f0f814cc324705adb307f5211fb2ee1ab1f2f47ef67348f0b2d25048055b673d

Sharing

Copy URL

Twitter E-mail

General

Target

f0f814cc324705adb307f5211fb2ee1ab1f2f47ef67348f0b2d25048055b673d
Size

10.0MB
MD5

29fadb7548fc89a68833a10567260f40
SHA1

87e87be084259a0304036c1d5f74ec5e58714e5c
SHA256

f0f814cc324705adb307f5211fb2ee1ab1f2f47ef67348f0b2d25048055b673d
SHA512

48d29958699f0bc7bbdbd4f85a39a0312e269b2f9e1bb723ea1cf39823d504d502a2e72b6c1acaff7767ce8175ab0a69eafa77ced49e923f5f77b62177e981c9
SSDEEP

49152:y8yiS1ZCk5xGSb/eA0uL6nP8kb4zdD3u+qArI7Q6q4Qa40:yxjjxYaeA0i6jKdW2qQpX

Score

1^/10

Malware Config

Signatures

Files

f0f814cc324705adb307f5211fb2ee1ab1f2f47ef67348f0b2d25048055b673d
.exe windows:6 windows x64 arch:x64

9cd4556d786e561b960f0093c7fc3caa

Code Sign

2a:46:c6:ce:a3:f7:2c:80:46:10:46:9c:80:32:cf:ef
Certificate

Issuer

CN=SIMENS USA portable

Not Before

08/06/2024, 21:23

Not After

09/06/2034, 21:23

Subject

CN=SIMENS USA portable

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

20:61:a7:68:4c:b4:e1:b2:e1:b2:ca:09:98:72:d8:09:50:be:22:00:c1:4e:43:39:ac:2c:9f:dd:e8:e1:95:49
Signer

Actual PE Digest

20:61:a7:68:4c:b4:e1:b2:e1:b2:ca:09:98:72:d8:09:50:be:22:00:c1:4e:43:39:ac:2c:9f:dd:e8:e1:95:49

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

InitializeCriticalSectionEx
HeapAlloc
HeapFree
ExitProcess
GetModuleHandleA
LoadLibraryA
GetProcAddress

user32

GetCursorPos

advapi32

RegCloseKey

shell32

SHGetFolderPathA

ole32

CoCreateInstance

oleaut32

VariantClear

Sections

.text
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 201KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp®@�
Size: - Virtual size: 695KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp®@�
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp®@�
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 115KB - Virtual size: 820KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9cd4556d786e561b960f0093c7fc3caa

Code Sign

2a:46:c6:ce:a3:f7:2c:80:46:10:46:9c:80:32:cf:efCertificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

20:61:a7:68:4c:b4:e1:b2:e1:b2:ca:09:98:72:d8:09:50:be:22:00:c1:4e:43:39:ac:2c:9f:dd:e8:e1:95:49Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: - Virtual size: 1.1MB

.rdata Size: - Virtual size: 201KB

.data Size: - Virtual size: 33KB

.pdata Size: - Virtual size: 29KB

_RDATA Size: - Virtual size: 500B

.vmp®@� Size: - Virtual size: 695KB

.vmp®@� Size: 2KB - Virtual size: 1KB

.vmp®@� Size: 2.3MB - Virtual size: 2.3MB

.reloc Size: 5KB - Virtual size: 5KB

.rsrc Size: 115KB - Virtual size: 820KB

2a:46:c6:ce:a3:f7:2c:80:46:10:46:9c:80:32:cf:ef
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

20:61:a7:68:4c:b4:e1:b2:e1:b2:ca:09:98:72:d8:09:50:be:22:00:c1:4e:43:39:ac:2c:9f:dd:e8:e1:95:49
Signer

.text
Size: - Virtual size: 1.1MB

.rdata
Size: - Virtual size: 201KB

.data
Size: - Virtual size: 33KB

.pdata
Size: - Virtual size: 29KB

_RDATA
Size: - Virtual size: 500B

.vmp®@�
Size: - Virtual size: 695KB

.vmp®@�
Size: 2KB - Virtual size: 1KB

.vmp®@�
Size: 2.3MB - Virtual size: 2.3MB

.reloc
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 115KB - Virtual size: 820KB