bfdde34194eb4a5ca9e97e8e9761b57d5be2de42d0f74d63b1e009c00573a9fe

Sharing

Copy URL Twitter E-mail

General

Target

bfdde34194eb4a5ca9e97e8e9761b57d5be2de42d0f74d63b1e009c00573a9fe
Size

214KB
MD5

64ffca8c25c52702c386ca4fb1955e4f
SHA1

e4e3191f702223bc08f713566611e5360798bb2b
SHA256

bfdde34194eb4a5ca9e97e8e9761b57d5be2de42d0f74d63b1e009c00573a9fe
SHA512

19eec0e75862ab2cc74fe8917ea00ec16874cc2b67d2935b37cd1b5016747b20e1029f4e40fa2b4ee0550cd55fad45624a547320bd458def1e0c9f1a96a217f4
SSDEEP

6144:fW2WMk7IA7Uf7/q2sEVf1JJKDo7wvAOOaqGSNkUlLW:mZIA7Kje8bzNkU5W

Score

1^/10

Malware Config

Signatures

Files

bfdde34194eb4a5ca9e97e8e9761b57d5be2de42d0f74d63b1e009c00573a9fe
.dll windows:4 windows x64 arch:x64

643c716fbd637f652b7726017c02cf17

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

74:a6:8f:ee:73:f7:05:c5:89:6a:66:69:e2:6d:70:29
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

01/05/2023, 00:00

Not After

31/07/2026, 23:59

Subject

CN=K Desktop Environment e. V.,O=K Desktop Environment e. V.,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ce:f6:8b:7c:b7:2d:9c:8e:81:8a:f1:a9:0a:0a:52:6d:59:cb:7e:bb:91:07:2a:c8:32:f6:28:c7:d7:17:c7:1b
Signer

Actual PE Digest

ce:f6:8b:7c:b7:2d:9c:8e:81:8a:f1:a9:0a:0a:52:6d:59:cb:7e:bb:91:07:2a:c8:32:f6:28:c7:d7:17:c7:1b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

advapi32

GetUserNameW
RegCloseKey
RegOpenKeyExA
RegQueryValueExA

kernel32

CloseHandle
CreateDirectoryA
CreateDirectoryW
CreateEventA
CreateFileA
CreateFileW
CreatePipe
CreateProcessA
CreateThread
DeleteCriticalSection
EnterCriticalSection
ExpandEnvironmentStringsA
GetACP
GetCPInfo
GetConsoleOutputCP
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetEnvironmentVariableA
GetExitCodeProcess
GetFileAttributesW
GetFileSize
GetFileType
GetFullPathNameW
GetLastError
GetModuleFileNameW
GetPriorityClass
GetStdHandle
GetTempPathA
GetThreadLocale
GetTickCount
InitializeCriticalSection
IsDBCSLeadByteEx
IsValidCodePage
LeaveCriticalSection
LocalAlloc
LocalFree
MultiByteToWideChar
ReadFile
ResetEvent
ResumeThread
SetCurrentDirectoryW
SetEnvironmentVariableA
SetEvent
SetFilePointerEx
SetHandleInformation
Sleep
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryEnterCriticalSection
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteFile

msvcrt

___lc_codepage_func
___mb_cur_max_func
__iob_func
_amsg_exit
_close
_dup
_errno
_fileno
_get_osfhandle
_getpid
_initterm
_isatty
_localtime64
_lock
_lseeki64
_open
_open_osfhandle
_putenv
_read
_setmode
_stricmp
_strnicmp
_time64
_unlock
_wopen
abort
atoi
calloc
exit
fclose
ferror
fflush
fopen
fputc
fread
free
fseek
ftell
fwrite
getenv
isalnum
isalpha
isspace
_write
localeconv
malloc
memchr
memcpy
memmove
memset
qsort
realloc
strchr
strcmp
strcpy
strcspn
strerror
strlen
strncmp
strncpy
strpbrk
strrchr
strspn
strstr
strtol
strtoul
vfprintf
wcscpy
wcslen

