3cef15f22efe892586bff6b00a4917ccfc5f33f38f735507a29b01d2a636820c

Sharing

Copy URL

Twitter E-mail

General

Target

3cef15f22efe892586bff6b00a4917ccfc5f33f38f735507a29b01d2a636820c
Size

1.0MB
MD5

766f5faa26dac00fce5013a8587937ee
SHA1

ac00582db8ae5c7bca020ebcdfc63b18d8af3949
SHA256

3cef15f22efe892586bff6b00a4917ccfc5f33f38f735507a29b01d2a636820c
SHA512

b205fc9c74d6c1d914be7eba125a986ef131f2a868780b3f77b7a0530a248c4a4e3b4c97fad13052675cf9575ac6aabd939be9731895bf0f0db8a737cd9e0f91
SSDEEP

12288:QqflDDoYevZMFTe5n9CefN0wVI07vRzTX6EQ2Xbh/5:Q00+FTBcC6VXNb15

Score

1^/10

Malware Config

Signatures

Files

3cef15f22efe892586bff6b00a4917ccfc5f33f38f735507a29b01d2a636820c
.exe windows:1 windows x86 arch:x86

08f3e0159c664b6c26b4f207b388243a

Code Sign

25:8c:17:c8:cb:f2:be:a2:4a:33:ea:13:df:26:52:32
Certificate

Issuer

CN=XCWZQCLCGADGLVQZGG

Not Before

13-11-2020 09:10

Not After

31-12-2039 23:59

Subject

CN=XCWZQCLCGADGLVQZGG

Extended Key Usages

ExtKeyUsageCodeSigning

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23-10-2020 00:00

Not After

22-01-2032 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ab:b5:9c:71:4f:45:82:e6:ff:aa:59:cd:bb:8f:56:3c:b9:24:51:e1:05:4a:ab:5e:d7:9b:e3:38:c7:64:85:c3
Signer

Actual PE Digest

ab:b5:9c:71:4f:45:82:e6:ff:aa:59:cd:bb:8f:56:3c:b9:24:51:e1:05:4a:ab:5e:d7:9b:e3:38:c7:64:85:c3

Digest Algorithm

sha256

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
GetLastError
VirtualAllocEx
GetCurrentThreadId
GetCurrentProcessId
FileTimeToDosDateTime
FileTimeToLocalFileTime
GetFileAttributesExA
SetFileAttributesA
CloseHandle
GetStartupInfoA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetDriveTypeA
GetTickCount
QueryPerformanceCounter
GetModuleFileNameA
CreateFileA
Sleep
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
CancelTimerQueueTimer
GetFileInformationByHandle
GlobalLock
GetNumberOfConsoleInputEvents
LocalCompact
EnumCalendarInfoExW
ReadFile
WriteProcessMemory
GetTempPathA
GetEnvironmentStringsA
GetSystemDirectoryA
GetProcessHeaps
SetConsoleCP
DeleteVolumeMountPointA
DeleteAtom
SetConsoleCursorPosition
WriteProfileStringA
GetConsoleAliasesLengthW
SetVolumeMountPointW
CopyFileA
PulseEvent
EnumDateFormatsExA
WritePrivateProfileSectionA
PurgeComm
GetTimeZoneInformation
EndUpdateResourceA
EnumDateFormatsA
GetSystemWindowsDirectoryA
GetProcessWorkingSetSize
GetCurrencyFormatA
EnumDateFormatsW
FindFirstVolumeMountPointW
ReadProcessMemory
GetThreadContext
SetConsoleCursor
GetThreadSelectorEntry
FreeEnvironmentStringsA
SetCommState
ReleaseSemaphore
FormatMessageW
FindFirstVolumeMountPointA
SetLastError
ReadConsoleA
SwitchToThread
MultiByteToWideChar
DisconnectNamedPipe
WriteFile
ConnectNamedPipe
CreateNamedPipeW
lstrlenW
OpenEventW
lstrcatW
SetConsoleCtrlHandler
ExitProcess
CreateFileW
GetStartupInfoW
CallNamedPipeW
lstrcmpA
lstrlenA
lstrcatA
SuspendThread
ResumeThread
WaitForSingleObject
SetEvent
SetCommTimeouts
GetCommProperties
GetCommState
SetupComm
lstrcpyW
ResetEvent
GetOverlappedResult
WaitForMultipleObjects
ClearCommError
ExitThread
CreateEventW
CreateThread
WideCharToMultiByte
GetDiskFreeSpaceExW
HeapAlloc
HeapSize
GetProcessHeap
HeapFree
HeapReAlloc
GetPrivateProfileStringW
WritePrivateProfileStringW
GlobalUnlock
GlobalFree
GlobalHandle
DebugBreak
GlobalAlloc
GetPrivateProfileIntW
FreeLibrary
GetProcAddress
GetWindowsDirectoryW
LoadLibraryW
GetSystemDirectoryW
SetCurrentDirectoryW
GetFileAttributesW
GetModuleFileNameW
GetSystemDefaultLangID
GetComputerNameW
GetCurrentDirectoryA
GetModuleHandleW
GetVersionExW
LocalAlloc
LocalFree
MulDiv
GetSystemInfo
GetLocalTime
WinExec
CreateProcessW
GetDriveTypeW
FileTimeToSystemTime
GetVersion
DeleteFileW
GlobalSize
lstrcmpiA
LoadLibraryA
VirtualFree
VirtualAlloc
GetACP
VirtualQuery
lstrcpynW
LoadLibraryExW
IsValidLocale
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetLocaleInfoW
GetCommandLineW
FindFirstFileW
FindClose
CompareStringW
RtlUnwind
RaiseException
GetStdHandle
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
TlsSetValue
TlsGetValue
lstrcmpW
WaitForMultipleObjectsEx
VirtualQueryEx
VirtualProtect
SizeofResource
SetThreadPriority
SetThreadLocale
SetFilePointer
SetErrorMode
SetEndOfFile
LockResource
LoadResource
GlobalFindAtomW
GlobalDeleteAtom
GlobalAddAtomW
GetThreadPriority
GetThreadLocale
GetFullPathNameW
GetExitCodeThread
GetDiskFreeSpaceW
GetDateFormatW
GetCurrentThread
GetCPInfoExW
GetCPInfo
FreeResource
InterlockedExchangeAdd
InterlockedExchange
InterlockedCompareExchange
FindResourceW
FindNextFileW
EnumSystemLocalesW
EnumCalendarInfoW

