launcher[.]exe

Resubmissions

13/01/2023, 22:47

230113-2q2g9aac71 1

13/01/2023, 22:46

230113-2qe91sed96 1

Sharing

Copy URL

Twitter E-mail

General

Target

launcher.exe
Size

2.8MB
MD5

4406f4b324c11a85fc5beb77882e1fb6
SHA1

87bf663c8c5e5ba7a49474974e44e07a52e63491
SHA256

10db71ef3d444b737d26fe11081d641a0990643fcfa486c97f619e80ab0bf15d
SHA512

b5d86e1039f84d1c23c4db35003f1ec8bad2949ce45915005801ab1c5dba0ebe634fdf69c82bc9db2663d4508c05c989e5aac0b4034597a0c038fb8a5172ebb0
SSDEEP

49152:UWkcffgjHE0MPwwRcmeF7keS15tB1ofewxJAxZhseRjD:qid7eSvtofeUuK4P

Score

N/A

Malware Config

Signatures

Files

launcher.exe
.exe windows x64

4f064b51254a1aba0feba903026e72ec

Code Sign

d4:81:de:15:20:05:c6:1a:c4:6b:46:f2:8c:02:17:f0
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

29/07/2022, 00:00

Not After

29/07/2023, 23:59

Subject

CN=Jeremiah Rodriguez,O=Jeremiah Rodriguez,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01/01/2004, 00:00

Not After

31/12/2028, 23:59

Subject

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:24:0a:fb:1e:38:0b:8a:16:f1:4b:71:9d:f4:d3:c0
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

09/06/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

8f:ef:6d:74:06:c1:bd:d1:10:05:0f:94:d8:6d:fc:28:76:db:37:d8:91:c9:c6:58:6b:27:c4:d4:76:87:40:c0
Signer

Actual PE Digest

8f:ef:6d:74:06:c1:bd:d1:10:05:0f:94:d8:6d:fc:28:76:db:37:d8:91:c9:c6:58:6b:27:c4:d4:76:87:40:c0

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Jeremiah Rodriguez,O=Jeremiah Rodriguez,ST=California,C=US

30/07/2022, 16:10
Valid: true

Chain 1

CN=Jeremiah Rodriguez,O=Jeremiah Rodriguez,ST=California,C=US

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

msvcrt

__C_specific_handler
___lc_codepage_func
___mb_cur_max_func
__getmainargs
__initenv
__iob_func
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_aligned_free
_aligned_malloc
_amsg_exit
_beginthreadex
_cexit
_close
_commode
_errno
_fdopen
_filelengthi64
_fileno
_fmode
_ftime64
_get_osfhandle
_gmtime64
_initterm
_isatty
_isctype_l
_iswalpha_l
_iswcntrl_l
_iswdigit_l
_iswlower_l
_iswprint_l
_iswpunct_l
_iswspace_l
_iswupper_l
_iswxdigit_l
_localtime64
_lock
_lseek
_mbtowc_l
_onexit
_pctype
_read
_setjmp
_snwprintf
_sscanf_l
_stat64
_strcoll_l
_strdup
_strnicmp
_strtod_l
_strtoi64_l
_strtoui64_l
_strxfrm_l
_sys_nerr
_time64
_tolower_l
_toupper_l
_towlower_l
_towupper_l
_unlock
_vscprintf
_vsnprintf
_wchdir
_wcscoll_l
_wcsxfrm_l
_wfopen
_wgetcwd
_wmkdir
_wopen
_write
abort
atof
atoi
bsearch
calloc
exit
fclose
feof
ferror
fflush
fgetc
fgetpos
fgets
fopen
fprintf
fputc
fputs
fputwc
fread
free
fseek
fsetpos
ftell
fwprintf
fwrite
getc
getenv
isalpha
isdigit
islower
isspace
isupper
iswctype
isxdigit
localeconv
longjmp
malloc
memchr
memcmp
memcpy
memmove
memset
qsort
realloc
remove
setlocale
signal
strchr
strcmp
strcpy
strcspn
strerror
strftime
strlen
strncat
strncmp
strncpy
strspn
strstr
strtol
strtoul
tolower
ungetc
vfprintf
wcrtomb_s
wcscmp
wcscpy
wcslen
wcsncmp
wcstol
wcstombs
wcstoul

