Delta-Exploit_586021[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Delta-Exploit_586021.exe
Size

14.2MB
MD5

2a56ad832d82732747e25df88452f710
SHA1

4f03981f71f56472ee6d392dbe40dafe3e0a8a1c
SHA256

97a686d1363130b38e408284450247ae8e16db92d187dccfa1ef63dc6c173b78
SHA512

20bfe1f32fc2cd75859fd986842c589684a0591d1528543b74b4d265982a93457960704fdd80e84da39a18718b55c3494e343d3e9752cd1101683e18dd4c5e6e
SSDEEP

393216:bKeRN61ohfZyFID3DDv/flYudBQAWJsv6tWKFdu9Cp5:bKeRN6SpDBYud2AQ5

Score

1^/10

Malware Config

Signatures

Files

Delta-Exploit_586021.exe
.exe windows x86

f2ab8779b49ded338fa2cc2dcaf71322

Code Sign

4e:40:e4:37:54:ed:e6:8c:00:00:00:00:51:d3:94:7f
Certificate

Issuer

CN=Entrust Root Certification Authority - G2,OU=See www.entrust.net/legal-terms+OU=(c) 2009 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Not Before

07/05/2021, 15:43

Not After

07/11/2030, 16:13

Subject

CN=Entrust Code Signing Root Certification Authority - CSBR1,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

35:af:b7:7b:9d:34:1f:6a:fc:8f:84:46:ab:31:35:2b
Certificate

Issuer

CN=Entrust Code Signing Root Certification Authority - CSBR1,O=Entrust\, Inc.,C=US

Not Before

07/05/2021, 19:19

Not After

29/12/2040, 23:59

Subject

CN=Entrust Extended Validation Code Signing CA - EVCS2,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

12:08:80:85:67:01:44:69:62:ce:41:22:34:0c:88:56
Certificate

Issuer

CN=Entrust Extended Validation Code Signing CA - EVCS2,O=Entrust\, Inc.,C=US

Not Before

07/03/2022, 20:30

Not After

07/03/2023, 20:30

Subject

SERIALNUMBER=2021-001024541,CN=Stragence Technology\, Inc.,O=Stragence Technology\, Inc.,L=Cheyenne,ST=Wyoming,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130757796f6d696e67,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

48:a7:7f:89:bd:fd:07:2a:35:3e:d7:8e:6d:40:26:ad:78:26:5b:b8:44:57:54:46:58:f7:32:51:b0:ad:05:d8
Signer

Actual PE Digest

48:a7:7f:89:bd:fd:07:2a:35:3e:d7:8e:6d:40:26:ad:78:26:5b:b8:44:57:54:46:58:f7:32:51:b0:ad:05:d8

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=2021-001024541,CN=Stragence Technology\, Inc.,O=Stragence Technology\, Inc.,L=Cheyenne,ST=Wyoming,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130757796f6d696e67,1.3.6.1.4.1.311.60.2.1.3=#13025553

18/01/2023, 13:41
Valid: true

Chain 1

SERIALNUMBER=2021-001024541,CN=Stragence Technology\, Inc.,O=Stragence Technology\, Inc.,L=Cheyenne,ST=Wyoming,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130757796f6d696e67,1.3.6.1.4.1.311.60.2.1.3=#13025553

CN=Entrust Extended Validation Code Signing CA - EVCS2,O=Entrust\, Inc.,C=US

CN=Entrust Code Signing Root Certification Authority - CSBR1,O=Entrust\, Inc.,C=US

CN=Entrust Root Certification Authority - G2,OU=See www.entrust.net/legal-terms+OU=(c) 2009 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

