f9:c6:93:a2:e6:63:45:65:f6:3c:79:b0:1d:d8:f8
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03-05-2021 00:00

Not After

03-05-2022 23:59

Subject

CN=PHL E STATE ApS,O=PHL E STATE ApS,L=Gentofte,ST=Hovedstaden,C=DK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-11-2018 00:00

Not After

31-12-2030 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12-03-2019 00:00

Not After

31-12-2028 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01-01-2004 00:00

Not After

31-12-2028 23:59

Subject

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6b:c8:a0:e7:c9:04:14:40:74:e2:65:38:72:9c:79:18:12:e9:3e:fd
Signer

Actual PE Digest

6b:c8:a0:e7:c9:04:14:40:74:e2:65:38:72:9c:79:18:12:e9:3e:fd

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

CryptAcquireContextA
CryptCreateHash
CryptDestroyHash
CryptDestroyKey
CryptEncrypt
CryptGetHashParam
CryptHashData
CryptImportKey
CryptReleaseContext

gdi32

AbortDoc
BitBlt
ChoosePixelFormat
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBSection
CreateFontIndirectW
CreateFontW
CreatePatternBrush
CreateSolidBrush
DeleteDC
DeleteObject
EndDoc
EndPage
GetCharABCWidthsW
GetCharWidth32W
GetClipBox
GetDeviceCaps
GetObjectW
GetStockObject
GetTextFaceW
GetTextMetricsW
RestoreDC
SaveDC
SelectObject
SetBkColor
SetBkMode
SetDIBits
SetMapMode
SetPixelFormat
SetStretchBltMode
SetTextColor
StartDocW
StartPage
StretchBlt
SwapBuffers

kernel32

AddVectoredExceptionHandler
CloseHandle
CreateEventA
CreateMutexW
CreateProcessA
CreateProcessW
CreateSemaphoreA
CreateThread
DeleteCriticalSection
DuplicateHandle
EnterCriticalSection
ExpandEnvironmentStringsA
FormatMessageA
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetExitCodeProcess
GetExitCodeThread
GetFileAttributesA
GetFileAttributesW
GetFileType
GetFullPathNameA
GetFullPathNameW
GetHandleInformation
GetLastError
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetProcessAffinityMask
GetStartupInfoA
GetStdHandle
GetSystemDirectoryA
GetSystemTimeAsFileTime
GetThreadContext
GetThreadPriority
GetTickCount
GetVersionExA
GlobalAlloc
GlobalFree
GlobalLock
GlobalSize
GlobalUnlock
InitializeCriticalSection
IsDBCSLeadByteEx
IsDebuggerPresent
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
MultiByteToWideChar
OpenProcess
OutputDebugStringA
PeekNamedPipe
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadFile
ReleaseMutex
ReleaseSemaphore
RemoveVectoredExceptionHandler
ResetEvent
ResumeThread
SetEvent
SetLastError
SetProcessAffinityMask
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
SleepEx
SuspendThread
TlsAlloc
TlsGetValue
TlsSetValue
TryEnterCriticalSection
VerSetConditionMask
VerifyVersionInfoA
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte

msvcrt

__getmainargs
__initenv
__lconv_init
__mb_cur_max
__p__acmdln
__p__commode
__p__fmode
__set_app_type
__setusermatherr
_amsg_exit
_beginthreadex
_cexit
_chdir
_chmod
_close
_endthreadex
_errno
_findclose
_findfirst
_findnext
_fstati64
_fullpath
_getcwd
_initterm
_iob
_lock
_lseeki64
_mkdir
_onexit
_open
_putws
_putenv
_rmdir
_read
_setjmp3
_stat
_stati64
_strdup
_sys_nerr
_ultoa
_unlock
_utime
_vsnprintf
_vsnwprintf
_wchdir
_wchmod
_wfindfirst
_wfindnext
_wfopen
_wfullpath
_wgetcwd
_wgetenv
_wmkdir
_wputenv
_wremove
_wrename
_wrmdir
_write
_wstat
abort
atof
atoi
calloc
exit
fclose
feof
ferror
fflush
fgets
fgetwc
fopen
fprintf
fputc
fputs
fputws
fread
free
fseek
ftell
fwrite
getc
getchar
getenv
gmtime
isalnum
isalpha
isgraph
islower
isprint
isspace
isupper
isxdigit
rename
mktime
localtime
localeconv
longjmp
malloc
memchr
memcmp
memcpy
memmove
memset
printf
puts
qsort
rand
realloc
remove
srand
setlocale
signal
strchr
strcmp
strcpy
strerror
strftime
strlen
strncmp
strncpy
strpbrk
strrchr
strstr
strtol
strtoul
time
tolower
toupper
ungetc
vfprintf
wcscat
wcscpy
wcslen

ole32

IIDFromString
OleCreate
OleInitialize
OleSetContainedObject

oleaut32

SysAllocString
SysAllocStringLen
SysFreeString

shell32

DragAcceptFiles
DragFinish
DragQueryFileW
DragQueryPoint
SHBrowseForFolderA
SHBrowseForFolderW
SHGetPathFromIDListA
SHGetPathFromIDListW
ShellExecuteA
ShellExecuteW
Shell_NotifyIconW

