36317e75e7e6b397e3601a6f57d47869[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

36317e75e7e6b397e3601a6f57d47869.exe
Size

464KB
MD5

36317e75e7e6b397e3601a6f57d47869
SHA1

ef352460956ae1daddedd9bb5cc6a3e82eaa9f84
SHA256

50d803405e13a8749bbbc53185cc4e3d104ab2dd1d85e3c4c375a95697908ba1
SHA512

7bd056386173e1ff4a6cf8b903b6578a76dc074da8175f43c8ba80c3b625cfb2d7968d8e8278cef34c17d4cf64af45538d84e059272de363044b6bfc8c8456b3
SSDEEP

6144:bU8mdthp2dsUmpiBXCAbiklSV1vGw5dTB6HQo4+HqEV2XlicY26C1:ep2OMCAmDVUw5d4nqEc20

Score

1^/10

Malware Config

Signatures

Files

36317e75e7e6b397e3601a6f57d47869.exe
.exe windows x86

862ce0ec68439a837266e9c0bd164293

Code Sign

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2031, 00:00

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:ae:8b:23:9b:2c:5a:ca:99:9d:71:c3:7f:66:33:13
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

15/01/2018, 00:00

Not After

19/01/2021, 12:00

Subject

CN=ANSYS Inc.,OU=IT,O=ANSYS Inc.,L=Canonsburg,ST=Pennsylvania,C=US,1.2.840.113549.1.9.1=#0c1564617669642e646176697340616e7379732e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b8:e7:58:f8:f0:2d:e0:eb:83:ab:65:03:80:9c:e6:3f:c1:c7:99:db:3b:71:d6:6c:4e:9c:f6:a8:ee:43:4a:71
Signer

Actual PE Digest

b8:e7:58:f8:f0:2d:e0:eb:83:ab:65:03:80:9c:e6:3f:c1:c7:99:db:3b:71:d6:6c:4e:9c:f6:a8:ee:43:4a:71

Digest Algorithm

sha256

PE Digest Matches

false

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=ANSYS Inc.,OU=IT,O=ANSYS Inc.,L=Canonsburg,ST=Pennsylvania,C=US,1.2.840.113549.1.9.1=#0c1564617669642e646176697340616e7379732e636f6d

10/11/2020, 16:20
Valid: true

Chain 1

CN=ANSYS Inc.,OU=IT,O=ANSYS Inc.,L=Canonsburg,ST=Pennsylvania,C=US,1.2.840.113549.1.9.1=#0c1564617669642e646176697340616e7379732e636f6d

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FormatMessageA
Process32Next
Process32First
CreateToolhelp32Snapshot
FindFirstFileA
FindNextFileA
FindClose
DeleteFileA
GetProcessHeap
SetEndOfFile
SetEnvironmentVariableA
CompareStringW
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
CreateFileA
FlushFileBuffers
SetStdHandle
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
ReadFile
GetConsoleMode
ExitThread
CloseHandle
CreateMutexA
GetCurrentThreadId
GetVersionExA
GetSystemInfo
GetSystemDirectoryA
GetVolumeInformationA
GetModuleFileNameA
GetTickCount
Sleep
GetCurrentDirectoryA
CreateEventA
CreateThread
WaitForSingleObject
TerminateThread
SetEvent
ResumeThread
SuspendThread
GetConsoleCP
InitializeCriticalSectionAndSpinCount
GetLastError
HeapSize
ExitProcess
LoadLibraryA
HeapAlloc
HeapFree
HeapReAlloc
EnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
GetFullPathNameA
GetModuleHandleW
GetProcAddress
SetConsoleCtrlHandler
GetTimeFormatA
GetDateFormatA
MoveFileA
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
RtlUnwind
VirtualFree
VirtualAlloc
HeapCreate
WriteFile
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetModuleHandleA
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
GetTimeZoneInformation
SetFilePointer
SetCurrentDirectoryA

wsock32

WSAStartup
inet_addr
gethostname
sendto
recv
accept
socket
setsockopt
connect
send
listen
getsockname
ntohl
getpeername
ntohs
select
WSAGetLastError
__WSAFDIsSet
getsockopt
inet_ntoa
htonl
htons
closesocket
ioctlsocket
gethostbyname
bind

ws2_32

WSAEventSelect

advapi32

DeleteService
ReportEventA
GetUserNameA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
StartServiceCtrlDispatcherA
CreateServiceA
QueryServiceStatus
ControlService
CloseEventLog
QueryServiceStatusEx
StartServiceA
RegisterServiceCtrlHandlerA
SetServiceStatus
OpenSCManagerA
OpenServiceA
QueryServiceConfigA
CloseServiceHandle
OpenEventLogA

iphlpapi

GetIpAddrTable
GetAdaptersInfo

user32

wsprintfA
GetSystemMetrics

Sections

.text
Size: 222KB - Virtual size: 221KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 164KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

862ce0ec68439a837266e9c0bd164293

Code Sign

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39Certificate

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

05:ae:8b:23:9b:2c:5a:ca:99:9d:71:c3:7f:66:33:13Certificate

Extended Key Usages

Key Usages

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6dCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

b8:e7:58:f8:f0:2d:e0:eb:83:ab:65:03:80:9c:e6:3f:c1:c7:99:db:3b:71:d6:6c:4e:9c:f6:a8:ee:43:4a:71Signer

Signature Validations

Verification

10/11/2020, 16:20 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

wsock32

ws2_32

advapi32

iphlpapi

user32

Sections

.text Size: 222KB - Virtual size: 221KB

.rdata Size: 69KB - Virtual size: 68KB

.data Size: 164KB - Virtual size: 168KB

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

05:ae:8b:23:9b:2c:5a:ca:99:9d:71:c3:7f:66:33:13
Certificate

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

b8:e7:58:f8:f0:2d:e0:eb:83:ab:65:03:80:9c:e6:3f:c1:c7:99:db:3b:71:d6:6c:4e:9c:f6:a8:ee:43:4a:71
Signer

10/11/2020, 16:20
Valid: true

.text
Size: 222KB - Virtual size: 221KB

.rdata
Size: 69KB - Virtual size: 68KB

.data
Size: 164KB - Virtual size: 168KB