GetCharABCWidthsI
SetWorldTransform
CombineRgn
SelectObject
CreateDIBSection
GetRegionData
GetDIBits
RemoveFontResourceExW
CreateRectRgn
GdiFlush
GetGlyphOutlineW
SetGraphicsMode
GetObjectW
CreateFontIndirectW
AddFontMemResourceEx
GetDeviceCaps
GetFontData
AddFontResourceExW
GetBitmapBits
OffsetRgn
BitBlt
GetTextExtentPoint32W
SetTextAlign
EnumFontFamiliesExW
GetTextMetricsW
GetCharABCWidthsFloatW
GetStockObject
GetTextFaceW
CreateDCW
SetTextColor
SelectClipRgn
DeleteDC
CreateCompatibleDC
ExtTextOutW
DeleteObject
CreateBitmap
GetOutlineTextMetricsW
RemoveFontMemResourceEx
SetBkMode
CreateCompatibleBitmap
GetCharABCWidthsW

ole32

OleFlushClipboard
RegisterDragDrop
OleSetClipboard
CoUninitialize
OleUninitialize
CoCreateGuid
CoGetMalloc
CoInitialize
StringFromGUID2
CoCreateInstance
DoDragDrop
CoTaskMemFree
RevokeDragDrop
CoTaskMemAlloc
ReleaseStgMedium
OleGetClipboard
CoLockObjectExternal
OleIsCurrentClipboard
OleInitialize

imm32

ImmAssociateContext
ImmGetVirtualKey
ImmSetCandidateWindow
ImmReleaseContext
ImmGetDefaultIMEWnd
ImmNotifyIME
ImmGetCompositionStringW
ImmSetCompositionWindow
ImmGetContext

winmm

PlaySoundW

oleaut32

SysStringLen
SystemTimeToVariantTime
VariantChangeType
VariantInit
SysAllocStringLen
SysFreeString
SysAllocString

shell32

SHGetFileInfoW
SHBrowseForFolderW
SHGetMalloc
SHGetSpecialFolderPathW
ShellExecuteW
CommandLineToArgvW
SHGetPathFromIDListW

advapi32

RegCloseKey
RegDeleteValueW
CryptGetHashParam
CryptGenRandom
CryptDestroyKey
CryptAcquireContextW
RegQueryInfoKeyW
RegDeleteKeyW
CryptHashData
CopySid
RegOpenKeyExW
RegFlushKey
RegEnumKeyExW
RegQueryValueExW
OpenProcessToken
CryptEncrypt
CryptImportKey
CryptCreateHash
RegEnumValueW
CryptDestroyHash
GetLengthSid
RegSetValueExW
FreeSid
GetTokenInformation
CryptReleaseContext
RegCreateKeyExW

user32

GetMonitorInfoW
MapVirtualKeyW
GetSysColor
IsWindowVisible
ToUnicode
CallNextHookEx
MsgWaitForMultipleObjectsEx
wsprintfA
RegisterClassExW
GetParent
DestroyWindow
ChildWindowFromPointEx
SetParent
BeginPaint
SetClipboardViewer
SetCaretPos
TranslateMessage
EnumDisplayMonitors
SetMenuItemInfoW
IsChild
GetAsyncKeyState
DrawIconEx
GetWindowPlacement
ScreenToClient
GetUpdateRect
SetFocus
SetWindowsHookExW
SetForegroundWindow
GetSystemMetrics
DestroyCursor
AdjustWindowRectEx
GetCursorInfo
GetIconInfo
GetKeyboardState
UnregisterClassW
EnumWindows
GetKeyboardLayoutList
GetSysColorBrush
GetFocus
FlashWindowEx
GetMenu
GetWindowThreadProcessId
RealGetWindowClassW
CreateCursor
GetWindowLongW
EndPaint
GetDC
ChangeClipboardChain
GetAncestor
SetCapture
SystemParametersInfoW
DestroyCaret
GetKeyState
CreateIconIndirect
RegisterClipboardFormatW
SetWindowRgn
GetQueueStatus
SetCursor
IsIconic
SetWindowLongW
CharNextExA
CreateCaret
GetClassInfoW
GetForegroundWindow
GetCursorPos
GetSystemMenu
GetDoubleClickTime
SendMessageW
ClientToScreen
RegisterWindowMessageW
PeekMessageW
GetKeyboardLayout
LoadIconW
NotifyWinEvent
ShowWindow
GetClientRect
GetClipboardFormatNameW
SetTimer
EnableMenuItem
GetCapture
SetWindowPos
DestroyIcon
InvalidateRect
MessageBeep
SetWindowPlacement
CreateWindowExW
GetWindowTextW
DispatchMessageW
MessageBoxW
PostMessageW
LoadCursorW
HideCaret
GetCursor
RegisterClassW
KillTimer
LoadImageW
IsZoomed
TrackMouseEvent
MoveWindow
TrackPopupMenuEx
GetWindowRect
ReleaseDC
SetCursorPos
DefWindowProcW
GetCaretBlinkTime
GetDesktopWindow
GetMessageExtraInfo
ReleaseCapture
ToAscii
UnhookWindowsHookEx
SetWindowTextW

