2de8036ae14654563e0ff7983739b65208292db39fad545c5b1562935b358869

Sharing

Copy URL

Twitter E-mail

General

Target

2de8036ae14654563e0ff7983739b65208292db39fad545c5b1562935b358869
Size

3.5MB
MD5

66ba82176587fd264985308ddb9ac06f
SHA1

3bc7ae56ba19ec59657cf6d798c3c5946c2def48
SHA256

2de8036ae14654563e0ff7983739b65208292db39fad545c5b1562935b358869
SHA512

83f0e87aafd0ff3e95f9e39d8a633e0c32494a1ed636cf7de7593a8b240f7f7805c4f2791cff49614812950041f67036879592985d8c288b836a9b1a9d875841
SSDEEP

98304:wcpJwQurtTTuDzCbZ/lc9T7JFhoww43ZzKwe:wcpJwDaCbFn

Score

1^/10

Malware Config

Signatures

Files

2de8036ae14654563e0ff7983739b65208292db39fad545c5b1562935b358869
.exe windows:6 windows x86 arch:x86

04bfba36a8418f8b897dcd874cbc4b9d

Code Sign

04:ef:c2:23:97:ac:f8:db:fa:3e:35:cf:cf:2f:af:6c
Certificate

Issuer

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

08/08/2019, 00:00

Not After

04/11/2022, 12:00

Subject

CN=TeraByte\, Inc.,O=TeraByte\, Inc.,L=Las Vegas,ST=Nevada,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:34:c0:22:c3:98:4a:03:25:bd:ac:4f:ea:e2:63:10
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

07/07/2022, 00:00

Not After

30/07/2025, 23:59

Subject

SERIALNUMBER=C27039-2001,CN=TeraByte\, Inc.,O=TeraByte\, Inc.,L=Las Vegas,ST=Nevada,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#13064e6576616461,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

35:e6:4c:25:6f:c8:ad:07:aa:85:9d:75:ab:55:f1:cc:b5:20:d0:38:5d:ac:59:01:7c:0a:5a:07:d7:40:3a:16
Signer

Actual PE Digest

35:e6:4c:25:6f:c8:ad:07:aa:85:9d:75:ab:55:f1:cc:b5:20:d0:38:5d:ac:59:01:7c:0a:5a:07:d7:40:3a:16

Digest Algorithm

sha256

PE Digest Matches

false

66:83:bf:23:27:8a:5f:09:65:b1:c4:a0:a7:fe:d3:d3:1e:5b:67:72
Signer

Actual PE Digest

66:83:bf:23:27:8a:5f:09:65:b1:c4:a0:a7:fe:d3:d3:1e:5b:67:72

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

V:\image2\win32\en_gui\ReleaseUnicode\imagew.pdb

Imports

mpr

WNetCloseEnum

comctl32

ImageList_GetIcon
ImageList_Destroy
ImageList_ReplaceIcon
ImageList_Draw
InitCommonControlsEx
ImageList_GetImageCount
ImageList_AddMasked
ImageList_LoadImageW
ImageList_Create

ws2_32

__WSAFDIsSet
getservbyname
getservbyport
gethostbyaddr
ntohs
listen
inet_ntoa
ioctlsocket
accept
getsockname
setsockopt
sendto
recvfrom
htonl
bind
closesocket
connect
htons
inet_addr
recv
getsockopt
select
send
shutdown
socket
WSAStringToAddressW
WSASetLastError
WSAGetLastError
WSACleanup
WSAStartup
gethostbyname

kernel32

MulDiv
LocalFree
GetTickCount
FileTimeToLocalFileTime
FindClose
GetLogicalDrives
FileTimeToSystemTime
ReadFile
WriteFile
EnterCriticalSection
LeaveCriticalSection
QueryPerformanceCounter
QueryPerformanceFrequency
HeapAlloc
HeapFree
GetProcessHeap
ReleaseMutex
GetExitCodeProcess
GetCurrentThreadId
GetPriorityClass
GetLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
ResetEvent
GetSystemTime
FlushFileBuffers
SetEndOfFile
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetModuleHandleA
LoadLibraryA
MultiByteToWideChar
WideCharToMultiByte
VirtualLock
GetOverlappedResult
lstrlenW
CreateFileA
GetDiskFreeSpaceW
GetVolumeInformationW
InitializeCriticalSection
DeleteCriticalSection
GetFileSize
LocalAlloc
LocalLock
LocalUnlock
GetFullPathNameW
SetHandleInformation
CreatePipe
RemoveDirectoryW
CreateDirectoryW
MoveFileW
SetFileAttributesW
GlobalMemoryStatus
SetProcessWorkingSetSize
GetUserDefaultLCID
IsValidLocale
GetConsoleMode
GetConsoleCP
GetStdHandle
ExitProcess
GetACP
FindFirstFileExW
GetFileType
SetEnvironmentVariableA
FreeLibraryAndExitThread
ResumeThread
ExitThread
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RaiseException
RtlUnwind
CreateThread
GetSystemDirectoryA
GetSystemTimeAsFileTime
IsDebuggerPresent
WaitForSingleObjectEx
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetProcessWorkingSetSize
GetCurrentThread
GetCurrentProcess
WaitForMultipleObjects
UnmapViewOfFile
MapViewOfFile
OpenProcess
ReleaseSemaphore
WaitForSingleObject
SetEvent
Sleep
DeviceIoControl
FreeLibrary
GetCurrentProcessId
SetErrorMode
CloseHandle
VirtualQuery
VirtualFree
VirtualAlloc
SetLastError
GetLastError
SetFilePointer
HeapReAlloc
SetStdHandle
GetTimeZoneInformation
GetOEMCP
HeapSize
VirtualUnlock
GetCommandLineA
GetCommandLineW
QueryDosDeviceW

