2d6e2160cf19c8exeexeexeex[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

2d6e2160cf19c8exeexeexeex.exe
Size

13.4MB
MD5

2d6e2160cf19c8a8b16c2a9de4228bab
SHA1

9b43a13980772447474a45ae36a35036de270a51
SHA256

1bbe7754bf6d302f46a3aa714ab2780a535e70a65360e362eabb62d10f8fa649
SHA512

9d4af643236e6545c0e50da63c7041f52203e391135ff4b2fb6885af1cc78b2214b056f6ddb12ebeb94edf6ac6ce15ca84a14fd20dec01bb3bbbdf8ca244b8c6
SSDEEP

393216:+TZ5h19kjY9LsbDx/JISi0sutqBmg9zikh7Hwesn:IZ5MY9LsbDHIHu0mgxrHweA

Score

1^/10

Malware Config

Signatures

Files

2d6e2160cf19c8exeexeexeex.exe
.exe windows x86

d7c8717fe700a2fac54c3c5f49d514e1

Code Sign

01
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01/01/2004, 00:00

Not After

31/12/2028, 23:59

Subject

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9f:de:ca:a9:f4:a3:ce:5a:67:a2:d4:e3:70:a3:67:e9
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

24/10/2022, 00:00

Not After

24/10/2023, 23:59

Subject

CN=INNORIX,O=INNORIX,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

psapi

GetProcessMemoryInfo

wldap32

ord41
ord219
ord79
ord117
ord216
ord14
ord46
ord167
ord26
ord27
ord145
ord142
ord127
ord133
ord147
ord301
ord208

iphlpapi

GetAdaptersInfo

ws2_32

WSAWaitForMultipleEvents
WSAResetEvent
WSAEventSelect
getpeername
WSACreateEvent
WSACloseEvent
inet_addr
WSACleanup
__WSAFDIsSet
accept
bind
closesocket
select
ntohl
shutdown
listen
WSAStartup
getsockname
send
socket
ntohs
connect
inet_ntoa
recv
htonl
htons
ioctlsocket
setsockopt
WSAGetLastError
getsockopt
WSASetLastError
WSAIoctl
getaddrinfo
recvfrom
sendto
gethostname
getnameinfo
freeaddrinfo
WSAEnumNetworkEvents

winhttp

WinHttpCloseHandle
WinHttpOpen
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpDetectAutoProxyConfigUrl

shell32

DragQueryFileW
ExtractIconExW
ExtractIconW
DragQueryPoint
DragFinish
SHGetSpecialFolderPathW
SHGetFolderPathW
DragAcceptFiles
SHGetFileInfoW
ord6

crypt32

CertOpenSystemStoreW
CertGetIntendedKeyUsage
CertGetEnhancedKeyUsage
CertFreeCertificateContext
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertOpenStore
CertCloseStore
CertGetCertificateContextProperty