user32

LoadIconA
DispatchMessageA
PeekMessageA
SendDlgItemMessageA
EnableMenuItem
GetSystemMenu
CreateDialogParamA
CharNextExA
DestroyWindow
LoadAcceleratorsA
GetMenuDefaultItem
GetClipboardFormatNameW
PostThreadMessageA
MonitorFromWindow
PtInRect
FlashWindow
GetClassLongA
DrawStateA
WINNLSGetIMEHotkey
GetClassNameA
ChangeDisplaySettingsA
CreateMenu
CreateIconFromResource
GetAsyncKeyState
wsprintfW
GetMessageExtraInfo
SendInput
MapVirtualKeyW
keybd_event
OpenInputDesktop
OpenDesktopW
FindWindowW
SendMessageW
MessageBeep
GetCursorPos
SystemParametersInfoW
GetProcessWindowStation
GetThreadDesktop
OpenWindowStationW
SetProcessWindowStation
SetThreadDesktop
CloseDesktop
CloseWindowStation
GetSystemMetrics
CharLowerA

gdi32

GetEnhMetaFileA
GetEnhMetaFileBits
GetStockObject
CreateSolidBrush
AddFontResourceA
GetPolyFillMode
SetBrushOrgEx
GdiAddFontResourceW
CreateCompatibleBitmap
GetViewportExtEx
GdiConvertRegion
EngStrokeAndFillPath
CreateICW
EnumFontFamiliesExA
CheckColorsInGamut
CreateDIBPatternBrushPt
EngCreateDeviceSurface
GdiValidateHandle
EnumFontFamiliesW
SetICMProfileW
MirrorRgn
PaintRgn
GdiPrinterThunk
FillRgn
GetDeviceCaps
STROBJ_bEnumPositionsOnly
EngReleaseSemaphore
EngGradientFill
Escape
GetStretchBltMode
GetTextAlign
EngDeletePath
GdiEntry9
GdiPlayScript
GetTextExtentPointA
EnumFontFamiliesExW
SetMagicColors
SelectClipRgn
EngDeleteSurface
PATHOBJ_bEnumClipLines
BRUSHOBJ_pvGetRbrush
GetOutlineTextMetricsW
GetBrushOrgEx
EngMarkBandingSurface
FloodFill

advapi32

RegOpenKeyW
RegQueryValueExA

shell32

SHChangeNotify
SHGetFileInfoW
SHGetFolderPathA
ExtractAssociatedIconW
ExtractIconW
Shell_NotifyIcon
ShellExecuteExA
SHQueryRecycleBinA
SHGetDiskFreeSpaceA
SHGetDesktopFolder
SHGetIconOverlayIndexA
SHBindToParent
SHGetSpecialFolderLocation
SHLoadInProc
ShellExecuteA
DragAcceptFiles
DragQueryFileW
ExtractAssociatedIconExW
ExtractAssociatedIconExA
SHPathPrepareForWriteA
DragQueryFile
ExtractAssociatedIconA
Shell_NotifyIconW
FindExecutableA
SHAppBarMessage
SHGetPathFromIDListW
SHIsFileAvailableOffline
ShellExecuteW
ExtractIconExA
SHGetSpecialFolderPathW

shlwapi

StrStrIA
StrChrIA
StrStrW
StrChrW
StrRChrIW
StrChrA
StrCmpNIA
StrRChrW
StrRStrIW
StrRChrIA

msvcrt

_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
_controlfp

Sections

.text
Size: 346KB - Virtual size: 345KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 618KB - Virtual size: 618KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

08f3e0159c664b6c26b4f207b388243a

Code Sign

25:8c:17:c8:cb:f2:be:a2:4a:33:ea:13:df:26:52:32Certificate

Extended Key Usages

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6bCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

ab:b5:9c:71:4f:45:82:e6:ff:aa:59:cd:bb:8f:56:3c:b9:24:51:e1:05:4a:ab:5e:d7:9b:e3:38:c7:64:85:c3Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

shlwapi

msvcrt

Sections

.text Size: 346KB - Virtual size: 345KB

.rdata Size: 99KB - Virtual size: 99KB

.data Size: 618KB - Virtual size: 618KB

25:8c:17:c8:cb:f2:be:a2:4a:33:ea:13:df:26:52:32
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

ab:b5:9c:71:4f:45:82:e6:ff:aa:59:cd:bb:8f:56:3c:b9:24:51:e1:05:4a:ab:5e:d7:9b:e3:38:c7:64:85:c3
Signer

.text
Size: 346KB - Virtual size: 345KB

.rdata
Size: 99KB - Virtual size: 99KB

.data
Size: 618KB - Virtual size: 618KB