DoorsScript_845841[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

DoorsScript_845841.exe
Size

14.2MB
MD5

26621d913911abcb28ae9401b82073dc
SHA1

ba576713bf99b434dbe3d27e65137b7cb00772da
SHA256

ebbd7d2484905d6fcfee2fe6df3c95f6eb97cad73865f8e3fcc6f4e0fdc799d8
SHA512

f90734ef60dd12879682e29711d93d575087368a48f12afdb932395310454c90adf95713d7373100ddc061791e804eefb93d5d884813231d8fa9432719e26841
SSDEEP

196608:fuKUT4j/R3q/1pp7AtT9UPEwCKgYh/LyiDItlnFxRNwlDmtZZxcZBYj9sBv8dmF9:jMkxRqncqsllLmqXoJsv6tWKFdu9C5

Score

1^/10

Malware Config

Signatures

Files

DoorsScript_845841.exe
.exe windows x86

44289c3e66bb023a435fd46a20d23d22

Code Sign

4e:40:e4:37:54:ed:e6:8c:00:00:00:00:51:d3:94:7f
Certificate

Issuer

CN=Entrust Root Certification Authority - G2,OU=See www.entrust.net/legal-terms+OU=(c) 2009 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Not Before

07/05/2021, 15:43

Not After

07/11/2030, 16:13

Subject

CN=Entrust Code Signing Root Certification Authority - CSBR1,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

35:af:b7:7b:9d:34:1f:6a:fc:8f:84:46:ab:31:35:2b
Certificate

Issuer

CN=Entrust Code Signing Root Certification Authority - CSBR1,O=Entrust\, Inc.,C=US

Not Before

07/05/2021, 19:19

Not After

29/12/2040, 23:59

Subject

CN=Entrust Extended Validation Code Signing CA - EVCS2,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

12:08:80:85:67:01:44:69:62:ce:41:22:34:0c:88:56
Certificate

Issuer

CN=Entrust Extended Validation Code Signing CA - EVCS2,O=Entrust\, Inc.,C=US

Not Before

07/03/2022, 20:30

Not After

07/03/2023, 20:30

Subject

SERIALNUMBER=2021-001024541,CN=Stragence Technology\, Inc.,O=Stragence Technology\, Inc.,L=Cheyenne,ST=Wyoming,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130757796f6d696e67,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

13:3c:42:7f:1f:d3:dd:4a:40:d4:f7:cd:30:85:eb:37:19:76:aa:5c:70:e7:04:bc:47:c3:1a:5a:63:3a:b6:07
Signer

Actual PE Digest

13:3c:42:7f:1f:d3:dd:4a:40:d4:f7:cd:30:85:eb:37:19:76:aa:5c:70:e7:04:bc:47:c3:1a:5a:63:3a:b6:07

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=2021-001024541,CN=Stragence Technology\, Inc.,O=Stragence Technology\, Inc.,L=Cheyenne,ST=Wyoming,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130757796f6d696e67,1.3.6.1.4.1.311.60.2.1.3=#13025553

18/01/2023, 13:42
Valid: true

Chain 1

SERIALNUMBER=2021-001024541,CN=Stragence Technology\, Inc.,O=Stragence Technology\, Inc.,L=Cheyenne,ST=Wyoming,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130757796f6d696e67,1.3.6.1.4.1.311.60.2.1.3=#13025553

CN=Entrust Extended Validation Code Signing CA - EVCS2,O=Entrust\, Inc.,C=US

CN=Entrust Code Signing Root Certification Authority - CSBR1,O=Entrust\, Inc.,C=US

CN=Entrust Root Certification Authority - G2,OU=See www.entrust.net/legal-terms+OU=(c) 2009 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