kernel32

UnmapViewOfFile
HeapValidate
GetTempPathA
GetDiskFreeSpaceA
GetFileAttributesA
OutputDebugStringW
FlushViewOfFile
CreateFileA
DeleteFileA
HeapCompact
UnlockFile
LockFileEx
GetFileSize
FormatMessageA
CreateFileMappingW
MapViewOfFile
FlushFileBuffers
InterlockedPushEntrySList
SetEndOfFile
SetFilePointer
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
GetFullPathNameW
HeapCreate
TryEnterCriticalSection
SetThreadPriority
WaitForMultipleObjects
TerminateProcess
AreFileApisANSI
FindNextFileW
EnterCriticalSection
SetLastError
SetHandleInformation
FindFirstFileW
CreateDirectoryW
GetSystemTime
SystemTimeToFileTime
ConvertThreadToFiber
ConvertFiberToThread
LeaveCriticalSection
SwitchToFiber
DeleteFiber
WriteFile
GetModuleHandleExW
SetWaitableTimer
TlsFree
TlsGetValue
SetStdHandle
GetTempPathW
TlsSetValue
ReadConsoleW
GetConsoleMode
ReadConsoleA
SetConsoleMode
GetEnvironmentVariableW
VerifyVersionInfoW
VerSetConditionMask
PeekNamedPipe
ReadFile
GetFileType
GetStdHandle
GetEnvironmentVariableA
CompareFileTime
MoveFileExW
InitializeCriticalSectionEx
GlobalFree
GetFileTime
LocalAlloc
GetConsoleWindow
GetSystemInfo
GetVersionExW
SetUnhandledExceptionFilter
LoadLibraryExW
GetCurrentProcessId
GetLocalTime
LoadLibraryW
GetSystemDirectoryW
GetCurrentThreadId
WritePrivateProfileStringW
GetTickCount
DeleteCriticalSection
RtlUnwind
GlobalHandle
GlobalSize
ReadConsoleOutputCharacterA
SetConsoleCursorPosition
GetConsoleScreenBufferInfo
FillConsoleOutputCharacterW
HeapDestroy
DecodePointer
FindResourceW
LoadResource
FindResourceExW
RaiseException
HeapReAlloc
LockResource
HeapSize
GetModuleFileNameW
SizeofResource
TlsAlloc
UnlockFileEx
InitializeCriticalSectionAndSpinCount
SleepEx
ReadDirectoryChangesW
CreateFileW
GetModuleHandleW
WTSGetActiveConsoleSessionId
LocalFree
WriteConsoleW
WriteConsoleA
GetProcAddress
Process32NextW
FormatMessageW
ProcessIdToSessionId
CreateToolhelp32Snapshot
OpenProcess
FreeLibrary
LCMapStringW
LoadLibraryA
GetUserDefaultLCID
GetStringTypeExW
WaitForMultipleObjectsEx
QueryPerformanceCounter
CreateSemaphoreA
GetSystemTimeAsFileTime
GetProcessHeap
HeapAlloc
QueryPerformanceFrequency
ReleaseSemaphore
HeapFree
CreateEventA
WaitForSingleObjectEx
CreateProcessA
WideCharToMultiByte
CloseHandle
DeleteFileW
PulseEvent
GetCurrentThread
SetEvent
GetFileAttributesExW
GetLastError
Sleep
MultiByteToWideChar
CreateEventW
DuplicateHandle
ReleaseMutex
GetFileAttributesW
WaitForSingleObject
FindClose
CreateMutexW
GetFullPathNameA
SetEnvironmentVariableW
FreeEnvironmentStringsW
AttachConsole
FreeConsole
MulDiv
GetEnvironmentStringsW
GetOEMCP
FindFirstFileExW
EnumSystemLocalesW
IsValidLocale
GetFileSizeEx
GetTimeZoneInformation
GetCommandLineA
SetConsoleCtrlHandler
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
GetConsoleOutputCP
FreeLibraryAndExitThread
GetCurrentProcess
InitializeCriticalSection
GetLogicalDriveStringsW
CreateFiber
UnhandledExceptionFilter
IsProcessorFeaturePresent
ResetEvent
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetStringTypeW
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
EncodePointer
LCMapStringEx
GetLocaleInfoEx
CompareStringEx
GetCPInfo
OpenEventA
GlobalLock
ResumeThread
GetModuleHandleA
CreateWaitableTimerA
IsValidCodePage
IsDBCSLeadByteEx
GetLocaleInfoA
EnumSystemLocalesA
FoldStringW
CompareStringW
GetDateFormatW
GetTimeFormatW
GetLocaleInfoW
GetCurrencyFormatW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetDiskFreeSpaceExW
GetFileInformationByHandle
RemoveDirectoryW
SetFilePointerEx
DeviceIoControl
GetWindowsDirectoryW
CreateDirectoryExW
CopyFileW
SetErrorMode
ExitProcess
GetNativeSystemInfo
GetLongPathNameW
GetTempFileNameW
GetACP
GetCommandLineW
CreatePipe
GetExitCodeProcess
CreateThread
CreateProcessW
IsBadReadPtr
IsBadStringPtrA
ExpandEnvironmentStringsW
GlobalAlloc
GlobalUnlock
ExitThread

