cp044527[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

cp044527.exe
Size

7.9MB
MD5

a0d2d70adc2c3e6b27c622a1b1c24797
SHA1

fc2a31060021125834d56d9e565bafcb202a99a9
SHA256

4e66f6a921ec0958fb4e418bbf7453a76cbfbf04ddb64363d07b00fe34d36bbb
SHA512

3d2e26e1be99319a94504f66fa84c05cc669359493ce87624254e071d4bc4aee003240cacb6398edca3ab5ff9665a3c28843e1edaa63b08de58989944139aafe
SSDEEP

196608:AdqV57QUN3WOrhf27pfrEAqfZz0mttwEgJzFGJgJ2RDGZacGGtUtNvexqM:9fQUnsjE7gEsJ8HOUzmxqM

Score

1^/10

Malware Config

Signatures

Files

cp044527.exe
.exe windows x64

1fa1179e15a5eda7f4f13d89821048e2

Code Sign

33:00:00:00:35:d8:d5:59:5b:06:71:41:2b:00:00:00:00:00:35
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/08/2013, 20:26

Not After

15/08/2023, 20:36

Subject

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d4:76:93:3a:8a:a1:95:fe:46:b7:4c:ff:5c:88:fd:3f
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

29/01/2020, 00:00

Not After

28/01/2021, 23:59

Subject

CN=Hewlett Packard Enterprise Company,OU=HP Cyber Security,O=Hewlett Packard Enterprise Company,POSTALCODE=94304,STREET=3000 Hanover Street,L=Palo Alto,ST=CA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

13:ea:28:70:5b:f4:ec:ed:0c:36:63:09:80:61:43:36
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:35:d8:d5:59:5b:06:71:41:2b:00:00:00:00:00:35
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/08/2013, 20:26

Not After

15/08/2023, 20:36

Subject

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d4:76:93:3a:8a:a1:95:fe:46:b7:4c:ff:5c:88:fd:3f
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

29/01/2020, 00:00

Not After

28/01/2021, 23:59

Subject

CN=Hewlett Packard Enterprise Company,OU=HP Cyber Security,O=Hewlett Packard Enterprise Company,POSTALCODE=94304,STREET=3000 Hanover Street,L=Palo Alto,ST=CA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

13:ea:28:70:5b:f4:ec:ed:0c:36:63:09:80:61:43:36
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5f:af:96:57:ae:20:86:56:a8:47:6b:e1:2e:3f:98:d4:2f:a6:f7:2a:4c:b8:56:5c:77:ec:e2:f4:ec:cd:b8:70
Signer

Actual PE Digest

5f:af:96:57:ae:20:86:56:a8:47:6b:e1:2e:3f:98:d4:2f:a6:f7:2a:4c:b8:56:5c:77:ec:e2:f4:ec:cd:b8:70

Digest Algorithm

sha256

PE Digest Matches

true

04:9b:c6:2a:cd:c0:9d:af:26:86:16:b3:64:0e:79:41:a7:e8:a2:53
Signer

Actual PE Digest

04:9b:c6:2a:cd:c0:9d:af:26:86:16:b3:64:0e:79:41:a7:e8:a2:53

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

SetProcessShutdownParameters
GetDiskFreeSpaceExW
CloseHandle
WriteFile
CreateFileW
GetLocalTime
CopyFileW
GetCommandLineW
GetExitCodeProcess
WaitForSingleObject
CreateProcessW
GetStdHandle
DuplicateHandle
GetCurrentProcess
CreatePipe
Sleep
SetCurrentDirectoryW
GetCurrentDirectoryW
CreateDirectoryW
GetTempPathW
GetLastError
RemoveDirectoryW
FindNextFileW
MoveFileExW
DeleteFileW
SetFileAttributesW
lstrcmpiW
GetLocaleInfoW
Process32NextW
Process32FirstW
GetCurrentProcessId
CreateToolhelp32Snapshot
GetDriveTypeW
SetErrorMode
LocalFree
LocalSize
LocalAlloc
FormatMessageW
MultiByteToWideChar
lstrlenA
ReadFile
HeapFree
SetFilePointer
HeapAlloc
GetProcessHeap
GetFileSize
lstrcmpA
lstrcpynA
GetFileAttributesW
LoadLibraryW
GetFileTime
SetFileTime
LocalFileTimeToFileTime
GetEnvironmentVariableW
ExpandEnvironmentStringsW
SetEnvironmentVariableW
InitializeCriticalSection
SetEnvironmentVariableA
CompareStringW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
LoadLibraryA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
InitializeCriticalSectionAndSpinCount
CreateFileA
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapSize
IsValidCodePage
GetOEMCP
GetACP
GetModuleFileNameW
FreeLibrary
GetDateFormatW
GetTimeFormatW
FindFirstFileW
FindClose
GlobalFree
lstrcatW
lstrlenW
GetTimeFormatA
lstrcmpW
lstrcpyW
WideCharToMultiByte
DosDateTimeToFileTime
FileTimeToSystemTime
GetDateFormatA
GetCPInfo
HeapCreate
HeapSetInformation
GetModuleFileNameA
ExitProcess
GetProcAddress
GetModuleHandleW
FlsAlloc
GetCurrentThreadId
SetLastError
FlsFree
FlsSetValue
FlsGetValue
DecodePointer
EncodePointer
DeleteCriticalSection
GetStartupInfoA
SetHandleCount
GetConsoleMode
GetConsoleCP
RtlVirtualUnwind
IsDebuggerPresent
TerminateProcess
RtlCaptureContext
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapReAlloc
GetFileType
SetStdHandle
LeaveCriticalSection
EnterCriticalSection
RaiseException
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
GetSystemTimeAsFileTime
GetStartupInfoW