AddFontMemResourceEx
BitBlt
RemoveFontResourceExW
RemoveFontMemResourceEx
CreateCompatibleDC
SelectObject
CreateDIBSection
GetBitmapBits
SetTextColor
DeleteObject
ExtTextOutW
SetBkMode
GetTextMetricsW
OffsetRgn
GetDeviceCaps
AddFontResourceExW
CreateDCW
GetStockObject
CreateCompatibleBitmap
CombineRgn
GetCharABCWidthsFloatW
GetOutlineTextMetricsW
CreateFontIndirectW
CreateRectRgn
GetRegionData
SetTextAlign
GetTextExtentPoint32W
GetGlyphOutlineW
CreateBitmap
GdiFlush
GetObjectW
GetCharABCWidthsI
SelectClipRgn
SetGraphicsMode
GetFontData
GetCharABCWidthsW
GetTextFaceW
EnumFontFamiliesExW
GetDIBits
SetWorldTransform
DeleteDC

ole32

CoCreateGuid
RevokeDragDrop
OleFlushClipboard
OleIsCurrentClipboard
CoGetMalloc
DoDragDrop
ReleaseStgMedium
CoLockObjectExternal
OleGetClipboard
OleSetClipboard
CoCreateInstance
OleUninitialize
StringFromGUID2
CoUninitialize
CoTaskMemAlloc
OleInitialize
CoInitialize
RegisterDragDrop
CoTaskMemFree

imm32

ImmGetDefaultIMEWnd
ImmGetCompositionStringW
ImmSetCompositionWindow
ImmGetContext
ImmSetCandidateWindow
ImmNotifyIME
ImmGetVirtualKey
ImmReleaseContext
ImmAssociateContext

winmm

PlaySoundW

oleaut32

SysStringLen
SystemTimeToVariantTime
VariantChangeType
VariantInit
SysAllocStringLen
SysFreeString
SysAllocString

shell32

SHGetSpecialFolderPathW
CommandLineToArgvW
SHGetPathFromIDListW
SHGetMalloc
ShellExecuteW
SHGetFileInfoW
SHBrowseForFolderW

advapi32

RegOpenKeyExW
CryptAcquireContextW
RegCreateKeyExW
CryptReleaseContext
FreeSid
CryptCreateHash
CryptDestroyKey
CryptGetHashParam
CryptHashData
RegEnumValueW
CopySid
RegDeleteValueW
CryptGenRandom
CryptEncrypt
RegCloseKey
CryptDestroyHash
RegFlushKey
RegQueryValueExW
RegDeleteKeyW
RegEnumKeyExW
GetLengthSid
GetTokenInformation
OpenProcessToken
CryptImportKey
RegQueryInfoKeyW
RegSetValueExW

user32

ToAscii
GetSysColorBrush
UnhookWindowsHookEx
RegisterClassExW
GetWindowLongW
EnumDisplayMonitors
SetCursorPos
GetSysColor
GetWindowThreadProcessId
ReleaseCapture
MoveWindow
SetCursor
DispatchMessageW
MessageBoxW
IsWindowVisible
SetTimer
GetForegroundWindow
GetCursorPos
RegisterClipboardFormatW
GetWindowTextW
GetDesktopWindow
ScreenToClient
DefWindowProcW
DrawIconEx
SetFocus
GetCursor
RegisterWindowMessageW
SendMessageW
GetWindowRect
GetFocus
GetClipboardFormatNameW
TrackMouseEvent
SetCapture
GetUpdateRect
DestroyCaret
LoadCursorW
HideCaret
TranslateMessage
EnableMenuItem
wsprintfA
RegisterClassW
GetCursorInfo
DestroyCursor
GetParent
RealGetWindowClassW
MessageBeep
DestroyIcon
GetMenu
GetMonitorInfoW
PostMessageW
SetWindowPos
PeekMessageW
EndPaint
GetClientRect
MsgWaitForMultipleObjectsEx
CreateIconIndirect
SetParent
TrackPopupMenuEx
GetSystemMenu
CreateCaret
LoadIconW
LoadImageW
GetClassInfoW
CharNextExA
ClientToScreen
GetCapture
SetWindowsHookExW
NotifyWinEvent
EnumWindows
GetAsyncKeyState
DestroyWindow
GetMessageExtraInfo
SetWindowPlacement
GetKeyboardState
GetDC
BeginPaint
InvalidateRect
AdjustWindowRectEx
GetSystemMetrics
MapVirtualKeyW
ToUnicode
SetMenuItemInfoW
IsZoomed
SetWindowRgn
CallNextHookEx
GetIconInfo
SetWindowLongW
GetKeyState
SetForegroundWindow
GetKeyboardLayoutList
ReleaseDC
FlashWindowEx
GetQueueStatus
ShowWindow
KillTimer
CreateCursor
IsIconic
GetAncestor
SetClipboardViewer
ChildWindowFromPointEx
IsChild
UnregisterClassW
GetCaretBlinkTime
GetWindowPlacement
CreateWindowExW
SetWindowTextW
SetCaretPos
GetKeyboardLayout
SystemParametersInfoW
GetDoubleClickTime
ChangeClipboardChain

