old_drip[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

old_drip.exe
Size

4.0MB
MD5

67acd50dff9588fdb0878e833c9546fe
SHA1

3372c3aa6647fd07023108c75f939b15e3db93fb
SHA256

8c93b3701990e404a2f3fd6f58092aed4ef20fdbb684c86b5bf71c4e6ab6c3fe
SHA512

2c46ace2392b566a8f0c2bbfb1e7b5824b803daa477a9dcfa915f6163026efa4a6c05bcea505a054979a68ba693fb7d805987d2b96f6451b0cf5282bdce5d251
SSDEEP

98304:mX8kIJYM0+vMN7DBtUoRoPaXvyw8+2meMcTJ:mX8kIlM7bO5ofL6

Score

1^/10

Malware Config

Signatures

Files

old_drip.exe
.exe windows x64

00696255f4f88c59d82891fc1a34b7e5

Code Sign

0d:ee:e4:51:13:53:38:6f:e6:f1:99:a3:6d:ec:53:ec
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

03/04/2018, 00:00

Not After

08/04/2019, 12:00

Subject

CN=Kurium,O=Kurium,L=Emmeloord,C=NL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:ee:e4:51:13:53:38:6f:e6:f1:99:a3:6d:ec:53:ec
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

03/04/2018, 00:00

Not After

08/04/2019, 12:00

Subject

CN=Kurium,O=Kurium,L=Emmeloord,C=NL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04/01/2017, 00:00

Not After

18/01/2028, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6d:96:24:63:da:9d:ad:8f:8e:cf:13:08:09:62:c3:2f:56:fd:e0:5d:61:25:34:97:fe:bf:dc:7b:ad:d9:b2:c4
Signer

Actual PE Digest

6d:96:24:63:da:9d:ad:8f:8e:cf:13:08:09:62:c3:2f:56:fd:e0:5d:61:25:34:97:fe:bf:dc:7b:ad:d9:b2:c4

Digest Algorithm

sha256

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Kurium,O=Kurium,L=Emmeloord,C=NL

02/02/2023, 17:54
Valid: false

2e:ed:67:53:05:f6:7d:54:22:67:16:0e:49:64:06:38:1b:be:7f:6c
Signer

Actual PE Digest

2e:ed:67:53:05:f6:7d:54:22:67:16:0e:49:64:06:38:1b:be:7f:6c

Digest Algorithm

sha1

PE Digest Matches

false

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Kurium,O=Kurium,L=Emmeloord,C=NL

11/04/2018, 19:56
Valid: true

Chain 1

CN=Kurium,O=Kurium,L=Emmeloord,C=NL

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

CreateRemoteThread
VirtualFreeEx
GetExitCodeProcess
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetProcAddress
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
SetLastError
GetLastError
InitializeCriticalSectionEx
FreeLibrary
Sleep
SleepEx
VerSetConditionMask
GetSystemDirectoryA
GetModuleHandleA
LoadLibraryA
VerifyVersionInfoA
ExpandEnvironmentStringsA
GetStdHandle
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
MultiByteToWideChar
WideCharToMultiByte
TryEnterCriticalSection
DuplicateHandle
GetModuleHandleW
GetExitCodeThread
CloseHandle
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetTickCount
CreateTimerQueue
SignalObjectAndWait
SwitchToThread
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
EncodePointer
GetThreadTimes
FreeLibraryAndExitThread
GetModuleFileNameW
LoadLibraryExW
GetVersionExW
VirtualAlloc
VirtualFree
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
GetTickCount64
OpenProcess
QueryPerformanceCounter
WaitForSingleObject
QueryPerformanceFrequency
GlobalUnlock
GlobalLock
GlobalAlloc
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
LoadLibraryW
RtlPcToFileHeader
DecodePointer
RaiseException
VirtualAllocEx
VirtualProtect
InitializeCriticalSectionAndSpinCount
WriteProcessMemory
GetSystemFirmwareTable
GetSystemInfo
GetVolumeInformationA
GetCurrentThread
FormatMessageA

user32

GetWindowTextW
GetWindowThreadProcessId
DefWindowProcW
CreateWindowExW
GetSystemMetrics
UnregisterClassW
EnumWindows
MessageBoxA
MessageBoxW
RegisterClassExW
ShowWindow
DispatchMessageW
PeekMessageW
TranslateMessage
FindWindowW
PostQuitMessage
UpdateWindow
GetKeyState
GetCapture
ClientToScreen
LoadCursorW
SetCapture
SetCursor
GetClientRect
ReleaseCapture
SetCursorPos
OpenClipboard
CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData

shell32

ShellExecuteW

d3d9

Direct3DCreate9

ws2_32

select
__WSAFDIsSet
socket
WSAGetLastError
ioctlsocket
gethostname
WSACleanup
htonl
ntohl
WSAStartup
WSASetLastError
sendto
recv
send
bind
recvfrom
closesocket
connect
listen
getpeername
getsockopt
htons
accept
freeaddrinfo
getsockname
ntohs
setsockopt
WSAIoctl
getaddrinfo

