9ea2f26dd377b33679ce84c98b8455866bcec9fe6a45f62c4ae3bca8bb83a67b

Sharing

Copy URL Twitter E-mail

General

Target

9ea2f26dd377b33679ce84c98b8455866bcec9fe6a45f62c4ae3bca8bb83a67b
Size

1.8MB
MD5

2204a739e720dadc80cbf51c67679dff
SHA1

937d02b2d74c9be5d2b3ac4f196ec060dd3cf21d
SHA256

9ea2f26dd377b33679ce84c98b8455866bcec9fe6a45f62c4ae3bca8bb83a67b
SHA512

bca6f3ceb92b991947bd54622533bde211ed9432b415e9e278d0f826199e3a6b529f0457d8c3a2655d5e2e5170f8b0387f99ab4940a6187f63098318d414de81
SSDEEP

24576:yCBlV+uGBNBnd8eeHc849wUb5OzO5iIxJxTKtrEH78A:II+8dUb56UL

Score

1^/10

Malware Config

Signatures

Files

9ea2f26dd377b33679ce84c98b8455866bcec9fe6a45f62c4ae3bca8bb83a67b
.exe windows:6 windows x86 arch:x86

9aa987c6d488cc4c640aa6ff0f2a74c7

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:40:e4:37:54:ed:e6:8c:00:00:00:00:51:d3:94:7f
Certificate

Issuer

CN=Entrust Root Certification Authority - G2,OU=See www.entrust.net/legal-terms+OU=(c) 2009 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Not Before

07/05/2021, 15:43

Not After

07/11/2030, 16:13

Subject

CN=Entrust Code Signing Root Certification Authority - CSBR1,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

35:af:b7:7b:9d:34:1f:6a:fc:8f:84:46:ab:31:35:2b
Certificate

Issuer

CN=Entrust Code Signing Root Certification Authority - CSBR1,O=Entrust\, Inc.,C=US

Not Before

07/05/2021, 19:19

Not After

29/12/2040, 23:59

Subject

CN=Entrust Extended Validation Code Signing CA - EVCS2,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:cd:10:be:69:48:a8:4a:70:b1:be:1e:11:c5:33:bc
Certificate

Issuer

CN=Entrust Extended Validation Code Signing CA - EVCS2,O=Entrust\, Inc.,C=US

Not Before

18/04/2024, 02:44

Not After

18/04/2025, 02:44

Subject

SERIALNUMBER=220-87-88066,CN=MediaClick Inc.,O=MediaClick Inc.,L=Gangnam-gu,ST=Seoul,C=KR,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024b52

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

28:87:3c:38:59:02:81:c1:e9:3d:6e:eb:81:02:e1:01:08:72:1e:81:dd:19:da:29:6b:1d:99:04:99:ab:a1:b7
Signer

Actual PE Digest

28:87:3c:38:59:02:81:c1:e9:3d:6e:eb:81:02:e1:01:08:72:1e:81:dd:19:da:29:6b:1d:99:04:99:ab:a1:b7

