2b78b1347b2dc8dfaef9e23a3b35dcc12c78396dbba5d5f969d58d1ad942ac63[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

2b78b1347b2dc8dfaef9e23a3b35dcc12c78396dbba5d5f969d58d1ad942ac63.exe
Size

60KB
MD5

6dd59e460dcf47967c3242ddd2915ebd
SHA1

95d58a2410330407ac99944900fb5bac8849b6eb
SHA256

2b78b1347b2dc8dfaef9e23a3b35dcc12c78396dbba5d5f969d58d1ad942ac63
SHA512

3488123819b6eb420f4f84f5cbe1b01dfec8194a5f165742381bdc04234479daaff5953e2fa47e1f8ad233e83b85c407b3d08f6bf2bcd7dba02449f47c9742fc
SSDEEP

768:mcLpJrI99mGhcddYAqrLug50GX/vaDPwWfW1BWQhFWYiQUENAMx8nG:5NJuranYjrig5DXn8Pnf0jRx8G

Score

1^/10

Malware Config

Signatures

Files

2b78b1347b2dc8dfaef9e23a3b35dcc12c78396dbba5d5f969d58d1ad942ac63.exe
.dll windows:4 windows x64 arch:x64

Code Sign

48:8f:49:6e:2e:97:7a:64:c3:0a:47:8f:24:41:7a:c1:db:0f:2e:b0
Certificate

Issuer

CN=Emirhan Ucan,OU=Finance,O=Emirhan Ucan,L=Istanbul,ST=Turkey,C=TR,1.2.840.113549.1.9.1=#0c1873656d61656d697268616e35353540676d61696c2e636f6d

Not Before

19/09/2024, 09:43

Not After

19/09/2025, 09:43

Subject

CN=Emirhan Ucan,OU=Finance,O=Emirhan Ucan,L=Istanbul,ST=Turkey,C=TR,1.2.840.113549.1.9.1=#0c1873656d61656d697268616e35353540676d61696c2e636f6d

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6f:2e:1d:e0:8b:a9:ac:d1:f1:98:ea:9c:a7:49:60:f8:b6:66:1d:a4:ed:e1:ca:57:6c:5b:ba:13:47:0d:47:48
Signer

Actual PE Digest

6f:2e:1d:e0:8b:a9:ac:d1:f1:98:ea:9c:a7:49:60:f8:b6:66:1d:a4:ed:e1:ca:57:6c:5b:ba:13:47:0d:47:48

