AdvancedRun[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

AdvancedRun.exe
Size

88KB
MD5

17fc12902f4769af3a9271eb4e2dacce
SHA1

9a4a1581cc3971579574f837e110f3bd6d529dab
SHA256

29ae7b30ed8394c509c561f6117ea671ec412da50d435099756bbb257fafb10b
SHA512

036e0d62490c26dee27ef54e514302e1cc8a14de8ce3b9703bf7caf79cfae237e442c27a0edcf2c4fd41af4195ba9ed7e32e894767ce04467e79110e89522e4a
SSDEEP

1536:JW3osrWjET3tYIrrRepnbZ6ObGk2nLY2jR+utQUN+WXim:HjjET9nX0pnUOik2nXjR+utQK+g3

Score

10^/10

Malware Config

Signatures

Nirsoft 1 IoCs

resource	yara_rule
sample	Nirsoft

Files

AdvancedRun.exe
.exe windows x86

563f92d1cb750f339006b11e53047050

Code Sign

f7:a0:a7:30:c8:7d:94:cd:83:02:e3:ea:7f:66:1b:b7
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/09/2019, 00:00

Not After

09/09/2023, 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=7135117,STREET=Dakar 21\, Unit 82,L=Lod,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

01/08/2030, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ee:50:7e:ea:4c:78:1d:cb:97:94:79:48:ce:63:aa:c8:27:6c:ba:b5:0b:93:b4:2c:57:aa:3c:40:93:ee:10:06
Signer

Actual PE Digest

ee:50:7e:ea:4c:78:1d:cb:97:94:79:48:ce:63:aa:c8:27:6c:ba:b5:0b:93:b4:2c:57:aa:3c:40:93:ee:10:06

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=7135117,STREET=Dakar 21\, Unit 82,L=Lod,C=IL

02/11/2022, 14:04
Valid: true

Chain 1

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=7135117,STREET=Dakar 21\, Unit 82,L=Lod,C=IL

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_onexit
__dllonexit
swscanf
_wcslwr
_c_exit
qsort
_itow
wcscmp
free
modf
_exit
_XcptFilter
_cexit
strlen
exit
_memicmp
memcmp
wcstoul
_wcmdln
malloc
_wcsicmp
??3@YAXPAX@Z
??2@YAPAXI@Z
_ultow
memcpy
_purecall
wcsrchr
wcscpy
memset
wcslen
wcschr
_wcsnicmp
_wtoi
wcscat
_snwprintf
wcsncat
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
_except_handler3
__wgetmainargs
_initterm
__setusermatherr

comctl32

ord17
ImageList_Create
ImageList_SetImageCount
ImageList_AddMasked

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

kernel32

VirtualFreeEx
EnumResourceTypesW
VirtualAllocEx
WriteProcessMemory
ResumeThread
CompareFileTime
GetModuleHandleA
GetStartupInfoW
CreateRemoteThread
CreateToolhelp32Snapshot
Process32NextW
CreateProcessW
CloseHandle
SetEnvironmentVariableW
GetCurrentProcessId
GetEnvironmentStringsW
ExpandEnvironmentStringsW
GetLastError
WaitForSingleObject
OpenProcess
ReadProcessMemory
GetProcessAffinityMask
SetProcessAffinityMask
FreeEnvironmentStringsW
SearchPathW
GetExitCodeProcess
FreeLibrary
LoadLibraryW
GetProcAddress
FileTimeToSystemTime
GetModuleHandleW
GetDriveTypeW
SizeofResource
GetDateFormatW
FormatMessageW
GetVersionExW
GetWindowsDirectoryW
GetTimeFormatW
GetFileAttributesW
WriteFile
GetModuleFileNameW
LockResource
LocalFree
FindResourceW
lstrcpyW
LoadResource
lstrlenW
GetSystemDirectoryW
LoadLibraryExW
WideCharToMultiByte
EnumResourceNamesW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
SetErrorMode
GetCurrentDirectoryW
ExitProcess
GetCurrentProcess
Process32FirstW

user32

SetCursor
LoadCursorW
GetSysColorBrush
ShowWindow
ChildWindowFromPoint
SetWindowTextW
UpdateWindow
SendMessageW
GetWindowPlacement
SetDlgItemTextW
GetDlgItemTextW
BeginPaint
GetClientRect
GetSystemMetrics
DeferWindowPos
GetWindowRect
SetWindowPos
SendDlgItemMessageW
EndDialog
GetWindowTextLengthW
SetWindowLongW
GetDlgItem
GetWindow
EndPaint
InvalidateRect
DrawFrameControl
MessageBoxW
LoadImageW
GetSysColor
GetWindowLongW
BeginDeferWindowPos
GetKeyState
CallWindowProcW
EndDeferWindowPos
SetFocus
GetMenuItemCount
GetParent
EnableWindow
MapWindowPoints
GetDC
ReleaseDC
GetClassNameW
MoveWindow
GetMenuItemInfoW
GetDlgCtrlID
DestroyMenu
DialogBoxParamW
CreateDialogParamW
EnumChildWindows
LoadStringW
DestroyWindow
GetDesktopWindow
GetWindowTextW
LoadMenuW
DestroyIcon

gdi32

GetDeviceCaps
SetTextColor
CreateFontIndirectW
SetBkMode
DeleteObject

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

OpenProcessToken
RegOpenKeyExW
RegCreateKeyExW
RegSetValueExW
OpenSCManagerW
RegCloseKey
RegDeleteKeyW
CloseServiceHandle
RevertToSelf
ImpersonateLoggedOnUser
QueryServiceStatus
OpenServiceW
StartServiceW

shell32

SHGetPathFromIDListW
SHGetMalloc
SHBrowseForFolderW
SHGetFileInfoW
ShellExecuteW
ShellExecuteExW
DragQueryFileW
DragAcceptFiles
DragFinish

ole32

CoUninitialize
CoInitialize

Sections

.text
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

563f92d1cb750f339006b11e53047050

Code Sign

f7:a0:a7:30:c8:7d:94:cd:83:02:e3:ea:7f:66:1b:b7Certificate

Extended Key Usages

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

ee:50:7e:ea:4c:78:1d:cb:97:94:79:48:ce:63:aa:c8:27:6c:ba:b5:0b:93:b4:2c:57:aa:3c:40:93:ee:10:06Signer

Signature Validations

Verification

02/11/2022, 14:04 Valid: true

Chain 1

Headers

File Characteristics

Imports

msvcrt

comctl32

version

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

Sections

.text Size: 42KB - Virtual size: 41KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 1024B - Virtual size: 54KB

.rsrc Size: 24KB - Virtual size: 24KB

f7:a0:a7:30:c8:7d:94:cd:83:02:e3:ea:7f:66:1b:b7
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

ee:50:7e:ea:4c:78:1d:cb:97:94:79:48:ce:63:aa:c8:27:6c:ba:b5:0b:93:b4:2c:57:aa:3c:40:93:ee:10:06
Signer

02/11/2022, 14:04
Valid: true

.text
Size: 42KB - Virtual size: 41KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 1024B - Virtual size: 54KB

.rsrc
Size: 24KB - Virtual size: 24KB