356bde316f31cfc2ed244a7cdd359617[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

356bde316f31cfc2ed244a7cdd359617.exe
Size

3.8MB
MD5

356bde316f31cfc2ed244a7cdd359617
SHA1

8bbf194502f5d3a15ebb6ab28d37ec2fe47f22a4
SHA256

f37b1604055cfa1d70ea439f2b38cb72a2da74bf6bba76b2e080e16146a53a5e
SHA512

a2798b679fd0c292a8511e4675c8bcf94559a8779d1ed32bc87271180dcf227fd2c8a272f02a8e665e079aaf1a467ae0369cb04b59075ff5af0904857745657c
SSDEEP

98304:8QqQVFO4nrifgr2q7ZM4G3Ikgm3QZE6HpnoS0:8SVlChq7ZLkqTHpnI

Score

1^/10

Malware Config

Signatures

Files

356bde316f31cfc2ed244a7cdd359617.exe
.exe windows:5 windows x86 arch:x86

15fc4206176b296b631cb2e01986237f

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2021 00:00

Not After

31-12-2028 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7a:23:ae:da:53:69:96:0f:91:c8:3e:5c:f4:c7:e3:3f
Certificate

Issuer

CN=Sectigo Public Time Stamping Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Time Stamping CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

bf:83:31:47:40:e5:74:40:1a:46:02:e8:d0:e8:02:8d
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

01-09-2022 00:00

Not After

31-08-2025 23:59

Subject

CN=Fluke Corporation,O=Fluke Corporation,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3a:52:6a:2c:84:ce:55:e6:1d:65:fc:cc:12:d8:e9:89
Certificate

Issuer

CN=Sectigo Public Time Stamping CA R36,O=Sectigo Limited,C=GB

Not Before

15-01-2024 00:00

Not After

14-04-2035 23:59

Subject

CN=Sectigo Public Time Stamping Signer R35,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

36:c2:b0:bd:7c:1b:3a:e7:a3:b3:dd:36:cb:c9:75:68
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

22-03-2021 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo Public Time Stamping Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

be:b3:20:9a:d2:e3:24:33:68:b0:f8:8e:54:d1:18:9d:4d:43:5f:42
Signer

Actual PE Digest

be:b3:20:9a:d2:e3:24:33:68:b0:f8:8e:54:d1:18:9d:4d:43:5f:42

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\release-reflect-8\release\x86\working\reflect.pdb

Imports

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

mpr

WNetAddConnection3W
WNetCancelConnection2W
WNetGetConnectionW
WNetOpenEnumW
WNetGetUserW
WNetGetUniversalNameW
WNetCloseEnum
WNetEnumResourceW

