secureconnection[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

secureconnection.exe
Size

2.0MB
MD5

b811ca104a22d581d195bfcd6163111a
SHA1

1c7ec0f032d5b3fab3ea9deb6704c0ee5a29389b
SHA256

3aff05c30348be1a31a72f6cfc763c0f93092cb7c5799807c1fa9aba934a1afb
SHA512

40ed8f65c9f30476f484d5e388b5935fe23353c2cda78c964c813a37ed275f229fd022e9d2dd4450a9003a544b83845e87045117b83183afa0f818d7f8a2d125
SSDEEP

12288:qTgRQNUz6bLWIu44p1PkC2RVjwzIUvhwNuLhl8tRTIt9f4rY2O2JU2s6Me:CUebLW34Y1PkCEkIUv6il8tRMraTVCe

Score

1^/10

Malware Config

Signatures

Files

secureconnection.exe
.exe windows x86

b1dd0de6cb763f53c182001dfe0fb2ed

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d9:98:dd:87:73:40:bd:da:2f:50:32:b5:82:d9:4b:fe
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

12/12/2022, 00:00

Not After

12/12/2023, 23:59

Subject

CN=MONSTERJ INC,O=MONSTERJ INC,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

88:d5:54:2c:98:14:7e:80:4e:6b:4d:59:9a:0c:fd:8d:8c:83:eb:4c:20:9d:0f:37:40:ec:24:36:9b:44:a2:83
Signer

Actual PE Digest

88:d5:54:2c:98:14:7e:80:4e:6b:4d:59:9a:0c:fd:8d:8c:83:eb:4c:20:9d:0f:37:40:ec:24:36:9b:44:a2:83

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=MONSTERJ INC,O=MONSTERJ INC,ST=Seoul,C=KR

13/12/2022, 17:18
Valid: true

Chain 1

CN=MONSTERJ INC,O=MONSTERJ INC,ST=Seoul,C=KR

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteConsoleW
GetFullPathNameW
GetCurrentDirectoryW
SetEndOfFile
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetTimeZoneInformation
ReadConsoleW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
SetFilePointerEx
FreeLibraryAndExitThread
ExitThread
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetFileInformationByHandle
GetDriveTypeW
GetFileAttributesExW
WriteFile
GetModuleFileNameW
GetModuleHandleExW
ExitProcess
VirtualQuery
GetModuleHandleW
GetSystemInfo
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RtlUnwind
GetFileSizeEx
CreateFileW
VerifyVersionInfoW
VerSetConditionMask
WaitForMultipleObjects
PeekNamedPipe
ReadFile
GetFileType
GetStdHandle
GetEnvironmentVariableA
MoveFileExW
FormatMessageW
GetTickCount
LoadLibraryW
GetSystemDirectoryW
QueryPerformanceFrequency
SleepEx
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
OutputDebugStringW
VirtualFree
VirtualAlloc
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
GetFileSize
GetLocalTime
GetWindowsDirectoryA
GetSystemDirectoryA
CreateFileA
GetFileAttributesA
GetTempPathA
DeviceIoControl
GetCurrentProcess
MulDiv
GlobalUnlock
CreateEventA
CreateDirectoryA
CreateProcessA
lstrcmpiA
WideCharToMultiByte
FreeLibrary
GetProcessHeap
DeleteCriticalSection
GlobalLock
GetProcAddress
DecodePointer
HeapAlloc
LoadResource
IsDBCSLeadByte
CreateThread
RaiseException
CloseHandle
HeapReAlloc
GlobalAlloc
SetDllDirectoryA
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateEventW
WaitForSingleObjectEx
InitializeCriticalSectionAndSpinCount
GetCPInfo
LCMapStringEx
LocalFree
EncodePointer
GetStringTypeW
GetLastError
Sleep
MultiByteToWideChar
HeapSize
GetModuleHandleA
SetSearchPathMode
lstrcmpA
GetCurrentThreadId
WaitForSingleObject
CreateMutexA
lstrlenA
DeleteFileW
FindResourceA
InitializeCriticalSectionEx
LeaveCriticalSection
LoadLibraryExA
EnterCriticalSection
SetLastError
HeapFree
SizeofResource
VirtualProtect
GetModuleFileNameA

user32

SetCapture
BringWindowToTop
SetFocus
SetDlgItemTextA
TranslateMessage
SendMessageA
GetClientRect
PostQuitMessage
GetDesktopWindow
GetWindowTextLengthA
GetParent
FindWindowA
RegisterClassExA
UpdateWindow
ReleaseCapture
SetForegroundWindow
InvalidateRect
ReleaseDC
GetDlgItem
BeginPaint
CreateWindowExA
DestroyMenu
EndPaint
DefWindowProcA
IsDlgButtonChecked
MoveWindow
GetForegroundWindow
GetSysColor
MessageBoxA
AttachThreadInput
SetWindowTextA
LoadBitmapA
GetWindowLongA
CreateAcceleratorTableA
LoadAcceleratorsA
IsChild
GetWindowTextA
DestroyAcceleratorTable
CallWindowProcA
FindWindowExA
LoadIconA
UnregisterClassA
KillTimer
GetCursorPos
CheckDlgButton
ClientToScreen
GetCapture
RegisterClassA
SetCursor
GetWindowRect
wsprintfA
MapWindowPoints
SystemParametersInfoA
PtInRect
GetWindowThreadProcessId
CharNextA
LoadMenuA
GetMessageA
GetWindow
DispatchMessageA
GetFocus
LoadCursorA
DestroyWindow
GetDC
IsWindowVisible
SetWindowPos
PostMessageA
FillRect
ScreenToClient
EndDialog
GetClassNameA
DialogBoxParamA
TrackPopupMenu
GetSubMenu
ShowWindow
IsWindow
InvalidateRgn
GetClassInfoExA
RegisterWindowMessageA
TranslateAcceleratorA
GetDlgItemTextA
SetTimer
RedrawWindow
SetWindowLongA

