photorec_win[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

photorec_win.exe
Size

950KB
MD5

e452dc76f2adb081618175d9ffb2c760
SHA1

a14dac6c201e863d66f3477a66cd0bf58a4208a6
SHA256

ea8fe8ef9439c0d17cdb75583efadf53ade35cc6f1aac9984c1536aab7aabbe6
SHA512

ca270a24fc0e5414d51f0ca24ae63d458318d80ec24a1f8a4b0df87630e0f90fcc910bcf81ade1f01505bc4cc3caacb7ab0d88d1015a97d0e79d2b4ac48dd36f
SSDEEP

12288:V7smbD7+Hvv0YW0JxG+Juz7r7AMEQi0BES3qYsoPjcNHmA5zwrVH+FlO/dwS/Ga0:V7smbD7+PLW0fGl/L3ES3qYsolWcrV7U

Score

1^/10

Malware Config

Signatures

Files

photorec_win.exe
.exe windows x64

e561d49441762dcb3275ad5585f7c5c2

Code Sign

30:87:bf:74:9d:ed:9f:5c:54:70:d5:17:01:b2:1e:35
Certificate

Issuer

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

17/06/2022, 10:43

Not After

17/06/2023, 10:43

Subject

CN=Open Source Developer\, Christophe GRENIER,O=Open Source Developer,L=LE PERREUX-SUR-MARNE,ST=ILE-DE-FRANCE,C=FR,1.2.840.113549.1.9.1=#0c166772656e69657240636773656375726974792e6f7267

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

9f:1b:d6:9e:5a:8b:17:37:a5:ef:6d:17:db:46:63:3a:7a:13:df:60:d2:f2:bc:43:ba:09:e5:a8:98:92:26:7a
Signer

Actual PE Digest

9f:1b:d6:9e:5a:8b:17:37:a5:ef:6d:17:db:46:63:3a:7a:13:df:60:d2:f2:bc:43:ba:09:e5:a8:98:92:26:7a

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Open Source Developer\, Christophe GRENIER,O=Open Source Developer,L=LE PERREUX-SUR-MARNE,ST=ILE-DE-FRANCE,C=FR,1.2.840.113549.1.9.1=#0c166772656e69657240636773656375726974792e6f7267

04/02/2023, 06:33
Valid: true

Chain 1

CN=Open Source Developer\, Christophe GRENIER,O=Open Source Developer,L=LE PERREUX-SUR-MARNE,ST=ILE-DE-FRANCE,C=FR,1.2.840.113549.1.9.1=#0c166772656e69657240636773656375726974792e6f7267

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

cyggcc_s-seh-1

__emutls_get_address

cygwin1

__assert_func
__cxa_atexit
__errno
__getreent
__locale_ctype_ptr
__locale_mb_cur_max
__main
__memcpy_chk
__memset_chk
__sprintf_chk
__stack_chk_fail
__stack_chk_guard
__strcat_chk
__strncat_chk
__strncpy_chk
_dll_crt0
_get_osfhandle
_impure_ptr
abort
atoi
atol
calloc
close
closedir
ctime
cygwin_conv_path
cygwin_detach_dll
cygwin_internal
dirname
dll_dllcrt0
dup2
endmntent
exit
fclose
fcntl
fflush
fgets
fileno
fopen
fprintf
fputc
fputs
fread
free
fseek
fseeko
fstat
fsync
ftell
ftello
ftruncate
fwrite
getchar
getcwd
getegid
getenv
geteuid
getgid
gethostname
getmntent
getpagesize
getpid
gettimeofday
getuid
isatty
kill
localtime_r
longjmp
lseek
lstat
malloc
mbrtowc
mbsinit
mbsrtowcs
memchr
memcmp
memcpy
memmove
memset
mkdir
mktime
open
opendir
openlog
perror
posix_fadvise
posix_memalign
pread
printf
putc
putchar
puts
pwrite
qsort
random
read
readdir
realloc
realpath
rename
secure_getenv
setenv
setjmp
setlocale
setmntent
sigaction
sigaddset
sigemptyset
sleep
snprintf
sprintf
srand
srandom
sscanf
stat
stpcpy
strcat
strchr
strcmp
strcpy
strdup
strerror
strftime
strlen
strncasecmp
strncat
strncmp
strncpy
strnlen
strptime
strrchr
strstr
strtol
strtoul
strtoull
sysconf
syslog
tcgetattr
time
toupper
uname
uname_x
unlink
unsetenv
utime
vfprintf
vsnprintf
wcrtomb
wctomb
write

