ConnectShellSetup11[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

ConnectShellSetup11.exe
Size

609KB
MD5

00b6898bf01716f6fe6c1fc1e7256905
SHA1

aedd9210f27091f9b8ad654b4558609c2688379d
SHA256

919eca4e74525fe9a5caafcb0be729be64a9773d4607a2fb615f128f64b1faaf
SHA512

48a0c45996f5165ccd86d2d6454f8738072f4911556e822a0ff6ba8f293802fca39290659c30a394796857bbe8734b6f9fa1bc74ef4dc66d16bb87643c9d18a5
SSDEEP

12288:EA88Vmz5maLaNuGIoS30Dw6SVjgJfNJtPOu/u2/xLyRJWTLgRT06raYED/CyZeU/:EA3SeIvifNJxOuRTlN/CWuWO3A

Score

N/A

Malware Config

Signatures

Files

ConnectShellSetup11.exe
.exe windows x86

2c0bfd78ef7a33f65846e0ea91c383a0

Code Sign

01:9b:3f:02:b4:ca:73:6b:8d:a8:c9:3c:64:d2:77:4f
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

19-12-2020 00:00

Not After

20-12-2022 23:59

Subject

SERIALNUMBER=2748129,CN=Adobe Inc.,OU=LiveCycle\, Connect\, Scene7,O=Adobe Inc.,L=San Jose,ST=ca,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18-04-2012 12:00

Not After

18-04-2027 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29-03-2022 00:00

Not After

14-03-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

da:7b:b2:78:e8:ea:ef:a5:4a:62:86:66:72:1f:a6:e5:6a:2f:a4:82:4e:99:5e:50:f5:43:2e:21:74:c5:69:2e
Signer

Actual PE Digest

da:7b:b2:78:e8:ea:ef:a5:4a:62:86:66:72:1f:a6:e5:6a:2f:a4:82:4e:99:5e:50:f5:43:2e:21:74:c5:69:2e

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=2748129,CN=Adobe Inc.,OU=LiveCycle\, Connect\, Scene7,O=Adobe Inc.,L=San Jose,ST=ca,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

05-05-2022 11:57
Valid: true

Chain 1

SERIALNUMBER=2748129,CN=Adobe Inc.,OU=LiveCycle\, Connect\, Scene7,O=Adobe Inc.,L=San Jose,ST=ca,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteFile
GetVersionExA
GlobalMemoryStatusEx
GetSystemInfo
WideCharToMultiByte
FreeLibrary
GetModuleHandleW
WriteConsoleW
SetStdHandle
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
HeapSize
GetTimeZoneInformation
HeapReAlloc
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
CreateFileW
ReadConsoleW
HeapAlloc
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
GetFileSizeEx
GetFileType
HeapFree
GetStdHandle
ExitProcess
GetModuleHandleExW
ReadFile
RtlUnwind
CloseHandle
Sleep
LockResource
LoadResource
SizeofResource
FindResourceW
DeleteFileW
CreateToolhelp32Snapshot
MoveFileW
GetFileAttributesW
TerminateProcess
OpenProcess
Process32NextW
Process32FirstW
CreateProcessW
CopyFileW
GetCurrentProcess
GetTempFileNameW
GetTempPathW
GetProcAddress
LoadLibraryW
DeleteCriticalSection
DecodePointer
RaiseException
LoadLibraryExW
GetModuleFileNameW
GetThreadTimes
GetCurrentThread
SetEvent
InitializeSListHead
GetCurrentProcessId
GetStartupInfoW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
OutputDebugStringW
IsDebuggerPresent
GetCPInfo
GetLocaleInfoW
LCMapStringW
CompareStringW
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetLastError
InitializeCriticalSectionEx
GetPrivateProfileIntW
CreateThread
GetUserDefaultUILanguage
GetCommandLineW
GetPrivateProfileStringW
SetDllDirectoryW
LocalFree
FormatMessageA
CreateDirectoryW
FindClose
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
GetFileInformationByHandle
RemoveDirectoryW
SetEndOfFile
SetFilePointerEx
AreFileApisANSI
SetLastError
DeviceIoControl
CreateHardLinkW
MultiByteToWideChar
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
QueryPerformanceCounter
QueryPerformanceFrequency
GetStringTypeW
EncodePointer
InitializeCriticalSectionAndSpinCount

