Noise Engineering Products 09358[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Noise Engineering Products 09358.exe
Size

8.4MB
MD5

26b9cb8e7be12828cce41a47683f0e93
SHA1

22b4e462f150bb681a5892b2c570a8f49f4d3923
SHA256

cd2611971270a56df9566e2f335b015a19b9665980a8f406bdcbe3d4c0de4f55
SHA512

47ee8d9e8dd0ee40e22db665a7d994694edd5b1438d421248b21c3a105d4e9241ffb3c4c19325f76babbb57d6b0e4ad7f043a1eaf09af787a010b29aa850e91e
SSDEEP

49152:Spowtu3oID879VioN83um9zzP//Ikdh2e27y2e224Bl0T3TMPGbc/Xq+koc/LrJy:nw3uzs70TDMPz1MHHXzSB2tsvv

Score

1^/10

Malware Config

Signatures

Files

Noise Engineering Products 09358.exe
.exe windows x64

3a1aa36351737870f2a60f77e4d1bc60

Code Sign

08:70:81:4b:ef:aa:62:10:68:6d:76:59:0c:e4:4e:77
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

28/10/2020, 00:00

Not After

26/10/2023, 23:59

Subject

SERIALNUMBER=C3794242,CN=Noise Engineering\, Inc.,O=Noise Engineering\, Inc.,L=LOS ANGELES,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130a43616c69666f726e6961,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b5:f9:8b:46:3c:9b:9e:4c:61:c4:75:39:50:57:f5:1e:6f:60:30:36:46:db:17:cf:14:96:93:ea:ef:57:62:f4
Signer

Actual PE Digest

b5:f9:8b:46:3c:9b:9e:4c:61:c4:75:39:50:57:f5:1e:6f:60:30:36:46:db:17:cf:14:96:93:ea:ef:57:62:f4

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=C3794242,CN=Noise Engineering\, Inc.,O=Noise Engineering\, Inc.,L=LOS ANGELES,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130a43616c69666f726e6961,1.3.6.1.4.1.311.60.2.1.3=#13025553

23/09/2022, 20:40
Valid: true

Chain 1

SERIALNUMBER=C3794242,CN=Noise Engineering\, Inc.,O=Noise Engineering\, Inc.,L=LOS ANGELES,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130a43616c69666f726e6961,1.3.6.1.4.1.311.60.2.1.3=#13025553

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

wsock32

setsockopt
WSAStartup
getpeername
getsockname
send
socket
ntohs
recv
htons
getsockopt
connect
WSASetLastError
listen
__WSAFDIsSet
inet_ntoa
htonl
WSAGetLastError
shutdown
WSACleanup
accept
bind
closesocket
select

ws2_32

getaddrinfo
freeaddrinfo
WSAIoctl
WSASocketW
getnameinfo

shlwapi

PathIsDirectoryW
PathFileExistsW

winmm

waveInPrepareHeader
waveOutWrite
waveOutGetErrorTextW
waveOutGetNumDevs
waveInGetNumDevs
waveOutGetDevCapsW
waveInReset
waveInUnprepareHeader
waveOutUnprepareHeader
waveInClose
waveInGetDevCapsW
waveOutReset
waveInOpen
waveOutOpen
waveOutPrepareHeader
waveInStart
waveInAddBuffer
timeBeginPeriod
timeGetTime
timeEndPeriod
waveOutClose