cygewf-2

libewf_error_free
libewf_error_sprint
libewf_glob
libewf_glob_free
libewf_handle_close
libewf_handle_free
libewf_handle_get_bytes_per_sector
libewf_handle_get_media_size
libewf_handle_initialize
libewf_handle_open
libewf_handle_read_random
libewf_handle_set_header_values_date_format
libewf_handle_write_random

cygiconv-2

libiconv
libiconv_close
libiconv_open

cygjpeg-8

jpeg_CreateDecompress
jpeg_destroy_decompress
jpeg_finish_decompress
jpeg_read_header
jpeg_read_scanlines
jpeg_resync_to_restart
jpeg_start_decompress
jpeg_std_error

cygncursesw-10

assume_default_colors
cbreak
clearok
curs_set
delwin
endwin
getcurx
getcury
has_colors
init_pair
keypad
ncwrap_COLS
ncwrap_LINES
ncwrap_stdscr
newterm
newwin
nl
nodelay
noecho
nonl
start_color
waddch
waddnstr
wattr_off
wattrset
wbkgdset
wborder
wclear
wclrtoeol
wgetch
wmove
wprintw
wrefresh

cygz

inflate
inflateEnd
inflateInit2_
inflateInit_

kernel32

CloseHandle
CreateFileA
DeviceIoControl
FlushFileBuffers
FormatMessageA
GetDiskFreeSpaceA
GetDiskFreeSpaceExA
GetFileSize
GetLastError
GetModuleHandleA
GetVersionExA
LocalFree
ReadFile
SetFilePointer
WriteFile

Sections

.text
Size: 608KB - Virtual size: 607KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 237KB - Virtual size: 236KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.buildid
Size: 512B - Virtual size: 53B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 146KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e561d49441762dcb3275ad5585f7c5c2

Code Sign

30:87:bf:74:9d:ed:9f:5c:54:70:d5:17:01:b2:1e:35Certificate

Extended Key Usages

Key Usages

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39Certificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

9f:1b:d6:9e:5a:8b:17:37:a5:ef:6d:17:db:46:63:3a:7a:13:df:60:d2:f2:bc:43:ba:09:e5:a8:98:92:26:7aSigner

Signature Validations

Verification

04/02/2023, 06:33 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

cyggcc_s-seh-1

cygwin1

cygewf-2

cygiconv-2

cygjpeg-8

cygncursesw-10

cygz

kernel32

Sections

.text Size: 608KB - Virtual size: 607KB

.data Size: 21KB - Virtual size: 20KB

.rdata Size: 237KB - Virtual size: 236KB

.buildid Size: 512B - Virtual size: 53B

.pdata Size: 28KB - Virtual size: 28KB

.xdata Size: 26KB - Virtual size: 25KB

.bss Size: - Virtual size: 146KB

.idata Size: 8KB - Virtual size: 7KB

.rsrc Size: 5KB - Virtual size: 5KB

.reloc Size: 4KB - Virtual size: 4KB

30:87:bf:74:9d:ed:9f:5c:54:70:d5:17:01:b2:1e:35
Certificate

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

9f:1b:d6:9e:5a:8b:17:37:a5:ef:6d:17:db:46:63:3a:7a:13:df:60:d2:f2:bc:43:ba:09:e5:a8:98:92:26:7a
Signer

04/02/2023, 06:33
Valid: true

.text
Size: 608KB - Virtual size: 607KB

.data
Size: 21KB - Virtual size: 20KB

.rdata
Size: 237KB - Virtual size: 236KB

.buildid
Size: 512B - Virtual size: 53B

.pdata
Size: 28KB - Virtual size: 28KB

.xdata
Size: 26KB - Virtual size: 25KB

.bss
Size: - Virtual size: 146KB

.idata
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 5KB - Virtual size: 5KB

.reloc
Size: 4KB - Virtual size: 4KB