NCDSTART[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NCDSTART.exe
Size

653KB
MD5

712a14c1a7eee770a9783e6296129c87
SHA1

6fb6c395ee98be98144f95e5c6a2a7e21da4e0f8
SHA256

6729443fe2ce88e0978132449ecbe1124eaee340610c1907569d61bda08d16f9
SHA512

005bd58ce6529b727dc5846f00ad5219168dad738a14ad36c615ecb4f6ac486f75ddf1db3b679845b2ed2124f39952e64f0574432002e32cf91b40b4a26e8245
SSDEEP

6144:AljLWZPAwIQGXdSGOVNM9rohkpuAK8E3sl:A1WpgeigiEQ

Score

N/A

Malware Config

Signatures

Files

NCDSTART.exe
.exe windows x86

4c88702346432bbbe920bcafdb75bf8c

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0a
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2009, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

03:5f:9a:87:0e:1d:cb:22:42:9e:23:c7:26:21:c3:13
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

27/10/2005, 00:00

Not After

24/11/2006, 23:59

Subject

CN=Symantec Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Symantec Research Labs,O=Symantec Corporation,L=Santa Monica,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ae:1c:89:eb:3c:7f:e6:4f:d5:7d:0e:e8:e8:06:11:c5:26:ca:8d:9c
Signer

Actual PE Digest

ae:1c:89:eb:3c:7f:e6:4f:d5:7d:0e:e8:e8:06:11:c5:26:ca:8d:9c

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Symantec Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Symantec Research Labs,O=Symantec Corporation,L=Santa Monica,ST=California,C=US

15/12/2022, 14:00
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

PlaySoundA

kernel32

lstrcatA
lstrcpyA
GetVersionExA
Sleep
GetTickCount
CloseHandle
CreateProcessA
GetModuleHandleA
LoadResource
FindResourceA
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetSystemInfo
VirtualProtect
VirtualQuery
InterlockedExchange
InitializeCriticalSection
LoadLibraryA
IsBadCodePtr
IsBadReadPtr
GetStringTypeW
GetStringTypeA
LCMapStringW
MultiByteToWideChar
LCMapStringA
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetFileType
SetHandleCount
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
GetProcAddress
FreeLibrary
GetFileAttributesA
MulDiv
GetModuleFileNameA
GetEnvironmentVariableA
SetEnvironmentVariableA
GetLastError
GetCurrentProcess
GetLocaleInfoA
WriteFile
HeapSize
RtlUnwind
RaiseException
GetStartupInfoA
GetCommandLineA
HeapAlloc
GetACP
GetOEMCP
GetCPInfo
TlsAlloc
SetLastError
GetCurrentThreadId
TlsFree
TlsSetValue
TlsGetValue
HeapFree
SetUnhandledExceptionFilter
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapReAlloc
ExitProcess
TerminateProcess

user32

SetForegroundWindow
LoadAcceleratorsA
LoadCursorA
RegisterClassA
CreateWindowExA
GetMessageA
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
PostQuitMessage
ShowWindow
UpdateWindow
DefWindowProcA
GetCursor
SetClassLongA
WaitForInputIdle
FindWindowA
IsWindow
BeginPaint
GetClientRect
GetSysColorBrush
FillRect
EndPaint
GetSysColor
AdjustWindowRect
MoveWindow
LoadIconA
PostMessageA
SystemParametersInfoA
wsprintfA
GetSystemMetrics
DrawTextA
GetDC
InvalidateRect
ReleaseDC
LoadStringA
MessageBoxA

gdi32

CreatePalette
CreateCompatibleDC
BitBlt
CreateDIBitmap
GetStockObject
SetBkMode
SetTextColor
CreateFontA
SelectObject
DeleteObject
SelectPalette
RealizePalette

shell32

ShellExecuteA

Sections

.text
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 592KB - Virtual size: 589KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4c88702346432bbbe920bcafdb75bf8c

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0aCertificate

Extended Key Usages

Key Usages

03:5f:9a:87:0e:1d:cb:22:42:9e:23:c7:26:21:c3:13Certificate

Extended Key Usages

Key Usages

ae:1c:89:eb:3c:7f:e6:4f:d5:7d:0e:e8:e8:06:11:c5:26:ca:8d:9cSigner

Signature Validations

Verification

15/12/2022, 14:00 Valid: false

Headers

File Characteristics

Imports

winmm

kernel32

user32

gdi32

shell32

Sections

.text Size: 36KB - Virtual size: 34KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 4KB - Virtual size: 5KB

.rsrc Size: 592KB - Virtual size: 589KB

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

57:64:6e:2b:55:00:23:d4:90:53:4a:55:3e:ab:0d:0a
Certificate

03:5f:9a:87:0e:1d:cb:22:42:9e:23:c7:26:21:c3:13
Certificate

ae:1c:89:eb:3c:7f:e6:4f:d5:7d:0e:e8:e8:06:11:c5:26:ca:8d:9c
Signer

15/12/2022, 14:00
Valid: false

.text
Size: 36KB - Virtual size: 34KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 592KB - Virtual size: 589KB