c2684b143c3417c588a3c0ae0a9c4329e71a04fc304aa3a69eae61ede1d0b290

Sharing

Copy URL Twitter E-mail

General

Target

c2684b143c3417c588a3c0ae0a9c4329e71a04fc304aa3a69eae61ede1d0b290
Size

4.0MB
MD5

19c31c58313c58fc88cf27e77befb0c3
SHA1

b0711e10ef98b86e76ad28665285598d8809ae36
SHA256

c2684b143c3417c588a3c0ae0a9c4329e71a04fc304aa3a69eae61ede1d0b290
SHA512

97c954d009d10aed8fdbe02efe3b8d74840c2dce03da8fe5a5001d390afb4598a5bb3d74dacb740dec10e86aadc54b792bcc3c6815b2dfff036f14dace31ac86
SSDEEP

98304:0JLi7X0J2iGkPyxtZPk8joEGIbQOpv3VzGIsJQQJ:OyqCtZM8UEtb5yIs24

Score

1^/10

Malware Config

Signatures

Files

c2684b143c3417c588a3c0ae0a9c4329e71a04fc304aa3a69eae61ede1d0b290
.dll windows:6 windows x64 arch:x64

9c43e43594e158938562d221466190bd

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

cb:6e:ec:20:a5:eb:ae:a9:75:bc:3b:77:d1:8f:d5:b8
Certificate

Issuer

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Not Before

02/05/2023, 00:00

Not After

01/05/2024, 23:59

Subject

SERIALNUMBER=2189074,CN=Intel Corporation,O=Intel Corporation,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

aa:48:0f:43:34:2c:94:10:90:5e:4a:a2:50:4f:95:de:77:8d:81:de:e6:f7:c9:28:e9:9a:a8:6d:02:72:0a:53
Signer

Actual PE Digest

aa:48:0f:43:34:2c:94:10:90:5e:4a:a2:50:4f:95:de:77:8d:81:de:e6:f7:c9:28:e9:9a:a8:6d:02:72:0a:53

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

libmmd.pdb

Imports

kernel32

GetModuleHandleA
GetProcAddress
GetThreadLocale
LoadLibraryA
FormatMessageA
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
WriteConsoleW
RtlUnwindEx
InterlockedFlushSList
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
EncodePointer
RaiseException
RtlPcToFileHeader
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapFree
HeapAlloc
GetStdHandle
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CompareStringW
LCMapStringW
GetProcessHeap
SetFilePointerEx
GetStringTypeW
SetStdHandle
HeapSize
HeapReAlloc
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
CloseHandle
CreateFileW

