TidyTabs[.]Daemon[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

TidyTabs.Daemon.exe
Size

2.9MB
MD5

2b3ff91b04cbe1fe7e7cb519b5f4be7f
SHA1

de74fac0681d953d0d8bc00f81737f4dbd9ce4cc
SHA256

01f63d886e812589ee67bfc60af98f0707098684e2356751b5c24d2069963855
SHA512

54b46414d181e054eb55d57246ce070d389ced925f67faaa4ce11d4c3e3c7e94d3a319b37c630599f9318b576a09e913de2683ca93d521b60c3869188ec1727e
SSDEEP

49152:LOWexea14zmdiuQGJsjmNNZqIIdbgH3Osb+SxcdfC5VQYrcBxmxk4MT:LOsa14zmdiuQGJsjmNNhH3Osb+SO6bkT

Score

1^/10

Malware Config

Signatures

Files

TidyTabs.Daemon.exe
.exe windows x86

cbeae4ee137215d0dd8b89a3bfa27799

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2021 00:00

Not After

31-12-2028 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

90:0c:63:9d:13:3c:36:bd:fa:0c:83:a5:7d:0f:bb:bb
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

11-10-2021 00:00

Not After

10-10-2024 23:59

Subject

CN=Nurgo Software,O=Nurgo Software,ST=Normandie,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11-05-2022 00:00

Not After

10-08-2033 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

15:24:87:b5:30:e1:4e:8f:00:54:5d:47:32:fa:fc:63:f8:52:f5:f8:84:bb:70:bc:bb:f7:52:f1:21:bf:b8:c8
Signer

Actual PE Digest

15:24:87:b5:30:e1:4e:8f:00:54:5d:47:32:fa:fc:63:f8:52:f5:f8:84:bb:70:bc:bb:f7:52:f1:21:bf:b8:c8

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Nurgo Software,O=Nurgo Software,ST=Normandie,C=FR

16-03-2023 15:37
Valid: true

Chain 1

CN=Nurgo Software,O=Nurgo Software,ST=Normandie,C=FR

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

imagehlp

MapFileAndCheckSumW

tidytabs.native

IsDecorator
GetCmdLine
GetWindowProcessInfo
ScreenToWorkspace
GetMovableRootWindow

kernel32

FileTimeToLocalFileTime
GetFileAttributesExW
GetFileSizeEx
GetFileTime
SetFileAttributesW
FindClose
FindFirstFileW
FlushFileBuffers
GetFileSize
GetVolumeInformationW
LockFile
ReadFile
SetEndOfFile
SetFilePointer
UnlockFile
WriteFile
DuplicateHandle
FindNextFileW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GlobalFlags
GetCurrentDirectoryW
SetErrorMode
GetUserDefaultLCID
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
AreFileApisANSI
LCMapStringEx
CompareStringEx
GetCPInfo
LoadLibraryW
MultiByteToWideChar
SetPriorityClass
GetCommandLineW
ExitProcess
GetModuleFileNameW
GetExitCodeProcess
WaitForSingleObject
RtlUnwind
InterlockedPushEntrySList
GetCommandLineA
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
SetStdHandle
GetFileType
HeapQueryInformation
GetStdHandle
SetFilePointerEx
IsValidLocale
EnumSystemLocalesW
GetConsoleOutputCP
GetConsoleMode
ReadConsoleW
GetTimeZoneInformation
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
FindFirstFileExW
WriteConsoleW
GetFileInformationByHandle
GetDiskFreeSpaceExW
RemoveDirectoryW
DeviceIoControl
SetEvent
GetSystemTimeAsFileTime
GetCurrentProcess
CreateEventA
LocalFree
WideCharToMultiByte
FormatMessageW
FormatMessageA
AcquireSRWLockShared
AcquireSRWLockExclusive
InitializeSRWLock
WaitForSingleObjectEx
ReleaseSRWLockExclusive
ReleaseSRWLockShared
GetLastError
CloseHandle
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
FindResourceW
LoadResource
LockResource
SizeofResource
GetLocaleInfoEx
TryEnterCriticalSection
GetStringTypeW
OutputDebugStringW
MoveFileExW
LocalReAlloc
GlobalHandle
CreateFileW
GlobalReAlloc
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
SuspendThread
SetThreadPriority
CreateEventW
CreateMutexW
ReleaseMutex
lstrcmpA
GetCurrentThread
GlobalFindAtomW
GlobalAddAtomW
lstrcmpW
GlobalDeleteAtom
LoadLibraryA
GetSystemDirectoryW
EncodePointer
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
LocalAlloc
LoadLibraryExW
MulDiv
GlobalFree
GlobalLock
GlobalUnlock
GlobalAlloc
OutputDebugStringA
GetACP
InitializeCriticalSectionAndSpinCount
GetFullPathNameW
GetModuleHandleA
ResumeThread
OpenEventA
ReleaseSemaphore
ResetEvent
QueryPerformanceFrequency
QueryPerformanceCounter
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetCurrentProcessId
SleepConditionVariableSRW
WakeAllConditionVariable
GetCurrencyFormatW
GetTimeFormatW
GetDateFormatW
CompareStringW
LCMapStringW
FoldStringW
EnumSystemLocalesA
IsDBCSLeadByteEx
IsValidCodePage
GetLocaleInfoA
GetFileAttributesW
GetEnvironmentVariableW
K32GetModuleFileNameExW
GetModuleHandleW
RaiseException
Sleep
GetLocaleInfoW
OpenProcess
GetTempFileNameW
GetLongPathNameW
GetTempPathW
CreateDirectoryW
GetProcessHeap
DecodePointer
HeapAlloc
HeapReAlloc
HeapSize
InitializeCriticalSectionEx
HeapFree
GetTickCount
SetLastError
GetVersionExW
K32EmptyWorkingSet
GetVersion
DeleteFileW
VerSetConditionMask
VerifyVersionInfoW
FreeLibrary
GetProcAddress

