file[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

file.exe
Size

3.4MB
MD5

258467fede5e52d5eddb8e7791f60c51
SHA1

33d7a58cd66a7aa7ca67138a656ec7cbd24af42d
SHA256

2cf05fa94049a30c14fd5c1622620f6cb8b16fccd9ffad57c1f782cc1f38f253
SHA512

7283eacc35df339f1edf2b53a70566472f5138b6f823b0741907cfc435131f1807c05ec11e563a89300719a231de433f16ad245ed199e32c8b6fcf48ef9ac7c7
SSDEEP

98304:6VuwFCbmtQZVKyNt7LvlxZpKUKCz/EFM/sULWBnHmNqdG6F8:twcbGQTKyvKCKCwH06F

Score

1^/10

Malware Config

Signatures

Files

file.exe
.exe windows x86

ba682b08474414ef441da52664156d0d

Code Sign

63:24:4d:30:d2:a1:4a:b4:4a:ad:bd:9a:36:e4:da:5a
Certificate

Issuer

CN=HDD Toshiba SATA-III 10Tb HDWG460EZSTA N300 (7200rpm) 4096Mb 2.5 Rtl

Not Before

10/12/2022, 12:00

Not After

11/12/2032, 12:00

Subject

CN=HDD Toshiba SATA-III 10Tb HDWG460EZSTA N300 (7200rpm) 4096Mb 2.5 Rtl

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11/05/2022, 00:00

Not After

10/08/2033, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

55:ef:2f:d2:cb:4d:ab:c3:f4:51:19:df:92:0a:ee:7e:af:fb:bf:d2:f7:41:fe:6b:27:3f:b9:ac:f4:8c:cb:6a
Signer

Actual PE Digest

55:ef:2f:d2:cb:4d:ab:c3:f4:51:19:df:92:0a:ee:7e:af:fb:bf:d2:f7:41:fe:6b:27:3f:b9:ac:f4:8c:cb:6a

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=HDD Toshiba SATA-III 10Tb HDWG460EZSTA N300 (7200rpm) 4096Mb 2.5 Rtl

09/03/2023, 18:59
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

ole32

CoCreateInstance

oleaut32

VariantInit

user32

GetProcessWindowStation

Sections

.MPRESS1
Size: 3.1MB - Virtual size: 5.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 354KB - Virtual size: 353KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ba682b08474414ef441da52664156d0d

Code Sign

63:24:4d:30:d2:a1:4a:b4:4a:ad:bd:9a:36:e4:da:5aCertificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

55:ef:2f:d2:cb:4d:ab:c3:f4:51:19:df:92:0a:ee:7e:af:fb:bf:d2:f7:41:fe:6b:27:3f:b9:ac:f4:8c:cb:6aSigner

Signature Validations

Verification

09/03/2023, 18:59 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ole32

oleaut32

user32

Sections

.MPRESS1 Size: 3.1MB - Virtual size: 5.7MB

.MPRESS2 Size: 3KB - Virtual size: 3KB

.rsrc Size: 354KB - Virtual size: 353KB

63:24:4d:30:d2:a1:4a:b4:4a:ad:bd:9a:36:e4:da:5a
Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

55:ef:2f:d2:cb:4d:ab:c3:f4:51:19:df:92:0a:ee:7e:af:fb:bf:d2:f7:41:fe:6b:27:3f:b9:ac:f4:8c:cb:6a
Signer

09/03/2023, 18:59
Valid: false

.MPRESS1
Size: 3.1MB - Virtual size: 5.7MB

.MPRESS2
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 354KB - Virtual size: 353KB