d494b12aeb973291ed85ff0ff94f734a827f14f52f9b2888824caad56a8192f1

Sharing

Copy URL Twitter E-mail

General

Target

d494b12aeb973291ed85ff0ff94f734a827f14f52f9b2888824caad56a8192f1
Size

2.4MB
MD5

6f6329510f25a07190dcb390f64aafb0
SHA1

bb01be426c6b48ffd4de21bbc8b57d5ac98dcd3b
SHA256

d494b12aeb973291ed85ff0ff94f734a827f14f52f9b2888824caad56a8192f1
SHA512

5a140f6748348159ea00a686e555aa514d356a4855f75560110ac7745b172cf7e69861599d74596300252a0249f7671637d49b1cd2a63f2f43aaf818dca198f6
SSDEEP

49152:84ZSY/nwYw3LCMhAvAfAAEV1rnFTZT0krlGW+:8QjnwYw3LCKAo7ELxTZT0krg

Score

1^/10

Malware Config

Signatures

Files

d494b12aeb973291ed85ff0ff94f734a827f14f52f9b2888824caad56a8192f1
.exe windows:6 windows x86 arch:x86

a5ac4a09b8a3e10ac6a353d3ab1cc203

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:02:b3:6b:32:51:c3:28:08:3f:77:7c:a0:84:28:ff
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

16/09/2022, 00:00

Not After

17/09/2025, 23:59

Subject

CN=Avast Software s.r.o.,O=Avast Software s.r.o.,L=Praha,C=CZ

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3a:52:6a:2c:84:ce:55:e6:1d:65:fc:cc:12:d8:e9:89
Certificate

Issuer

CN=Sectigo Public Time Stamping CA R36,O=Sectigo Limited,C=GB

Not Before

15/01/2024, 00:00

Not After

14/04/2035, 23:59

Subject

CN=Sectigo Public Time Stamping Signer R35,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

7a:23:ae:da:53:69:96:0f:91:c8:3e:5c:f4:c7:e3:3f
Certificate

Issuer

CN=Sectigo Public Time Stamping Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Time Stamping CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

36:c2:b0:bd:7c:1b:3a:e7:a3:b3:dd:36:cb:c9:75:68
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

22/03/2021, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo Public Time Stamping Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

57:04:20:f7:a8:6d:83:db:d5:81:26:58:56:ca:c0:e2:bd:c2:6e:86:56:fe:42:ef:41:d3:e1:39:a1:0a:4d:89
Signer

Actual PE Digest

57:04:20:f7:a8:6d:83:db:d5:81:26:58:56:ca:c0:e2:bd:c2:6e:86:56:fe:42:ef:41:d3:e1:39:a1:0a:4d:89

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x86\aswOfferTool.pdb

Imports

wtsapi32

WTSEnumerateProcessesW
WTSQueryUserToken
WTSEnumerateSessionsW
WTSFreeMemory

advapi32

CryptAcquireContextW
CheckTokenMembership
GetTokenInformation
SaferComputeTokenFromLevel
SetTokenInformation
DuplicateTokenEx
CreateProcessAsUserW
OpenThreadToken
DuplicateToken
RegOpenKeyExW
OpenProcessToken
SaferCreateLevel
ImpersonateLoggedOnUser
RegEnumKeyExA
SaferCloseLevel
RegOpenCurrentUser
RegCloseKey
RevertToSelf
AdjustTokenPrivileges
RegQueryValueExA
LookupPrivilegeValueW
RegOpenKeyExA
SystemFunction036
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptAcquireContextA
CryptReleaseContext
ImpersonateSelf
AllocateAndInitializeSid
CryptGenRandom
RegNotifyChangeKeyValue
RegQueryValueExW
FreeSid
EqualSid

user32

GetDesktopWindow
GetUserObjectInformationW
GetClassInfoExW
GetThreadDesktop
RegisterClassExW
GetProcessWindowStation
GetWindowThreadProcessId
GetShellWindow

ole32

CoUninitialize

shell32

CommandLineToArgvW
SHGetSpecialFolderPathW
ShellExecuteExW

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

crypt32

CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertFindExtension
CertAddCertificateContextToStore
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryA
CertFreeCertificateContext
CertOpenStore
CertEnumCertificatesInStore
CertCloseStore
CertFindCertificateInStore