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

I:\vsprj\downtube-2.5\bin\downtube.pdb

Imports

kernel32

WaitForMultipleObjects
WriteFile
SetFileTime
SetFilePointer
GetCurrentDirectoryA
LocalFileTimeToFileTime
GetFileAttributesA
CreateFileA
SystemTimeToFileTime
GetTempPathA
GetWindowsDirectoryA
GetSystemDirectoryA
FindFirstFileA
FindClose
GetPrivateProfileStringA
WritePrivateProfileStringA
lstrlenA
GlobalFree
SetEvent
Process32Next
TerminateProcess
OpenProcess
Process32First
CreateToolhelp32Snapshot
GetProcessId
GetExitCodeProcess
DuplicateHandle
CreatePipe
GetCurrentProcess
GetProcessHeap
HeapAlloc
HeapReAlloc
GlobalLock
GlobalUnlock
SetLastError
GetCurrentThreadId
DecodePointer
GetVersionExA
RaiseException
DeleteCriticalSection
InitializeCriticalSectionEx
WriteConsoleW
GetTimeZoneInformation
GetFullPathNameW
GetCurrentDirectoryW
SetEndOfFile
FlushFileBuffers
ReadConsoleW
GetStringTypeW
SetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
HeapSize
GetConsoleOutputCP
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
SetFilePointerEx
FreeLibraryAndExitThread
ExitThread
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetFileInformationByHandle
GetDriveTypeW
GetFileAttributesExW
GetModuleFileNameW
GetModuleHandleExW
ExitProcess
VirtualQuery
VirtualProtect
GetSystemInfo
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RtlUnwind
GetFileSizeEx
CreateFileW
VerifyVersionInfoW
VerSetConditionMask
PeekNamedPipe
GetFileType
GetStdHandle
HeapFree
CreateProcessA
Sleep
LoadLibraryA
DeleteFileA
CreateThread
SetCurrentDirectoryA
CreateDirectoryA
CloseHandle
WaitForSingleObject
CreateEventA
CreateMutexA
lstrcmpA
MulDiv
LoadLibraryExA
FindResourceA
LoadResource
GetLastError
SizeofResource
EnterCriticalSection
LeaveCriticalSection
WideCharToMultiByte
IsDBCSLeadByte
MultiByteToWideChar
lstrcmpiA
GetModuleHandleA
GetProcAddress
GetEnvironmentVariableA
MoveFileExW
FormatMessageW
GetTickCount
LoadLibraryW
GetSystemDirectoryW
QueryPerformanceFrequency
SleepEx
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
InitializeCriticalSectionAndSpinCount
DeleteFileW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LocalFree
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
OutputDebugStringW
IsDebuggerPresent
ReadFile
GetConsoleMode
GlobalAlloc
SetEnvironmentVariableW
FreeLibrary

user32

InvalidateRgn
GetClientRect
CallWindowProcA
InvalidateRect
GetDC
ReleaseDC
GetWindowLongA
SetWindowLongA
DefWindowProcA
LoadCursorA
RegisterClassExA
CharNextA
IsWindow
DestroyAcceleratorTable
SetCursor
GetCapture
GetForegroundWindow
RegisterClassA
PtInRect
MapWindowPoints
SystemParametersInfoA
GetWindowRect
wsprintfA
FindWindowExA
SendMessageTimeoutA
IsWindowVisible
FindWindowA
GetDesktopWindow
CheckDlgButton
MessageBoxA
IsDlgButtonChecked
CloseClipboard
GetClipboardData
OpenClipboard
IsClipboardFormatAvailable
DestroyMenu
TrackPopupMenu
GetCursorPos
GetSubMenu
LoadMenuA
PostMessageA
DialogBoxParamA
PostQuitMessage
SetParent
KillTimer
LoadBitmapA
SetTimer
BringWindowToTop
SetForegroundWindow
UnregisterClassA
DispatchMessageA
TranslateMessage
TranslateAcceleratorA
IsDialogMessageA
GetMessageA
LoadAcceleratorsA
UpdateWindow
ShowWindow
LoadIconA
RegisterWindowMessageA
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
BeginPaint
EndPaint
IsChild
GetFocus
SetFocus
GetWindow
GetDlgItem
SendMessageA
GetClassNameA
GetSysColor
SetWindowPos
RedrawWindow
GetClassInfoExA
CreateWindowExA
CreateAcceleratorTableA
ClientToScreen
GetParent
ScreenToClient
MoveWindow
SetCapture
ReleaseCapture
FillRect
DestroyWindow
EndDialog

gdi32

GetDeviceCaps
GetObjectA
GetStockObject
DeleteDC
BitBlt
DeleteObject
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
CreateSolidBrush
CreateFontA
SetTextColor
SetBkColor

advapi32

RegCloseKey
CryptImportKey
RegQueryValueExA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegEnumKeyExA
RegQueryInfoKeyW
CryptEncrypt
RegDeleteKeyA
CryptDestroyKey
CryptAcquireContextW
CryptReleaseContext
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash

