logioptionsplus_installer[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

logioptionsplus_installer.exe
Size

25.1MB
MD5

4374f65ff79f063b87653d333dd54095
SHA1

7ff18ef9e9d2a6e89d90504b5cc23f88db78fbc6
SHA256

0f383d6998168d335bd4edf8d4941900e4fdc70ec395ad2535fe7517c6969b6f
SHA512

c2c5ea08a5c627041f56c12289058a36a0938958f75f44913e8a43f1b89d9db6ba212dde189a36887f5051af84ee2deed177e155555622b4c4ff215688e9ec76
SSDEEP

393216:FnsqS5GwbS+lptVYmfr7yBG/4oyFN/YuuccKU9oxcS2XoYKnjcOTaOlXOQLPBE4:Fn+5GUSupttD7yBG/PcXU9g5W34x

Score

1^/10

Malware Config

Signatures

Files

logioptionsplus_installer.exe
.exe windows x64

1b9adc1882c5a7754241632be1155b32

Code Sign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

31/05/2021, 06:43

Not After

17/09/2029, 06:43

Subject

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:d4:ae:70:b9:d0:63:5b:2a:e9:84:c8:d6:74:aa:30
Certificate

Issuer

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

28/07/2022, 08:56

Not After

27/07/2033, 08:56

Subject

CN=Certum Timestamp 2022,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:60:c5:35:4d:86:1d:ed:2f:31:76:45:dc:3f:ab:ca
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

21/09/2021, 00:00

Not After

12/09/2024, 23:59

Subject

CN=Logitech Inc,O=Logitech Inc,L=Newark,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

8a:00:00:88:d8:95:93:53:a6:f1:89:3a:26:58:0e:03:ee:a9:47:57:21:70:1b:aa:24:12:67:0f:89:5c:c9:35
Signer

Actual PE Digest

8a:00:00:88:d8:95:93:53:a6:f1:89:3a:26:58:0e:03:ee:a9:47:57:21:70:1b:aa:24:12:67:0f:89:5c:c9:35

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

comctl32

InitCommonControlsEx

api-ms-win-core-processenvironment-l1-1-0

FreeEnvironmentStringsW
GetCommandLineA
GetEnvironmentStringsW
SetStdHandle
GetStdHandle
GetCommandLineW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-errorhandling-l1-1-0

RaiseException
SetLastError
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionEx
InitializeCriticalSectionAndSpinCount
WaitForSingleObject
ResetEvent
WaitForSingleObjectEx
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
CreateEventW
SetEvent

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-shcore-obsolete-l1-1-0

CommandLineToArgvW

api-ms-win-core-file-l1-1-0

ReadFile
FlushFileBuffers
SetFilePointerEx
GetFileSizeEx
WriteFile
DeleteFileW
FindClose
FindFirstFileExW
FindNextFileW
CreateDirectoryW
GetFileAttributesExW
SetEndOfFile
SetFileInformationByHandle
GetFileType

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-processthreads-l1-1-0

TlsFree
TlsAlloc
GetCurrentProcessId
ExitProcess
TlsGetValue
CreateProcessW
GetExitCodeProcess
TlsSetValue
GetCurrentThreadId
GetCurrentProcess
TerminateProcess

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemDirectoryW

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameW
GetProcAddress
FreeLibrary

api-ms-win-core-rtlsupport-l1-1-0

RtlUnwindEx
RtlVirtualUnwind
RtlUnwind
RtlPcToFileHeader
RtlLookupFunctionEntry

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-console-l1-1-0

GetConsoleCP
WriteConsoleW
GetConsoleMode
ReadConsoleW

api-ms-win-core-heap-l1-1-0

HeapFree
HeapSize
HeapAlloc
GetProcessHeap
HeapReAlloc

api-ms-win-core-localization-l1-2-0

IsValidCodePage
GetLocaleInfoW
LCMapStringEx
FormatMessageA
GetCPInfo
GetACP

api-ms-win-core-string-l1-1-0

GetStringTypeW
WideCharToMultiByte
MultiByteToWideChar
CompareStringEx

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

user32

SetWindowLongPtrW
GetWindowLongPtrW
IsDialogMessageW
TranslateMessage
GetMessageW
DispatchMessageW
SendMessageW
SetWindowTextW
GetDlgCtrlID
PostQuitMessage
IsWindow
DestroyWindow
ShowWindow
CreateDialogParamW
SetDlgItemTextW

kernel32

AreFileApisANSI
GetOEMCP
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
LCMapStringW
GetStartupInfoW
GetModuleHandleExW
UnhandledExceptionFilter
RtlCaptureContext
GetUserPreferredUILanguages
FindResourceW
SizeofResource
LockResource
LoadResource
LoadLibraryExW
GetModuleHandleW
FreeResource
CreateFileW

gdi32

SetBkColor
GetStockObject

api-ms-win-core-file-l2-1-0

GetFileInformationByHandleEx

Sections

.text
Size: 304KB - Virtual size: 303KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 111KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

SHARED
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 24.6MB - Virtual size: 24.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1b9adc1882c5a7754241632be1155b32

Code Sign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27Certificate

Key Usages

2b:d4:ae:70:b9:d0:63:5b:2a:e9:84:c8:d6:74:aa:30Certificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87Certificate

Extended Key Usages

Key Usages

01:60:c5:35:4d:86:1d:ed:2f:31:76:45:dc:3f:ab:caCertificate

Extended Key Usages

Key Usages

8a:00:00:88:d8:95:93:53:a6:f1:89:3a:26:58:0e:03:ee:a9:47:57:21:70:1b:aa:24:12:67:0f:89:5c:c9:35Signer

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-shcore-obsolete-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-file-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-console-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-profile-l1-1-0

user32

kernel32

gdi32

api-ms-win-core-file-l2-1-0

Sections

.text Size: 304KB - Virtual size: 303KB

.rdata Size: 111KB - Virtual size: 111KB

.data Size: 9KB - Virtual size: 15KB

.pdata Size: 17KB - Virtual size: 16KB

SHARED Size: 512B - Virtual size: 4B

_RDATA Size: 512B - Virtual size: 244B

.rsrc Size: 24.6MB - Virtual size: 24.6MB

.reloc Size: 3KB - Virtual size: 3KB

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

2b:d4:ae:70:b9:d0:63:5b:2a:e9:84:c8:d6:74:aa:30
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

01:60:c5:35:4d:86:1d:ed:2f:31:76:45:dc:3f:ab:ca
Certificate

8a:00:00:88:d8:95:93:53:a6:f1:89:3a:26:58:0e:03:ee:a9:47:57:21:70:1b:aa:24:12:67:0f:89:5c:c9:35
Signer

.text
Size: 304KB - Virtual size: 303KB

.rdata
Size: 111KB - Virtual size: 111KB

.data
Size: 9KB - Virtual size: 15KB

.pdata
Size: 17KB - Virtual size: 16KB

SHARED
Size: 512B - Virtual size: 4B

_RDATA
Size: 512B - Virtual size: 244B

.rsrc
Size: 24.6MB - Virtual size: 24.6MB

.reloc
Size: 3KB - Virtual size: 3KB