pspasswd64[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

pspasswd64.exe
Size

164KB
MD5

bfec8d28b818071dd898c1e18a98a242
SHA1

90994f647f8cfac2c448e6bb5371cc3dd0e4feb5
SHA256

b5a01628e544929e2dff9f7041359d80f037e1e6da8afb97abd6b2b2f67960c4
SHA512

76c567cc70231e019cdd8dade111597662163511e286104f91636cd23d2d4c834d7c20b277953a052acb34ce1cc82c445f2d806431dcc624e1318f6ed7032d48
SSDEEP

3072:MlHoXxHSkdJ2+gTz+VBj7hYcOb5UFEN8J3urxKdKsIOSEjfY:wHPkdJ2xTqPj7hmuEN4HfY

Score

1^/10

Malware Config

Signatures

Files

pspasswd64.exe
.exe windows x64

a99449be6b192d90f3303a049c6e0260

Code Sign

33:00:00:00:ae:ec:3f:ad:b6:8b:b9:2d:d2:00:00:00:00:00:ae
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/05/2016, 17:13

Not After

03/08/2017, 17:13

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:B8EC-30A4-7144,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:64:47:84:94:86:db:41:19:38:00:00:00:00:00:64
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/10/2015, 20:31

Not After

28/01/2017, 20:31

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4d:0f:f1:f2:ef:04:61:5d:ed:5b:d2:5e:fd:de:70:b6:fd:06:26:fd:ca:b3:b4:38:89:36:28:17:91:57:f4:a4
Signer

Actual PE Digest

4d:0f:f1:f2:ef:04:61:5d:ed:5b:d2:5e:fd:de:70:b6:fd:06:26:fd:ca:b3:b4:38:89:36:28:17:91:57:f4:a4

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

23/03/2023, 16:06
Valid: false

90:4a:8f:de:a0:58:99:b0:d2:95:de:02:1c:2e:cd:19:a8:6f:6a:71
Signer

Actual PE Digest

90:4a:8f:de:a0:58:99:b0:d2:95:de:02:1c:2e:cd:19:a8:6f:6a:71

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

05/07/2016, 07:49
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

netapi32

NetUserSetInfo
NetServerEnum
NetUserGetInfo
NetApiBufferFree
NetGetAnyDCName

mpr

WNetCancelConnection2W
WNetAddConnection2W

kernel32

SetLastError
Sleep
WriteFile
CloseHandle
FormatMessageA
LoadLibraryExW
CreateFileW
GetLastError
GetFileType
MultiByteToWideChar
GetConsoleScreenBufferInfo
GetVersion
GetFullPathNameW
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
ReadFile
GetConsoleCP
FlushFileBuffers
GetProcessHeap
RtlUnwindEx
GetCurrentProcess
FreeLibrary
GetModuleFileNameW
GetCommandLineW
LoadLibraryW
GetModuleHandleW
GetStdHandle
LocalFree
LocalAlloc
GetProcAddress
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeW
SetEndOfFile
LCMapStringW
OutputDebugStringW
HeapSize
HeapReAlloc
SetFilePointerEx
WriteConsoleW
ReadConsoleW
GetComputerNameW
EncodePointer
DecodePointer
ExitProcess
GetModuleHandleExW
WideCharToMultiByte
HeapFree
HeapAlloc
GetConsoleMode
ReadConsoleInputA
SetConsoleMode
EnterCriticalSection
LeaveCriticalSection
SetStdHandle
GetCurrentThreadId
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
DeleteCriticalSection
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW

user32

SendMessageW
DialogBoxIndirectParamW
EndDialog
GetDlgItem
LoadCursorW
InflateRect
GetSysColorBrush
SetWindowTextW
SetCursor

gdi32

StartPage
EndDoc
StartDocW
SetMapMode
GetDeviceCaps
EndPage

comdlg32

PrintDlgW

advapi32

RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyW
RegCreateKeyW
RegCloseKey

Sections

.text
Size: 77KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a99449be6b192d90f3303a049c6e0260

Code Sign

33:00:00:00:ae:ec:3f:ad:b6:8b:b9:2d:d2:00:00:00:00:00:aeCertificate

Extended Key Usages

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0aCertificate

Extended Key Usages

61:33:26:1a:00:00:00:00:00:31Certificate

Key Usages

61:16:68:34:00:00:00:00:00:1cCertificate

Extended Key Usages

Key Usages

33:00:00:00:64:47:84:94:86:db:41:19:38:00:00:00:00:00:64Certificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

4d:0f:f1:f2:ef:04:61:5d:ed:5b:d2:5e:fd:de:70:b6:fd:06:26:fd:ca:b3:b4:38:89:36:28:17:91:57:f4:a4Signer

Signature Validations

Verification

23/03/2023, 16:06 Valid: false

90:4a:8f:de:a0:58:99:b0:d2:95:de:02:1c:2e:cd:19:a8:6f:6a:71Signer

Signature Validations

Verification

05/07/2016, 07:49 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

version

netapi32

mpr

kernel32

user32

gdi32

comdlg32

advapi32

Sections

.text Size: 77KB - Virtual size: 76KB

.rdata Size: 59KB - Virtual size: 58KB

.data Size: 6KB - Virtual size: 21KB

.pdata Size: 4KB - Virtual size: 3KB

.rsrc Size: 1KB - Virtual size: 1KB

33:00:00:00:ae:ec:3f:ad:b6:8b:b9:2d:d2:00:00:00:00:00:ae
Certificate

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

61:33:26:1a:00:00:00:00:00:31
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

33:00:00:00:64:47:84:94:86:db:41:19:38:00:00:00:00:00:64
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

4d:0f:f1:f2:ef:04:61:5d:ed:5b:d2:5e:fd:de:70:b6:fd:06:26:fd:ca:b3:b4:38:89:36:28:17:91:57:f4:a4
Signer

23/03/2023, 16:06
Valid: false

90:4a:8f:de:a0:58:99:b0:d2:95:de:02:1c:2e:cd:19:a8:6f:6a:71
Signer

05/07/2016, 07:49
Valid: false

.text
Size: 77KB - Virtual size: 76KB

.rdata
Size: 59KB - Virtual size: 58KB

.data
Size: 6KB - Virtual size: 21KB

.pdata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 1KB