aitstatic[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

aitstatic.exe
Size

3.1MB
MD5

64ed2d2c45644c1cd48904bf39e5e5f6
SHA1

ddbb9fc71f4a4fcc478c40a3b8e4c87fce415317
SHA256

6c21c0c38032da60fcb777cd1706d3630ec541a61d63bcc4c7a28a7008da16d4
SHA512

a2b7a6d264e7a244e4974d7e1886d501e2de9f2bb1e55ad2a7eca61e65ac6badf648b12c3a00fc756e5063a298fe165f70dcaca2d7e0dd2a784606f871b18c60
SSDEEP

49152:vjt1+tENWqAD+pSYryLTQ4ullYF5svlRlZPAoTMZmhJv3eEkF/La:vvyAwvAImAoTMgJvuLa

Score

N/A

Malware Config

Signatures

Files

aitstatic.exe
.exe windows x64

f72acd5834b43927998e9b0707b7ae4b

Code Sign

33:00:00:02:ed:2c:45:e4:c1:45:cf:48:44:00:00:00:00:02:ed
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/12/2020, 21:29

Not After

02/12/2021, 21:29

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

37:11:1e:57:d8:98:3e:d9:cc:b6:48:6d:5b:3c:24:5c:f0:74:88:8f:0d:8e:48:5b:6c:a0:a9:04:65:2b:b2:5d
Signer

Actual PE Digest

37:11:1e:57:d8:98:3e:d9:cc:b6:48:6d:5b:3c:24:5c:f0:74:88:8f:0d:8e:48:5b:6c:a0:a9:04:65:2b:b2:5d

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

15/12/2022, 13:51
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

CreateSemaphoreExW
ReleaseSemaphore
LocalAlloc
ReleaseMutex
FormatMessageW
OutputDebugStringW
WaitForSingleObjectEx
OpenSemaphoreW
CreateMutexExW
IsDebuggerPresent
GetProcessHeap
HeapAlloc
GetSystemInfo
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
LoadLibraryExA
GetModuleFileNameA
VirtualProtect
LocalFree
WideCharToMultiByte
UnmapViewOfFile
GetFileInformationByHandle
VirtualQuery
MapViewOfFile
CreateFileMappingW
GetFileSizeEx
RaiseException
FindClose
FindNextFileW
FindFirstFileW
GetFileAttributesW
MultiByteToWideChar
GetSystemWow64DirectoryW
GetSystemDirectoryW
GetSystemTimeAsFileTime
HeapSetInformation
HeapFree
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
GetModuleHandleExW
GetProcAddress
FreeLibrary
WaitForSingleObject
CloseHandle
SetLastError
WriteFile
ExpandEnvironmentStringsW
OutputDebugStringA
GetModuleFileNameW
CreateFileW
GetModuleHandleExA
GetLastError
DebugBreak
LoadLibraryExW
HeapReAlloc

msvcrt

__setusermatherr
_cexit
_exit
_vsnprintf
strcpy_s
strchr
sprintf_s
_wcsnicmp
wcschr
_vsnwprintf
wcsrchr
wcscpy_s
wcscat_s
_wcslwr
wcsstr
wcsncmp
_strdup
_strrev
bsearch_s
free
_stricmp
_commode
qsort_s
_lock
_purecall
strrchr
__C_specific_handler
_ui64toa_s
_strnicmp
??_V@YAXPEAX@Z
wcstombs_s
swscanf_s
malloc
_callnewh
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBV0@@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
_CxxThrowException
memcpy
memmove
??1type_info@@UEAA@XZ
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
_wfullpath
printf
vprintf
_wcsicmp
__CxxFrameHandler3
_unlock
_initterm
strncpy_s
__dllonexit
_onexit
?terminate@@YAXXZ
memcmp
_fmode
??3@YAXPEAX@Z
iswalpha
memcpy_s
_wcsrev
memset

ntdll

EtwEventUnregister
EtwEventWrite
EtwEventRegister
RtlGUIDFromString
RtlUpcaseUnicodeChar
RtlGetNativeSystemInformation
ZwQuerySystemInformation
RtlAppendUnicodeToString
RtlCharToInteger
RtlNtStatusToDosError
ZwQueryValueKey
RtlInitUnicodeStringEx
ZwEnumerateKey
ZwOpenKey
RtlInitUnicodeString
ZwClose
RtlLeaveCriticalSection
RtlFreeHeap
RtlInitializeCriticalSection
RtlMultiByteToUnicodeN
RtlInitAnsiString
RtlEnterCriticalSection
RtlReAllocateHeap
RtlEqualString
RtlAllocateHeap
RtlDeleteCriticalSection
EtwEventWriteNoRegistration
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlAppendUnicodeStringToString

ole32

CoUninitialize
CoInitializeEx
CoCreateInstance

oleaut32

SysAllocString
SysStringLen
VariantClear
VariantInit
SysFreeString

advapi32

EventRegister
EventUnregister
EventWriteTransfer

shlwapi

PathFindExtensionA
PathStripPathW
PathFindExtensionW
PathRemoveBackslashW

mscoree

CLRCreateInstance

Exports

Exports

CreateDCW
DeleteDC
GetFirmwareType
RtlCheckPortableOperatingSystem

Sections

.text
Size: 140KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f72acd5834b43927998e9b0707b7ae4b

Code Sign

33:00:00:02:ed:2c:45:e4:c1:45:cf:48:44:00:00:00:00:02:edCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

37:11:1e:57:d8:98:3e:d9:cc:b6:48:6d:5b:3c:24:5c:f0:74:88:8f:0d:8e:48:5b:6c:a0:a9:04:65:2b:b2:5dSigner

Signature Validations

Verification

15/12/2022, 13:51 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

ntdll

ole32

oleaut32

advapi32

shlwapi

mscoree

Exports

Exports

Sections

.text Size: 140KB - Virtual size: 136KB

.rdata Size: 1.2MB - Virtual size: 1.2MB

.data Size: 1.7MB - Virtual size: 1.7MB

.pdata Size: 4KB - Virtual size: 3KB

.didat Size: 4KB - Virtual size: 48B

.rsrc Size: 4KB - Virtual size: 2KB

.reloc Size: 52KB - Virtual size: 51KB

33:00:00:02:ed:2c:45:e4:c1:45:cf:48:44:00:00:00:00:02:ed
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

37:11:1e:57:d8:98:3e:d9:cc:b6:48:6d:5b:3c:24:5c:f0:74:88:8f:0d:8e:48:5b:6c:a0:a9:04:65:2b:b2:5d
Signer

15/12/2022, 13:51
Valid: false

.text
Size: 140KB - Virtual size: 136KB

.rdata
Size: 1.2MB - Virtual size: 1.2MB

.data
Size: 1.7MB - Virtual size: 1.7MB

.pdata
Size: 4KB - Virtual size: 3KB

.didat
Size: 4KB - Virtual size: 48B

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 52KB - Virtual size: 51KB