Exports

Exports

_LIB_VERSIONIMF
__acosdq
__acoshq
__acosq
__annuityq
__asindq
__asinhq
__asinq
__atan2dq
__atan2q
__atand2q
__atandq
__atanhq
__atanq
__bwr_acos
__bwr_acosd
__bwr_acosdf
__bwr_acosf
__bwr_acosh
__bwr_acoshf
__bwr_acospi
__bwr_acospif
__bwr_annuity
__bwr_annuityf
__bwr_asin
__bwr_asind
__bwr_asindf
__bwr_asinf
__bwr_asinh
__bwr_asinhf
__bwr_asinpi
__bwr_asinpif
__bwr_atan
__bwr_atan2
__bwr_atan2d
__bwr_atan2df
__bwr_atan2f
__bwr_atan2pi
__bwr_atan2pif
__bwr_atand
__bwr_atand2
__bwr_atand2f
__bwr_atandf
__bwr_atanf
__bwr_atanh
__bwr_atanhf
__bwr_atanpi
__bwr_atanpif
__bwr_cbrt
__bwr_cbrtf
__bwr_cdfnorminv
__bwr_cdfnorminvf
__bwr_ceil
__bwr_ceilf
__bwr_compound
__bwr_compoundf
__bwr_copysign
__bwr_copysignf
__bwr_cos
__bwr_cosd
__bwr_cosdf
__bwr_cosf
__bwr_cosh
__bwr_coshf
__bwr_cospi
__bwr_cospif
__bwr_cot
__bwr_cotd
__bwr_cotdf
__bwr_cotf
__bwr_erf
__bwr_erfc
__bwr_erfcf
__bwr_erfcx
__bwr_erfcxf
__bwr_erff
__bwr_erfinv
__bwr_erfinvf
__bwr_exp
__bwr_exp10
__bwr_exp10f
__bwr_exp2
__bwr_exp2f
__bwr_expf
__bwr_expm1
__bwr_expm1f
__bwr_fabs
__bwr_fabsf
__bwr_fdim
__bwr_fdimf
__bwr_floor
__bwr_floorf
__bwr_fma
__bwr_fmaf
__bwr_fmax
__bwr_fmaxf
__bwr_fmin
__bwr_fminf
__bwr_fmod
__bwr_fmodf
__bwr_frexp
__bwr_frexpf
__bwr_gamma
__bwr_gamma_r
__bwr_gammaf
__bwr_gammaf_r
__bwr_hypot
__bwr_hypotf
__bwr_ilogb
__bwr_ilogbf
__bwr_invsqrt
__bwr_invsqrtf
__bwr_j0
__bwr_j0f
__bwr_j1
__bwr_j1f
__bwr_jn
__bwr_jnf
__bwr_ldexp
__bwr_ldexpf
__bwr_lgamma
__bwr_lgamma_r
__bwr_lgammaf
__bwr_lgammaf_r
__bwr_llrint
__bwr_llrintf
__bwr_llround
__bwr_llroundf
__bwr_log
__bwr_log10
__bwr_log10f
__bwr_log1p
__bwr_log1pf
__bwr_log2
__bwr_log2f
__bwr_logb
__bwr_logbf
__bwr_logf
__bwr_lrint
__bwr_lrintf
__bwr_lround
__bwr_lroundf
__bwr_modf
__bwr_modff
__bwr_nearbyint
__bwr_nearbyintf
__bwr_nextafter
__bwr_nextafterf
__bwr_nexttoward
__bwr_nexttowardf
__bwr_pow
__bwr_pow2o3
__bwr_pow2o3f
__bwr_pow3o2
__bwr_pow3o2f
__bwr_powf
__bwr_powr
__bwr_powrf
__bwr_remainder
__bwr_remainderf
__bwr_remquo
__bwr_remquof
__bwr_rint
__bwr_rintf
__bwr_round
__bwr_roundf
__bwr_scalb
__bwr_scalbf
__bwr_scalbln
__bwr_scalblnf
__bwr_scalbn
__bwr_scalbnf
__bwr_significand
__bwr_significandf
__bwr_sin
__bwr_sincos
__bwr_sincosd
__bwr_sincosdf
__bwr_sincosf
__bwr_sincospi
__bwr_sincospif
__bwr_sind
__bwr_sindf
__bwr_sinf
__bwr_sinh
__bwr_sinhcosh
__bwr_sinhcoshf
__bwr_sinhf
__bwr_sinpi
__bwr_sinpif
__bwr_sqrt
__bwr_sqrtf
__bwr_tan
__bwr_tand
__bwr_tandf
__bwr_tanf
__bwr_tanh
__bwr_tanhf
__bwr_tanpi
__bwr_tanpif
__bwr_tgamma
__bwr_tgammaf
__bwr_trunc
__bwr_truncf
__bwr_y0
__bwr_y0f
__bwr_y1
__bwr_y1f
__bwr_yn
__bwr_ynf
__cabsq
__cacoshq
__cacosq
__cargq
__casinhq
__casinq
__catanhq
__catanq
__cbrtq
__ccoshq
__ccosq
__ceilq
__cexp10q
__cexp2q
__cexpm1q
__cexpq
__cimagq
__cisdq
__cisq
__clog10q
__clog1pq
__clog2q
__clog_f90
__clogf_f90
__clogq
__clogq_f90
__compoundq
__conjq
__copysignq
__cosdq
__coshq
__cosq
__cotdq
__cotq
__cpowq
__cprojq
__crealq
__csinhq
__csinq
__csqrt_f90
__csqrtf_f90
__csqrtq
__csqrtq_f90
__ctanhq
__ctanq
__dremq
__erfcq
__erfcxq
__erfq
__exp10q
__exp2q
__expm1q
__expq
__fabsq
__fdimq
__finite
__finited
__finitef
__finitel
__floorq
__fmaq
__fmaxq
__fminq
__fmodq
__fpclassify
__fpclassifyd
__fpclassifyf
__fpclassifyl
__fpclassifyq
__frexpq
__gammaq
__gammaq_r
__hypotq
__ilogbq
__invsqrtq
__isfinite
__isfinited
__isfinitef
__isfinitel
__isfiniteq
__isgreater
__isgreaterequal
__isgreaterequalf
__isgreaterequall
__isgreaterequalq
__isgreaterf
__isgreaterl
__isgreaterq
__isinf
__isinfd
__isinff
__isinfl
__isinfq
__isless
__islessequal
__islessequalf
__islessequall
__islessequalq
__islessf
__islessgreater
__islessgreaterf
__islessgreaterl
__islessgreaterq
__islessl
__islessq
__isnan
__isnand
__isnanf
__isnanl
__isnanq
__isnormal
__isnormald
__isnormalf
__isnormall
__isnormalq
__isunordered
__isunorderedf
__isunorderedl
__isunorderedq
__j0q
__j1q
__jnq
__ldexpq
__lgammaq
__lgammaq_r
__libm128_nexttoward128
__libm128_nexttoward128f
__libm128_nexttoward128l
__libm_f_pow2i
__libm_f_powc16i8
__libm_f_powc32i8
__libm_f_powc8i8
__libm_f_powcc
__libm_f_powci
__libm_f_powdd
__libm_f_powdi
__libm_f_powi8i4
__libm_f_powi8i8
__libm_f_powii
__libm_f_powji
__libm_f_powr16i8
__libm_f_powr4i8
__libm_f_powr8i8
__libm_f_powri
__libm_f_powrr
__libm_f_powzi
__libm_f_powzz
__libm_flt_rounds
__libm_logl
__libm_nexttoward64
__libm_nexttoward64f
__libm_nexttoward64l
__libm_pow_bb
__libm_pow_cc_val
__libm_pow_ci
__libm_pow_ci_val
__libm_pow_cr_val
__libm_pow_dd
__libm_pow_di_val
__libm_pow_dz_val
__libm_pow_hh
__libm_pow_ii_val
__libm_pow_rc_val
__libm_pow_ri_val
__libm_pow_zd_val
__libm_pow_zi_val
__libm_pow_zz_val
__libm_setusermatherr
__libm_setusermatherrf
__libm_setusermatherrl
__libm_sse2_sincos
__libm_sse2_sincosf
__llrintq
__llroundq
__log10q
__log1pq
__log2q
__logbq
__logq
__lrintq
__lroundq
__modfq
__nanq
__nearbyintq
__nextafterq
__nexttowardq
__nintq
__pow_eq
__powc16i4
__powc16i8
__powc32i4
__powc32i8
__powc8i4
__powc8i8
__powi4i4
__powi8i8
__powi_eq
__powiq
__powq
__powr10i4
__powr10i8
__powr16i4
__powr16i8
__powr4i4
__powr4i8
__powr8i4
__powr8i8
__remainderq
__remquoq
__rintq
__roundq
__rsqrtq
__scalblnq
__scalbnq
__scalbq
__signbit
__signbitd
__signbitf
__signbitl
__signbitq
__signgamq
__significandq
__sincosdq
__sincosq
__sindq
__sinhcoshq
__sinhq
__sinq
__sqrtq
__tandq
__tanhq
__tanq
__tgammaq
__truncq
__y0q
__y1q
__ynq
acos
acosd
acosdf
acosdf16
acosdl
acosf
acosf16
acosh
acoshf
acoshf16
acoshl
acosl
acospi
acospif
acospif16
annuity
annuityf
annuityf16
annuityl
asin
asind
asindf
asindf16
asindl
asinf
asinf16
asinh
asinhf
asinhf16
asinhl
asinl
asinpi
asinpif
asinpif16
atan
atan2
atan2d
atan2df
atan2df16
atan2dl
atan2f
atan2f16
atan2l
atan2pi
atan2pif
atan2pif16
atand
atand2
atand2f
atand2l
atandf
atandf16
atandl

