Doc_03[.]10[.]24[.]298133[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

Doc_03.10.24.298133.exe
Size

250KB
MD5

e0c48d62c4d484b6dd4a601970df5d0e
SHA1

1bd5b9fec7ccc29144989203c3b15a10c9c22a76
SHA256

31a8a2762b42a1fe4be2aed9d112a169f791bd86a85e68d738aea51312096442
SHA512

e948a3337b6c7cd49f13adabc69fc5aad10af75e4b939a2dd95d97c2c4b9d9699f1a444e2325b470d5e6afddb6fafc94725d3f7347a12327ef0cd12330e716a3
SSDEEP

6144:A3tU6X4cxgX0b7CLq0eTh1mJ4PgVIWFiqThN:AdQXUC+JVsz3Fiq3

Score

1^/10

Malware Config

Signatures

Files

Doc_03.10.24.298133.exe
.exe windows:6 windows x86 arch:x86

826f0dbcbeb756f518e3757af797d570

Code Sign

41:32:ba:96:e2:d9:fe:eb:53:7d:a7:4c
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

03/09/2024, 12:52

Not After

04/09/2025, 12:52

Subject

SERIALNUMBER=1247700385536,CN=FUTURICO LLC,O=FUTURICO LLC,STREET=per 3-y Krasnosel'skiy\, 19 / stroyeniye 4 pomeshch 53n/5,L=Moscow,ST=Moscow,C=RU,1.3.6.1.4.1.311.60.2.1.2=#13064d6f73636f77,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

09:c5:cc:f8:bb:66:7d:71:37:aa:c1:59:80:06:cb:31
Certificate

Issuer

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

02/11/2023, 08:32

Not After

30/10/2034, 08:32

Subject

CN=Certum Timestamp 2023,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

31/05/2021, 06:43

Not After

17/09/2029, 06:43

Subject

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

eb:4c:67:3d:87:e1:e2:2e:c8:c9:e8:71:e6:c3:ef:f5:fc:fe:dc:e6:42:c6:82:7a:2b:a1:bd:8f:94:3f:41:57
Signer

Actual PE Digest

eb:4c:67:3d:87:e1:e2:2e:c8:c9:e8:71:e6:c3:ef:f5:fc:fe:dc:e6:42:c6:82:7a:2b:a1:bd:8f:94:3f:41:57

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

PortDocFormat.pdb

Imports

api-ms-win-core-synch-l1-2-0

WakeByAddressSingle
WakeByAddressAll
WaitOnAddress

kernel32

CreateFileW
SetFileInformationByHandle
CloseHandle
AddVectoredExceptionHandler
SetThreadStackGuarantee
GetCurrentThread
HeapFree
HeapReAlloc
GetLastError
SetLastError
GetStdHandle
GetConsoleMode
WaitForSingleObject
MultiByteToWideChar
WriteConsoleW
GetModuleHandleA
GetProcAddress
GetFullPathNameW
FormatMessageW
WaitForSingleObjectEx
LoadLibraryA
GetCurrentProcess
lstrlenW
GetCurrentProcessId
CreateMutexA
ReleaseMutex
IsDebuggerPresent
ExitProcess
HeapAlloc
GetProcessHeap
GetCurrentDirectoryW
RtlCaptureContext
WideCharToMultiByte
GetEnvironmentVariableW
CreateThread
FlushInstructionCache
GetNativeSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
LocalFree
SetFilePointerEx
GetModuleFileNameW
GetModuleHandleW
GetConsoleOutputCP
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
RaiseException
RtlUnwind
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
WriteFile
GetModuleHandleExW
GetCommandLineA
GetCommandLineW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetFileType
GetStringTypeW
CompareStringW
LCMapStringW
HeapSize
FlushFileBuffers
DecodePointer

bcrypt

BCryptGenRandom

advapi32

SystemFunction036

ntdll

RtlNtStatusToDosError
NtWriteFile
LdrGetProcedureAddress

Exports

Exports

GetString

Sections

.text
Size: 224KB - Virtual size: 224KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

826f0dbcbeb756f518e3757af797d570

Code Sign

41:32:ba:96:e2:d9:fe:eb:53:7d:a7:4cCertificate

Extended Key Usages

Key Usages

09:c5:cc:f8:bb:66:7d:71:37:aa:c1:59:80:06:cb:31Certificate

Extended Key Usages

Key Usages

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87Certificate

Extended Key Usages

Key Usages

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27Certificate

Key Usages

eb:4c:67:3d:87:e1:e2:2e:c8:c9:e8:71:e6:c3:ef:f5:fc:fe:dc:e6:42:c6:82:7a:2b:a1:bd:8f:94:3f:41:57Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-core-synch-l1-2-0

kernel32

bcrypt

advapi32

ntdll

Exports

Exports

Sections

.text Size: 224KB - Virtual size: 224KB

.data Size: 2KB - Virtual size: 5KB

.idata Size: 3KB - Virtual size: 2KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 8KB

41:32:ba:96:e2:d9:fe:eb:53:7d:a7:4c
Certificate

09:c5:cc:f8:bb:66:7d:71:37:aa:c1:59:80:06:cb:31
Certificate

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

eb:4c:67:3d:87:e1:e2:2e:c8:c9:e8:71:e6:c3:ef:f5:fc:fe:dc:e6:42:c6:82:7a:2b:a1:bd:8f:94:3f:41:57
Signer

.text
Size: 224KB - Virtual size: 224KB

.data
Size: 2KB - Virtual size: 5KB

.idata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 8KB