ntdll

RtlUnwind
RtlNtStatusToDosError
RtlCaptureContext
VerSetConditionMask

kernel32

VirtualAlloc
VirtualFree
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
SetEvent
ResetEvent
ReleaseSemaphore
CreateEventW
CreateSemaphoreW
SetThreadAffinityMask
FormatMessageA
CreateThread
LoadLibraryA
MultiByteToWideChar
InitializeProcThreadAttributeList
DeleteProcThreadAttributeList
UpdateProcThreadAttribute
TerminateProcess
GetCurrentThread
VerifyVersionInfoW
InitializeCriticalSectionEx
FlushFileBuffers
GetFileInformationByHandle
GetFullPathNameW
OutputDebugStringA
FileTimeToSystemTime
GetSystemTimeAsFileTime
TlsAlloc
TlsGetValue
TlsSetValue
GetSystemInfo
GetVersionExW
GetTickCount
QueryPerformanceFrequency
QueryPerformanceCounter
ExpandEnvironmentStringsW
GetFileAttributesW
LoadLibraryExW
ReadFile
GlobalMemoryStatusEx
GetDateFormatW
GetTimeFormatW
GetExitCodeThread
TlsFree
GetDriveTypeW
SetFileAttributesW
MoveFileExW
LockFileEx
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
FindClose
CreateDirectoryW
GetCurrentDirectoryW
FindFirstFileExW
FindNextFileW
CompareStringW
UnlockFileEx
CopyFileW
SetFileInformationByHandle
GetDiskFreeSpaceExW
VirtualQuery
WriteConsoleW
GetSystemTimes
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
GetSystemDirectoryA
GetModuleHandleA
SleepEx
MoveFileExA
GetEnvironmentVariableA
CreateFileA
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
CreateEventA
RegisterWaitForSingleObject
UnregisterWait
ExpandEnvironmentStringsA
CreateIoCompletionPort
GetQueuedCompletionStatusEx
PostQueuedCompletionStatus
SetFileCompletionNotificationModes
GetVersionExA
GetTickCount64
RaiseException
IsDebuggerPresent
InitializeSListHead
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
DeviceIoControl
GetExitCodeProcess
FreeLibrary
GetModuleHandleW
CreateProcessW
GetProcessHeap
GetCurrentProcessId
IsProcessorFeaturePresent
LocalFree
SetFilePointerEx
GetProcAddress
HeapAlloc
FindResourceW
LoadResource
LoadLibraryW
CloseHandle
DeleteFileW
LockResource
GetLastError
FormatMessageW
Sleep
OpenProcess
FreeResource
ResumeThread
GetCurrentThreadId
CreateFileW
WaitForSingleObject
SetEndOfFile
WaitForMultipleObjects
GetModuleFileNameW
GetModuleHandleExW
WriteFile
GetCurrentProcess
GetCommandLineW
SetLastError
HeapFree
GetFileSizeEx
SizeofResource
GetStartupInfoW
InterlockedPushEntrySList
InitializeCriticalSectionAndSpinCount
ExitThread
FreeLibraryAndExitThread
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
GetStdHandle
ExitProcess
GetConsoleMode
ReadConsoleW
GetConsoleOutputCP
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetStdHandle
IsValidCodePage
GetACP
GetOEMCP
LCMapStringEx
DecodePointer
EncodePointer
InitOnceComplete
InitOnceBeginInitialize
WaitForSingleObjectEx
SleepConditionVariableSRW
TryAcquireSRWLockExclusive
GetStringTypeW
WideCharToMultiByte
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetTimeZoneInformation
HeapSize
HeapReAlloc

bcrypt

BCryptGenRandom

ws2_32

select
WSAGetLastError
WSAEnumNetworkEvents
send
WSAAddressToStringA
WSAStartup
WSAEventSelect
WSAResetEvent
recvfrom
WSACloseEvent
WSACleanup
getservbyname
gethostname
ioctlsocket
htonl
__WSAFDIsSet
WSAIoctl
WSACreateEvent
WSAWaitForMultipleEvents
ntohl
ntohs
WSASetLastError
bind
closesocket
connect
socket
getsockname
setsockopt
htons
getsockopt
recv

iphlpapi

GetBestRoute2
FreeMibTable
GetUnicastIpAddressTable
if_indextoname
if_nametoindex
GetAdaptersAddresses
NotifyIpInterfaceChange
CancelMibChangeNotify2

Exports

Exports

asw_process_storage_allocate_connector
asw_process_storage_deallocate_connector
on_avast_dll_unload
onexit_register_connector_avast_2

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 345KB - Virtual size: 344KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 870KB - Virtual size: 870KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a5ac4a09b8a3e10ac6a353d3ab1cc203

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

09:02:b3:6b:32:51:c3:28:08:3f:77:7c:a0:84:28:ffCertificate

Extended Key Usages

Key Usages

3a:52:6a:2c:84:ce:55:e6:1d:65:fc:cc:12:d8:e9:89Certificate

Extended Key Usages

Key Usages

7a:23:ae:da:53:69:96:0f:91:c8:3e:5c:f4:c7:e3:3fCertificate

Extended Key Usages

Key Usages

36:c2:b0:bd:7c:1b:3a:e7:a3:b3:dd:36:cb:c9:75:68Certificate

Extended Key Usages

Key Usages

57:04:20:f7:a8:6d:83:db:d5:81:26:58:56:ca:c0:e2:bd:c2:6e:86:56:fe:42:ef:41:d3:e1:39:a1:0a:4d:89Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wtsapi32

advapi32

user32

ole32

shell32

userenv

crypt32

ntdll

kernel32

bcrypt

ws2_32

iphlpapi

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 345KB - Virtual size: 344KB

.data Size: 18KB - Virtual size: 27KB

.rsrc Size: 870KB - Virtual size: 870KB

.reloc Size: 47KB - Virtual size: 47KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

09:02:b3:6b:32:51:c3:28:08:3f:77:7c:a0:84:28:ff
Certificate

3a:52:6a:2c:84:ce:55:e6:1d:65:fc:cc:12:d8:e9:89
Certificate

7a:23:ae:da:53:69:96:0f:91:c8:3e:5c:f4:c7:e3:3f
Certificate

36:c2:b0:bd:7c:1b:3a:e7:a3:b3:dd:36:cb:c9:75:68
Certificate

57:04:20:f7:a8:6d:83:db:d5:81:26:58:56:ca:c0:e2:bd:c2:6e:86:56:fe:42:ef:41:d3:e1:39:a1:0a:4d:89
Signer

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 345KB - Virtual size: 344KB

.data
Size: 18KB - Virtual size: 27KB

.rsrc
Size: 870KB - Virtual size: 870KB

.reloc
Size: 47KB - Virtual size: 47KB