kernel32

LoadLibraryA
QueryPerformanceFrequency
GlobalAlloc
DeleteFileW
CloseHandle
RaiseException
CreateThread
SwitchToThread
GlobalLock
LocalFree
GetFileSize
GetCurrentProcessId
SetThreadExecutionState
FreeLibrary
FormatMessageA
QueryPerformanceCounter
GlobalUnlock
SetUnhandledExceptionFilter
SetLastError
VerifyVersionInfoA
GetModuleHandleA
GetSystemDirectoryA
VerSetConditionMask
SleepEx
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
GetTickCount
ExpandEnvironmentStringsA
WaitForSingleObjectEx
GetFileSizeEx
CreateFileA
IsDebuggerPresent
Process32First
SetHandleInformation
TerminateProcess
CreatePipe
CreateToolhelp32Snapshot
Process32Next
CreateProcessA
GetExitCodeProcess
ExitProcess
OutputDebugStringW
TryEnterCriticalSection
InitializeCriticalSectionAndSpinCount
LoadLibraryW
MulDiv
SetThreadPriority
GetCurrentThread
TlsSetValue
TlsAlloc
TlsGetValue
CompareStringA
GetModuleFileNameW
ReleaseSemaphore
CreateSemaphoreW
CreateEventW
SetErrorMode
SetFilePointer
FindNextFileA
FormatMessageW
VerifyVersionInfoW
CancelIo
DeviceIoControl
ResetEvent
GetOverlappedResult
CreateEventA
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetTempPathA
GetExitCodeThread
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
SleepConditionVariableSRW
SleepConditionVariableCS
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
GetLastError
Sleep
GetCurrentDirectoryA
GetCurrentThreadId
CreateFileW
WaitForSingleObject
FindClose
GetEnvironmentVariableA
SetEndOfFile
LCMapStringEx
EncodePointer
DecodePointer
CompareStringEx
GetCPInfo
GetStringTypeW
SetEvent
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RemoveDirectoryW
OutputDebugStringA
WriteFile
GetCurrentProcess
GetSystemTimeAsFileTime
FindFirstFileA
FindFirstFileW
GetModuleFileNameA
ReadFile
CreateDirectoryW
GetComputerNameExA
UnhandledExceptionFilter
IsProcessorFeaturePresent
GetStartupInfoW
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
TlsFree
LoadLibraryExW
GetModuleHandleExW
GetModuleHandleW
GetProcAddress
GetSystemInfo
GetLocaleInfoA
GetUserDefaultLocaleName
WideCharToMultiByte
MultiByteToWideChar
FileTimeToSystemTime
SetConsoleCtrlHandler
GetTimeZoneInformation
GetStdHandle
GetConsoleMode
ReadConsoleW
GetConsoleOutputCP
HeapFree
HeapAlloc
HeapReAlloc
ExitThread
FreeLibraryAndExitThread
GetDriveTypeW
GetFileInformationByHandle
GetFileType
PeekNamedPipe
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
SystemTimeToTzSpecificLocalTime
GetCurrentDirectoryW
GetFullPathNameW
SetStdHandle
GetFileAttributesExW
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
HeapSize
WriteConsoleW
SetFilePointerEx
RtlUnwind

user32

IsClipboardFormatAvailable
SetWindowRgn
ChangeDisplaySettingsExW
EnumDisplayMonitors
GetMonitorInfoW
EnumDisplayDevicesW
EnumDisplaySettingsW
GetClipboardData
SetCursorPos
GetMessageExtraInfo
CallWindowProcW
IsWindowVisible
GetPropW
RegisterClassExW
WindowFromPoint
DispatchMessageW
DestroyIcon
PeekMessageW
GetRawInputData
ValidateRect
GetUpdateRect
LoadIconW
GetClassInfoExW
InvalidateRect
IsIconic
GetCursorPos
GetKeyState
MapVirtualKeyW
GetKeyboardState
GetKeyboardLayout
ToUnicode
GetWindowLongW
GetWindowTextLengthW
DefWindowProcW
GetMenu
GetFocus
DestroyWindow
CreateWindowExW
SendMessageW
RemovePropW
UnregisterClassW
SetWindowTextW
ClientToScreen
RegisterClassW
GetClipCursor
CreateIconFromResource
LoadCursorW
SetLayeredWindowAttributes
SetPropW
ClipCursor
SetWindowLongW
GetClientRect
PtInRect
SetForegroundWindow
GetWindowTextW
PostMessageW
SetWindowLongPtrW
EndDialog
GetSystemMetrics
GetWindowLongPtrW
DialogBoxIndirectParamW
SetFocus
SystemParametersInfoA
GetDlgItem
DrawTextW
SystemParametersInfoW
GetDoubleClickTime
AdjustWindowRectEx
GetWindowRect
GetDC
SetWindowPos
ScreenToClient
ShowWindow
GetAsyncKeyState
SetTimer
CreateWindowExA
TranslateMessage
SetCursor
RegisterRawInputDevices
CreateIconIndirect
GetDesktopWindow
GetRawInputDeviceList
GetRawInputDeviceInfoA
UnregisterDeviceNotification
PostThreadMessageW
UnregisterClassA
KillTimer
GetParent
RegisterClassExA
ReleaseDC
OpenClipboard
CloseClipboard
EmptyClipboard
MessageBoxA
SetClipboardData
RegisterDeviceNotificationW
GetClipboardSequenceNumber
IsRectEmpty
GetMessageW
TrackMouseEvent