kernel32

GetConsoleMode
FindFirstFileW
EncodePointer
SetEndOfFile
InitializeCriticalSection
IsValidCodePage
ResumeThread
GetCurrentProcessId
GetThreadPriority
TerminateThread
ExpandEnvironmentStringsW
GetCommandLineA
TlsSetValue
SleepEx
GetModuleHandleW
FindNextChangeNotification
HeapSize
GetProcAddress
GetDateFormatW
SetFilePointer
HeapCreate
ResetEvent
CreateFileW
GetFileInformationByHandle
GetProcessHeap
WaitForSingleObject
FindClose
GetSystemInfo
CreateDirectoryW
InitializeCriticalSectionAndSpinCount
FindFirstChangeNotificationW
GetFileAttributesExW
MapViewOfFile
FlushFileBuffers
TlsGetValue
IsDebuggerPresent
GetEnvironmentStringsW
Sleep
DeleteFileW
GetCPInfo
SetThreadPriority
GetStdHandle
OpenFileMappingW
ExitProcess
GetCommandLineW
GetLocalTime
lstrcatA
RtlUnwind
GetGeoInfoW
VerifyVersionInfoW
SetEvent
SetFileAttributesW
TlsFree
GetSystemDirectoryW
VirtualFree
WideCharToMultiByte
EnumSystemLocalesA
GlobalLock
WriteFile
MoveFileW
GetCurrentProcess
SetUnhandledExceptionFilter
GetLastError
FileTimeToSystemTime
IsProcessorFeaturePresent
GetLogicalDrives
LoadLibraryW
GetTimeFormatA
SetStdHandle
CreateProcessW
VirtualAlloc
GetOEMCP
LCMapStringW
GetUserGeoID
WaitForMultipleObjects
RemoveDirectoryW
TerminateProcess
HeapFree
GetUserDefaultUILanguage
GetSystemTime
FormatMessageW
SetFilePointerEx
FreeEnvironmentStringsW
GetStringTypeW
FindNextFileW
GetConsoleCP
GetTempPathW
GetACP
LeaveCriticalSection
ExitThread
GetCurrentThreadId
GlobalSize
GetModuleFileNameA
SetLastError
MultiByteToWideChar
EnterCriticalSection
GetUserDefaultLCID
ReleaseMutex
GetModuleFileNameW
SetErrorMode
DuplicateHandle
InterlockedDecrement
GetCurrentDirectoryW
DecodePointer
DeleteCriticalSection
InterlockedIncrement
QueryPerformanceFrequency
IsValidLanguageGroup
GetUserDefaultLangID
FindCloseChangeNotification
SetEnvironmentVariableA
LocalFree
GetDriveTypeW
CreateMutexW
GetTickCount
SetHandleCount
GetLongPathNameW
FileTimeToLocalFileTime
CreateEventW
SystemTimeToTzSpecificLocalTime
GetConsoleWindow
GlobalUnlock
VerSetConditionMask
CreateSemaphoreW
OutputDebugStringW
GetFileType
CreateFileA
lstrcmpW
WriteConsoleW
GetLocaleInfoW
IsValidLocale
TlsAlloc
GetTimeZoneInformation
MoveFileExW
CreateFileMappingW
GetFullPathNameW
RaiseException
GetCurrentThread
DeviceIoControl
GetLocaleInfoA
lstrlenA
UnhandledExceptionFilter
ReadFile
GetVolumeInformationW
GetFileSizeEx
UnmapViewOfFile
VirtualQuery
DeleteFileA
LoadLibraryA
GlobalAlloc
OpenProcess
InterlockedExchange
GetTimeFormatW
GetCurrencyFormatW
CompareStringW
QueryPerformanceCounter
GetTickCount64
GetStartupInfoW
GetFileAttributesW
GetEnvironmentVariableA
GetModuleHandleA
CheckRemoteDebuggerPresent
FindFirstFileExW
ReleaseSemaphore
PeekNamedPipe
GetDateFormatA
HeapAlloc
CopyFileW
HeapSetInformation
FreeLibrary
HeapReAlloc
GetFileSize
CloseHandle
CreateThread
GetSystemTimeAsFileTime
WaitForSingleObjectEx

ws2_32

recv
WSAResetEvent
WSAIoctl
freeaddrinfo
WSAWaitForMultipleEvents
WSAEventSelect
WSACreateEvent
getaddrinfo
send
closesocket
WSAAsyncSelect
gethostname
WSACleanup
WSAStartup
setsockopt
getsockname
__WSAFDIsSet
ioctlsocket
ntohs
bind
htons
getsockopt
getpeername
socket
connect
WSASetLastError
WSAEnumNetworkEvents
WSACloseEvent
accept
listen
htonl
sendto
recvfrom
WSAGetLastError
select

crypt32

CertCloseStore
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertFindExtension
CertEnumCertificatesInStore
CertFindCertificateInStore
CryptDecodeObjectEx
CryptStringToBinaryW
CertFreeCertificateChain
CertFreeCertificateContext
CertAddCertificateContextToStore
PFXImportCertStore
CryptQueryObject
CertGetCertificateChain
CertOpenStore

wldap32

ord216
ord46
ord41
ord27
ord301
ord167
ord79
ord142
ord127
ord147
ord133
ord26
ord208
ord145
ord219
ord14
ord117
ord73

Sections

.text
Size: 11.0MB - Virtual size: 11.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 55KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qtmetad
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 317KB - Virtual size: 317KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

44289c3e66bb023a435fd46a20d23d22

Code Sign

4e:40:e4:37:54:ed:e6:8c:00:00:00:00:51:d3:94:7fCertificate

Extended Key Usages

Key Usages

35:af:b7:7b:9d:34:1f:6a:fc:8f:84:46:ab:31:35:2bCertificate

Extended Key Usages

Key Usages

12:08:80:85:67:01:44:69:62:ce:41:22:34:0c:88:56Certificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

13:3c:42:7f:1f:d3:dd:4a:40:d4:f7:cd:30:85:eb:37:19:76:aa:5c:70:e7:04:bc:47:c3:1a:5a:63:3a:b6:07Signer

Signature Validations

Verification

18/01/2023, 13:42 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

ole32

imm32

winmm

oleaut32

shell32

advapi32

user32

kernel32

ws2_32

crypt32

wldap32

Sections

.text Size: 11.0MB - Virtual size: 11.0MB

.rdata Size: 2.8MB - Virtual size: 2.8MB

.data Size: 55KB - Virtual size: 91KB

.qtmetad Size: 1024B - Virtual size: 588B

.rsrc Size: 68KB - Virtual size: 67KB

.reloc Size: 317KB - Virtual size: 317KB

4e:40:e4:37:54:ed:e6:8c:00:00:00:00:51:d3:94:7f
Certificate

35:af:b7:7b:9d:34:1f:6a:fc:8f:84:46:ab:31:35:2b
Certificate

12:08:80:85:67:01:44:69:62:ce:41:22:34:0c:88:56
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

13:3c:42:7f:1f:d3:dd:4a:40:d4:f7:cd:30:85:eb:37:19:76:aa:5c:70:e7:04:bc:47:c3:1a:5a:63:3a:b6:07
Signer

18/01/2023, 13:42
Valid: true

.text
Size: 11.0MB - Virtual size: 11.0MB

.rdata
Size: 2.8MB - Virtual size: 2.8MB

.data
Size: 55KB - Virtual size: 91KB

.qtmetad
Size: 1024B - Virtual size: 588B

.rsrc
Size: 68KB - Virtual size: 67KB

.reloc
Size: 317KB - Virtual size: 317KB