757a2350a594e03ae9b55f9acde5e830e82b7a98b5cd4c0ed0c0246a50631fd2N

Sharing

Copy URL Twitter E-mail

General

Target

757a2350a594e03ae9b55f9acde5e830e82b7a98b5cd4c0ed0c0246a50631fd2N
Size

3.0MB
MD5

e73cc9a0ae1f7ad6ab0a02baa0e161a0
SHA1

2064bb990eb2e54820d9a62179d1d339cac0abb5
SHA256

757a2350a594e03ae9b55f9acde5e830e82b7a98b5cd4c0ed0c0246a50631fd2
SHA512

69b5d4eea4ad714dd43e88923e1e938bc489807c159550af46673fa1251d19c2d3fd466b4565bafc0ab3cb5a9d646302592f7446d8f9aaa8194cd75ded3492c6
SSDEEP

49152:IHb7Kijoa19g6ss1A+XeXrSTz8E06VPzTBP/QO6B70HavlazVuA09:IXJM07V+9

Score

1^/10

Malware Config

Signatures

Files

757a2350a594e03ae9b55f9acde5e830e82b7a98b5cd4c0ed0c0246a50631fd2N
.exe windows:10 windows x64 arch:x64

8b67604b6b07d479b6430a27a0545441

Code Sign

33:00:00:03:6b:6f:36:00:6f:23:f1:68:b5:00:00:00:00:03:6b
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

27/01/2022, 19:31

Not After

26/01/2023, 19:31

Subject

CN=Microsoft Windows Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c6:83:2e:04:b4:e4:83:ad:0e:bb:34:69:5e:0c:4b:4a:0b:53:9a:1f:19:13:c9:b2:14:b8:ad:67:8b:00:f7:00
Signer

Actual PE Digest

c6:83:2e:04:b4:e4:83:ad:0e:bb:34:69:5e:0c:4b:4a:0b:53:9a:1f:19:13:c9:b2:14:b8:ad:67:8b:00:f7:00

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

NisSrv.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_seh_filter_exe
_register_onexit_function
abort
_initialize_onexit_table
_invalid_parameter_noinfo
_crt_atexit
_set_app_type
_beginthreadex
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
__p___wargv
__p___argc
_configure_wide_argv
_exit
exit
_initterm_e
terminate
_invalid_parameter_noinfo_noreturn
_errno
_initterm
_get_initial_wide_environment
_initialize_wide_environment

api-ms-win-crt-stdio-l1-1-0

_wfsopen
_get_stream_buffer_pointers
_fseeki64
fread
fsetpos
ungetc
setvbuf
fgetpos
fwrite
_fsopen
fgetc
fflush
__stdio_common_vsprintf
_wfopen
feof
fgetws
fclose
fputc
__stdio_common_vsnwprintf_s
fseek
__stdio_common_vswprintf
__stdio_common_vsnprintf_s
__stdio_common_vswprintf_s
_set_fmode
__p__commode
__stdio_common_vsprintf_s

api-ms-win-crt-heap-l1-1-0

_free_base
_malloc_base
free
_recalloc
_calloc_base
_callnewh
malloc
_set_new_mode
realloc
calloc

api-ms-win-crt-convert-l1-1-0

_itow_s
_wcstod_l
strtod
_ui64tow_s
_i64tow_s
wcstoll
wcstoull
wcstod
_ui64toa_s
_i64toa_s
strtoll
strtol
strtof
wcstol

api-ms-win-crt-string-l1-1-0

toupper
_wcsicmp
strcpy_s
strnlen
wcsnlen
iswspace
isalpha
iswalpha
isdigit
iswdigit
iswxdigit
islower
iswlower
wcsncpy_s
tolower
towlower
towupper
wcscmp
iswupper
strncmp
isspace
_wcsdup
isupper
strcspn
__strncnt

api-ms-win-crt-locale-l1-1-0

setlocale
___mb_cur_max_func
__pctype_func
___lc_locale_name_func
localeconv
_create_locale
_lock_locales
___lc_collate_cp_func
___lc_codepage_func
_free_locale
_configthreadlocale
_unlock_locales

advapi32

OpenSCManagerW
RegSetKeyValueW
RegOpenCurrentUser
RegGetValueW
RevertToSelf
SetThreadToken
DuplicateTokenEx
CloseServiceHandle
ImpersonateLoggedOnUser
StartServiceW
OpenServiceW
TraceMessage
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerExW
SetServiceStatus
EventRegister
EventUnregister
EventWriteTransfer
RegQueryValueExW