kernel32

GetGeoInfoW
IsValidCodePage
UnhandledExceptionFilter
SystemTimeToTzSpecificLocalTime
SetEndOfFile
RemoveDirectoryW
DuplicateHandle
GetEnvironmentStringsW
GetConsoleMode
RaiseException
CreateFileW
DeviceIoControl
OpenProcess
LeaveCriticalSection
GetProcessHeap
SetLastError
GetSystemTime
GetCPInfo
GetUserDefaultLangID
GetDriveTypeW
CopyFileW
SetEnvironmentVariableA
lstrcmpW
SetStdHandle
TerminateProcess
FindNextFileW
MoveFileExW
HeapSize
InterlockedDecrement
GlobalSize
CreateThread
ResetEvent
FindNextChangeNotification
ReadFile
GlobalAlloc
CreateProcessW
lstrlenA
DeleteCriticalSection
GetCurrentDirectoryW
EncodePointer
InitializeCriticalSectionAndSpinCount
VirtualFree
GetModuleHandleA
CreateMutexW
VirtualAlloc
ReleaseSemaphore
lstrcatA
FormatMessageW
FreeLibrary
GetTimeFormatW
GetFileInformationByHandle
GetTimeZoneInformation
LocalFree
WaitForSingleObject
GetDateFormatA
CreateFileMappingW
GetProcAddress
FindFirstFileW
TlsSetValue
FindFirstChangeNotificationW
GetFileAttributesExW
VerifyVersionInfoW
CheckRemoteDebuggerPresent
DeleteFileA
FreeEnvironmentStringsW
SetUnhandledExceptionFilter
IsValidLocale
InitializeCriticalSection
FileTimeToSystemTime
GetModuleHandleW
GetEnvironmentVariableA
EnumSystemLocalesA
DecodePointer
RtlUnwind
GetCommandLineA
OutputDebugStringW
WaitForMultipleObjects
LoadLibraryA
GetSystemTimeAsFileTime
CreateEventW
CreateDirectoryW
VirtualQuery
HeapFree
TerminateThread
FileTimeToLocalFileTime
LoadLibraryW
SetHandleCount
GetFileAttributesW
InterlockedExchange
EnterCriticalSection
GetFileType
ExitThread
GetUserDefaultLCID
MultiByteToWideChar
LCMapStringW
GetModuleFileNameW
GetLocaleInfoW
QueryPerformanceCounter
CompareStringW
PeekNamedPipe
GetACP
TlsAlloc
ExpandEnvironmentStringsW
GetVolumeInformationW
HeapReAlloc
SetFilePointer
UnmapViewOfFile
SetThreadPriority
GetLogicalDrives
GetUserGeoID
GetCurrentThread
GetTickCount
GetLongPathNameW
GetLocaleInfoA
IsValidLanguageGroup
GetFileSize
WriteFile
WriteConsoleW
WaitForSingleObjectEx
TlsGetValue
SetEvent
FindClose
GetThreadPriority
GetConsoleWindow
GetSystemDirectoryW
GlobalLock
GetUserDefaultUILanguage
SleepEx
GetSystemInfo
GetLastError
GetFileSizeEx
GetTickCount64
IsProcessorFeaturePresent
GetCurrentProcessId
GetStdHandle
DeleteFileW
IsDebuggerPresent
QueryPerformanceFrequency
ReleaseMutex
HeapCreate
SetFilePointerEx
GetTimeFormatA
GetStartupInfoW
GetDateFormatW
HeapAlloc
TlsFree
GetOEMCP
MapViewOfFile
CreateSemaphoreW
GetStringTypeW
CloseHandle
GetFullPathNameW
GetCommandLineW
GetCurrentThreadId
ExitProcess
FindFirstFileExW
GetTempPathW
GetCurrentProcess
GetModuleFileNameA
MoveFileW
VerSetConditionMask
FlushFileBuffers
HeapSetInformation
OpenFileMappingW
FindCloseChangeNotification
SetErrorMode
InterlockedIncrement
CreateFileA
Sleep
GlobalUnlock
ResumeThread
WideCharToMultiByte
SetFileAttributesW
GetLocalTime
GetCurrencyFormatW
GetConsoleCP