shell32

ShellExecuteA
Shell_NotifyIconA
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetMalloc
SHGetSpecialFolderPathA
SHGetSpecialFolderLocation

ole32

CoInitialize
OleUninitialize
StringFromGUID2
OleLockRunning
CoCreateInstance
CoGetClassObject
CLSIDFromString
OleInitialize
CoUninitialize
CoTaskMemFree
CreateStreamOnHGlobal
CoTaskMemAlloc
CoTaskMemRealloc
CLSIDFromProgID

oleaut32

SafeArrayAccessData
SafeArrayCreateVector
SysAllocStringByteLen
SafeArrayUnaccessData
VarUI4FromStr
SysStringByteLen
SysAllocStringLen
SysFreeString
SysAllocString
VariantInit
VariantClear
LoadTypeLi
LoadRegTypeLi
SysStringLen
OleCreateFontIndirect

shlwapi

PathFileExistsA
SHAutoComplete

comctl32

InitCommonControlsEx
ord17

uxtheme

SetWindowTheme

iphlpapi

GetAdaptersInfo

bcrypt

BCryptGenRandom

ws2_32

WSASetLastError
WSAIoctl
WSAStartup
WSACleanup
__WSAFDIsSet
select
accept
setsockopt
listen
getaddrinfo
freeaddrinfo
recvfrom
sendto
ioctlsocket
gethostname
socket
ntohs
htons
getsockopt
getsockname
getpeername
connect
bind
recv
WSAGetLastError
closesocket
WSAWaitForMultipleEvents
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
send
WSACloseEvent
htonl

wldap32

ord301
ord133
ord79
ord142
ord167
ord127
ord27
ord26
ord117
ord41
ord208
ord73
ord216
ord14
ord46
ord219
ord145
ord147

crypt32

CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringW
CertFindExtension
CertAddCertificateContextToStore
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryW
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore

Sections

.text
Size: 656KB - Virtual size: 655KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 917KB - Virtual size: 916KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9aa987c6d488cc4c640aa6ff0f2a74c7

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

4e:40:e4:37:54:ed:e6:8c:00:00:00:00:51:d3:94:7fCertificate

Extended Key Usages

Key Usages

35:af:b7:7b:9d:34:1f:6a:fc:8f:84:46:ab:31:35:2bCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

04:cd:10:be:69:48:a8:4a:70:b1:be:1e:11:c5:33:bcCertificate

Extended Key Usages

Key Usages

28:87:3c:38:59:02:81:c1:e9:3d:6e:eb:81:02:e1:01:08:72:1e:81:dd:19:da:29:6b:1d:99:04:99:ab:a1:b7Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

uxtheme

iphlpapi

bcrypt

ws2_32

wldap32

crypt32

Sections

.text Size: 656KB - Virtual size: 655KB

.rdata Size: 124KB - Virtual size: 123KB

.data Size: 6KB - Virtual size: 10KB

.rsrc Size: 917KB - Virtual size: 916KB

.reloc Size: 28KB - Virtual size: 27KB

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

4e:40:e4:37:54:ed:e6:8c:00:00:00:00:51:d3:94:7f
Certificate

35:af:b7:7b:9d:34:1f:6a:fc:8f:84:46:ab:31:35:2b
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

04:cd:10:be:69:48:a8:4a:70:b1:be:1e:11:c5:33:bc
Certificate

28:87:3c:38:59:02:81:c1:e9:3d:6e:eb:81:02:e1:01:08:72:1e:81:dd:19:da:29:6b:1d:99:04:99:ab:a1:b7
Signer

.text
Size: 656KB - Virtual size: 655KB

.rdata
Size: 124KB - Virtual size: 123KB

.data
Size: 6KB - Virtual size: 10KB

.rsrc
Size: 917KB - Virtual size: 916KB

.reloc
Size: 28KB - Virtual size: 27KB