cars | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cars
Size

360KB
MD5

1408275c2e2c8fe5e83227ba371ac6b3
SHA1

dac3d479ce4af6d2ffd5314191e768543acfe32d
SHA256

cc185105946c202d9fd0ef18423b078cd8e064b1e2a87e93ed1b3d4f2cbdb65d
SHA512

6057bc6681616a154ee869fb575ed62c5330dc3f513058ab694997d65ce9a2a0a7c2b86158cb8d56e2d002d76b6e51b5d72cf8c4269b9dc509b18a14eee8927d
SSDEEP

6144:1mkhfOCMFhvKnJP1flVS3Di3DMFOJJJJJJJJ8JJJJJJJJJJJJJJJJJJJJJJJJJJY:in+lQDiwFPZg

Score

N/A

Malware Config

Signatures

Files

cars
.exe windows x86

8e61114269867a79bad43e1c41402fe1

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ad:1e:bc:2c:79:a1:14:96:9d:27:fb:74:cb:62:3c:a7
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

18/06/2012, 00:00

Not After

18/06/2015, 23:59

Subject

CN=Xarios Ltd,O=Xarios Ltd,POSTALCODE=M50 1DR,STREET=Pacific Way+STREET=Unit 7 Digital Park,L=Salford Quays,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ec:26:a2:c5:02:e2:dd:f3:40:e1:49:0b:ac:bd:05:f1:9b:36:8c:2a
Signer

Actual PE Digest

ec:26:a2:c5:02:e2:dd:f3:40:e1:49:0b:ac:bd:05:f1:9b:36:8c:2a

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Xarios Ltd,O=Xarios Ltd,POSTALCODE=M50 1DR,STREET=Pacific Way+STREET=Unit 7 Digital Park,L=Salford Quays,ST=Manchester,C=GB

03/10/2022, 12:52
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

InterlockedExchange
GetComputerNameW
lstrlenA
DuplicateHandle
GetProfileIntW
GetPrivateProfileStringW
LocalReAlloc
GetPrivateProfileSectionW
IsProcessorFeaturePresent
SetConsoleTitleW
GetVolumeNameForVolumeMountPointW
MoveFileExW
SetThreadPriority
lstrcpyA
ReadConsoleOutputAttribute
GetThreadContext
SystemTimeToTzSpecificLocalTime
SetProcessAffinityMask
GetPriorityClass
SetVolumeLabelA
EnumDateFormatsW
MoveFileExA
CreateDirectoryW
LoadLibraryA
GetLastError
InterlockedExchange
FreeLibrary
GetProcAddress
LocalAlloc
RaiseException

shlwapi

StrToInt64ExW
IntlStrEqWorkerW
UrlEscapeW
SHDeleteEmptyKeyW
PathBuildRootA
SHStrDupA
PathFindOnPathA
PathCompactPathW
PathIsUNCServerShareA
SHRegQueryUSValueA
SHRegGetPathW
PathIsDirectoryA
PathIsUNCServerShareW
StrDupW
PathSetDlgItemPathW
PathCompactPathA
StrSpnA
ColorAdjustLuma
PathFileExistsW

winmm

waveOutGetDevCapsW
midiOutClose
midiInGetNumDevs
waveOutGetPitch
midiOutCacheDrumPatches
mmioSetInfo
waveOutGetID
joyGetPos
waveOutGetVolume
mmioWrite
joyGetNumDevs
waveOutReset
SendDriverMessage
mmioInstallIOProcW
waveOutGetErrorTextW
OpenDriver
waveInStart
midiInAddBuffer
midiInGetDevCapsW
waveOutPause
midiStreamProperty
mciSendCommandA
PlaySoundA
mmioClose
auxGetDevCapsW
auxGetVolume
GetDriverModuleHandle
auxOutMessage
joyGetDevCapsW
mciGetYieldProc
DrvGetModuleHandle
mmioGetInfo

Sections

.text
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 200KB - Virtual size: 198KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 828B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 120KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8e61114269867a79bad43e1c41402fe1

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate

Extended Key Usages

Key Usages

ad:1e:bc:2c:79:a1:14:96:9d:27:fb:74:cb:62:3c:a7Certificate

Extended Key Usages

Key Usages

ec:26:a2:c5:02:e2:dd:f3:40:e1:49:0b:ac:bd:05:f1:9b:36:8c:2aSigner

Signature Validations

Verification

03/10/2022, 12:52 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

shlwapi

winmm

Sections

.text Size: 24KB - Virtual size: 21KB

.rdata Size: 200KB - Virtual size: 198KB

.data Size: 4KB - Virtual size: 828B

.reloc Size: 4KB - Virtual size: 1KB

.rsrc Size: 120KB - Virtual size: 116KB

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

ad:1e:bc:2c:79:a1:14:96:9d:27:fb:74:cb:62:3c:a7
Certificate

ec:26:a2:c5:02:e2:dd:f3:40:e1:49:0b:ac:bd:05:f1:9b:36:8c:2a
Signer

03/10/2022, 12:52
Valid: false

.text
Size: 24KB - Virtual size: 21KB

.rdata
Size: 200KB - Virtual size: 198KB

.data
Size: 4KB - Virtual size: 828B

.reloc
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 120KB - Virtual size: 116KB