ISP[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ISP.exe
Size

28KB
MD5

17607573dc92e79c658c0e032f343603
SHA1

0eb4cd71f0f29f2a8a9c579937a3079a2374d477
SHA256

bfcd0983c89c33e76e0dfad74bf9d010ad01458f7445153c7b5b996c0a2fea95
SHA512

18e9627cdc6a9b85a3bc73c35b25a63cd4489a46b0b88e064eaf602495eb8350b74a570345b65a63d073e586606836b08d5d4f78c19ccc622231f262e75d36c3
SSDEEP

384:KdkRLP50ke+TJ/uioiV06PbX7fYYQU0BcMYGoGCJEF8ZpHTIvav:rlP50kx/8wX7fYYFacfEFiRgav

Score

1^/10

Malware Config

Signatures

Files

ISP.exe
.exe windows x64

Password: 123

005b5709b7bee97b2626acbe22b6901a

Code Sign

37:ba:ea:b2:6a:88:5c:91:40:a4:1f:ee:7a:42:91:e9
Certificate

Issuer

CN=Kaspersky Lab Coq JSC

Not Before

17/05/2023, 16:45

Not After

31/12/2039, 23:59

Subject

CN=Kaspersky Lab Coq JSC

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

80:d1:0b:cc:be:f3:57:97:37:0b:c4:14:e2:5d:e5:5b:18:c5:02:b9:1f:42:a9:14:1f:fe:65:d3:b5:49:6c:5d
Signer

Actual PE Digest

80:d1:0b:cc:be:f3:57:97:37:0b:c4:14:e2:5d:e5:5b:18:c5:02:b9:1f:42:a9:14:1f:fe:65:d3:b5:49:6c:5d

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

lstrlenA
lstrcmpiW

user32

MessageBoxW

ole32

CoCreateInstance
CoUninitialize
CoTaskMemAlloc
CoTaskMemFree
CoInitialize

oleaut32

VariantClear
VariantInit
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetLBound
SafeArrayGetUBound
SysFreeString
SysAllocString

opencl

clSetKernelArg
clWaitForEvents
clCreateUserEvent
clEnqueueReadBuffer
clEnqueueWriteBuffer
clEnqueueNDRangeKernel
clCreateKernel
clReleaseKernel
clGetPlatformIDs
clCreateContextFromType
clReleaseContext
clGetContextInfo
clCreateCommandQueueWithProperties
clReleaseCommandQueue
clCreateBuffer
clReleaseMemObject
clCreateProgramWithSource
clReleaseProgram
clBuildProgram

Exports

Exports

goapp

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: 123

005b5709b7bee97b2626acbe22b6901a

Code Sign

37:ba:ea:b2:6a:88:5c:91:40:a4:1f:ee:7a:42:91:e9Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

80:d1:0b:cc:be:f3:57:97:37:0b:c4:14:e2:5d:e5:5b:18:c5:02:b9:1f:42:a9:14:1f:fe:65:d3:b5:49:6c:5dSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ole32

oleaut32

opencl

Exports

Exports

Sections

.text Size: 10KB - Virtual size: 10KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 4KB - Virtual size: 3KB

.pdata Size: 512B - Virtual size: 276B

.rsrc Size: 4KB - Virtual size: 4KB

37:ba:ea:b2:6a:88:5c:91:40:a4:1f:ee:7a:42:91:e9
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

80:d1:0b:cc:be:f3:57:97:37:0b:c4:14:e2:5d:e5:5b:18:c5:02:b9:1f:42:a9:14:1f:fe:65:d3:b5:49:6c:5d
Signer

.text
Size: 10KB - Virtual size: 10KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 3KB

.pdata
Size: 512B - Virtual size: 276B

.rsrc
Size: 4KB - Virtual size: 4KB