ose[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ose.exe
Size

174KB
MD5

11e0b35479c895888ba3d7f619dcfff3
SHA1

4ad3f7574c39dae1f33de2371cb98269eea6eee0
SHA256

6ed82c19898101ec00bd64a9f90595c3d20ad2d2902aa8765b740fb3b9312ddf
SHA512

ec12a99bd78697b5b9b7895c9799cf9bbb8cb300b9e416add42f9e4280135e8f61fb29e908311a7a8cfc8b6d29ad3ea1f8e0d3723ac8a666924cac2c8cfcce28
SSDEEP

3072:+UYwI9lrjtdTkyC5MoxejBvSlE8T2MHllId14EBv2IKA1WpDx+aiRO:FI9lrJdTdC5MLNvSltTRll64EBv2DAyv

Score

1^/10

Malware Config

Signatures

Files

ose.exe
.exe windows x64

bad9ca5faf7f7dea4cfeef9025790686

Code Sign

33:00:00:00:9d:1e:8d:27:ae:b8:f3:d8:38:00:01:00:00:00:9d
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/09/2012, 21:42

Not After

04/03/2013, 21:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:02:8e:42:00:00:00:00:00:1f
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

09/01/2012, 22:25

Not After

09/04/2013, 22:25

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:F528-3777-8A76,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ce:63:a7:de:c4:fb:b6:d0:b2:fe:64:9a:f7:c1:2a:28:be:50:b7:67
Signer

Actual PE Digest

ce:63:a7:de:c4:fb:b6:d0:b2:fe:64:9a:f7:c1:2a:28:be:50:b7:67

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

advapi32

RegCloseKey
RegCreateKeyExW
RegEnumKeyExW
RegOpenKeyExW
SetThreadToken
RegEnumValueW
RegQueryValueExW
RegSetValueExW
RegNotifyChangeKeyValue
SetServiceStatus
StartServiceCtrlDispatcherW
DuplicateToken
GetUserNameA
RegDeleteValueW
RegisterServiceCtrlHandlerW
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
LookupAccountNameW
ConvertStringSecurityDescriptorToSecurityDescriptorW
OpenThreadToken
SetFileSecurityW
RegDeleteKeyW
CryptAcquireContextW
CryptReleaseContext

kernel32

CloseHandle
GetLastError
SetEvent
GetModuleFileNameW
GetDriveTypeW
GetLogicalDrives
lstrcmpW
lstrlenW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
Sleep
ExitProcess
GetCommandLineW
SetErrorMode
ResetEvent
ReleaseMutex
WaitForMultipleObjectsEx
CreateMutexW
CreateEventW
CreateProcessW
GetSystemInfo
GetTickCount
MoveFileExW
CreateFileA
CreateFileW
ReadFile
SetFilePointer
RaiseException
FreeLibrary
GetModuleHandleW
GetProcAddress
LoadLibraryExW
DosDateTimeToFileTime
MultiByteToWideChar
WideCharToMultiByte
ReleaseSemaphore
WaitForSingleObject
CreateThread
WaitForMultipleObjects
CreateSemaphoreW
SetFilePointerEx
VirtualAlloc
VirtualFree
GlobalAlloc
GlobalFree
GetSystemTimeAsFileTime
ExpandEnvironmentStringsW
CompareStringW
SetEndOfFile
SetFileTime
WriteFile
GetSystemTime
SystemTimeToFileTime
GetCommandLineA
GetStartupInfoW
DecodePointer
EncodePointer
SetUnhandledExceptionFilter
GetStdHandle
RtlUnwindEx
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
FlsGetValue
FlsSetValue
FlsFree
SetLastError
GetCurrentThreadId
GetCurrentThread
FlsAlloc
HeapSetInformation
GetVersion
HeapCreate
QueryPerformanceCounter
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
HeapAlloc
RtlPcToFileHeader
HeapFree
LoadLibraryW
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapSize
LCMapStringW
GetStringTypeW
HeapReAlloc
LocalFree
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
FindClose
FindFirstFileW
GetFileSizeEx
CreateDirectoryW
GetFileAttributesW
GetTempPathW
DeleteFileW
FindNextFileW
GetFileAttributesExW
GetFileTime
SetFileAttributesW
GetTempPathA
CopyFileW
CreateHardLinkW
RemoveDirectoryW
FormatMessageA
lstrlenA
GetComputerNameW
GetProcessHeap
FlushFileBuffers
WriteConsoleW
SetStdHandle
GetConsoleMode
GetConsoleCP
LoadLibraryA
LocalAlloc

rpcrt4

RpcRevertToSelf
RpcServerRegisterIfEx
RpcServerUnregisterIf
RpcServerUseProtseqEpW
RpcImpersonateClient
NdrServerCall2

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

wintrust

WinVerifyTrust

Sections

.text
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bad9ca5faf7f7dea4cfeef9025790686

Code Sign

33:00:00:00:9d:1e:8d:27:ae:b8:f3:d8:38:00:01:00:00:00:9dCertificate

Extended Key Usages

61:02:8e:42:00:00:00:00:00:1fCertificate

Extended Key Usages

61:33:26:1a:00:00:00:00:00:31Certificate

Key Usages

61:16:68:34:00:00:00:00:00:1cCertificate

Extended Key Usages

Key Usages

ce:63:a7:de:c4:fb:b6:d0:b2:fe:64:9a:f7:c1:2a:28:be:50:b7:67Signer

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

rpcrt4

version

wintrust

Sections

.text Size: 124KB - Virtual size: 123KB

.rdata Size: 28KB - Virtual size: 27KB

.data Size: 5KB - Virtual size: 14KB

.pdata Size: 6KB - Virtual size: 6KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

33:00:00:00:9d:1e:8d:27:ae:b8:f3:d8:38:00:01:00:00:00:9d
Certificate

61:02:8e:42:00:00:00:00:00:1f
Certificate

61:33:26:1a:00:00:00:00:00:31
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

ce:63:a7:de:c4:fb:b6:d0:b2:fe:64:9a:f7:c1:2a:28:be:50:b7:67
Signer

.text
Size: 124KB - Virtual size: 123KB

.rdata
Size: 28KB - Virtual size: 27KB

.data
Size: 5KB - Virtual size: 14KB

.pdata
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB