122[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

122.exe
Size

531KB
MD5

649647dbdf024f1c565f380777c0c65e
SHA1

542e79418f5cfee03323b1aaff9b83423a20e310
SHA256

010e32be0f86545e116a8bc3381a8428933eb8789f32c261c81fd5e7857d4a77
SHA512

2c3aea68fe5df96b927b15c930852cfc937f53499459da1f05b4e7e8544be29ffa54bccf6a6cd0810405a81bcb32adb13fa79c2863c75d214d3e3cf39203baec
SSDEEP

6144:tbJd2M19DXgLkpPGFeGw0wqii8dYa5wsXW46usMbvu2eTiI5Ac3A9W2w0wZuYJv/:BL2IzYkpOQOa5956uPvs5Q8v/

Score

1^/10

Malware Config

Signatures

Files

122.exe
.exe windows x86

f8dd5bf0d3ba604276d0cb674673c3b1

Code Sign

33:00:00:00:59:d6:73:cd:51:8e:f0:22:c5:00:00:00:00:00:59
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2014, 17:13

Not After

23/08/2015, 17:13

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:F528-3777-8A76,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:00:ca:6c:d5:32:12:35:c4:e1:55:00:01:00:00:00:ca
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/04/2014, 17:39

Not After

22/07/2015, 17:39

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

15:54:58:fb:2d:ea:75:d5:1f:ad:b5:2f:e7:36:f0:af:2e:0f:b5:36
Signer

Actual PE Digest

15:54:58:fb:2d:ea:75:d5:1f:ad:b5:2f:e7:36:f0:af:2e:0f:b5:36

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

10/09/2014, 19:38
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

psapi

EnumProcessModules
GetModuleBaseNameW

kernel32

DebugActiveProcessStop
FindResourceW
LoadResource
CreateProcessW
GetCurrentProcess
InitializeCriticalSection
OpenProcess
SizeofResource
GetExitCodeProcess
GetFileAttributesW
GetLastError
LockResource
CreateEventW
ContinueDebugEvent
WaitForDebugEvent
DeleteFileW
ResumeThread
CreateThread
ExpandEnvironmentStringsW
FormatMessageW
MultiByteToWideChar
TerminateProcess
SetConsoleCtrlHandler
GetFullPathNameW
SystemTimeToTzSpecificLocalTime
GetEnvironmentVariableA
GetCurrentDirectoryW
Process32FirstW
GetSystemInfo
WaitForMultipleObjects
Process32NextW
IsDebuggerPresent
DebugActiveProcess
DebugBreak
GetSystemTime
ExitProcess
GetDateFormatW
SetFilePointerEx
GetTimeFormatW
CreateFileW
ReleaseSemaphore
GetFileSizeEx
CreateSemaphoreW
GetProcessId
SetLastError
DeviceIoControl
VirtualQueryEx
WriteConsoleW
SetStdHandle
HeapReAlloc
OutputDebugStringW
LoadLibraryExW
LCMapStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
GetCurrentProcessId
OpenThread
ReadConsoleW
ReadProcessMemory
GetTickCount
GetThreadContext
DeleteCriticalSection
Sleep
WaitForSingleObject
CloseHandle
EnterCriticalSection
LeaveCriticalSection
SetEvent
InterlockedDecrement
InterlockedIncrement
GetModuleFileNameW
GetVersionExW
LocalFree
LocalAlloc
GetProcAddress
LoadLibraryW
GetModuleHandleW
GetCommandLineW
SetEndOfFile
ReadFile
CreateToolhelp32Snapshot
QueryPerformanceCounter
GetFileType
FlushFileBuffers
GetStringTypeW
GetConsoleMode
GetConsoleCP
RtlUnwind
HeapSize
RaiseException
GetStartupInfoW
TlsFree
TlsSetValue
HeapFree
HeapAlloc
IsProcessorFeaturePresent
EncodePointer
DecodePointer
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCurrentThreadId
GetProcessHeap
GetModuleHandleExW
WideCharToMultiByte
GetStdHandle
WriteFile
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue

user32

SendMessageW
GetDlgItem
InflateRect
LoadCursorW
DialogBoxIndirectParamW
SetWindowTextW
EndDialog
GetSysColorBrush
wsprintfW
IsHungAppWindow
EnumWindows
IsWindowVisible
GetWindowThreadProcessId
LoadStringA
SetCursor

gdi32

EndPage
StartPage
GetDeviceCaps
SetMapMode
EndDoc
StartDocW

comdlg32

PrintDlgW

advapi32

RegOpenKeyW
EnumServicesStatusExW
OpenSCManagerW
CloseServiceHandle
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegOpenKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegSetValueExW
RegCloseKey
RegQueryValueExW
RegCreateKeyW

shell32

CommandLineToArgvW

ole32

CoUninitialize
CoInitialize
CoAllowSetForegroundWindow
CoCreateInstance
CLSIDFromString

pdh

PdhOpenQueryW
PdhAddCounterW
PdhCollectQueryData
PdhGetFormattedCounterValue

Sections

.text
Size: 146KB - Virtual size: 145KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 282KB - Virtual size: 282KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f8dd5bf0d3ba604276d0cb674673c3b1

Code Sign

33:00:00:00:59:d6:73:cd:51:8e:f0:22:c5:00:00:00:00:00:59Certificate

Extended Key Usages

33:00:00:00:ca:6c:d5:32:12:35:c4:e1:55:00:01:00:00:00:caCertificate

Extended Key Usages

61:33:26:1a:00:00:00:00:00:31Certificate

Key Usages

61:16:68:34:00:00:00:00:00:1cCertificate

Extended Key Usages

Key Usages

15:54:58:fb:2d:ea:75:d5:1f:ad:b5:2f:e7:36:f0:af:2e:0f:b5:36Signer

Signature Validations

Verification

10/09/2014, 19:38 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

psapi

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

pdh

Sections

.text Size: 146KB - Virtual size: 145KB

.rdata Size: 80KB - Virtual size: 79KB

.data Size: 5KB - Virtual size: 19KB

.rsrc Size: 282KB - Virtual size: 282KB

.reloc Size: 9KB - Virtual size: 9KB

33:00:00:00:59:d6:73:cd:51:8e:f0:22:c5:00:00:00:00:00:59
Certificate

33:00:00:00:ca:6c:d5:32:12:35:c4:e1:55:00:01:00:00:00:ca
Certificate

61:33:26:1a:00:00:00:00:00:31
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

15:54:58:fb:2d:ea:75:d5:1f:ad:b5:2f:e7:36:f0:af:2e:0f:b5:36
Signer

10/09/2014, 19:38
Valid: false

.text
Size: 146KB - Virtual size: 145KB

.rdata
Size: 80KB - Virtual size: 79KB

.data
Size: 5KB - Virtual size: 19KB

.rsrc
Size: 282KB - Virtual size: 282KB

.reloc
Size: 9KB - Virtual size: 9KB