user32

AdjustWindowRect
AdjustWindowRectEx
AppendMenuW
BeginDeferWindowPos
CallNextHookEx
CallWindowProcA
CallWindowProcW
ChangeDisplaySettingsA
CheckMenuItem
ClientToScreen
CloseClipboard
CopyImage
CopyRect
CreateIconIndirect
CreateMenu
CreatePopupMenu
CreateWindowExA
CreateWindowExW
DefDlgProcW
DefWindowProcA
DefWindowProcW
DeferWindowPos
DestroyIcon
DestroyMenu
DestroyWindow
DispatchMessageA
DrawFocusRect
DrawFrameControl
DrawMenuBar
DrawTextW
EmptyClipboard
EnableMenuItem
EnableWindow
EndDeferWindowPos
EnumChildWindows
EnumDisplaySettingsA
EnumWindows
FillRect
FrameRect
GetActiveWindow
GetClassLongW
GetClassNameW
GetClientRect
GetClipboardData
GetCursor
GetCursorPos
GetDC
GetDesktopWindow
GetFocus
GetForegroundWindow
GetKeyState
GetMenu
GetMenuItemCount
GetParent
GetScrollPos
GetSysColor
GetSystemMetrics
GetUpdateRect
GetWindowInfo
GetWindowLongA
GetWindowLongW
GetWindowModuleFileNameW
GetWindowRect
GetWindowTextLengthW
GetWindowTextW
GetWindowThreadProcessId
InflateRect
InvalidateRect
IsClipboardFormatAvailable
IsDialogMessageA
IsIconic
IsRectEmpty
IsZoomed
LoadCursorA
LoadCursorW
LoadIconW
MessageBoxA
MessageBoxW
MoveWindow
MsgWaitForMultipleObjects
OffsetRect
OpenClipboard
PeekMessageA
PostMessageA
PostMessageW
PostThreadMessageA
RedrawWindow
RegisterClassA
RegisterClassExA
RegisterClassExW
RegisterClassW
RegisterHotKey
ReleaseCapture
ReleaseDC
ScreenToClient
SendMessageA
SendMessageW
SetCapture
SetClipboardData
SetCursor
SetCursorPos
SetFocus
SetForegroundWindow
SetMenu
SetMenuInfo
SetMenuItemBitmaps
SetMenuItemInfoW
SetScrollPos
SetWindowLongA
SetWindowLongW
SetWindowPos
SetWindowTextW
SetWindowsHookExA
SetWindowsHookExW
ShowCursor
ShowWindow
TrackPopupMenu
TranslateMessage
UnhookWindowsHookEx
UnregisterHotKey
ValidateRect

winmm

timeBeginPeriod
timeEndPeriod
timeGetTime
timeKillEvent
timeSetEvent

Exports

Exports

DllRegisterServer

Sections

.text
Size: 893KB - Virtual size: 892KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

code
Size: 427KB - Virtual size: 427KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE

.data
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

data
Size: 372KB - Virtual size: 371KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_WRITE

.rdata
Size: 698KB - Virtual size: 698KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 138KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 45KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 186KB - Virtual size: 186KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2ac7a340a3aa040cc3a8e404720833a5

Code Sign

b2:f9:c6:93:a2:e6:63:45:65:f6:3c:79:b0:1d:d8:f8Certificate

Extended Key Usages

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95Certificate

Key Usages

01Certificate

Key Usages

6b:c8:a0:e7:c9:04:14:40:74:e2:65:38:72:9c:79:18:12:e9:3e:fdSigner

Headers

File Characteristics

Imports

advapi32

gdi32

kernel32

msvcrt

ole32

oleaut32

shell32

user32

winmm

Exports

Exports

Sections

.text Size: 893KB - Virtual size: 892KB

code Size: 427KB - Virtual size: 427KB

.data Size: 9KB - Virtual size: 8KB

data Size: 372KB - Virtual size: 371KB

.rdata Size: 698KB - Virtual size: 698KB

.eh_fram Size: 138KB - Virtual size: 138KB

.bss Size: - Virtual size: 45KB

.idata Size: 22KB - Virtual size: 21KB

.CRT Size: 512B - Virtual size: 56B

.tls Size: 512B - Virtual size: 8B

.rsrc Size: 26KB - Virtual size: 25KB

.reloc Size: 102KB - Virtual size: 101KB

Size: 186KB - Virtual size: 186KB

b2:f9:c6:93:a2:e6:63:45:65:f6:3c:79:b0:1d:d8:f8
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

01
Certificate

6b:c8:a0:e7:c9:04:14:40:74:e2:65:38:72:9c:79:18:12:e9:3e:fd
Signer

.text
Size: 893KB - Virtual size: 892KB

code
Size: 427KB - Virtual size: 427KB

.data
Size: 9KB - Virtual size: 8KB

data
Size: 372KB - Virtual size: 371KB

.rdata
Size: 698KB - Virtual size: 698KB

.eh_fram
Size: 138KB - Virtual size: 138KB

.bss
Size: - Virtual size: 45KB

.idata
Size: 22KB - Virtual size: 21KB

.CRT
Size: 512B - Virtual size: 56B

.tls
Size: 512B - Virtual size: 8B

.rsrc
Size: 26KB - Virtual size: 25KB

.reloc
Size: 102KB - Virtual size: 101KB