66f57c4a9eef2da083f0efa7221075e3a4ad9c344225b7a176a0fd4aad17dd05[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

66f57c4a9eef2da083f0efa7221075e3a4ad9c344225b7a176a0fd4aad17dd05.exe
Size

425KB
MD5

719377b13d1f8b43bdb587c6dc0e7a15
SHA1

95337c3ed3c030aa8452a0bc034dd007a13eb6ed
SHA256

66f57c4a9eef2da083f0efa7221075e3a4ad9c344225b7a176a0fd4aad17dd05
SHA512

8b9d19aa7ab0a73983cea7d81164df68814a397b63514db2e3c26b1e2019a08f1c1fca718ec4b3f5d0a119fdccb8fccef2adf918617910a18607982446a615a9
SSDEEP

6144:hX+VPHWtmnZWccclQl9rAUYdiH5FdGIpIHEbI3Pq9fTo8OfgKmjzuP4VqK3kZKoK:hIOtmnsRO49rAUNFdGImHEbI3IVRV8jw

Score

1^/10

Malware Config

Signatures

Files

66f57c4a9eef2da083f0efa7221075e3a4ad9c344225b7a176a0fd4aad17dd05.exe
.exe windows:5 windows x86 arch:x86

8cccb8332362f7e79ad95f6f2d64db02

Code Sign

6d:d4:72:eb:02:ae:04:06:e3:dd:84:3f:5f:e1:45:e1
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03-12-2014 00:00

Not After

02-12-2029 23:59

Subject

CN=COMODO RSA Extended Validation Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b8:00:d2:d1:1d:66:ee:82:09:87:68:b3:95:08:47:d2
Certificate

Issuer

CN=COMODO RSA Extended Validation Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

31-05-2019 00:00

Not After

30-05-2022 23:59

Subject

SERIALNUMBER=11054861,CN=508 Software LLC,O=508 Software LLC,POSTALCODE=22314,STREET=Ste 325D+STREET=901 North Pitt Street,L=Alexandria,ST=VA,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130747656f72676961,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02-05-2019 00:00

Not After

01-08-2030 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

69:a7:92:00:da:91:cc:ad:44:92:cf:c7:55:96:ec:b7:1c:e6:1d:df:28:de:2c:ad:fa:f8:91:45:14:6f:c0:3d
Signer

Actual PE Digest

69:a7:92:00:da:91:cc:ad:44:92:cf:c7:55:96:ec:b7:1c:e6:1d:df:28:de:2c:ad:fa:f8:91:45:14:6f:c0:3d

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\sujucakenumahe\dedopaxaron jenuz1_vumeyilinop23\bubiju_k.pdb