kernel32

lstrcmpA
EnterCriticalSection
LeaveCriticalSection
EncodePointer
GlobalDeleteAtom
lstrcmpW
CompareStringW
InitializeCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalReAlloc
GlobalHandle
LocalReAlloc
SetThreadPriority
GlobalFlags
VirtualProtect
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
UnregisterWaitEx
QueryDepthSList
InterlockedPopEntrySList
LoadLibraryA
GetFileTime
GetFileAttributesExW
FileTimeToLocalFileTime
UnlockFile
SetEndOfFile
LockFile
OutputDebugStringW
GetStringTypeW
SwitchToThread
GetExitCodeThread
TryEnterCriticalSection
GetCPInfo
LCMapStringW
RtlUnwind
InterlockedPushEntrySList
InterlockedFlushSList
GetFileType
GetModuleHandleExW
GetFullPathNameW
GetFileSize
GlobalUnlock
GlobalLock
GetModuleHandleA
LoadLibraryExW
WriteConsoleW
SetStdHandle
ExitThread
FreeLibraryAndExitThread
HeapQueryInformation
GetCommandLineA
IsValidLocale
EnumSystemLocalesW
IsValidCodePage
GetOEMCP
GetTimeZoneInformation
GetConsoleMode
ReadConsoleW
GetConsoleCP
FindFirstFileExW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SystemTimeToFileTime
CreateEventW
SetEvent
OpenEventW
SetUnhandledExceptionFilter
ExitProcess
FindResourceExW
SetFilePointer
SetNamedPipeHandleState
WaitNamedPipeW
TransactNamedPipe
GetCurrentThreadId
TerminateProcess
GetStdHandle
DuplicateHandle
ExpandEnvironmentStringsW
VirtualFree
VirtualAlloc
OutputDebugStringA
CreateSemaphoreW
WaitForMultipleObjects
ReleaseSemaphore
GetTempFileNameW
GlobalFindAtomW
GlobalAddAtomW
MoveFileExW
GetSystemTime
GetLocalTime
GetACP
GetSystemDefaultLCID
GetLocaleInfoA
GetTempPathW
DeleteVolumeMountPointW
SetVolumeMountPointW
FindVolumeMountPointClose
FindNextVolumeMountPointW
FindFirstVolumeMountPointW
CopyFileW
DeleteFileW
CompareFileTime
WriteFile
TerminateThread
CreateThread
OpenProcess
GetProcessTimes
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetUserDefaultLCID
GetUserDefaultUILanguage
SetThreadLocale
GetThreadLocale
EnumDateFormatsExW
GetDateFormatW
GetTimeFormatW
GetLocaleInfoW
WideCharToMultiByte
MultiByteToWideChar
GetVolumePathNamesForVolumeNameW
GetVolumeNameForVolumeMountPointW
FindVolumeClose
FindNextVolumeW
FindFirstVolumeW
GetVersionExW
DnsHostnameToComputerNameW
GetComputerNameExW
CreateTimerQueue
SignalObjectAndWait
GetThreadPriority
GetLogicalProcessorInformation
SetPriorityClass
GetVolumeInformationW
MoveFileW
FindNextFileW
FindFirstFileW
GetFileAttributesW
SetFileAttributesW
QueryDosDeviceW
RemoveDirectoryW
CreateDirectoryW
GetDiskFreeSpaceExW
GetWindowsDirectoryW
GetDriveTypeW
GetModuleHandleW
LoadLibraryW
CreateMutexW
FormatMessageW
GetTickCount
FindClose
SetFilePointerEx
DeviceIoControl
FlushFileBuffers
ReadFile
GetFileSizeEx
Sleep
SetThreadExecutionState
GetCurrentThread
LocalAlloc
GlobalFree
GlobalAlloc
GetProcAddress
FreeLibrary
lstrlenW
CreateFileW
GetSystemDirectoryW
GetProcessHeap
DeleteCriticalSection
HeapDestroy
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
HeapSize
InitializeCriticalSectionAndSpinCount
HeapFree
FreeConsole
AttachConsole
VerSetConditionMask
VerifyVersionInfoW
GetVersion
GetModuleFileNameW
GetCommandLineW
GetExitCodeProcess
WaitForSingleObject
ResumeThread
CreateProcessW
GetCurrentProcessId
ProcessIdToSessionId
SetLastError
CloseHandle
GetCurrentProcess
FindResourceW
LoadResource
LockResource
SizeofResource
LocalFree
GetLastError
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes

user32

SetWindowsHookExW
GetLastActivePopup
GetTopWindow
GetClassNameW
GetClassLongW
SetWindowLongW
PtInRect
CopyRect
GetSysColor
MapWindowPoints
ScreenToClient
AdjustWindowRectEx
GetWindowRect
RemovePropW
GetPropW
SetPropW
RedrawWindow
ValidateRect
EndPaint
BeginPaint
SetForegroundWindow
GetForegroundWindow
SetMenu
LoadIconW
WinHelpW
MonitorFromWindow
GetMonitorInfoW
EnableWindow
GetCapture
GetKeyState
GetFocus
GetDlgCtrlID
IsWindowEnabled
SetWindowTextW
GetDC
ReleaseDC
GetSysColorBrush
LoadCursorW
GetWindowThreadProcessId
DrawTextW
DrawTextExW
CallNextHookEx
TranslateMessage
DispatchMessageW
PeekMessageW
SendMessageTimeoutW
GetActiveWindow
MsgWaitForMultipleObjectsEx
LoadStringW
SystemParametersInfoW
GetDlgItem
IsIconic
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPos
DestroyWindow
IsMenu
IsWindow
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
CallWindowProcW
DefWindowProcW
PostMessageW
GetMessageTime
GetMessagePos
RegisterWindowMessageW
GetWindow
GrayStringW
TabbedTextOutW
ClientToScreen
RealChildWindowFromPoint
DestroyMenu
CheckMenuItem
EnableMenuItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
PostQuitMessage
GetMenuItemCount
GetMenuItemInfoW
SetMenuItemInfoW
GetWindowLongW
GetWindowTextW
GetScrollPos
SendMessageW
GetSystemMetrics
CharUpperW
UnhookWindowsHookEx
GetMenuItemID
GetSubMenu
GetParent
OffsetRect
SetRectEmpty
GetMenu
GetClientRect
MessageBoxW