gdi32

DeleteObject
CreateSolidBrush
GetObjectA
DeleteDC
GetDeviceCaps
GetStockObject
SelectObject
CreateFontA
CreateCompatibleBitmap
BitBlt
CreateCompatibleDC

advapi32

OpenServiceA
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptDestroyKey
CryptImportKey
CryptEncrypt
CryptAcquireContextW
RegEnumKeyExA
RegDeleteValueA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegDeleteKeyA
RegQueryInfoKeyW
RegCloseKey
CryptReleaseContext
ControlService
CloseServiceHandle
RegQueryValueExA
OpenSCManagerA
DeleteService
ChangeServiceConfigA

shell32

ShellExecuteA
SHGetSpecialFolderPathA
Shell_NotifyIconA

ole32

CoCreateGuid
OleLockRunning
CoInitializeEx
CLSIDFromProgID
CoTaskMemRealloc
OleInitialize
CreateStreamOnHGlobal
CoTaskMemFree
CLSIDFromString
CoCreateInstance
CoUninitialize
StringFromGUID2
CoTaskMemAlloc
CoInitialize
OleUninitialize
CoGetClassObject

oleaut32

LoadTypeLi
VarUI4FromStr
VariantClear
SafeArrayAccessData
SafeArrayCreateVector
SysAllocStringLen
SafeArrayUnaccessData
SysStringLen
SysAllocString
SysAllocStringByteLen
SysStringByteLen
OleCreateFontIndirect
SysFreeString
VariantInit
LoadRegTypeLi

shlwapi

AssocQueryStringA

comctl32

ord17

iphlpapi

GetAdaptersInfo

windivert

WinDivertClose
WinDivertHelperCalcChecksums
WinDivertHelperParsePacket
WinDivertOpen
WinDivertRecv
WinDivertSend

ws2_32

getsockname
getpeername
getsockopt
setsockopt
socket
WSASetLastError
WSAIoctl
WSAStartup
WSACleanup
__WSAFDIsSet
select
accept
listen
getaddrinfo
freeaddrinfo
recvfrom
sendto
ioctlsocket
gethostname
connect
bind
ntohl
ntohs
htonl
htons
recv
WSAGetLastError
closesocket
WSAWaitForMultipleEvents
WSAResetEvent
send
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect

wldap32

ord219
ord46
ord14
ord216
ord73
ord208
ord41
ord117
ord26
ord27
ord127
ord167
ord142
ord79
ord133
ord147
ord301
ord145

crypt32

CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CertGetNameStringW
CertFindExtension
CertAddCertificateContextToStore
CryptDecodeObjectEx
PFXImportCertStore
CryptQueryObject
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CertOpenStore
CryptStringToBinaryW

bcrypt

BCryptGenRandom

Sections

.text
Size: 691KB - Virtual size: 690KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 140KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b1dd0de6cb763f53c182001dfe0fb2ed

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

d9:98:dd:87:73:40:bd:da:2f:50:32:b5:82:d9:4b:feCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

88:d5:54:2c:98:14:7e:80:4e:6b:4d:59:9a:0c:fd:8d:8c:83:eb:4c:20:9d:0f:37:40:ec:24:36:9b:44:a2:83Signer

Signature Validations

Verification

13/12/2022, 17:18 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

iphlpapi

windivert

ws2_32

wldap32

crypt32

bcrypt

Sections

.text Size: 691KB - Virtual size: 690KB

.rdata Size: 140KB - Virtual size: 140KB

.data Size: 7KB - Virtual size: 13KB

.rsrc Size: 1.2MB - Virtual size: 1.2MB

.reloc Size: 30KB - Virtual size: 30KB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

d9:98:dd:87:73:40:bd:da:2f:50:32:b5:82:d9:4b:fe
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

88:d5:54:2c:98:14:7e:80:4e:6b:4d:59:9a:0c:fd:8d:8c:83:eb:4c:20:9d:0f:37:40:ec:24:36:9b:44:a2:83
Signer

13/12/2022, 17:18
Valid: true

.text
Size: 691KB - Virtual size: 690KB

.rdata
Size: 140KB - Virtual size: 140KB

.data
Size: 7KB - Virtual size: 13KB

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

.reloc
Size: 30KB - Virtual size: 30KB