advapi32

CryptDestroyKey
CryptImportKey
CryptEncrypt
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptGenRandom
CryptReleaseContext
CryptAcquireContextA

crypt32

CertFreeCertificateContext

wldap32

ord50
ord41
ord22
ord200
ord45
ord60
ord211
ord301
ord26
ord79
ord27
ord32
ord33
ord35
ord46
ord30
ord143

normaliz

IdnToAscii

imm32

ImmGetContext
ImmSetCompositionWindow

vcruntime140

memchr
memcmp
__CxxFrameHandler3
strrchr
memset
_CxxThrowException
__std_exception_destroy
__std_exception_copy
__std_terminate
memmove
strstr
strchr
__vcrt_InitializeCriticalSectionEx
__C_specific_handler
_purecall
__AdjustPointer
__processing_throw
__current_exception
__RTDynamicCast
__uncaught_exception
memcpy

api-ms-win-crt-stdio-l1-1-0

fopen
fgets
fwrite
__stdio_common_vsscanf
fputc
fread
__p__commode
__stdio_common_vsprintf
_wfopen
_set_fmode
fseek
_lseeki64
__stdio_common_vfprintf
fclose
fflush
__acrt_iob_func
_read
_write
_close
_open
ftell
fputs
__stdio_common_vsprintf_s
__stdio_common_vswprintf_s

api-ms-win-crt-runtime-l1-1-0

exit
_initialize_narrow_environment
_invalid_parameter_noinfo_noreturn
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
_seh_filter_exe
_set_app_type
_get_narrow_winmain_command_line
_initterm
_getpid
_initterm_e
_beginthreadex
_exit
_c_exit
_register_thread_local_exe_atexit_callback
_errno
strerror
__sys_nerr
_wassert
terminate
_configure_narrow_argv

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode
_callnewh
_calloc_base
_free_base
calloc
malloc
realloc

api-ms-win-crt-environment-l1-1-0

_dupenv_s
getenv

api-ms-win-crt-string-l1-1-0

isalpha
isgraph
strncmp
tolower
isprint
isxdigit
strpbrk
isdigit
isspace
islower
strncpy
isalnum
isupper
_strdup

api-ms-win-crt-utility-l1-1-0

srand
qsort
rand

api-ms-win-crt-math-l1-1-0

fmodf
cosf
floor
__setusermatherr
sinf
exp
ceil
acosf
sqrtf
sqrt

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-time-l1-1-0

_gmtime64
_time64

api-ms-win-crt-filesystem-l1-1-0

_stat64
_fstat64
_access

api-ms-win-crt-convert-l1-1-0

strtol
atoi
strtoul
strtoll

Sections

.text
Size: 569KB - Virtual size: 568KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3.2MB - Virtual size: 7.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.v-lizer
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

00696255f4f88c59d82891fc1a34b7e5

Code Sign

0d:ee:e4:51:13:53:38:6f:e6:f1:99:a3:6d:ec:53:ecCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

0d:ee:e4:51:13:53:38:6f:e6:f1:99:a3:6d:ec:53:ecCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41Certificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

6d:96:24:63:da:9d:ad:8f:8e:cf:13:08:09:62:c3:2f:56:fd:e0:5d:61:25:34:97:fe:bf:dc:7b:ad:d9:b2:c4Signer

Signature Validations

Verification

02/02/2023, 17:54 Valid: false

2e:ed:67:53:05:f6:7d:54:22:67:16:0e:49:64:06:38:1b:be:7f:6cSigner

Signature Validations

Verification

11/04/2018, 19:56 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

d3d9

ws2_32

advapi32

crypt32

wldap32

normaliz

imm32

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-convert-l1-1-0

Sections

.text Size: 569KB - Virtual size: 568KB

.rdata Size: 159KB - Virtual size: 158KB

.data Size: 7KB - Virtual size: 12KB

.pdata Size: 32KB - Virtual size: 31KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 3.2MB - Virtual size: 7.9MB

.v-lizer Size: 32KB - Virtual size: 31KB

0d:ee:e4:51:13:53:38:6f:e6:f1:99:a3:6d:ec:53:ec
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

0d:ee:e4:51:13:53:38:6f:e6:f1:99:a3:6d:ec:53:ec
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

6d:96:24:63:da:9d:ad:8f:8e:cf:13:08:09:62:c3:2f:56:fd:e0:5d:61:25:34:97:fe:bf:dc:7b:ad:d9:b2:c4
Signer

02/02/2023, 17:54
Valid: false

2e:ed:67:53:05:f6:7d:54:22:67:16:0e:49:64:06:38:1b:be:7f:6c
Signer

11/04/2018, 19:56
Valid: true

.text
Size: 569KB - Virtual size: 568KB

.rdata
Size: 159KB - Virtual size: 158KB

.data
Size: 7KB - Virtual size: 12KB

.pdata
Size: 32KB - Virtual size: 31KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 3.2MB - Virtual size: 7.9MB

.v-lizer
Size: 32KB - Virtual size: 31KB