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 270KB - Virtual size: 276KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.trace
Size: 294KB - Virtual size: 294KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9c43e43594e158938562d221466190bd

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6eCertificate

Extended Key Usages

Key Usages

cb:6e:ec:20:a5:eb:ae:a9:75:bc:3b:77:d1:8f:d5:b8Certificate

Extended Key Usages

Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

aa:48:0f:43:34:2c:94:10:90:5e:4a:a2:50:4f:95:de:77:8d:81:de:e6:f7:c9:28:e9:9a:a8:6d:02:72:0a:53Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

Exports

Exports

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 1.8MB - Virtual size: 1.8MB

.data Size: 270KB - Virtual size: 276KB

.pdata Size: 21KB - Virtual size: 21KB

.trace Size: 294KB - Virtual size: 294KB

_RDATA Size: 512B - Virtual size: 252B

.rsrc Size: 1024B - Virtual size: 968B

.reloc Size: 16KB - Virtual size: 16KB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

cb:6e:ec:20:a5:eb:ae:a9:75:bc:3b:77:d1:8f:d5:b8
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

aa:48:0f:43:34:2c:94:10:90:5e:4a:a2:50:4f:95:de:77:8d:81:de:e6:f7:c9:28:e9:9a:a8:6d:02:72:0a:53
Signer

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 1.8MB - Virtual size: 1.8MB

.data
Size: 270KB - Virtual size: 276KB

.pdata
Size: 21KB - Virtual size: 21KB

.trace
Size: 294KB - Virtual size: 294KB

_RDATA
Size: 512B - Virtual size: 252B

.rsrc
Size: 1024B - Virtual size: 968B

.reloc
Size: 16KB - Virtual size: 16KB