ActionLauncher[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

ActionLauncher.exe
Size

517KB
MD5

bc380e41db94d5bc6b6973bd6c7b0fd5
SHA1

6e608316c7c76a5a43fd9a99c43637b205c71c65
SHA256

c416c6e72cf23e2d8f4063bd8fcacde798e3e2f5f59c4071dc2a9231a484eb5b
SHA512

fbd93ea80ccac191be0f79051bb77cf984b08c9d73e34bc1c1be23e2c3452f260a065bca08425537ae7d97f883c003f5a19947374d8fd55f271038e829b51966
SSDEEP

6144:N/RwiO5lwfRMA0WxOiRxkUt7JzJ9LMMMMMMMMMMMM2/wD:NFfRrlMMMMMMMMMMMM2oD

Score

1^/10

Malware Config

Signatures

Files

ActionLauncher.exe
.exe windows x86

abfc976fef0bac9a4b4361869a06d10d

Code Sign

4e:96:c1:ba:06:25:8a:0c:2a:ba:27:62:5e:90:64:d3
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

29/10/2015, 11:55

Not After

19/01/2027, 11:55

Subject

CN=Certum Extended Validation Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1a:d3:e0:4d:47:f8:9d:b0:92:a2:5d:ff:4a:4c:cb:6b
Certificate

Issuer

CN=Certum Extended Validation Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

01/07/2019, 09:32

Not After

30/06/2022, 09:32

Subject

SERIALNUMBER=0000356397,CN=Mirillis Sp. z o.o.,O=Mirillis Sp. z o.o.,POSTALCODE=65-410,STREET=Fabryczna 14B/1,L=Zielona Góra,ST=lubuskie,C=PL,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#13086c756275736b6965,1.3.6.1.4.1.311.60.2.1.1=#0c0d5a69656c6f6e612047c3b37261,1.3.6.1.4.1.311.60.2.1.3=#1302504c

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftKernelCodeSigning

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

33:cb:f6:ed:2f:3b:df:c1:ef:ef:ba:7f:65:79:e8:13:6a:b7:3b:9c
Signer

Actual PE Digest

33:cb:f6:ed:2f:3b:df:c1:ef:ef:ba:7f:65:79:e8:13:6a:b7:3b:9c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Process32FirstW
CreateSemaphoreW
ProcessIdToSessionId
IsWow64Process
Process32NextW
GetModuleHandleA
CreateToolhelp32Snapshot
OpenSemaphoreW
CloseHandle
GetCurrentProcessId
LocalFree
CreateThread
InterlockedDecrement
GetSystemDirectoryW
GetProcAddress
GetLastError
ReleaseSemaphore
CompareStringW
GetModuleFileNameW
GetProcessHeap
HeapFree
lstrlenA
MultiByteToWideChar
GetSystemTimeAsFileTime
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
InterlockedCompareExchange
TerminateProcess
GetVersionExW
GetSystemPowerStatus
Sleep
LoadLibraryW
OpenProcess
GetModuleHandleW
WaitForSingleObject
GetCurrentProcess
CreateProcessW
FreeLibrary
InterlockedExchange
GetCommandLineW

user32

IsWindowVisible
DefWindowProcW
DispatchMessageW
GetWindowRect
SendInput
PostQuitMessage
LoadCursorW
MessageBoxW
WaitMessage
TranslateMessage
RegisterClassExW
LoadIconW
SetCursorPos
PeekMessageW
GetCursorPos
IsWindow
FindWindowExW
CreateWindowExW
FindWindowW

advapi32

RegSetValueExW
AdjustTokenPrivileges
CheckTokenMembership
RegOpenKeyExW
FreeSid
AllocateAndInitializeSid
RegGetValueW
RegDeleteValueW
LookupPrivilegeValueW
RegCreateKeyExW
GetTokenInformation
OpenProcessToken
CreateWellKnownSid
LookupAccountSidW
ConvertSidToStringSidW
RegCloseKey

shell32

CommandLineToArgvW
SHGetFolderPathW

ole32

CoCreateInstance
CoUninitialize
CoInitializeEx
CoInitializeSecurity

oleaut32

SysFreeString
VariantInit
SysAllocString
VariantClear

msvcr90

_CxxThrowException
__CxxFrameHandler3
malloc
?_type_info_dtor_internal_method@type_info@@QAEXXZ
free
memset
_controlfp_s
_invoke_watson
_wtoi
_wgetenv
_wfopen
wcsstr
wcspbrk
_vsnwprintf
??3@YAXPAX@Z
fclose
exit
??2@YAPAXI@Z
??_V@YAXPAX@Z
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
_wcmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
__set_app_type
_crt_debugger_hook
?terminate@@YAXXZ
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
_except_handler4_common

msvcp90

??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z

wtsapi32

WTSFreeMemory
WTSEnumerateProcessesW

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 483KB - Virtual size: 483KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

abfc976fef0bac9a4b4361869a06d10d

Code Sign

4e:96:c1:ba:06:25:8a:0c:2a:ba:27:62:5e:90:64:d3Certificate

Extended Key Usages

Key Usages

1a:d3:e0:4d:47:f8:9d:b0:92:a2:5d:ff:4a:4c:cb:6bCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate

Extended Key Usages

Key Usages

33:cb:f6:ed:2f:3b:df:c1:ef:ef:ba:7f:65:79:e8:13:6a:b7:3b:9cSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

msvcr90

msvcp90

wtsapi32

Sections

.text Size: 14KB - Virtual size: 14KB

.rdata Size: 7KB - Virtual size: 7KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 483KB - Virtual size: 483KB

.reloc Size: 3KB - Virtual size: 2KB

4e:96:c1:ba:06:25:8a:0c:2a:ba:27:62:5e:90:64:d3
Certificate

1a:d3:e0:4d:47:f8:9d:b0:92:a2:5d:ff:4a:4c:cb:6b
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

33:cb:f6:ed:2f:3b:df:c1:ef:ef:ba:7f:65:79:e8:13:6a:b7:3b:9c
Signer

.text
Size: 14KB - Virtual size: 14KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 483KB - Virtual size: 483KB

.reloc
Size: 3KB - Virtual size: 2KB