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Exports

Exports

AbsolutePointerProtocol
AcpiTableGuid
AcquireLock
AdapterDebugProtocol
AllocatePool
AllocateZeroPool
AppendDevicePath
AppendDevicePathInstance
AppendDevicePathNode
AsciiPrint
AsciiVSPrint
Atoi
BCDtoDecimal
BS
CRCTable
CalculateCrc
CatPrint
CheckCrc
CheckCrcAltSize
CloseSimpleReadFile
CompareGuid
CompareMem
CopyMem
DbgAssert
DbgPrint
DecimaltoBCD
DevPathTable
DevicePathFromHandle
DevicePathInstance
DevicePathInstanceCount
DevicePathSize
DevicePathToStr
DivU64x32
DumpHex
DuplicateDevicePath
EFIDebug
EFIDebugVariable
EfiDtbTableGuid
EfiPartTypeLegacyMbrGuid
EfiPartTypeSystemPartitionGuid
EndDevicePath
EndInstanceDevicePath
ErrorCodeTable
ErrorOutSpliterProtocol
Exit
FileDevicePath
FloatToString
FreePool
GetShellArgcArgv
GrowBuffer
GuidList
GuidToString
Hex
IInput
IPrint
IPrintAt
InitializeGlobalIoDevice
InitializeGuid
InitializeLib
InitializeLibPlatform
InitializeLock
InitializeUnicodeSupport
Input
InternalShellProtocol
Ip4Protocol
Ip4ServiceBindingProtocol
IsLocalPrint
IsValidAscii
IsValidEfiCntlChar
LShiftU64
LegacyBootProtocol
LibCreateProtocolNotifyEvent
LibDeleteVariable
LibDevicePathToInterface
LibDuplicateDevicePathInstance
LibFileInfo
LibFileSystemInfo
LibFileSystemVolumeLabelInfo
LibFwInstance
LibGetSmbiosString
LibGetSmbiosSystemGuidAndSerialNumber
LibGetSystemConfigurationTable
LibGetUiString
LibGetVariable
LibGetVariableAndSize
LibImageHandle
LibInitialized
LibInsertToTailOfBootOrder
LibInstallProtocolInterfaces
LibIsValidTextGraphics
LibLocateHandle
LibLocateHandleByDiskSignature
LibLocateProtocol
LibMatchDevicePaths
LibMemoryMap
LibOpenRoot
LibReinstallProtocolInterfaces
LibRuntimeDebugOut
LibRuntimeRaiseTPL
LibRuntimeRestoreTPL
LibSetNVVariable
LibSetVariable
LibStubMetaiMatch
LibStubStrLwrUpr
LibStubStriCmp
LibStubUnicodeInterface
LibUninstallProtocolInterfaces
MetaMatch
MetaiMatch
MpsTableGuid
MultU64x32
NullGuid
OpenSimpleReadFile
Output
PFLUSH
PGETC
PITEM
PPUTC
PSETATTR
PoolAllocationType
PoolPrint
Print
PrintAt
RShiftU64
RT
ReadPciConfig
ReadPort
ReadSimpleReadFile
ReallocatePool
ReleaseLock
RootDevicePath
RtAcquireLock
RtBCDtoDecimal
RtCompareGuid
RtCompareMem
RtConvertList
RtCopyMem
RtDecimaltoBCD
RtLibEnableVirtualMappings
RtReleaseLock
RtSetMem
RtStpCpy
RtStpnCpy
RtStrCat
RtStrCmp
RtStrCpy
RtStrLen
RtStrSize
RtStrnCat
RtStrnCpy
RtStrnLen
RtZeroMem
SMBIOS3TableGuid
SMBIOSTableGuid
ST
SalSystemTableGuid
SetCrc
SetCrcAltSize
SetMem
ShellDynamicCommandProtocolGuid
ShellParametersProtocolGuid
ShellProtocolGuid
SimplePointerProtocol
SimpleTextInputExProtocol
Sin
StatusToString
StpCpy
StpnCpy
StrCat
StrCmp
StrCpy
StrDuplicate
StrLen
StrLwr
StrSize
StrUpr
StriCmp
StrnCat
StrnCmp
StrnCpy
StrnLen
Tcp4Protocol
Tcp4ServiceBindingProtocol
TextInSpliterProtocol
TextOutSpliterProtocol
TimeToString
Udp4Protocol
Udp4ServiceBindingProtocol
UnicodeInterface
UnicodeSPrint
UnicodeToPcAnsiOrAscii
UnicodeVSPrint
UnknownDevice
UnpackDevicePath
VPoolPrint
VPrint
ValidMBR
ValueToHex
ValueToString
VariableStoreProtocol
VgaClassProtocol
WaitForEventWithTimeout
WaitForSingleEvent
WritePciConfig
WritePort
ZeroMem
_DbgOut
_IPrint
_PoolCatPrint
_PoolPrint
_Print
_SPrint
color_shifting
complex_blur
delay
dramatic_sound_effects
efi_call0
efi_call1
efi_call10
efi_call2
efi_call3
efi_call4
efi_call5
efi_call6
efi_call7
efi_call8
efi_call9
efi_main
fabs
fading_text
flashing_borders
flickering_text
gEFiUiInterfaceProtocolGuid
gEfiBlockIo2ProtocolGuid
gEfiBlockIoProtocolGuid
gEfiBusSpecificDriverOverrideProtocolGuid
gEfiComponentName2ProtocolGuid
gEfiComponentNameProtocolGuid
gEfiDebugImageInfoTableGuid
gEfiDebugSupportProtocolGuid
gEfiDeviceIoProtocolGuid
gEfiDevicePathFromTextProtocolGuid
gEfiDevicePathProtocolGuid
gEfiDevicePathToTextProtocolGuid
gEfiDevicePathUtilitiesProtocolGuid
gEfiDiskIo2ProtocolGuid
gEfiDiskIoProtocolGuid
gEfiDriverBindingProtocolGuid
gEfiDriverFamilyOverrideProtocolGuid
gEfiEbcProtocolGuid
gEfiEdidActiveProtocolGuid
gEfiEdidDiscoveredProtocolGuid
gEfiEdidOverrideProtocolGuid
gEfiFileInfoGuid
gEfiFileSystemInfoGuid
gEfiFileSystemVolumeLabelInfoIdGuid
gEfiGlobalVariableGuid
gEfiGraphicsOutputProtocolGuid
gEfiHashProtocolGuid
gEfiLoadFileProtocolGuid
gEfiLoadedImageProtocolGuid
gEfiNetworkInterfaceIdentifierProtocolGuid
gEfiPcAnsiGuid
gEfiPciIoProtocolGuid
gEfiPciRootBridgeIoProtocolGuid
gEfiPlatformDriverOverrideProtocolGuid
gEfiPxeBaseCodeCallbackProtocolGuid
gEfiPxeBaseCodeProtocolGuid
gEfiSerialIoProtocolGuid
gEfiSimpleFileSystemProtocolGuid
gEfiSimpleNetworkProtocolGuid
gEfiSimpleTextInProtocolGuid
gEfiSimpleTextOutProtocolGuid
gEfiUnicodeCollationProtocolGuid
gEfiVT100Guid
gEfiVT100PlusGuid
gEfiVTUTF8Guid
grid_animation
longjmp
matrix_text_fall
memcpy
memset
my_rand
pixel_rain
play_beep
random_color
random_patterns_symbols
rotating_characters_all_colors
setjmp
strcmpa
strlena
strncmpa
text_explosion
wave_animation
xtoi