kernel32

AcquireSRWLockExclusive
AcquireSRWLockShared
AreFileApisANSI
CancelIo
CancelIoEx
CloseHandle
CreateDirectoryA
CreateEventW
CreateFileA
CreateFileW
CreateHardLinkW
CreateIoCompletionPort
CreateMutexA
CreateMutexW
CreateNamedPipeW
CreateSymbolicLinkW
CreateWaitableTimerA
DeleteCriticalSection
DeviceIoControl
EnterCriticalSection
ExitProcess
FindClose
FindFirstFileW
FindNextFileW
FlsAlloc
FlsGetValue
FlsSetValue
FlushFileBuffers
FormatMessageA
FormatMessageW
FreeLibrary
GetCommState
GetConsoleMode
GetConsoleScreenBufferInfo
GetCurrentProcessId
GetCurrentThreadId
GetDiskFreeSpaceExA
GetDiskFreeSpaceExW
GetDynamicTimeZoneInformation
GetFileAttributesW
GetFileInformationByHandle
GetFileInformationByHandleEx
GetFileSizeEx
GetFinalPathNameByHandleW
GetLastError
GetModuleHandleA
GetModuleHandleW
GetOverlappedResult
GetProcAddress
GetQueuedCompletionStatus
GetStartupInfoA
GetStdHandle
GetSystemInfo
GetSystemTimeAsFileTime
GetTempPathW
GetThreadId
GetTimeZoneInformation
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
InitOnceExecuteOnce
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InitializeSRWLock
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
LocalFree
MoveFileExW
MultiByteToWideChar
PostQueuedCompletionStatus
QueryPerformanceCounter
QueryPerformanceFrequency
QueueUserAPC
ReadFile
RegisterWaitForSingleObject
ReleaseMutex
ReleaseSRWLockExclusive
ReleaseSRWLockShared
ResetEvent
SetCommState
SetCommTimeouts
SetConsoleTextAttribute
SetEndOfFile
SetEvent
SetFileAttributesW
SetFileInformationByHandle
SetFilePointerEx
SetFileTime
SetLastError
SetThreadExecutionState
SetUnhandledExceptionFilter
SetWaitableTimer
Sleep
SleepConditionVariableSRW
SleepEx
SwitchToThread
TerminateThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryAcquireSRWLockExclusive
TryEnterCriticalSection
UnregisterWaitEx
VerSetConditionMask
VerifyVersionInfoA
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WaitForSingleObjectEx
WakeAllConditionVariable
WakeConditionVariable
WideCharToMultiByte
WriteConsoleA
WriteConsoleW
WriteFile

advapi32

RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
SystemFunction036

opengl32

glBindTexture
glBlendFunc
glClear
glClearColor
glDeleteTextures
glDepthFunc
glDisable
glDrawArrays
glEnable
glGenTextures
glGetBooleanv
glGetError
glGetIntegerv
glGetString
glPixelStorei
glTexImage2D
glTexParameteri
glTexSubImage2D
glViewport
wglGetCurrentDC
wglGetProcAddress

user32

AdjustWindowRectEx
BringWindowToTop
ChangeDisplaySettingsExW
ClientToScreen
ClipCursor
CloseClipboard
CreateIconIndirect
CreateWindowExW
DefWindowProcW
DestroyIcon
DestroyWindow
DispatchMessageW
EmptyClipboard
EnumDisplayDevicesW
EnumDisplayMonitors
EnumDisplaySettingsExW
EnumDisplaySettingsW
FlashWindow
GetActiveWindow
GetClassLongPtrW
GetClientRect
GetClipboardData
GetCursorPos
GetDC
GetKeyState
GetLayeredWindowAttributes
GetMessageTime
GetMonitorInfoW
GetPropW
GetRawInputData
GetSystemMetrics
GetWindowLongW
GetWindowPlacement
GetWindowRect
IsIconic
IsWindowVisible
IsZoomed
LoadCursorW
LoadImageW
MapVirtualKeyW
MessageBoxA
MonitorFromWindow
MoveWindow
MsgWaitForMultipleObjects
OpenClipboard
PeekMessageW
PostMessageW
PtInRect
RegisterClassExW
RegisterDeviceNotificationW
RegisterRawInputDevices
ReleaseCapture
ReleaseDC
RemovePropW
ScreenToClient
SendMessageW
SetCapture
SetClipboardData
SetCursor
SetCursorPos
SetFocus
SetForegroundWindow
SetLayeredWindowAttributes
SetPropW
SetRect
SetWindowLongW
SetWindowPlacement
SetWindowPos
SetWindowTextW
ShowWindow
SystemParametersInfoW
ToUnicode
TrackMouseEvent
TranslateMessage
UnregisterClassW
UnregisterDeviceNotification
WaitMessage
WindowFromPoint