user32

GetDlgItem
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
IsChild
IsMenu
GetClassInfoExW
CallWindowProcW
GetMessageTime
DispatchMessageW
GetMenuStringW
SendDlgItemMessageA
GetMessagePos
MessageBeep
SetWindowLongW
ReleaseDC
IsHungAppWindow
GetCursorInfo
UnhookWinEvent
SetWinEventHook
EnumWindows
WindowFromPoint
GetWindowLongW
GetAsyncKeyState
GetKeyState
ChildWindowFromPointEx
GetMenuItemCount
CreateWindowExW
DestroyWindow
GetForegroundWindow
GetWindow
GetWindowThreadProcessId
GrayStringW
DrawTextExW
TabbedTextOutW
OffsetRect
GetSysColor
DrawTextW
SetFocus
GetFocus
ReleaseCapture
GetCapture
TrackMouseEvent
SetClassLongW
GetClassLongW
SetCursor
PtInRect
GetDlgCtrlID
IsRectEmpty
SetRectEmpty
InflateRect
ScreenToClient
SetCapture
GetLastActivePopup
WinHelpW
CheckMenuItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
SetMenuItemInfoW
LoadBitmapW
PostQuitMessage
SetMenu
InvalidateRect
DestroyCursor
GetClientRect
GetIconInfo
CallNextHookEx
UnhookWindowsHookEx
TrackPopupMenuEx
UpdateWindow
BeginPaint
EndPaint
ValidateRect
GetScrollPos
SetWindowsHookExW
GetClassInfoW
IsWindowVisible
MoveWindow
EqualRect
GetParent
ShowWindow
SetActiveWindow
SystemParametersInfoW
FindWindowW
GetMenuItemID
TrackPopupMenu
GetCursorPos
SetMenuDefaultItem
GetSubMenu
LoadMenuW
IsWindow
UnregisterClassW
UnionRect
EnumDisplayMonitors
DestroyIcon
DrawIconEx
IsZoomed
SetWindowPlacement
GetWindowPlacement
LoadIconW
CopyImage
SetWindowPos
GetMonitorInfoW
MonitorFromWindow
CreateDialogIndirectParamW
EndDialog
GetNextDlgTabItem
GetActiveWindow
IsWindowEnabled
GetMessageW
TranslateMessage
SetWindowTextW
IsDialogMessageW
DestroyMenu
GetSysColorBrush
CharUpperW
RealChildWindowFromPoint
ClientToScreen
ModifyMenuW
RemoveMenu
EnableMenuItem
CheckMenuRadioItem
ChangeWindowMessageFilterEx
LoadImageW
MsgWaitForMultipleObjects
PeekMessageW
PostMessageW
SetForegroundWindow
SendMessageW
EnableWindow
UnregisterHotKey
RegisterHotKey
FillRect
MonitorFromPoint
SetLayeredWindowAttributes
RegisterClassW
DefWindowProcW
LoadCursorW
CopyRect
RedrawWindow
PrintWindow
GetDC
GetClassNameW
GetShellWindow
GetWindowTextW
GetWindowTextLengthW
GetDesktopWindow
MessageBoxW
GetSystemMetrics
RegisterWindowMessageW
KillTimer
SetTimer
IsIconic
GetWindowRect
GetMenu
SetPropW
GetPropW
RemovePropW
MapWindowPoints
AdjustWindowRectEx
GetTopWindow

