extra[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

extra.exe
Size

1.6MB
MD5

9b76d1b65cff171553608bf5bd25bbcc
SHA1

7c8e793a321b1cb987bab3821113a1a22b772e2a
SHA256

7038e912edcd2a564740ff77fefcacfc155a5ede690876dad14ea3d2fcec1828
SHA512

6c0094c30aa849a819679751129079bd9c3e92b2ac6253ba2a4dc37f9cbfeb956023b775b6650f2780ce5fc15b5824080eb2735c8cdc66971c8e5e779ce1290f
SSDEEP

24576:lEEoy3ZEtsdG8ll6AesbBidQyxLSAvuRkn5eaxVsX1reKflfJA8UN/7iRl3DMJOG:A2asd/lF/knVnI1reK27iRNMJyxEN

Score

N/A

Malware Config

Signatures

Files

extra.exe
.exe windows x86

d7c864b070cad41f0a731c2cbb7ee08b

Code Sign

81:98:95:fd:b7:09:e3:9f:bc:cd:f8:fa:72:de:d4:a9
Certificate

Issuer

CN=Sectigo RSA Domain Validation Secure Server CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

04/08/2020, 00:00

Not After

02/11/2022, 23:59

Subject

CN=*.r-project.org

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

ce:42:7b:af:0b:ad:e9:bb:0b:d7:7c:2e:ca:1b:20:fa:0a:f2:d1:92:44:2c:b8:57:7c:1c:b4:9f:d7:90:6c:e6
Signer

Actual PE Digest

ce:42:7b:af:0b:ad:e9:bb:0b:d7:7c:2e:ca:1b:20:fa:0a:f2:d1:92:44:2c:b8:57:7c:1c:b4:9f:d7:90:6c:e6

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=*.r-project.org

24/10/2022, 19:20
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindNextChangeNotification
GetShortPathNameW
LockFile
RaiseException
GetLastError
SetLastError
GetErrorMode
QueryPerformanceCounter
HeapAlloc
GetProcessHeap
Sleep
InterlockedDecrement
ExitThread
GetStartupInfoW
GetTickCount
VirtualQuery
DisableThreadLibraryCalls
FreeLibrary
GetProcAddress
LocalAlloc
LoadLibraryA
LoadLibraryW
GetAtomNameW
FindClose
BuildCommDCBAndTimeoutsA
DeleteTimerQueue
GetSystemPowerStatus
FoldStringW
ConvertDefaultLocale
GetConsoleSelectionInfo
ReadConsoleW
GetConsoleAliasW
GetConsoleAliasesLengthA
HeapSize
WriteConsoleW
LCMapStringEx
GetStringTypeW
OutputDebugStringW
SetStdHandle
GetCurrentDirectoryA
GetDllDirectoryA
GetStdHandle
LoadLibraryExW
SetFilePointerEx
RtlUnwind
GetConsoleMode
HeapReAlloc
GetCommandLineW
HeapFree
EncodePointer
DecodePointer
IsDebuggerPresent
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
CloseHandle
ReadFile
InterlockedIncrement
GetCurrentThreadId
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
WriteFile
GetModuleFileNameW
GetFileType
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
InitOnceExecuteOnce
GetSystemTimeAsFileTime
GetTickCount64
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetCurrentProcess
TerminateProcess
GetModuleHandleW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
FlushFileBuffers
WideCharToMultiByte
GetConsoleCP
CreateFileW

user32

wsprintfA
SetDoubleClickTime
GetDialogBaseUnits
EnumClipboardFormats
BlockInput
ChangeDisplaySettingsW
LoadCursorFromFileW
GetCaretPos
DestroyCaret
GetTabbedTextExtentW
ReleaseCapture
SkipPointerFrameMessages

gdi32

DeleteObject

comdlg32

GetSaveFileNameW

ole32

CoGetCurrentProcess
CoInitialize
CoRevokeMallocSpy
CoUninitialize

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d7c864b070cad41f0a731c2cbb7ee08b

Code Sign

81:98:95:fd:b7:09:e3:9f:bc:cd:f8:fa:72:de:d4:a9Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

ce:42:7b:af:0b:ad:e9:bb:0b:d7:7c:2e:ca:1b:20:fa:0a:f2:d1:92:44:2c:b8:57:7c:1c:b4:9f:d7:90:6c:e6Signer

Signature Validations

Verification

24/10/2022, 19:20 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

ole32

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.data Size: 5KB - Virtual size: 13KB

.rsrc Size: 21KB - Virtual size: 20KB

81:98:95:fd:b7:09:e3:9f:bc:cd:f8:fa:72:de:d4:a9
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

ce:42:7b:af:0b:ad:e9:bb:0b:d7:7c:2e:ca:1b:20:fa:0a:f2:d1:92:44:2c:b8:57:7c:1c:b4:9f:d7:90:6c:e6
Signer

24/10/2022, 19:20
Valid: false

.text
Size: 1.6MB - Virtual size: 1.6MB

.data
Size: 5KB - Virtual size: 13KB

.rsrc
Size: 21KB - Virtual size: 20KB