Imports

kernel32

ZombifyActCtx
GetConsoleAliasesLengthW
GetVersionExW
GetConsoleOutputCP
GetDefaultCommConfigA
SetCommConfig
GetDriveTypeW
FreeEnvironmentStringsA
CreateTimerQueue
FindNextVolumeA
InitializeCriticalSectionAndSpinCount
ReadConsoleInputW
TlsSetValue
SetComputerNameExW
FindAtomW
BuildCommDCBAndTimeoutsW
VirtualProtect
LoadLibraryA
LocalAlloc
InitializeCriticalSection
TlsGetValue
GetCommandLineA
InterlockedIncrement
GetCalendarInfoA
CopyFileA
OutputDebugStringA
GetSystemTimeAdjustment
GetPriorityClass
WritePrivateProfileStringW
ExitThread
GlobalWire
HeapCompact
GetStartupInfoW
CreatePipe
GetCPInfoExW
GetWindowsDirectoryW
GetSystemWow64DirectoryA
WriteProfileSectionW
GetCalendarInfoW
IsDebuggerPresent
SetConsoleCursorPosition
GetLastError
DebugActiveProcess
lstrcmpW
WriteFile
GetNumberOfConsoleInputEvents
GetSystemWindowsDirectoryW
CopyFileW
FindNextChangeNotification
CreateActCtxA
SetMailslotInfo
GetPrivateProfileIntA
_lread
OutputDebugStringW
InterlockedDecrement
DefineDosDeviceA
SetVolumeMountPointA
EndUpdateResourceW
WriteConsoleA
InterlockedPushEntrySList
DeleteCriticalSection
FileTimeToSystemTime
TerminateProcess
GetConsoleMode
HeapSetInformation
FindActCtxSectionStringA
WriteProcessMemory
MoveFileExA
GetProcAddress
GlobalCompact
UnregisterWait
FormatMessageA
FatalExit
TransmitCommChar
WaitNamedPipeW
CreateIoCompletionPort
FindResourceExA
EnumDateFormatsA
GetSystemInfo
EnumCalendarInfoExW
OpenSemaphoreA
GetPrivateProfileStructA
GetMailslotInfo
lstrcpyA
VerLanguageNameA
SetThreadExecutionState
GetSystemTime
GetFileInformationByHandle
GetConsoleCP
GetConsoleAliasA
SetConsoleScreenBufferSize
CreateMailslotA
EnumDateFormatsW
GetCommState
GetLogicalDrives
_lopen
GetConsoleAliasExesLengthW
GetWriteWatch
ClearCommBreak
ChangeTimerQueueTimer
GetOverlappedResult
WriteConsoleInputW
GlobalDeleteAtom
HeapSize
GetConsoleWindow
GetStringTypeA
SetFilePointer
PostQueuedCompletionStatus
SetFileApisToANSI
OpenWaitableTimerW
GetProcessId
PeekNamedPipe
FillConsoleOutputCharacterW
FindNextVolumeMountPointA
WriteProfileStringA
InitAtomTable
GlobalAddAtomA
WriteConsoleOutputCharacterA
TerminateJobObject
VirtualAlloc
GetBinaryTypeW
QueryDosDeviceW
LeaveCriticalSection
GetVolumePathNameA
FileTimeToDosDateTime
Sleep
EnterCriticalSection
RaiseException
RtlUnwind
MoveFileA
HeapValidate
IsBadReadPtr
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetModuleFileNameW
GetCurrentProcess
GetModuleHandleW
TlsAlloc
GetCurrentThreadId
TlsFree
SetLastError
GetACP
GetOEMCP
GetCPInfo
IsValidCodePage
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
HeapDestroy
HeapCreate
HeapFree
VirtualFree
GetModuleFileNameA
HeapAlloc
HeapReAlloc
FlushFileBuffers
WideCharToMultiByte
DebugBreak
WriteConsoleW
LoadLibraryW
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
GetLocaleInfoA
SetStdHandle
CloseHandle
CreateFileA

user32

OemToCharA

advapi32

GetFileSecurityW

msimg32

AlphaBlend

Sections

.text
Size: 181KB - Virtual size: 181KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 176KB - Virtual size: 329KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cidari
Size: 512B - Virtual size: 5B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8cccb8332362f7e79ad95f6f2d64db02

Code Sign

6d:d4:72:eb:02:ae:04:06:e3:dd:84:3f:5f:e1:45:e1Certificate

Extended Key Usages

Key Usages

b8:00:d2:d1:1d:66:ee:82:09:87:68:b3:95:08:47:d2Certificate

Extended Key Usages

Key Usages

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

69:a7:92:00:da:91:cc:ad:44:92:cf:c7:55:96:ec:b7:1c:e6:1d:df:28:de:2c:ad:fa:f8:91:45:14:6f:c0:3dSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

msimg32

Sections

.text Size: 181KB - Virtual size: 181KB

.data Size: 176KB - Virtual size: 329KB

.cidari Size: 512B - Virtual size: 5B

.rsrc Size: 42KB - Virtual size: 41KB

.reloc Size: 16KB - Virtual size: 15KB

6d:d4:72:eb:02:ae:04:06:e3:dd:84:3f:5f:e1:45:e1
Certificate

b8:00:d2:d1:1d:66:ee:82:09:87:68:b3:95:08:47:d2
Certificate

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

69:a7:92:00:da:91:cc:ad:44:92:cf:c7:55:96:ec:b7:1c:e6:1d:df:28:de:2c:ad:fa:f8:91:45:14:6f:c0:3d
Signer

.text
Size: 181KB - Virtual size: 181KB

.data
Size: 176KB - Virtual size: 329KB

.cidari
Size: 512B - Virtual size: 5B

.rsrc
Size: 42KB - Virtual size: 41KB

.reloc
Size: 16KB - Virtual size: 15KB