kernel32

CancelThreadpoolIo
WaitForThreadpoolIoCallbacks
CreateThreadpoolIo
StartThreadpoolIo
QueryUnbiasedInterruptTime
QueryFullProcessImageNameW
OpenProcess
DuplicateHandle
VerifyVersionInfoW
GetProcessId
GetLongPathNameW
GlobalFree
GetThreadPreferredUILanguages
QueryProcessCycleTime
GetUserPreferredUILanguages
GetModuleHandleA
GetSystemPreferredUILanguages
UnmapViewOfFile
GetSystemInfo
GetVersionExW
CreateMutexW
CancelIoEx
GetModuleFileNameA
CreateSemaphoreExW
HeapFree
SetLastError
ReleaseSemaphore
GetModuleHandleExW
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
FormatMessageW
GetLastError
OutputDebugStringW
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
HeapAlloc
GetProcAddress
CreateMutexExW
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
DebugBreak
IsDebuggerPresent
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolTimer
MultiByteToWideChar
CloseThreadpool
WaitForThreadpoolWorkCallbacks
CloseThreadpoolWork
CreateThreadpool
SetThreadpoolThreadMaximum
CreateThreadpoolWork
SubmitThreadpoolWork
GetSystemTime
SystemTimeToFileTime
RaiseException
FreeLibrary
LoadLibraryExW
lstrcmpiW
LeaveCriticalSection
EnterCriticalSection
SizeofResource
LoadResource
FindResourceExW
GetModuleFileNameW
InitializeCriticalSection
DeleteCriticalSection
HeapSetInformation
CreateEventW
SetEvent
TerminateProcess
GetCurrentProcess
SwitchToFiber
ConvertFiberToThread
IsThreadAFiber
ConvertThreadToFiber
CreateFiberEx
DeleteFiber
WideCharToMultiByte
GetSystemTimeAsFileTime
CreateFileW
SetErrorMode
QueryPerformanceFrequency
QueryPerformanceCounter
FormatMessageA
Sleep
SwitchToThread
InitializeSRWLock
TryAcquireSRWLockExclusive
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
SleepConditionVariableSRW
RtlPcToFileHeader
ReleaseSRWLockShared
AcquireSRWLockShared
LocalFree
InitOnceComplete
CreateDirectoryW
GetFileInformationByHandleEx
FindFirstFileExW
FindNextFileW
DeviceIoControl
FindClose
GetFileAttributesW
GetFileAttributesExW
SetFileInformationByHandle
MoveFileExW
CopyFileW
InitOnceBeginInitialize
InitializeCriticalSectionEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
ResetEvent
InitializeSListHead
RtlUnwindEx
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
EncodePointer
GetOverlappedResult
GetProcessTimes
ExpandEnvironmentStringsW
CloseThreadpoolIo
GetSystemDirectoryW
CreateFileMappingW
MapViewOfFile
CompareStringEx
GetLocaleInfoEx
LCMapStringEx
DecodePointer
GetStringTypeW
DelayLoadFailureHook
LoadLibraryExA
GetFileSizeEx

user32

CharNextW
UnregisterClassA

ntdll

NtQueryInformationProcess
VerSetConditionMask
RtlIpv6StringToAddressExW
RtlIpv4StringToAddressExW

mpclient

MpUtilsExportFunctions
MpClientUtilExportFunctions
MpConfigInitialize
MpManagerOpen
MpNotificationRegister
MpHandleClose
MpConfigGetValue
MpConfigGetValueAlloc
MpFreeMemory
MpConfigClose
MpConfigUninitialize
MpConfigOpen

api-ms-win-crt-math-l1-1-0

frexp
powf
pow
ceil
ldexp
ceilf
log2

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_lock_file

api-ms-win-crt-utility-l1-1-0

rand_s

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 344KB - Virtual size: 342KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 92KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8b67604b6b07d479b6430a27a0545441

Code Sign

33:00:00:03:6b:6f:36:00:6f:23:f1:68:b5:00:00:00:00:03:6bCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

c6:83:2e:04:b4:e4:83:ad:0e:bb:34:69:5e:0c:4b:4a:0b:53:9a:1f:19:13:c9:b2:14:b8:ad:67:8b:00:f7:00Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-locale-l1-1-0

advapi32

kernel32

user32

ntdll

mpclient

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-utility-l1-1-0

Sections

.text Size: 2.4MB - Virtual size: 2.4MB

.rdata Size: 344KB - Virtual size: 342KB

.data Size: 44KB - Virtual size: 109KB

.pdata Size: 92KB - Virtual size: 89KB

.didat Size: 4KB - Virtual size: 512B

.rsrc Size: 4KB - Virtual size: 2KB

.reloc Size: 16KB - Virtual size: 12KB

33:00:00:03:6b:6f:36:00:6f:23:f1:68:b5:00:00:00:00:03:6b
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

c6:83:2e:04:b4:e4:83:ad:0e:bb:34:69:5e:0c:4b:4a:0b:53:9a:1f:19:13:c9:b2:14:b8:ad:67:8b:00:f7:00
Signer

.text
Size: 2.4MB - Virtual size: 2.4MB

.rdata
Size: 344KB - Virtual size: 342KB

.data
Size: 44KB - Virtual size: 109KB

.pdata
Size: 92KB - Virtual size: 89KB

.didat
Size: 4KB - Virtual size: 512B

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 16KB - Virtual size: 12KB