user32

MsgWaitForMultipleObjects
SetTimer
KillTimer
SetCursor
LoadCursorW
DdeInitializeW
DdeUninitialize
DdeConnect
DdeDisconnect
DdePostAdvise
DdeNameService
DdeClientTransaction
DdeCreateDataHandle
DdeGetData
DdeFreeDataHandle
DdeGetLastError
DdeCreateStringHandleW
DdeQueryStringW
DdeFreeStringHandle
LoadBitmapW
LoadIconW
GetIconInfo
GetDC
ReleaseDC
LoadImageW
DestroyIcon
CreateIconIndirect
DestroyCursor
GetDoubleClickTime
GetCaretBlinkTime
GetSysColor
SystemParametersInfoW
FillRect
InflateRect
DrawIconEx
TranslateMessage
RegisterHotKey
UnregisterHotKey
GetMessagePos
GetMessageTime
PostQuitMessage
CallWindowProcW
IsWindow
ShowWindow
AnimateWindow
MoveWindow
SetWindowPos
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
IsWindowVisible
SetFocus
GetActiveWindow
GetFocus
GetKeyState
GetAsyncKeyState
VkKeyScanW
MapVirtualKeyW
GetCapture
SetCapture
ReleaseCapture
EnableWindow
IsWindowEnabled
GetMenuItemCount
TrackPopupMenu
GetMenuItemInfoW
UpdateWindow
GetUpdateRgn
InvalidateRect
RedrawWindow
ScrollWindow
EnableScrollBar
SetWindowTextW
GetClientRect
GetWindowRect
SetCursorPos
GetCursorPos
ClientToScreen
ScreenToClient
MapWindowPoints
WindowFromPoint
ChildWindowFromPointEx
DestroyWindow
GetWindowLongW
SetWindowLongW
GetParent
SetParent
GetWindow
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
IsDialogMessageW
SetScrollInfo
GetScrollInfo
ChangeDisplaySettingsExW
EnumDisplaySettingsW
MonitorFromPoint
MonitorFromWindow
GetMonitorInfoW
EnumDisplayMonitors
GetWindowTextW
GetWindowTextLengthW
MessageBeep
SetRect
GetClassNameW
GetProcessDefaultLayout
GetWindowDC
BeginPaint
EndPaint
CreateDialogParamW
GetDlgItem
SetWindowRgn
GetWindowPlacement
SetLayeredWindowAttributes
FlashWindowEx
IsIconic
IsZoomed
CreateDialogIndirectParamW
GetDialogBaseUnits
DrawMenuBar
GetSystemMenu
EnableMenuItem
SetForegroundWindow
CreateAcceleratorTableW
DestroyAcceleratorTable
TranslateAcceleratorW
GetMenuState
CreateMenu
CreatePopupMenu
DestroyMenu
GetSubMenu
InsertMenuW
AppendMenuW
ModifyMenuW
RemoveMenu
SetMenuInfo
InsertMenuItemW
SetMenuItemInfoW
GetMessageW
ValidateRect
UnionRect
DrawTextW
DrawFocusRect
GetDesktopWindow
ValidateRgn
SetRectEmpty
IsRectEmpty
SetMenu
DrawStateW
CopyRect
OffsetRect
GetComboBoxInfo
IsMenu
keybd_event
HideCaret
ChildWindowFromPoint
FindWindowExW
DrawEdge
DrawFrameControl
CheckMenuItem
GetMenuItemID
GetSysColorBrush
CheckMenuRadioItem
RegisterClipboardFormatW
GetClipboardFormatNameW
wsprintfW
IsClipboardFormatAvailable
DefWindowProcW
LoadStringW
WaitForInputIdle
UnregisterClassW
GetSystemMetrics
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxW
SendMessageW
PeekMessageW
BringWindowToTop
CreateWindowExW
RegisterClassW
PostMessageW
DispatchMessageW
PostThreadMessageW
PtInRect
MessageBoxA

advapi32

DeleteService
LookupAccountSidW
RegEnumValueW
RegEnumKeyW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
GetUserNameW
DuplicateTokenEx
CreateProcessAsUserW
OpenProcessToken
SetTokenInformation
AdjustTokenPrivileges
LookupPrivilegeValueW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerExW
OpenServiceW
StartServiceW
ControlService
ChangeServiceConfig2W
SetServiceStatus
OpenSCManagerW
CloseServiceHandle
CreateServiceW
CryptDestroyKey
CryptGetUserKey
CryptEnumProvidersW
CryptDecrypt
CryptExportKey
CryptCreateHash
CryptSetHashParam
CryptDestroyHash
CryptSignHashW
CryptGetProvParam
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptAcquireContextA
CryptAcquireContextW
CryptGenRandom
AllocateAndInitializeSid
SetEntriesInAclW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
FreeSid
CryptReleaseContext
RegSetValueExW
GetTokenInformation

ole32

CoUninitialize
OleInitialize
CoCreateInstance
CoInitializeEx
CoTaskMemFree
CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
CoTaskMemAlloc
ReleaseStgMedium
OleSetClipboard
OleGetClipboard
OleFlushClipboard
OleIsCurrentClipboard
OleUninitialize

oleaut32

SysStringLen
VariantChangeType
VariantClear
SysAllocString
SysFreeString
VariantInit

comctl32

ord16
ImageList_Create
ImageList_Destroy
ImageList_GetImageCount
ImageList_Add
ImageList_SetBkColor
ImageList_Draw
ImageList_Replace
ImageList_GetIconSize
ImageList_GetImageInfo
ord17

