ee1b2b016b56950986db7b08f451220b91f1d91a70fec0624e289e96c648cb44[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

ee1b2b016b56950986db7b08f451220b91f1d91a70fec0624e289e96c648cb44.exe
Size

2.2MB
MD5

6b3840c04514c9b6255ca3c74b95d6a1
SHA1

925db43a13ebb94416df5154d4cd9281a11c459b
SHA256

ee1b2b016b56950986db7b08f451220b91f1d91a70fec0624e289e96c648cb44
SHA512

056279fb3ebf69171d959f33dbd45f45ab09aa40cf88e91697c133304f1784009d6af8d47eba55d5a169d61f8a844a7e672174c49c843ea97ddf9f48a344d7b4
SSDEEP

49152:Cy0z9Xjlh5xiuJjIIna8PVyRC4BwUPgtcS7l6PoyKKfIbdz:f29TNcapa8wCFRUPlqh

Score

1^/10

Malware Config

Signatures

Files

ee1b2b016b56950986db7b08f451220b91f1d91a70fec0624e289e96c648cb44.exe
.exe windows x64

b561dc8699ab63942966f576cd8f7664

Code Sign

53:2a:de:94:9f:04:de:9f:42:ef:63:b2:15:ab:a9:12
Certificate

Issuer

CN=room IT logistics

Not Before

29/04/2020, 02:30

Not After

30/04/2030, 02:30

Subject

CN=room IT logistics

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

01/08/2030, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2e:6f:21:9c:4f:e6:3b:9f:3e:93:8d:ac:9e:07:3a:95:d8:1f:1e:35:c1:2c:95:ce:09:83:36:33:c7:e6:87:30
Signer

Actual PE Digest

2e:6f:21:9c:4f:e6:3b:9f:3e:93:8d:ac:9e:07:3a:95:d8:1f:1e:35:c1:2c:95:ce:09:83:36:33:c7:e6:87:30

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=room IT logistics

02/05/2020, 07:52
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetProcAddress
GetModuleHandleW
FreeLibraryAndExitThread
ReleaseMutex
SetEvent
OpenEventW
GetModuleHandleExW
VirtualFree
lstrcpyW
CreateThread
ExitThread
ResumeThread
ReadFile
GetFileSize
CreateFileW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
FindClose
FindNextFileW
DeleteFileW
GetLastError
RemoveDirectoryW
lstrcmpW
FindFirstFileW
VirtualAlloc
LoadLibraryA
lstrcmpA
CreateEventW
SystemTimeToFileTime
GetLocalTime
lstrlenW
CreateDirectoryW
lstrcpyA
WriteFile
GetTempPathW
GetTickCount64
GetCurrentProcessId
GetSystemInfo
GetTickCount
ExitProcess
FlushFileBuffers
HeapSize
HeapReAlloc
HeapAlloc
GetStringTypeW
LCMapStringW
WriteConsoleW
SetStdHandle
MultiByteToWideChar
HeapFree
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
LeaveCriticalSection
EnterCriticalSection
GetConsoleMode
GetConsoleCP
SetFilePointer
GetSystemTimeAsFileTime
QueryPerformanceCounter
HeapCreate
GetVersion
HeapSetInformation
FlsAlloc
GetCurrentThreadId
SetLastError
FlsFree
FlsSetValue
FlsGetValue
OpenMutexW
CloseHandle
CreateMutexW
GetModuleFileNameW
LocalAlloc
lstrcmpiW
LocalFree
Sleep
WaitForSingleObject
GetWindowsDirectoryW
GetSystemDirectoryW
TerminateProcess
WaitForMultipleObjects
LoadLibraryW
DeleteCriticalSection
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
WideCharToMultiByte
GetCommandLineA
GetStartupInfoW
DecodePointer
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
EncodePointer
GetCurrentProcess
GetStdHandle
RtlUnwindEx
GetModuleFileNameA
FreeEnvironmentStringsW

ws2_32

WSAStartup
closesocket
socket
WSACreateEvent
inet_addr
gethostbyname
htons
connect
WSACloseEvent
WSAEnumNetworkEvents
WSAGetLastError
WSAEventSelect
WSAWaitForMultipleEvents
send
recv
WSACleanup
setsockopt
shutdown

user32

SendMessageTimeoutW
MessageBoxW
PostThreadMessageW
wsprintfA
LoadImageW
GetCursorPos
SetForegroundWindow
CreatePopupMenu
TrackPopupMenu
PostMessageW
DestroyMenu
DefWindowProcW
RegisterClassW
CreateWindowExW
GetMessageW
TranslateMessage
DispatchMessageW
UnregisterClassW
DestroyWindow
AppendMenuW

advapi32

RegOpenKeyW
RegSetValueExW
RegCloseKey
SetEntriesInAclW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegDeleteKeyExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
SetNamedSecurityInfoW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
GetUserNameW

ole32

CoInitializeEx
CoUninitialize

shell32

Shell_NotifyIconW
ShellExecuteExW

Exports

Exports

DllMain
HookProcedure_HookLoader

Sections

.text
Size: 123KB - Virtual size: 122KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 1024KB - Virtual size: 1023KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp0
Size: 1008KB - Virtual size: 1007KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b561dc8699ab63942966f576cd8f7664

Code Sign

53:2a:de:94:9f:04:de:9f:42:ef:63:b2:15:ab:a9:12Certificate

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

2e:6f:21:9c:4f:e6:3b:9f:3e:93:8d:ac:9e:07:3a:95:d8:1f:1e:35:c1:2c:95:ce:09:83:36:33:c7:e6:87:30Signer

Signature Validations

Verification

02/05/2020, 07:52 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ws2_32

user32

advapi32

ole32

shell32

Exports

Exports

Sections

.text Size: 123KB - Virtual size: 122KB

.rdata Size: 19KB - Virtual size: 19KB

.data Size: 64KB - Virtual size: 79KB

.pdata Size: 3KB - Virtual size: 3KB

.tls Size: 512B - Virtual size: 2B

.vmp0 Size: 1024KB - Virtual size: 1023KB

.vmp0 Size: 1008KB - Virtual size: 1007KB

.reloc Size: 1KB - Virtual size: 1KB

.rsrc Size: 21KB - Virtual size: 20KB

53:2a:de:94:9f:04:de:9f:42:ef:63:b2:15:ab:a9:12
Certificate

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

2e:6f:21:9c:4f:e6:3b:9f:3e:93:8d:ac:9e:07:3a:95:d8:1f:1e:35:c1:2c:95:ce:09:83:36:33:c7:e6:87:30
Signer

02/05/2020, 07:52
Valid: false

.text
Size: 123KB - Virtual size: 122KB

.rdata
Size: 19KB - Virtual size: 19KB

.data
Size: 64KB - Virtual size: 79KB

.pdata
Size: 3KB - Virtual size: 3KB

.tls
Size: 512B - Virtual size: 2B

.vmp0
Size: 1024KB - Virtual size: 1023KB

.vmp0
Size: 1008KB - Virtual size: 1007KB

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 21KB - Virtual size: 20KB