crypt32

CertCloseStore
CertEnumCertificatesInStore
CertOpenSystemStoreA

ole32

CoCreateInstance
CoInitializeEx
CoTaskMemFree

shell32

DragAcceptFiles
DragFinish
DragQueryFileW
DragQueryPoint
ILCreateFromPathA
ILFree
SHCreateShellItem
SHGetFolderPathA

bcrypt

BCryptGenRandom

mswsock

AcceptEx
GetAcceptExSockaddrs

ws2_32

WSAAddressToStringA
WSACleanup
WSAGetLastError
WSAIoctl
WSARecv
WSARecvFrom
WSASend
WSASendTo
WSASetLastError
WSASocketW
WSAStartup
WSAStringToAddressA
__WSAFDIsSet
accept
bind
closesocket
connect
freeaddrinfo
getaddrinfo
gethostname
getnameinfo
getpeername
getsockname
getsockopt
htonl
htons
ioctlsocket
listen
ntohl
ntohs
recv
select
send
setsockopt
shutdown
socket

gdi32

ChoosePixelFormat
CreateBitmap
CreateDCW
CreateDIBSection
CreateRectRgn
DeleteDC
DeleteObject
DescribePixelFormat
GetDeviceCaps
GetDeviceGammaRamp
SetDeviceGammaRamp
SetPixelFormat
SwapBuffers

Exports

Exports

AmdPowerXpressRequestHighPerformance
NvOptimusEnablement

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.buildid
Size: 512B - Virtual size: 53B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 600B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 106KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

4f064b51254a1aba0feba903026e72ec

Code Sign

d4:81:de:15:20:05:c6:1a:c4:6b:46:f2:8c:02:17:f0Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

01Certificate

Key Usages

01:24:0a:fb:1e:38:0b:8a:16:f1:4b:71:9d:f4:d3:c0Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate

Extended Key Usages

Key Usages

8f:ef:6d:74:06:c1:bd:d1:10:05:0f:94:d8:6d:fc:28:76:db:37:d8:91:c9:c6:58:6b:27:c4:d4:76:87:40:c0Signer

Signature Validations

Verification

30/07/2022, 16:10 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

kernel32

advapi32

opengl32

user32

crypt32

ole32

shell32

bcrypt

mswsock

ws2_32

gdi32

Exports

Exports

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 1.3MB - Virtual size: 1.3MB

.buildid Size: 512B - Virtual size: 53B

.data Size: 2KB - Virtual size: 64KB

.pdata Size: 62KB - Virtual size: 62KB

.tls Size: 1024B - Virtual size: 600B

.rsrc Size: 106KB - Virtual size: 105KB

.reloc Size: 16KB - Virtual size: 16KB

d4:81:de:15:20:05:c6:1a:c4:6b:46:f2:8c:02:17:f0
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

01
Certificate

01:24:0a:fb:1e:38:0b:8a:16:f1:4b:71:9d:f4:d3:c0
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

8f:ef:6d:74:06:c1:bd:d1:10:05:0f:94:d8:6d:fc:28:76:db:37:d8:91:c9:c6:58:6b:27:c4:d4:76:87:40:c0
Signer

30/07/2022, 16:10
Valid: true

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 1.3MB - Virtual size: 1.3MB

.buildid
Size: 512B - Virtual size: 53B

.data
Size: 2KB - Virtual size: 64KB

.pdata
Size: 62KB - Virtual size: 62KB

.tls
Size: 1024B - Virtual size: 600B

.rsrc
Size: 106KB - Virtual size: 105KB

.reloc
Size: 16KB - Virtual size: 16KB