rpcrt4

RpcStringFreeW
UuidToStringW

oleacc

LresultFromObject

uxtheme

GetThemeSysFont
GetThemeSysColor
GetThemeInt
GetThemePartSize
GetThemeFont
GetThemeMargins
IsAppThemed
IsThemeActive
DrawThemeParentBackground
GetThemeColor
IsThemeBackgroundPartiallyTransparent
GetThemeBackgroundContentRect
DrawThemeBackground
CloseThemeData
OpenThemeData
GetThemeBackgroundExtent
GetCurrentThemeName
SetWindowTheme
IsThemePartDefined

shlwapi

SHAutoComplete

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

wtsapi32

WTSQueryUserToken

bcrypt

BCryptGenRandom

msimg32

GradientFill
AlphaBlend

gdi32

DeleteObject
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
CreateCompatibleDC
CreateDIBitmap
DeleteDC
GetDIBits
SelectObject
CreateDIBSection
GetDIBColorTable
SetDIBColorTable
GetObjectW
CreateFontIndirectW
GetDeviceCaps
GetOutlineTextMetricsW
GetTextMetricsW
BitBlt
CreateBitmap
CreateBitmapIndirect
CreateCompatibleBitmap
SetBkColor
CreatePen
GetStockObject
ExtCreatePen
StretchBlt
SetStretchBltMode
CreateHatchBrush
CreatePatternBrush
CreateSolidBrush
GetSystemPaletteEntries
Arc
Ellipse
ExtCreateRegion
ExtFloodFill
GetClipBox
GetGraphicsMode
GetObjectType
GetPixel
GetRegionData
GetViewportExtEx
GetWindowExtEx
MaskBlt
Pie
PolyPolygon
PlayEnhMetaFile
GetEnhMetaFileHeader
GetEnhMetaFileW
DeleteEnhMetaFile
CreateEnhMetaFileW
CloseEnhMetaFile
CreateICW
EndPage
Rectangle
RealizePalette
RoundRect
SelectClipRgn
StartPage
EndDoc
StartDocW
SetAbortProc
CreateRectRgnIndirect
EnumFontFamiliesExW
GetTextExtentExPointW
GetTextExtentPoint32W
GetCharABCWidthsW
MoveToEx
LineTo
GetBkColor
RectInRegion
PtInRegion
OffsetRgn
GetRgnBox
EqualRgn
CombineRgn
CreateDCW
GdiFlush
ExcludeClipRect
CreateRectRgn
SetBrushOrgEx
SetWindowOrgEx
SetWindowExtEx
SetViewportExtEx
PolyBezier
Polyline
Polygon
LPtoDP
DPtoLP
CreatePolygonRgn
ExtTextOutW
ModifyWorldTransform
SetWorldTransform
GetWorldTransform
SetTextColor
SetROP2
StretchDIBits
SetPolyFillMode
SetViewportOrgEx
GetLayout
ExtSelectClipRgn
SelectPalette
SetBkMode
SetGraphicsMode
SetMapMode
SetLayout
SetPixel

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter
GetPrinterW

comdlg32

GetOpenFileNameW
PageSetupDlgW
PrintDlgW
CommDlgExtendedError
ChooseFontW
GetSaveFileNameW

Sections

.text
Size: 9.6MB - Virtual size: 9.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 432KB - Virtual size: 641KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 311KB - Virtual size: 311KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 634KB - Virtual size: 633KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d7c8717fe700a2fac54c3c5f49d514e1

Code Sign

01Certificate

Key Usages

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

9f:de:ca:a9:f4:a3:ce:5a:67:a2:d4:e3:70:a3:67:e9Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

Imports

psapi

wldap32

iphlpapi

ws2_32

winhttp

shell32

crypt32

kernel32

user32

advapi32

ole32

oleaut32

comctl32

rpcrt4

oleacc

uxtheme

shlwapi

userenv

wtsapi32

bcrypt

msimg32

gdi32

winspool.drv

comdlg32

Sections

.text Size: 9.6MB - Virtual size: 9.6MB

.rdata Size: 2.4MB - Virtual size: 2.4MB

.data Size: 432KB - Virtual size: 641KB

.rsrc Size: 311KB - Virtual size: 311KB

.reloc Size: 634KB - Virtual size: 633KB

01
Certificate

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

9f:de:ca:a9:f4:a3:ce:5a:67:a2:d4:e3:70:a3:67:e9
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

.text
Size: 9.6MB - Virtual size: 9.6MB

.rdata
Size: 2.4MB - Virtual size: 2.4MB

.data
Size: 432KB - Virtual size: 641KB

.rsrc
Size: 311KB - Virtual size: 311KB

.reloc
Size: 634KB - Virtual size: 633KB