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 396B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

48:8f:49:6e:2e:97:7a:64:c3:0a:47:8f:24:41:7a:c1:db:0f:2e:b0Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

6f:2e:1d:e0:8b:a9:ac:d1:f1:98:ea:9c:a7:49:60:f8:b6:66:1d:a4:ed:e1:ca:57:6c:5b:ba:13:47:0d:47:48Signer

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

.text Size: 26KB - Virtual size: 25KB

.data Size: 4KB - Virtual size: 3KB

.rdata Size: 7KB - Virtual size: 7KB

.pdata Size: 3KB - Virtual size: 2KB

.xdata Size: 2KB - Virtual size: 2KB

.bss Size: - Virtual size: 2KB

.edata Size: 8KB - Virtual size: 7KB

.idata Size: 512B - Virtual size: 24B

.reloc Size: 512B - Virtual size: 396B

48:8f:49:6e:2e:97:7a:64:c3:0a:47:8f:24:41:7a:c1:db:0f:2e:b0
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

6f:2e:1d:e0:8b:a9:ac:d1:f1:98:ea:9c:a7:49:60:f8:b6:66:1d:a4:ed:e1:ca:57:6c:5b:ba:13:47:0d:47:48
Signer

.text
Size: 26KB - Virtual size: 25KB

.data
Size: 4KB - Virtual size: 3KB

.rdata
Size: 7KB - Virtual size: 7KB

.pdata
Size: 3KB - Virtual size: 2KB

.xdata
Size: 2KB - Virtual size: 2KB

.bss
Size: - Virtual size: 2KB

.edata
Size: 8KB - Virtual size: 7KB

.idata
Size: 512B - Virtual size: 24B

.reloc
Size: 512B - Virtual size: 396B