4d3af6635b382daf542f27e31681a90f30d09c137d16691c49eb4d6d9fb03b6aN

Sharing

Copy URL Twitter E-mail

General

Target

4d3af6635b382daf542f27e31681a90f30d09c137d16691c49eb4d6d9fb03b6aN
Size

214KB
MD5

783a5835e299e1054a787c34a359fc90
SHA1

28130a00342f960f1a98c268a6041736919b9941
SHA256

4d3af6635b382daf542f27e31681a90f30d09c137d16691c49eb4d6d9fb03b6a
SHA512

d4f9cbd32cd95c315b8559bafc069ead7e39477158ab2eebcabe4ea137e01c928df2aadac630e4ce1cb20f957f42d5ab8cb20ef7182d193e3e4689a50c77804e
SSDEEP

3072:oyiPmX5dhtDiA1hisscfzd2CsGToPw7YRTP+zn/ojmewPhiBvA9brz4Ik/fIEXj0:oyJMA1hisscp2CsarYdKlEBYdr6/fxz0

Score

1^/10

Malware Config

Signatures

Files

4d3af6635b382daf542f27e31681a90f30d09c137d16691c49eb4d6d9fb03b6aN
.dll windows:6 windows x64 arch:x64

874b994f283f37214ee4049cc3ee3fd5

Code Sign

33:00:00:00:f7:80:de:c4:94:54:79:46:07:00:00:00:00:00:f7
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2013,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2023, 19:43

Not After

16/10/2024, 19:43

Subject

CN=Microsoft Windows Software Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:14:9d:fb:c3:1f:1f:63:c3:10:00:00:00:00:00:14
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

01/05/2013, 20:44

Not After

01/05/2028, 20:54

Subject

CN=Microsoft Windows Third Party Component CA 2013,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:03:a4:cb:e3:56:b8:cb:7f:e4:27:00:00:00:00:03:a4
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2023, 19:51

Not After

16/10/2024, 19:51

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

67:eb:44:47:bb:cd:22:08:ea:e0:07:7f:5d:fb:44:7b:8c:34:2d:da:74:5a:10:a5:c0:36:3c:ee:fa:3f:f1:50
Signer

Actual PE Digest

67:eb:44:47:bb:cd:22:08:ea:e0:07:7f:5d:fb:44:7b:8c:34:2d:da:74:5a:10:a5:c0:36:3c:ee:fa:3f:f1:50

Digest Algorithm

sha256

PE Digest Matches

true

67:eb:44:47:bb:cd:22:08:ea:e0:07:7f:5d:fb:44:7b:8c:34:2d:da:74:5a:10:a5:c0:36:3c:ee:fa:3f:f1:50
Signer

Actual PE Digest

67:eb:44:47:bb:cd:22:08:ea:e0:07:7f:5d:fb:44:7b:8c:34:2d:da:74:5a:10:a5:c0:36:3c:ee:fa:3f:f1:50

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcomp140d.amd64.pdb

Imports

kernel32

FormatMessageW
OutputDebugStringW
LocalAlloc
LocalFree
GetConsoleWindow
GetConsoleScreenBufferInfo
WriteConsoleW
WideCharToMultiByte
WriteFile
GetLastError
GetCurrentThreadId
HeapFree
GetProcessHeap
UnhandledExceptionFilter
CloseHandle
WaitForSingleObjectEx
SetEvent
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
HeapAlloc
TryEnterCriticalSection
QueryPerformanceCounter
InitializeCriticalSectionAndSpinCount
GetTickCount
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
Sleep
SwitchToThread
ExitProcess
GetStdHandle
CreateThread
QueueUserWorkItem
CreateEventW
LoadLibraryExW
FreeLibrary
GetProcAddress
VirtualAlloc
GetModuleHandleW
VirtualProtect
VirtualFree
GetNativeSystemInfo
QueryPerformanceFrequency
GetSystemTimeAdjustment
GetEnvironmentVariableW
lstrlenW
lstrcmpiW
GetStringTypeExW
ResetEvent
GetCurrentProcess
SetThreadPreferredUILanguages
GetThreadPreferredUILanguages
FindFirstFileW
FindNextFileW
FindClose
GetModuleFileNameW
FindResourceExW
LoadResource
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlUnwindEx
InterlockedFlushSList
SetLastError
EncodePointer
RaiseException
RtlPcToFileHeader
GetModuleHandleExW
GetFileType
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
LCMapStringW
SetFilePointerEx
GetStringTypeW
SetStdHandle
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
CreateFileW

