file[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

file.exe
Size

2.0MB
MD5

0a42fee9fcb7176b17c39a2af5e7e9db
SHA1

6ba18746af689d249f20c2f5951f0fe6024a2455
SHA256

ad4e377633b5f0a87ad2a4a6b741615016de79605225737fc4ba5c70308c5e68
SHA512

1c911655c93a03796281a5439a78b0bc091ba565b7fa6843e43e436b675f2c1edfe11bb282d09158edf0ba0b8176c307f10fed868af64117fbc82fe17fedbb22
SSDEEP

49152:pFEKlMYVJ0NyXW/s31KT65UVLz4lgVW4vxCluT05rckHoxx3Q:vEywpu1KT65Up4lAB46MreA

Score

1^/10

Malware Config

Signatures

Files

file.exe
.exe windows x86

26576ed4d825fc7d7b1056b6b8d52646

Code Sign

04:24:08:08:49:03:9b:6f:88:58:d6:47:7f:b0:94:cd:a0:36
Certificate

Issuer

CN=R3,O=Let's Encrypt,C=US

Not Before

03/01/2023, 03:28

Not After

03/04/2023, 03:28

Subject

CN=www.fancy.org

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

55:4e:03:d1:1c:d0:2d:53:1e:2e:60:5b:bf:89:f4:8f:34:fe:d8:ad:45:2a:f4:f6:85:53:d1:6f:d4:e9:e3:78
Signer

Actual PE Digest

55:4e:03:d1:1c:d0:2d:53:1e:2e:60:5b:bf:89:f4:8f:34:fe:d8:ad:45:2a:f4:f6:85:53:d1:6f:d4:e9:e3:78

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=www.fancy.org

31/01/2023, 19:24
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemDefaultLangID
FindFirstFileW
lstrlenA
GetModuleHandleW
GetTickCount
WriteFile
FormatMessageW
lstrcatA
lstrlenW
GetCurrentDirectoryW
SetLastError
GetProcAddress
IsValidCodePage
FindClose
LoadLibraryA
GetLargePageMinimum
GetSystemInfo
GetModuleHandleA
lstrcpyA
GetThreadUILanguage
GetProcessHeap
SetEndOfFile
ReadFile
GetLocaleInfoA
InterlockedIncrement
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleFileNameW
GetStartupInfoW
HeapValidate
IsBadReadPtr
RaiseException
RtlUnwind
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
TlsGetValue
TlsAlloc
TlsSetValue
GetCurrentThreadId
TlsFree
GetLastError
DebugBreak
OutputDebugStringA
WriteConsoleW
OutputDebugStringW
ExitProcess
LoadLibraryW
CloseHandle
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
HeapDestroy
HeapCreate
HeapFree
VirtualFree
GetModuleFileNameA
FlushFileBuffers
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
HeapAlloc
HeapSize
HeapReAlloc
VirtualAlloc
GetACP
GetOEMCP
GetCPInfo
InitializeCriticalSectionAndSpinCount
MultiByteToWideChar
SetFilePointer
CreateFileA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

user32

IsIconic
GetTopWindow
IsZoomed
GetClientRect
GetWindowTextLengthA
AnyPopup
wsprintfW
GetDesktopWindow
GetActiveWindow
MessageBoxW
GetMessagePos

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 171KB - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

26576ed4d825fc7d7b1056b6b8d52646

Code Sign

04:24:08:08:49:03:9b:6f:88:58:d6:47:7f:b0:94:cd:a0:36Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

55:4e:03:d1:1c:d0:2d:53:1e:2e:60:5b:bf:89:f4:8f:34:fe:d8:ad:45:2a:f4:f6:85:53:d1:6f:d4:e9:e3:78Signer

Signature Validations

Verification

31/01/2023, 19:24 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 43KB - Virtual size: 42KB

.data Size: 5KB - Virtual size: 1.7MB

.rsrc Size: 171KB - Virtual size: 170KB

.reloc Size: 29KB - Virtual size: 29KB

04:24:08:08:49:03:9b:6f:88:58:d6:47:7f:b0:94:cd:a0:36
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

55:4e:03:d1:1c:d0:2d:53:1e:2e:60:5b:bf:89:f4:8f:34:fe:d8:ad:45:2a:f4:f6:85:53:d1:6f:d4:e9:e3:78
Signer

31/01/2023, 19:24
Valid: false

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 43KB - Virtual size: 42KB

.data
Size: 5KB - Virtual size: 1.7MB

.rsrc
Size: 171KB - Virtual size: 170KB

.reloc
Size: 29KB - Virtual size: 29KB