user32

EndDialog
SetDlgItemTextA
ShowWindow
GetWindowRect
GetParent
GetClientRect
LoadStringW
GetDlgItem
SetWindowPos
SendMessageW
wsprintfW
CharNextW
CreateDialogParamW
CloseWindow
DispatchMessageW
PeekMessageW
OpenIcon
DestroyWindow
MessageBoxW
GetDesktopWindow
GetSystemMetrics
LoadImageW
DestroyIcon
SetWindowTextW
GetSystemMenu
AppendMenuW
EnableWindow
SendDlgItemMessageW
ScreenToClient
MoveWindow
SetDlgItemTextW
CallWindowProcW
SetFocus
SetWindowLongPtrW
DialogBoxParamW

advapi32

AdjustTokenPrivileges
OpenSCManagerW
OpenServiceW
CloseServiceHandle
QueryServiceStatusEx
OpenProcessToken
LookupPrivilegeValueW
InitiateSystemShutdownW
RegCreateKeyExW
RegEnumKeyW
RegOpenKeyExW
RegQueryValueExW
RegDeleteKeyW
RegCloseKey
RegOpenKeyW
RegSetValueExW

shell32

Shell_NotifyIconW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetMalloc
CommandLineToArgvW

ole32

CoCreateGuid
CoUninitialize
CoCreateInstance
StringFromCLSID
CoInitializeEx
CoSetProxyBlanket
CoTaskMemFree
OleInitialize
CoInitializeSecurity
OleUninitialize

oleaut32

VariantClear
SafeArrayUnaccessData
VariantInit
SafeArrayGetElement
SysFreeString
SysAllocString
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
SafeArrayAccessData
SafeArrayGetElemsize

shlwapi

PathStripPathW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Sections

.text
Size: 193KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1fa1179e15a5eda7f4f13d89821048e2

Code Sign

33:00:00:00:35:d8:d5:59:5b:06:71:41:2b:00:00:00:00:00:35Certificate

Extended Key Usages

Key Usages

d4:76:93:3a:8a:a1:95:fe:46:b7:4c:ff:5c:88:fd:3fCertificate

Extended Key Usages

Key Usages

13:ea:28:70:5b:f4:ec:ed:0c:36:63:09:80:61:43:36Certificate

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

33:00:00:00:35:d8:d5:59:5b:06:71:41:2b:00:00:00:00:00:35Certificate

Extended Key Usages

Key Usages

d4:76:93:3a:8a:a1:95:fe:46:b7:4c:ff:5c:88:fd:3fCertificate

Extended Key Usages

Key Usages

13:ea:28:70:5b:f4:ec:ed:0c:36:63:09:80:61:43:36Certificate

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

5f:af:96:57:ae:20:86:56:a8:47:6b:e1:2e:3f:98:d4:2f:a6:f7:2a:4c:b8:56:5c:77:ec:e2:f4:ec:cd:b8:70Signer

04:9b:c6:2a:cd:c0:9d:af:26:86:16:b3:64:0e:79:41:a7:e8:a2:53Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

version

Sections

.text Size: 193KB - Virtual size: 192KB

.rdata Size: 57KB - Virtual size: 57KB

.data Size: 14KB - Virtual size: 29KB

.pdata Size: 7KB - Virtual size: 7KB

.rsrc Size: 23KB - Virtual size: 23KB

33:00:00:00:35:d8:d5:59:5b:06:71:41:2b:00:00:00:00:00:35
Certificate

d4:76:93:3a:8a:a1:95:fe:46:b7:4c:ff:5c:88:fd:3f
Certificate

13:ea:28:70:5b:f4:ec:ed:0c:36:63:09:80:61:43:36
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

33:00:00:00:35:d8:d5:59:5b:06:71:41:2b:00:00:00:00:00:35
Certificate

d4:76:93:3a:8a:a1:95:fe:46:b7:4c:ff:5c:88:fd:3f
Certificate

13:ea:28:70:5b:f4:ec:ed:0c:36:63:09:80:61:43:36
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

5f:af:96:57:ae:20:86:56:a8:47:6b:e1:2e:3f:98:d4:2f:a6:f7:2a:4c:b8:56:5c:77:ec:e2:f4:ec:cd:b8:70
Signer

04:9b:c6:2a:cd:c0:9d:af:26:86:16:b3:64:0e:79:41:a7:e8:a2:53
Signer

.text
Size: 193KB - Virtual size: 192KB

.rdata
Size: 57KB - Virtual size: 57KB

.data
Size: 14KB - Virtual size: 29KB

.pdata
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 23KB - Virtual size: 23KB