Exports

Exports

C2VectParallel
_vcomp_atomic_add_i1
_vcomp_atomic_add_i2
_vcomp_atomic_add_i4
_vcomp_atomic_add_i8
_vcomp_atomic_add_r4
_vcomp_atomic_add_r8
_vcomp_atomic_and_i1
_vcomp_atomic_and_i2
_vcomp_atomic_and_i4
_vcomp_atomic_and_i8
_vcomp_atomic_div_i1
_vcomp_atomic_div_i2
_vcomp_atomic_div_i4
_vcomp_atomic_div_i8
_vcomp_atomic_div_r4
_vcomp_atomic_div_r8
_vcomp_atomic_div_ui1
_vcomp_atomic_div_ui2
_vcomp_atomic_div_ui4
_vcomp_atomic_div_ui8
_vcomp_atomic_mul_i1
_vcomp_atomic_mul_i2
_vcomp_atomic_mul_i4
_vcomp_atomic_mul_i8
_vcomp_atomic_mul_r4
_vcomp_atomic_mul_r8
_vcomp_atomic_or_i1
_vcomp_atomic_or_i2
_vcomp_atomic_or_i4
_vcomp_atomic_or_i8
_vcomp_atomic_shl_i1
_vcomp_atomic_shl_i2
_vcomp_atomic_shl_i4
_vcomp_atomic_shl_i8
_vcomp_atomic_shr_i1
_vcomp_atomic_shr_i2
_vcomp_atomic_shr_i4
_vcomp_atomic_shr_i8
_vcomp_atomic_shr_ui1
_vcomp_atomic_shr_ui2
_vcomp_atomic_shr_ui4
_vcomp_atomic_shr_ui8
_vcomp_atomic_sub_i1
_vcomp_atomic_sub_i2
_vcomp_atomic_sub_i4
_vcomp_atomic_sub_i8
_vcomp_atomic_sub_r4
_vcomp_atomic_sub_r8
_vcomp_atomic_xor_i1
_vcomp_atomic_xor_i2
_vcomp_atomic_xor_i4
_vcomp_atomic_xor_i8
_vcomp_barrier
_vcomp_copyprivate_broadcast
_vcomp_copyprivate_receive
_vcomp_enter_critsect
_vcomp_flush
_vcomp_for_dynamic_init
_vcomp_for_dynamic_init_i8
_vcomp_for_dynamic_next
_vcomp_for_dynamic_next_i8
_vcomp_for_static_end
_vcomp_for_static_init
_vcomp_for_static_init_i8
_vcomp_for_static_simple_init
_vcomp_for_static_simple_init_i8
_vcomp_fork
_vcomp_get_thread_num
_vcomp_leave_critsect
_vcomp_master_barrier
_vcomp_master_begin
_vcomp_master_end
_vcomp_ordered_begin
_vcomp_ordered_end
_vcomp_ordered_loop_end
_vcomp_reduction_i1
_vcomp_reduction_i2
_vcomp_reduction_i4
_vcomp_reduction_i8
_vcomp_reduction_r4
_vcomp_reduction_r8
_vcomp_reduction_u1
_vcomp_reduction_u2
_vcomp_reduction_u4
_vcomp_reduction_u8
_vcomp_sections_init
_vcomp_sections_next
_vcomp_set_num_threads
_vcomp_single_begin
_vcomp_single_end
omp_destroy_lock
omp_destroy_nest_lock
omp_get_dynamic
omp_get_max_threads
omp_get_nested
omp_get_num_procs
omp_get_num_threads
omp_get_thread_num
omp_get_wtick
omp_get_wtime
omp_in_parallel
omp_init_lock
omp_init_nest_lock
omp_set_dynamic
omp_set_lock
omp_set_nest_lock
omp_set_nested
omp_set_num_threads
omp_test_lock
omp_test_nest_lock
omp_unset_lock
omp_unset_nest_lock

Sections

.text
Size: 121KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

874b994f283f37214ee4049cc3ee3fd5

Code Sign

33:00:00:00:f7:80:de:c4:94:54:79:46:07:00:00:00:00:00:f7Certificate

Extended Key Usages

33:00:00:00:14:9d:fb:c3:1f:1f:63:c3:10:00:00:00:00:00:14Certificate

Key Usages

33:00:00:03:a4:cb:e3:56:b8:cb:7f:e4:27:00:00:00:00:03:a4Certificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

67:eb:44:47:bb:cd:22:08:ea:e0:07:7f:5d:fb:44:7b:8c:34:2d:da:74:5a:10:a5:c0:36:3c:ee:fa:3f:f1:50Signer

67:eb:44:47:bb:cd:22:08:ea:e0:07:7f:5d:fb:44:7b:8c:34:2d:da:74:5a:10:a5:c0:36:3c:ee:fa:3f:f1:50Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

Exports

Exports

Sections

.text Size: 121KB - Virtual size: 120KB

.rdata Size: 55KB - Virtual size: 55KB

.data Size: 3KB - Virtual size: 9KB

.pdata Size: 7KB - Virtual size: 6KB

.rsrc Size: 5KB - Virtual size: 4KB

.reloc Size: 2KB - Virtual size: 1KB

33:00:00:00:f7:80:de:c4:94:54:79:46:07:00:00:00:00:00:f7
Certificate

33:00:00:00:14:9d:fb:c3:1f:1f:63:c3:10:00:00:00:00:00:14
Certificate

33:00:00:03:a4:cb:e3:56:b8:cb:7f:e4:27:00:00:00:00:03:a4
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

67:eb:44:47:bb:cd:22:08:ea:e0:07:7f:5d:fb:44:7b:8c:34:2d:da:74:5a:10:a5:c0:36:3c:ee:fa:3f:f1:50
Signer

67:eb:44:47:bb:cd:22:08:ea:e0:07:7f:5d:fb:44:7b:8c:34:2d:da:74:5a:10:a5:c0:36:3c:ee:fa:3f:f1:50
Signer

.text
Size: 121KB - Virtual size: 120KB

.rdata
Size: 55KB - Virtual size: 55KB

.data
Size: 3KB - Virtual size: 9KB

.pdata
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 5KB - Virtual size: 4KB

.reloc
Size: 2KB - Virtual size: 1KB