user32

AllowSetForegroundWindow

ws2_32

closesocket
connect
htons
inet_addr
ioctlsocket
recv
send
socket

Exports

Exports

_gpg_w32_bindtextdomain
_gpg_w32_dgettext
_gpg_w32_dngettext
_gpg_w32_gettext
_gpg_w32_gettext_localename
_gpg_w32_gettext_use_utf8
_gpg_w32_textdomain
_gpgrt_get_std_stream
_gpgrt_getc_underflow
_gpgrt_log_assert
_gpgrt_pending
_gpgrt_pending_unlocked
_gpgrt_putc_overflow
_gpgrt_set_std_fd
gpg_err_code_from_errno
gpg_err_code_from_syserror
gpg_err_code_to_errno
gpg_err_deinit
gpg_err_init
gpg_err_set_errno
gpg_error_check_version
gpg_strerror
gpg_strerror_r
gpg_strsource
gpgrt_abort
gpgrt_absfnameconcat
gpgrt_access
gpgrt_add_emergency_cleanup
gpgrt_argparse
gpgrt_argparser
gpgrt_asprintf
gpgrt_b64dec_finish
gpgrt_b64dec_proc
gpgrt_b64dec_start
gpgrt_b64enc_finish
gpgrt_b64enc_start
gpgrt_b64enc_write
gpgrt_bsprintf
gpgrt_calloc
gpgrt_chdir
gpgrt_check_version
gpgrt_clearerr
gpgrt_clearerr_unlocked
gpgrt_cmp_version
gpgrt_fcancel
gpgrt_fclose
gpgrt_fclose_snatch
gpgrt_fdopen
gpgrt_fdopen_nc
gpgrt_feof
gpgrt_feof_unlocked
gpgrt_ferror
gpgrt_ferror_unlocked
gpgrt_fflush
gpgrt_fgetc
gpgrt_fgets
gpgrt_fileno
gpgrt_fileno_unlocked
gpgrt_flockfile
gpgrt_fname_get
gpgrt_fname_set
gpgrt_fname_to_wchar
gpgrt_fnameconcat
gpgrt_fopen
gpgrt_fopencookie
gpgrt_fopenmem
gpgrt_fopenmem_init
gpgrt_fpopen
gpgrt_fpopen_nc
gpgrt_fprintf
gpgrt_fprintf_sf
gpgrt_fprintf_sf_unlocked
gpgrt_fprintf_unlocked
gpgrt_fputc
gpgrt_fputs
gpgrt_fputs_unlocked
gpgrt_fread
gpgrt_free
gpgrt_free_wchar
gpgrt_freopen
gpgrt_fseek
gpgrt_fseeko
gpgrt_ftell
gpgrt_ftello
gpgrt_ftruncate
gpgrt_ftrylockfile
gpgrt_funlockfile
gpgrt_fwrite
gpgrt_get_errorcount
gpgrt_get_nonblock
gpgrt_get_syscall_clamp
gpgrt_getcwd
gpgrt_getenv
gpgrt_getline
gpgrt_inc_errorcount
gpgrt_lock_destroy
gpgrt_lock_init
gpgrt_lock_lock
gpgrt_lock_trylock
gpgrt_lock_unlock
gpgrt_log
gpgrt_log_bug
gpgrt_log_clock
gpgrt_log_debug
gpgrt_log_debug_string
gpgrt_log_error
gpgrt_log_fatal
gpgrt_log_flush
gpgrt_log_get_fd
gpgrt_log_get_prefix
gpgrt_log_get_stream
gpgrt_log_info
gpgrt_log_printf
gpgrt_log_printhex
gpgrt_log_set_pid_suffix_cb
gpgrt_log_set_prefix
gpgrt_log_set_sink
gpgrt_log_set_socket_dir_cb
gpgrt_log_string
gpgrt_log_test_fd
gpgrt_logv
gpgrt_logv_prefix
gpgrt_malloc
gpgrt_mkdir
gpgrt_mopen
gpgrt_onclose
gpgrt_opaque_get
gpgrt_opaque_set
gpgrt_poll
gpgrt_printf
gpgrt_printf_unlocked
gpgrt_read
gpgrt_read_line
gpgrt_realloc
gpgrt_reallocarray
gpgrt_rewind
gpgrt_set_alloc_func
gpgrt_set_binary
gpgrt_set_confdir
gpgrt_set_fixed_string_mapper
gpgrt_set_nonblock
gpgrt_set_strusage
gpgrt_set_syscall_clamp
gpgrt_set_usage_outfnc
gpgrt_setbuf
gpgrt_setenv
gpgrt_setvbuf
gpgrt_snprintf
gpgrt_strconcat
gpgrt_strdup
gpgrt_strusage
gpgrt_syshd
gpgrt_syshd_unlocked
gpgrt_sysopen
gpgrt_sysopen_nc
gpgrt_tmpfile
gpgrt_ungetc
gpgrt_usage
gpgrt_utf8_to_wchar
gpgrt_vasprintf
gpgrt_vbsprintf
gpgrt_vfprintf
gpgrt_vfprintf_unlocked
gpgrt_vsnprintf
gpgrt_w32_iconv
gpgrt_w32_iconv_close
gpgrt_w32_iconv_open
gpgrt_w32_override_locale
gpgrt_w32_reg_query_string
gpgrt_wchar_to_utf8
gpgrt_write
gpgrt_write_hexstring
gpgrt_write_sanitized
gpgrt_yield

Sections

.text
Size: 129KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 752B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/4
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

643c716fbd637f652b7726017c02cf17

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

74:a6:8f:ee:73:f7:05:c5:89:6a:66:69:e2:6d:70:29Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

ce:f6:8b:7c:b7:2d:9c:8e:81:8a:f1:a9:0a:0a:52:6d:59:cb:7e:bb:91:07:2a:c8:32:f6:28:c7:d7:17:c7:1bSigner

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

user32

ws2_32

Exports

Exports

Sections

.text Size: 129KB - Virtual size: 128KB

.data Size: 1024B - Virtual size: 752B

.rdata Size: 39KB - Virtual size: 39KB

.pdata Size: 7KB - Virtual size: 6KB

.xdata Size: 6KB - Virtual size: 5KB

.bss Size: - Virtual size: 3KB

.edata Size: 5KB - Virtual size: 4KB

.idata Size: 5KB - Virtual size: 4KB

.CRT Size: 512B - Virtual size: 88B

.tls Size: 512B - Virtual size: 16B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 1016B

/4 Size: 512B - Virtual size: 32B

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

74:a6:8f:ee:73:f7:05:c5:89:6a:66:69:e2:6d:70:29
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

ce:f6:8b:7c:b7:2d:9c:8e:81:8a:f1:a9:0a:0a:52:6d:59:cb:7e:bb:91:07:2a:c8:32:f6:28:c7:d7:17:c7:1b
Signer

.text
Size: 129KB - Virtual size: 128KB

.data
Size: 1024B - Virtual size: 752B

.rdata
Size: 39KB - Virtual size: 39KB

.pdata
Size: 7KB - Virtual size: 6KB

.xdata
Size: 6KB - Virtual size: 5KB

.bss
Size: - Virtual size: 3KB

.edata
Size: 5KB - Virtual size: 4KB

.idata
Size: 5KB - Virtual size: 4KB

.CRT
Size: 512B - Virtual size: 88B

.tls
Size: 512B - Virtual size: 16B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 1016B

/4
Size: 512B - Virtual size: 32B