gdi32

PtInRegion
CombineRgn
CreateSolidBrush
GetObjectW
SelectObject
BitBlt
GetTextExtentPoint32W
CreateFontIndirectW
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
SetPixel
GetDeviceCaps
GetStockObject
SetBkColor
SetTextColor
CreateBitmap
CreatePen
GetClipBox
LineTo
RestoreDC
SaveDC
ExtSelectClipRgn
SetBkMode
SetMapMode
DeleteObject
MoveToEx
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
OffsetViewportOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
DPtoLP
CreateRectRgn
DeleteDC
GetBitmapBits
CreateCompatibleDC
CreatePolygonRgn
CreateCompatibleBitmap

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
GetUserNameW
ConvertSidToStringSidW
LookupAccountNameW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegGetValueW
CryptGenRandom
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegSetValueExW
RegEnumKeyW
RegQueryValueW
RegEnumValueW

shell32

ExtractIconExW
SHFileOperationW
SHGetFolderPathW
Shell_NotifyIconW
ShellExecuteW
ShellExecuteExW

comctl32

ImageList_GetIcon
ImageList_GetImageInfo
ImageList_Draw
ImageList_GetIconSize
InitCommonControlsEx

shlwapi

UrlEscapeW
PathFindFileNameW
PathFileExistsW
PathRemoveFileSpecW
UrlUnescapeW
PathStripToRootW
PathIsUNCW
PathFindExtensionW

ole32

CoTaskMemFree
CoCreateGuid
PropVariantClear
CoInitializeEx
CoUninitialize
CoTaskMemAlloc
CoCreateInstance
CoInitialize

oleaut32

SystemTimeToVariantTime
VariantTimeToSystemTime
SysAllocString
VariantChangeType
VariantClear
VariantInit
SysFreeString

gdiplus

GdipCreatePen1
GdiplusStartup
GdipCreateFromHDC
GdipSetSmoothingMode
GdipSetPixelOffsetMode
GdipDrawLine
GdipDeleteGraphics
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipDeletePen
GdipDrawImageRectI
GdiplusShutdown

wintrust

WinVerifyTrust

crypt32

CryptQueryObject
CryptMsgGetParam
CertFindCertificateInStore
CertGetNameStringW
CertCloseStore
CryptMsgClose
CertFreeCertificateContext
CryptBinaryToStringW

dwmapi

DwmSetWindowAttribute
DwmGetWindowAttribute
DwmUpdateThumbnailProperties
DwmRegisterThumbnail
DwmUnregisterThumbnail
DwmGetColorizationColor

wininet

InternetQueryDataAvailable
InternetWriteFile
InternetSetFilePointer
InternetReadFile
InternetOpenUrlW
InternetCloseHandle
InternetOpenW
InternetCanonicalizeUrlW
InternetCrackUrlW
InternetSetStatusCallbackW
InternetGetLastResponseInfoW
InternetQueryOptionW

oleacc

CreateStdAccessibleObject
LresultFromObject

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 422KB - Virtual size: 422KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 166KB - Virtual size: 202KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 211KB - Virtual size: 211KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 122KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cbeae4ee137215d0dd8b89a3bfa27799

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

90:0c:63:9d:13:3c:36:bd:fa:0c:83:a5:7d:0f:bb:bbCertificate

Extended Key Usages

Key Usages

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

15:24:87:b5:30:e1:4e:8f:00:54:5d:47:32:fa:fc:63:f8:52:f5:f8:84:bb:70:bc:bb:f7:52:f1:21:bf:b8:c8Signer

Signature Validations

Verification

16-03-2023 15:37 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

imagehlp

tidytabs.native

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

gdiplus

wintrust

crypt32

dwmapi

wininet

oleacc

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.rdata Size: 422KB - Virtual size: 422KB

.data Size: 166KB - Virtual size: 202KB

.rsrc Size: 211KB - Virtual size: 211KB

.reloc Size: 122KB - Virtual size: 122KB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

90:0c:63:9d:13:3c:36:bd:fa:0c:83:a5:7d:0f:bb:bb
Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

15:24:87:b5:30:e1:4e:8f:00:54:5d:47:32:fa:fc:63:f8:52:f5:f8:84:bb:70:bc:bb:f7:52:f1:21:bf:b8:c8
Signer

16-03-2023 15:37
Valid: true

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 422KB - Virtual size: 422KB

.data
Size: 166KB - Virtual size: 202KB

.rsrc
Size: 211KB - Virtual size: 211KB

.reloc
Size: 122KB - Virtual size: 122KB