0cd4f39c7cd4dae439bf5827b08e740818e2501851877678438864c7c0c7fa97N

Sharing

Copy URL Twitter E-mail

General

Target

0cd4f39c7cd4dae439bf5827b08e740818e2501851877678438864c7c0c7fa97N
Size

44KB
MD5

308d732bc0fb2ce3af61118a8f4ac400
SHA1

1e6eab7ef2d59bdda5eaf3d8137308e346233151
SHA256

0cd4f39c7cd4dae439bf5827b08e740818e2501851877678438864c7c0c7fa97
SHA512

655a17668584094dd90680f716842c6fa881aed2332ee0280358f8b48faeea3e82de182562462acd539e5b9f7436c83a5d2fc88571d056224d0dcdfa6be450d2
SSDEEP

768:DOJKa4ttWKQLRBxjqos38G6jEgxmAMxkEOO:wIttnQAYEgixaO

Score

1^/10

Malware Config

Signatures

Files

0cd4f39c7cd4dae439bf5827b08e740818e2501851877678438864c7c0c7fa97N
.dll windows:6 windows x64 arch:x64

10d0b83e2e533240ebba5669d4eb565a

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5d:31:87:5c:7c:79:28:39:47:92:cc:1d:2c:53:b7:b2
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

13/03/2023, 00:00

Not After

12/03/2026, 23:59

Subject

CN=Wireshark Foundation,O=Wireshark Foundation,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:8a:ed:52:b1:25:c2:ca:39:09:0c:57:23:16:a8:b0:47:cc:5b:13:0e:0e:f1:c4:aa:b8:e6:1a:f2:b1:51:32
Signer

Actual PE Digest

45:8a:ed:52:b1:25:c2:ca:39:09:0c:57:23:16:a8:b0:47:cc:5b:13:0e:0e:f1:c4:aa:b8:e6:1a:f2:b1:51:32

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\gitlab-builds\builds\MsQ3pox2\0\wireshark\wireshark\build\run\RelWithDebInfo\plugins\4.4\epan\transum.pdb

Imports

libwireshark

proto_register_subtree_array
proto_register_field_array
proto_register_protocol
proto_tree_add_uint
proto_registrar_get_id_byname
prefs_register_bool_preference
proto_tree_add_time
find_protocol_by_id
prefs_register_enum_preference
prefs_register_range_preference
proto_is_protocol_enabled
proto_disable_by_default
prefs_register_protocol
range_convert_str
proto_tree_add_string
proto_tree_add_item
proto_item_add_subtree
val_to_str
wmem_file_scope
wmem_epan_scope
prefs_register_obsolete_preference
register_dissector
register_init_routine
proto_get_finfo_ptr_array
fvalue_get_sinteger64
fvalue_get_uinteger64
fvalue_get_uinteger
set_postdissector_wanted_hfids
register_postdissector
proto_register_plugin
register_cleanup_routine

libwsutil

nstime_delta
wmem_strbuf_get_str
wmem_strbuf_append_printf
wmem_memdup
wmem_map_remove
wmem_map_lookup
wmem_map_insert
wmem_map_new_autoreset
wmem_map_new
wmem_list_new
wmem_strbuf_new
wmem_list_remove
wmem_list_frame_data
wmem_list_frame_prev
wmem_list_frame_next
wmem_list_tail
wmem_list_head
wmem_alloc0
ws_log_full
wmem_list_append

glib-2.0-0

g_array_append_vals
g_array_sized_new
g_direct_equal
g_direct_hash

vcruntime140

__std_type_info_destroy_list
__current_exception
__current_exception_context
memset
__C_specific_handler
memcpy

api-ms-win-crt-runtime-l1-1-0

_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initterm
_crt_at_quick_exit
_cexit
terminate
_crt_atexit

kernel32

GetSystemTimeAsFileTime
GetModuleHandleW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId

Exports

Exports

plugin_describe
plugin_register
plugin_version
plugin_want_major
plugin_want_minor

Sections

.text
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

10d0b83e2e533240ebba5669d4eb565a

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

5d:31:87:5c:7c:79:28:39:47:92:cc:1d:2c:53:b7:b2Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

45:8a:ed:52:b1:25:c2:ca:39:09:0c:57:23:16:a8:b0:47:cc:5b:13:0e:0e:f1:c4:aa:b8:e6:1a:f2:b1:51:32Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

libwireshark

libwsutil

glib-2.0-0

vcruntime140

api-ms-win-crt-runtime-l1-1-0

kernel32

Exports

Exports

Sections

.text Size: 15KB - Virtual size: 14KB

.rdata Size: 11KB - Virtual size: 11KB

.data Size: 2KB - Virtual size: 3KB

.pdata Size: 1KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 264B

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

5d:31:87:5c:7c:79:28:39:47:92:cc:1d:2c:53:b7:b2
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

45:8a:ed:52:b1:25:c2:ca:39:09:0c:57:23:16:a8:b0:47:cc:5b:13:0e:0e:f1:c4:aa:b8:e6:1a:f2:b1:51:32
Signer

.text
Size: 15KB - Virtual size: 14KB

.rdata
Size: 11KB - Virtual size: 11KB

.data
Size: 2KB - Virtual size: 3KB

.pdata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 264B