ws2_32

recv
freeaddrinfo
WSAEnumNetworkEvents
WSACreateEvent
getaddrinfo
WSACloseEvent
WSAEventSelect
WSAIoctl
send
closesocket
WSAAsyncSelect
gethostname
WSACleanup
WSAStartup
setsockopt
getsockname
__WSAFDIsSet
ioctlsocket
ntohs
bind
htons
getsockopt
getpeername
socket
connect
WSASetLastError
WSAResetEvent
WSAWaitForMultipleEvents
accept
listen
htonl
sendto
recvfrom
WSAGetLastError
select

crypt32

CertFreeCertificateChain
CertFindCertificateInStore
CertAddCertificateContextToStore
PFXImportCertStore
CryptStringToBinaryW
CertCloseStore
CertFreeCertificateChainEngine
CryptDecodeObjectEx
CryptQueryObject
CertFindExtension
CertEnumCertificatesInStore
CertGetCertificateChain
CertFreeCertificateContext
CertCreateCertificateChainEngine
CertOpenStore

wldap32

ord216
ord46
ord41
ord27
ord301
ord167
ord79
ord142
ord127
ord147
ord133
ord26
ord208
ord145
ord219
ord14
ord117
ord73

Sections

.text
Size: 11.0MB - Virtual size: 11.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 55KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qtmetad
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 317KB - Virtual size: 317KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f2ab8779b49ded338fa2cc2dcaf71322

Code Sign

4e:40:e4:37:54:ed:e6:8c:00:00:00:00:51:d3:94:7fCertificate

Extended Key Usages

Key Usages

35:af:b7:7b:9d:34:1f:6a:fc:8f:84:46:ab:31:35:2bCertificate

Extended Key Usages

Key Usages

12:08:80:85:67:01:44:69:62:ce:41:22:34:0c:88:56Certificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

48:a7:7f:89:bd:fd:07:2a:35:3e:d7:8e:6d:40:26:ad:78:26:5b:b8:44:57:54:46:58:f7:32:51:b0:ad:05:d8Signer

Signature Validations

Verification

18/01/2023, 13:41 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

ole32

imm32

winmm

oleaut32

shell32

advapi32

user32

kernel32

ws2_32

crypt32

wldap32

Sections

.text Size: 11.0MB - Virtual size: 11.0MB

.rdata Size: 2.8MB - Virtual size: 2.8MB

.data Size: 55KB - Virtual size: 91KB

.qtmetad Size: 1024B - Virtual size: 588B

.rsrc Size: 68KB - Virtual size: 67KB

.reloc Size: 317KB - Virtual size: 317KB

4e:40:e4:37:54:ed:e6:8c:00:00:00:00:51:d3:94:7f
Certificate

35:af:b7:7b:9d:34:1f:6a:fc:8f:84:46:ab:31:35:2b
Certificate

12:08:80:85:67:01:44:69:62:ce:41:22:34:0c:88:56
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

48:a7:7f:89:bd:fd:07:2a:35:3e:d7:8e:6d:40:26:ad:78:26:5b:b8:44:57:54:46:58:f7:32:51:b0:ad:05:d8
Signer

18/01/2023, 13:41
Valid: true

.text
Size: 11.0MB - Virtual size: 11.0MB

.rdata
Size: 2.8MB - Virtual size: 2.8MB

.data
Size: 55KB - Virtual size: 91KB

.qtmetad
Size: 1024B - Virtual size: 588B

.rsrc
Size: 68KB - Virtual size: 67KB

.reloc
Size: 317KB - Virtual size: 317KB