86ed0d8493c5cebaa1104e2d13ca0ada[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

86ed0d8493c5cebaa1104e2d13ca0ada.exe
Size

5.5MB
MD5

86ed0d8493c5cebaa1104e2d13ca0ada
SHA1

35b2b12272f20d9ac6e713415cf9bf20b88dfdba
SHA256

214cd9c2199d60c6f940ccde93ac98d9474322ceb51801d5cddcf3912ff6f1b1
SHA512

5e5b723edd2ff354014a41700531a7643bee3e3bf07e7827e31663a08693ce7ad20ba36f2e8a7ab97652b2acb6df9908ccb9b04aa984e7c4a0f4547defd1f911
SSDEEP

98304:J/GYeOKXgYPdqa+UNfN1uu+/btg0FO9hJ1fCX/7PybX2w69xX2a:tGovYPdqaxNfDuuYBg0E9T1fCX+69xXD

Score

1^/10

Malware Config

Signatures

Files

86ed0d8493c5cebaa1104e2d13ca0ada.exe
.exe windows:5 windows x86 arch:x86

6759995fda4d4e04dbf703eef9d542ab

Code Sign

66:4f:b5:cf:89:09:a1:b9:40:e8:3a:4c:77:11:0e:2d
Certificate

Issuer

CN=Lenovo PRO Korea

Not Before

19-12-2024 16:57

Not After

20-12-2034 16:57

Subject

CN=Lenovo PRO Korea

3a:52:6a:2c:84:ce:55:e6:1d:65:fc:cc:12:d8:e9:89
Certificate

Issuer

CN=Sectigo Public Time Stamping CA R36,O=Sectigo Limited,C=GB

Not Before

15-01-2024 00:00

Not After

14-04-2035 23:59

Subject

CN=Sectigo Public Time Stamping Signer R35,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

7a:23:ae:da:53:69:96:0f:91:c8:3e:5c:f4:c7:e3:3f
Certificate

Issuer

CN=Sectigo Public Time Stamping Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Time Stamping CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

36:c2:b0:bd:7c:1b:3a:e7:a3:b3:dd:36:cb:c9:75:68
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

22-03-2021 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo Public Time Stamping Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

cd:87:92:88:cc:50:0f:82:18:96:47:07:68:19:20:54:d0:8f:5f:00:b5:4a:36:06:bb:43:2b:4d:00:fe:45:96
Signer

Actual PE Digest

cd:87:92:88:cc:50:0f:82:18:96:47:07:68:19:20:54:d0:8f:5f:00:b5:4a:36:06:bb:43:2b:4d:00:fe:45:96

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

rand

kernel32

InitializeCriticalSectionAndSpinCount
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
GetModuleHandleA
LoadLibraryA
GetProcAddress

Sections

.text
Size: - Virtual size: 165KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp⡛�
Size: - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp⡛�
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp⡛�
Size: 4.6MB - Virtual size: 4.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 887KB - Virtual size: 1013KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6759995fda4d4e04dbf703eef9d542ab

Code Sign

66:4f:b5:cf:89:09:a1:b9:40:e8:3a:4c:77:11:0e:2dCertificate

3a:52:6a:2c:84:ce:55:e6:1d:65:fc:cc:12:d8:e9:89Certificate

Extended Key Usages

Key Usages

7a:23:ae:da:53:69:96:0f:91:c8:3e:5c:f4:c7:e3:3fCertificate

Extended Key Usages

Key Usages

36:c2:b0:bd:7c:1b:3a:e7:a3:b3:dd:36:cb:c9:75:68Certificate

Extended Key Usages

Key Usages

cd:87:92:88:cc:50:0f:82:18:96:47:07:68:19:20:54:d0:8f:5f:00:b5:4a:36:06:bb:43:2b:4d:00:fe:45:96Signer

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

kernel32

Sections

.text Size: - Virtual size: 165KB

.rdata Size: - Virtual size: 46KB

.data Size: - Virtual size: 2.1MB

.vmp⡛� Size: - Virtual size: 2.5MB

.vmp⡛� Size: 1KB - Virtual size: 1KB

.vmp⡛� Size: 4.6MB - Virtual size: 4.6MB

.reloc Size: 6KB - Virtual size: 6KB

.rsrc Size: 887KB - Virtual size: 1013KB

66:4f:b5:cf:89:09:a1:b9:40:e8:3a:4c:77:11:0e:2d
Certificate

3a:52:6a:2c:84:ce:55:e6:1d:65:fc:cc:12:d8:e9:89
Certificate

7a:23:ae:da:53:69:96:0f:91:c8:3e:5c:f4:c7:e3:3f
Certificate

36:c2:b0:bd:7c:1b:3a:e7:a3:b3:dd:36:cb:c9:75:68
Certificate

cd:87:92:88:cc:50:0f:82:18:96:47:07:68:19:20:54:d0:8f:5f:00:b5:4a:36:06:bb:43:2b:4d:00:fe:45:96
Signer

.text
Size: - Virtual size: 165KB

.rdata
Size: - Virtual size: 46KB

.data
Size: - Virtual size: 2.1MB

.vmp⡛�
Size: - Virtual size: 2.5MB

.vmp⡛�
Size: 1KB - Virtual size: 1KB

.vmp⡛�
Size: 4.6MB - Virtual size: 4.6MB

.reloc
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 887KB - Virtual size: 1013KB