gdi32

CreateBitmap
CreateRectRgn
CombineRgn
CreateCompatibleBitmap
GetDIBits
DeleteObject
CreateCompatibleDC
CreateDIBSection
SelectObject
BitBlt
CreateFontIndirectW
DeleteDC
GetTextMetricsW
GetDeviceCaps
GetTextExtentPoint32A
GetDeviceGammaRamp
CreateDCW
SetDeviceGammaRamp
SetPixelFormat
GetPixelFormat
SwapBuffers
ChoosePixelFormat
DescribePixelFormat

shell32

ExtractIconExW
DragFinish
DragQueryFileW
ShellExecuteA
DragAcceptFiles

ole32

CoInitialize
PropVariantClear
CoInitializeEx
CoTaskMemFree
CoUninitialize
CoCreateInstance

oleaut32

SysFreeString

advapi32

RegOpenKeyExW
GetUserNameA
RegGetValueA
CryptGenRandom
RegCloseKey
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptCreateHash
RegQueryValueExW

crypt32

CryptStringToBinaryA
CertEnumCertificatesInStore
CertCloseStore
CertFindCertificateInStore
CertOpenStore
CertGetCertificateChain
CertFreeCertificateChainEngine
CertAddCertificateContextToStore
CryptQueryObject
CertFreeCertificateChain
CertGetNameStringA
CertCreateCertificateChainEngine
CertFreeCertificateContext

imm32

ImmGetCandidateListW
ImmNotifyIME
ImmSetCompositionStringW
ImmAssociateContext
ImmGetIMEFileNameA
ImmGetCompositionStringW
ImmSetCompositionWindow
ImmGetContext
ImmReleaseContext

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

setupapi

SetupDiGetDeviceRegistryPropertyA
SetupDiEnumDeviceInfo
SetupDiGetDeviceInterfaceDetailA
SetupDiGetClassDevsA
SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 502KB - Virtual size: 501KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5.8MB - Virtual size: 6.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 146KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3a1aa36351737870f2a60f77e4d1bc60

Code Sign

08:70:81:4b:ef:aa:62:10:68:6d:76:59:0c:e4:4e:77Certificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

b5:f9:8b:46:3c:9b:9e:4c:61:c4:75:39:50:57:f5:1e:6f:60:30:36:46:db:17:cf:14:96:93:ea:ef:57:62:f4Signer

Signature Validations

Verification

23/09/2022, 20:40 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

wsock32

ws2_32

shlwapi

winmm

kernel32

user32

gdi32

shell32

ole32

oleaut32

advapi32

crypt32

imm32

version

setupapi

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rdata Size: 502KB - Virtual size: 501KB

.data Size: 5.8MB - Virtual size: 6.2MB

.pdata Size: 66KB - Virtual size: 65KB

_RDATA Size: 146KB - Virtual size: 145KB

.rsrc Size: 20KB - Virtual size: 19KB

.reloc Size: 8KB - Virtual size: 8KB

08:70:81:4b:ef:aa:62:10:68:6d:76:59:0c:e4:4e:77
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

b5:f9:8b:46:3c:9b:9e:4c:61:c4:75:39:50:57:f5:1e:6f:60:30:36:46:db:17:cf:14:96:93:ea:ef:57:62:f4
Signer

23/09/2022, 20:40
Valid: true

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 502KB - Virtual size: 501KB

.data
Size: 5.8MB - Virtual size: 6.2MB

.pdata
Size: 66KB - Virtual size: 65KB

_RDATA
Size: 146KB - Virtual size: 145KB

.rsrc
Size: 20KB - Virtual size: 19KB

.reloc
Size: 8KB - Virtual size: 8KB