8c6f2cdfff087bbea499b9d14647df2bfbd1a9b892f392f7b18afc4547cc593d

Sharing

Copy URL Twitter E-mail

General

Target

8c6f2cdfff087bbea499b9d14647df2bfbd1a9b892f392f7b18afc4547cc593d
Size

227KB
MD5

15e818041ed9e1ecf02259531f3d4a2d
SHA1

1f174f7197226ae979068de9ffa093e9863c98f2
SHA256

8c6f2cdfff087bbea499b9d14647df2bfbd1a9b892f392f7b18afc4547cc593d
SHA512

506047062368d2d2abb35845e74d128617eac2a23335c6e14d99353af5e55d75de0b41f97e83859446a85cd9485b5c438632593a8ffe4664574f078e0f54a421
SSDEEP

3072:Ges+ulgnqBzFCR6CqHhinlhHvwhswoGkXB3avei+u0iCt333333hDT4mAlo:Y+gg+FCRblhZwoNDTLd

Score

1^/10

Malware Config

Signatures

Files

8c6f2cdfff087bbea499b9d14647df2bfbd1a9b892f392f7b18afc4547cc593d
.dll windows:6 windows x64 arch:x64

79658c809de0d73fd7892f9ccf00f0bd

Code Sign

33:00:00:03:af:30:40:0e:4c:a3:4d:05:41:00:00:00:00:03:af
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:09

Not After

14/11/2024, 19:09

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:33:99:91:68:bc:fc:5b:b0:fb:34:8c:9f:0c:d8:3e:7e:29:df:dd:4c:8d:6d:28:2b:0e:26:c3:38:8e:93:ae
Signer

Actual PE Digest

8c:33:99:91:68:bc:fc:5b:b0:fb:34:8c:9f:0c:d8:3e:7e:29:df:dd:4c:8d:6d:28:2b:0e:26:c3:38:8e:93:ae

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\dbs\el\ddvsm\out\binaries\amd64ret\bin\amd64\VSRegistryDetour.pdb

Imports

advapi32

RegCreateKeyExA
RegCreateKeyExW
RegOpenKeyExA
RegOpenKeyExW
RegCloseKey
RegQueryValueExA
RegQueryValueExW
RegDeleteKeyA
RegDeleteKeyW
RegDeleteKeyExA
RegDeleteKeyExW
RegDeleteValueA
RegDeleteValueW
RegDeleteKeyValueA
RegDeleteKeyValueW
RegDeleteTreeA
RegDeleteTreeW
RegEnumKeyExA
RegEnumKeyExW
RegEnumValueA
RegEnumValueW
RegQueryInfoKeyA
RegQueryInfoKeyW
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
RegGetKeySecurity
RegSaveKeyW
RegLoadAppKeyW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid

kernel32

GetModuleHandleW
GetProcAddress
OutputDebugStringW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
CloseHandle
CreateToolhelp32Snapshot
GetCurrentProcessId
GetCurrentThreadId
Thread32First
OpenThread
Thread32Next
GetLastError
HeapUnlock
GetProcessHeap
GetVersionExW
HeapLock
HeapDestroy
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
SizeofResource
LockResource
LoadResource
FindResourceExW
FindResourceW
WideCharToMultiByte
CreateMutexW
ReleaseMutex
WaitForSingleObject
FindFirstFileW
FindClose
CreateDirectoryW
GetCurrentProcess
LoadLibraryW
GetModuleHandleExW
GetModuleFileNameW
FreeLibrary
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
FlushViewOfFile
GetTickCount
Sleep
GetFileAttributesExW
CreateFileW
GetFileSizeEx
GetPrivateProfileSectionW
VerSetConditionMask
VerifyVersionInfoW
InitializeCriticalSectionEx
DeleteCriticalSection
VirtualQuery
VirtualProtect
VirtualFree
VirtualAlloc
FlushInstructionCache
SetThreadContext
GetThreadContext
ResumeThread
SuspendThread
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
RtlUnwindEx
InterlockedFlushSList
RtlPcToFileHeader
RaiseException
SetLastError
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
ExitProcess
GetCurrentThread
GetStdHandle
GetFileType
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
SetFilePointerEx
GetStringTypeW
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
WriteConsoleW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive

ole32

CoCreateGuid
StringFromCLSID
CoTaskMemFree

shell32

SHGetKnownFolderPath

shlwapi

PathAppendW
StrCmpIW
StrCmpNIW
PathFileExistsW
PathIsRootW
PathRemoveFileSpecW
PathCombineW

Exports

Exports

GetPrivateRegistryPath
OpenNonDetouredKey
StartDetouring
StartDetouringRegRoot
StartDetouringRegRootInstDir
StopDetouring

Sections

.text
Size: 130KB - Virtual size: 130KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

79658c809de0d73fd7892f9ccf00f0bd

Code Sign

33:00:00:03:af:30:40:0e:4c:a3:4d:05:41:00:00:00:00:03:afCertificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

8c:33:99:91:68:bc:fc:5b:b0:fb:34:8c:9f:0c:d8:3e:7e:29:df:dd:4c:8d:6d:28:2b:0e:26:c3:38:8e:93:aeSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

ole32

shell32

shlwapi

Exports

Exports

Sections

.text Size: 130KB - Virtual size: 130KB

.rdata Size: 60KB - Virtual size: 60KB

.data Size: 3KB - Virtual size: 8KB

.pdata Size: 7KB - Virtual size: 7KB

_RDATA Size: 512B - Virtual size: 500B

.detourc Size: 8KB - Virtual size: 8KB

.detourd Size: 512B - Virtual size: 24B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 3KB

33:00:00:03:af:30:40:0e:4c:a3:4d:05:41:00:00:00:00:03:af
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

8c:33:99:91:68:bc:fc:5b:b0:fb:34:8c:9f:0c:d8:3e:7e:29:df:dd:4c:8d:6d:28:2b:0e:26:c3:38:8e:93:ae
Signer

.text
Size: 130KB - Virtual size: 130KB

.rdata
Size: 60KB - Virtual size: 60KB

.data
Size: 3KB - Virtual size: 8KB

.pdata
Size: 7KB - Virtual size: 7KB

_RDATA
Size: 512B - Virtual size: 500B

.detourc
Size: 8KB - Virtual size: 8KB

.detourd
Size: 512B - Virtual size: 24B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 3KB