gdi32

ScaleWindowExtEx
ScaleViewportExtEx
OffsetViewportOrgEx
SetWindowExtEx
SetViewportOrgEx
SetViewportExtEx
ExtTextOutW
TextOutW
GetDeviceCaps
SetBkColor
SetTextColor
CreateBitmap
SetMapMode
DeleteDC
DeleteObject
Escape
GetClipBox
GetStockObject
PtVisible
RectVisible
RestoreDC
SaveDC
SelectObject

winspool.drv

OpenPrinterW
ClosePrinter
DocumentPropertiesW

advapi32

RegisterEventSourceW
GetTokenInformation
OpenProcessToken
CryptAcquireContextW
CryptReleaseContext
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegOpenKeyExW
RegQueryInfoKeyW
EqualSid
CheckTokenMembership
LogonUserW
ImpersonateAnonymousToken
ImpersonateLoggedOnUser
SetThreadToken
RevertToSelf
ConvertStringSidToSidW
ReportEventW
ConvertSidToStringSidW
DeregisterEventSource
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetNamedSecurityInfoW
SetEntriesInAclW
StartServiceW
QueryServiceStatus
OpenServiceW
OpenSCManagerW
ControlService
CloseServiceHandle
RegUnLoadKeyW
RegLoadKeyW
LookupPrivilegeValueW
LookupAccountSidW
FreeSid
AllocateAndInitializeSid
AdjustTokenPrivileges
OpenThreadToken
RegSetValueExW
RegQueryValueExW

shell32

SHGetMalloc
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHChangeNotify
SHFileOperationW
SHCreateDirectoryExW
SHGetFolderPathW
ShellExecuteExW

comctl32

ord329
ord334
ord332
ord338
ord328

shlwapi

PathAppendW
PathFileExistsW
PathFindExtensionW
PathMatchSpecW
PathIsUNCW
PathStripToRootW
UrlUnescapeW
PathFindFileNameW
PathIsNetworkPathW

ole32

CoInitialize
StringFromGUID2
CLSIDFromString
CoCreateInstance
CoUninitialize

oleaut32

VariantChangeType
SysFreeString
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
GetErrorInfo
VariantTimeToSystemTime
SysAllocString
VariantInit
VariantClear

crypt32

CryptMsgClose
CryptMsgGetParam
CertCloseStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptHashCertificate
CertGetNameStringW
CryptQueryObject

ntdll

NtCreateFile
NtClose
RtlInitUnicodeString

oleacc

LresultFromObject
CreateStdAccessibleObject

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 245KB - Virtual size: 244KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 519KB - Virtual size: 519KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

pbpvjmsi
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

15fc4206176b296b631cb2e01986237f

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

7a:23:ae:da:53:69:96:0f:91:c8:3e:5c:f4:c7:e3:3fCertificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

bf:83:31:47:40:e5:74:40:1a:46:02:e8:d0:e8:02:8dCertificate

Extended Key Usages

Key Usages

3a:52:6a:2c:84:ce:55:e6:1d:65:fc:cc:12:d8:e9:89Certificate

Extended Key Usages

Key Usages

36:c2:b0:bd:7c:1b:3a:e7:a3:b3:dd:36:cb:c9:75:68Certificate

Extended Key Usages

Key Usages

be:b3:20:9a:d2:e3:24:33:68:b0:f8:8e:54:d1:18:9d:4d:43:5f:42Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

mpr

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

crypt32

ntdll

oleacc

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 245KB - Virtual size: 244KB

.data Size: 19KB - Virtual size: 47KB

.rsrc Size: 519KB - Virtual size: 519KB

.reloc Size: 46KB - Virtual size: 45KB

pbpvjmsi Size: 512B - Virtual size: 4KB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

7a:23:ae:da:53:69:96:0f:91:c8:3e:5c:f4:c7:e3:3f
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

bf:83:31:47:40:e5:74:40:1a:46:02:e8:d0:e8:02:8d
Certificate

3a:52:6a:2c:84:ce:55:e6:1d:65:fc:cc:12:d8:e9:89
Certificate

36:c2:b0:bd:7c:1b:3a:e7:a3:b3:dd:36:cb:c9:75:68
Certificate

be:b3:20:9a:d2:e3:24:33:68:b0:f8:8e:54:d1:18:9d:4d:43:5f:42
Signer

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 245KB - Virtual size: 244KB

.data
Size: 19KB - Virtual size: 47KB

.rsrc
Size: 519KB - Virtual size: 519KB

.reloc
Size: 46KB - Virtual size: 45KB

pbpvjmsi
Size: 512B - Virtual size: 4KB