user32

OemToCharW
SystemParametersInfoW
WinHelpW
GetDesktopWindow
DrawIcon
EnableMenuItem
GetSystemMenu
GetDialogBaseUnits
CheckDlgButton
DialogBoxIndirectParamW
GetSystemMetrics
UpdateWindow
DestroyMenu
SetMenuItemInfoW
AppendMenuW
TrackPopupMenu
DrawIconEx
InflateRect
GetSysColorBrush
ScreenToClient
GetCursorPos
GetWindowRect
CreatePopupMenu
IsWindowEnabled
KillTimer
SetTimer
GetMenuItemCount
GetMenuItemInfoW
SendNotifyMessageW
DrawFrameControl
GetDlgItem
GetDC
ReleaseDC
BeginPaint
EndPaint
InvalidateRect
GetAsyncKeyState
GetKeyState
GetActiveWindow
SetFocus
GetDlgCtrlID
GetDlgItemInt
SetDlgItemInt
MessageBeep
GetClientRect
GetSysColor
DrawFocusRect
FillRect
PtInRect
GetParent
GetComboBoxInfo
ShowWindow
OffsetRect
DestroyIcon
CopyImage
ExitWindowsEx
CreateIconIndirect
GetIconInfo
TranslateMessage
PostQuitMessage
DestroyWindow
GetFocus
SetForegroundWindow
EndDialog
IsIconic
IsWindowVisible
SetWindowPos
IsChild
IsWindow
WaitMessage
SetCursor

gdi32

BitBlt
MoveToEx
SetTextColor
CreateCompatibleDC
CreateCompatibleBitmap
Rectangle
CreateDIBSection
CreateDCW
Polygon
DeleteDC
GetDeviceCaps
GetStockObject
CreatePen
CreateSolidBrush
DeleteObject
LineTo
SelectObject
SetBkColor
SetBkMode
StretchBlt

advapi32

OpenProcessToken
StartServiceW
QueryServiceStatus
OpenServiceW
DeleteService
CreateServiceW
ControlService
ReportEventW
RegisterEventSourceW
DeregisterEventSource
OpenSCManagerW
EnumServicesStatusW
CloseServiceHandle
LogonUserW
LookupAccountSidW
CryptGenRandom
CryptReleaseContext
GetTokenInformation
OpenThreadToken
RegCloseKey
LookupPrivilegeValueW
AdjustTokenPrivileges

shell32

DragFinish
DragAcceptFiles

ole32

CoTaskMemFree
CLSIDFromString
CoSetProxyBlanket
CoInitializeEx
CoUninitialize
CoCreateInstance

oleaut32

VariantInit
VariantClear
SysFreeString
VariantTimeToSystemTime
SysAllocString

ntdll

RtlNtStatusToDosError

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 334KB - Virtual size: 334KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

04bfba36a8418f8b897dcd874cbc4b9d

Code Sign

04:ef:c2:23:97:ac:f8:db:fa:3e:35:cf:cf:2f:af:6cCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5fCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

07:34:c0:22:c3:98:4a:03:25:bd:ac:4f:ea:e2:63:10Certificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

35:e6:4c:25:6f:c8:ad:07:aa:85:9d:75:ab:55:f1:cc:b5:20:d0:38:5d:ac:59:01:7c:0a:5a:07:d7:40:3a:16Signer

66:83:bf:23:27:8a:5f:09:65:b1:c4:a0:a7:fe:d3:d3:1e:5b:67:72Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mpr

comctl32

ws2_32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

ntdll

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rdata Size: 334KB - Virtual size: 334KB

.data Size: 20KB - Virtual size: 72KB

.rsrc Size: 1.1MB - Virtual size: 1.1MB

04:ef:c2:23:97:ac:f8:db:fa:3e:35:cf:cf:2f:af:6c
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

07:34:c0:22:c3:98:4a:03:25:bd:ac:4f:ea:e2:63:10
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

35:e6:4c:25:6f:c8:ad:07:aa:85:9d:75:ab:55:f1:cc:b5:20:d0:38:5d:ac:59:01:7c:0a:5a:07:d7:40:3a:16
Signer

66:83:bf:23:27:8a:5f:09:65:b1:c4:a0:a7:fe:d3:d3:1e:5b:67:72
Signer

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 334KB - Virtual size: 334KB

.data
Size: 20KB - Virtual size: 72KB

.rsrc
Size: 1.1MB - Virtual size: 1.1MB