user32

IsDialogMessageW
TranslateMessage
DispatchMessageW
InvalidateRect
PostMessageW
SetWindowLongW
LoadCursorW
GetSysColor
DefWindowProcW
ShowWindow
GetMessageW
CreateWindowExW
RegisterClassExW
LoadIconW
SetWindowPos
BeginPaint
CallWindowProcW
SystemParametersInfoW
LoadStringW
GetClientRect
GetDC
SetCursor
SetTimer
SendMessageW
ReleaseDC
InflateRect
OffsetRect
GetWindowLongW
EndPaint
IsDlgButtonChecked
GetDesktopWindow
FillRect
CheckDlgButton
EnableWindow
SetWindowTextW
PostQuitMessage
MessageBoxW
DestroyWindow
DrawTextW

gdi32

CreatePen
DeleteDC
BitBlt
Rectangle
SelectObject
CreateDIBSection
CreateCompatibleDC
CreateFontIndirectW
GetStockObject
SetTextColor
SetBkMode
DeleteObject
CreateSolidBrush

advapi32

RegDeleteKeyTransactedW
RegCloseKey
RegQueryInfoKeyW
RegSetValueExW
RegDeleteValueW
RegCreateKeyTransactedW
RegOpenKeyTransactedW
RegEnumKeyExW
RegOpenKeyExW

shell32

SHGetFolderPathW
SHGetSpecialFolderPathW
SHGetKnownFolderPath
CommandLineToArgvW
ShellExecuteW

ole32

CoCreateInstance
CoTaskMemFree
CoUninitialize
CoInitialize

oleaut32

SysAllocString
VariantClear

shlwapi

ord12
PathAppendW

gdiplus

GdipDrawImageRect
GdipCloneImage
GdipAlloc
GdipFree
GdiplusStartup
GdiplusShutdown
GdipGetImageHeight
GdipCreateFromHDC
GdipDeleteGraphics
GdipGetImageWidth
GdipLoadImageFromStream
GdipDisposeImage

ktmw32

CommitTransaction
RollbackTransaction
CreateTransaction

bcrypt

BCryptGetProperty
BCryptCreateHash
BCryptDestroyHash
BCryptCloseAlgorithmProvider
BCryptHashData
BCryptFinishHash
BCryptOpenAlgorithmProvider

crypt32

CertCloseStore
CertFreeCertificateContext
CryptVerifyMessageSignature
CryptGetMessageCertificates
CertCreateCertificateContext
CertFindCertificateInStore
CertVerifySubjectCertificateContext
CryptStringToBinaryA

Sections

.text
Size: 267KB - Virtual size: 266KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 218KB - Virtual size: 218KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2c0bfd78ef7a33f65846e0ea91c383a0

Code Sign

01:9b:3f:02:b4:ca:73:6b:8d:a8:c9:3c:64:d2:77:4fCertificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

da:7b:b2:78:e8:ea:ef:a5:4a:62:86:66:72:1f:a6:e5:6a:2f:a4:82:4e:99:5e:50:f5:43:2e:21:74:c5:69:2eSigner

Signature Validations

Verification

05-05-2022 11:57 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

gdiplus

ktmw32

bcrypt

crypt32

Sections

.text Size: 267KB - Virtual size: 266KB

.rdata Size: 95KB - Virtual size: 94KB

.data Size: 6KB - Virtual size: 10KB

.rsrc Size: 218KB - Virtual size: 218KB

.reloc Size: 13KB - Virtual size: 13KB

01:9b:3f:02:b4:ca:73:6b:8d:a8:c9:3c:64:d2:77:4f
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

da:7b:b2:78:e8:ea:ef:a5:4a:62:86:66:72:1f:a6:e5:6a:2f:a4:82:4e:99:5e:50:f5:43:2e:21:74:c5:69:2e
Signer

05-05-2022 11:57
Valid: true

.text
Size: 267KB - Virtual size: 266KB

.rdata
Size: 95KB - Virtual size: 94KB

.data
Size: 6KB - Virtual size: 10KB

.rsrc
Size: 218KB - Virtual size: 218KB

.reloc
Size: 13KB - Virtual size: 13KB