2a09b3c6bcf2989eb88e0f422e1b44bf7488c4c51b8c9cdc797afb17620cc1d2N

Sharing

Copy URL Twitter E-mail

General

Target

2a09b3c6bcf2989eb88e0f422e1b44bf7488c4c51b8c9cdc797afb17620cc1d2N
Size

4.8MB
MD5

ec9091955af4e114c1f4a34a2e06a390
SHA1

00f0f25006663676462dfe64c2f030891c44a2fb
SHA256

2a09b3c6bcf2989eb88e0f422e1b44bf7488c4c51b8c9cdc797afb17620cc1d2
SHA512

817d247dba6484e0ae36a85871b12ebff09b1fba03cee8048e9c749c49275cb7da7e07eb2c3601b5b4ab0ce6534aafe74b0c41640fd3b62c2947a0e5494ca1dd
SSDEEP

98304:cmw+RevHBagc57JIq+yM758YHJpnpBO2MdwOO/IOGNRdLmso4XNF:csRqH1c5SqNMt84n7MdwF/HGNRFZfP

Score

1^/10

Malware Config

Signatures

Files

2a09b3c6bcf2989eb88e0f422e1b44bf7488c4c51b8c9cdc797afb17620cc1d2N
.exe windows:6 windows x86 arch:x86

547be18db0c6e939d41e66ecf3b45cd8

Code Sign

02:19:a6:6b:2a:f7:6d:6c:b5:6c:9e:b0:e3:aa:de:30
Certificate

Issuer

CN=Book Fierce,L=Red Boiling Springs,C=US

Not Before

12/04/2023, 04:00

Not After

12/04/2026, 04:00

Subject

CN=Right Frayed,L=Scarsdale,C=US

2f:6e:46:55:14:ae:6b:8f:49:99:10:99:83:e5:5b:2f
Certificate

Issuer

CN=Right Frayed,L=Scarsdale,C=US

Not Before

30/10/2023, 04:00

Not After

30/10/2024, 04:00

Subject

CN=Await Versatile,L=West Berlin,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

00:60:1f:11:e4:66:02:72:91:5e:ac:00:e7:35:79:fa:84:30:7d:c0:c6:cd:15:be:c8:81:85:57:d4:b4:67:9c
Signer

Actual PE Digest

00:60:1f:11:e4:66:02:72:91:5e:ac:00:e7:35:79:fa:84:30:7d:c0:c6:cd:15:be:c8:81:85:57:d4:b4:67:9c

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
SetLastError
HeapAlloc
HeapFree
GetProcessHeap
GetNativeSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
FreeLibrary
GetProcAddress
LoadLibraryA
IsBadReadPtr
IsProcessorFeaturePresent
GetVersion
GetSystemDirectoryW
GetModuleHandleA
LoadLibraryExW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
CloseHandle
InitializeCriticalSection
SetEvent
ResetEvent
ReleaseSemaphore
WaitForSingleObject
CreateEventA
CreateSemaphoreA
AreFileApisANSI
MultiByteToWideChar
WideCharToMultiByte
GetModuleFileNameA
GetModuleFileNameW
LocalFree
FormatMessageA
FormatMessageW
SetCurrentDirectoryA
SetCurrentDirectoryW
GetCurrentDirectoryA
GetCurrentDirectoryW
CreateDirectoryA
CreateDirectoryW
CreateFileW
DeleteFileA
DeleteFileW
RemoveDirectoryA
RemoveDirectoryW
SetFileAttributesA
SetFileAttributesW
SetFileTime
GetTempPathW
GetTempPathA
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
GetModuleHandleW
FindClose
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
GetFileAttributesA
GetFileAttributesW
GetFileInformationByHandle
CreateFileA
GetFileSize
ReadFile
SetEndOfFile
SetFilePointer
WriteFile
GetCurrentProcess
GetSystemInfo
GlobalMemoryStatus
GetProcessAffinityMask
GetStdHandle
QueryPerformanceCounter
Sleep
GetCommandLineW
CreateProcessA
GetVersionExA
lstrlenW
WriteConsoleW
SetFilePointerEx
DecodePointer
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
HeapSize
GetStringTypeW
SetStdHandle
GetFileType
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
LCMapStringW
HeapReAlloc
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
EncodePointer
RtlUnwind
RaiseException
InitializeSListHead
GetSystemTimeAsFileTime
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsDebuggerPresent

user32

DestroyWindow
LoadIconA
KillTimer
SetTimer
EndDialog
PostMessageA
SendMessageA
MessageBoxW
SetWindowTextW
SetWindowTextA
LoadStringW
LoadStringA
SetWindowLongA
GetWindowLongA
GetDlgItem
DialogBoxParamW
DialogBoxParamA
CharUpperW
CharUpperA
ShowWindow

shell32

CommandLineToArgvW
ShellExecuteExA

oleaut32

VariantClear
SysAllocStringLen
SysStringLen

Sections

.text
Size: 292KB - Virtual size: 292KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

547be18db0c6e939d41e66ecf3b45cd8

Code Sign

02:19:a6:6b:2a:f7:6d:6c:b5:6c:9e:b0:e3:aa:de:30Certificate

2f:6e:46:55:14:ae:6b:8f:49:99:10:99:83:e5:5b:2fCertificate

Extended Key Usages

00:60:1f:11:e4:66:02:72:91:5e:ac:00:e7:35:79:fa:84:30:7d:c0:c6:cd:15:be:c8:81:85:57:d4:b4:67:9cSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

oleaut32

Sections

.text Size: 292KB - Virtual size: 292KB

.rdata Size: 42KB - Virtual size: 42KB

.data Size: 3KB - Virtual size: 22KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 10KB - Virtual size: 10KB

02:19:a6:6b:2a:f7:6d:6c:b5:6c:9e:b0:e3:aa:de:30
Certificate

2f:6e:46:55:14:ae:6b:8f:49:99:10:99:83:e5:5b:2f
Certificate

00:60:1f:11:e4:66:02:72:91:5e:ac:00:e7:35:79:fa:84:30:7d:c0:c6:cd:15:be:c8:81:85:57:d4:b4:67:9c
Signer

.text
Size: 292KB - Virtual size: 292KB

.rdata
Size: 42KB - Virtual size: 42KB

.data
Size: 3KB - Virtual size: 22KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 10KB - Virtual size: 10KB