4768a19e040143exeexeexeex[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

4768a19e040143exeexeexeex.exe
Size

2.0MB
MD5

4768a19e040143ae473b4222835434a4
SHA1

2eaf5a57862d22ccef4077ebd8724714d7df150d
SHA256

17382ed18e57401f6edc1841719df91b7eea60d6fa427eea07323f6976ec872f
SHA512

a2b8006e0b3192672498d4b4f95315078b2b1269955612356e115621232d3e74c60e24b6adf46b595bfa0679f749371e01f85fa1624ad74e0d1b3d369bc645c3
SSDEEP

49152:2TkkXSXn3RNBInzdBLo/1ABTm2hnIBx9TlsOY7L91Y:BwSXWxy2pm2hmN

Score

1^/10

Malware Config

Signatures

Files

4768a19e040143exeexeexeex.exe
.exe windows x86

77518031a4b3b35a32828f1162ac65ef

Code Sign

4c:17:93:4d
Certificate

Issuer

CN=Entrust Code Signing Certification Authority - L1D,OU=www.entrust.net/rpa is incorporated by reference+OU=(c) 2009 Entrust\, Inc.,O=Entrust\, Inc.,C=US

Not Before

09/12/2014, 20:07

Not After

10/12/2017, 07:56

Subject

CN=Entrust Time Stamping Authority,O=Entrust\, Inc.,L=Ottawa,ST=Ontario,C=CA

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

38:63:e2:e2
Certificate

Issuer

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Not Before

10/09/2009, 21:59

Not After

10/09/2019, 22:29

Subject

CN=Entrust Code Signing Certification Authority - L1D,OU=www.entrust.net/rpa is incorporated by reference+OU=(c) 2009 Entrust\, Inc.,O=Entrust\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:27:a4:71
Certificate

Issuer

CN=Baltimore CyberTrust Root,OU=CyberTrust,O=Baltimore,C=IE

Not Before

02/04/2014, 14:49

Not After

02/04/2021, 14:49

Subject

CN=Verizon Public SureCodeSign CA G14-SHA2,OU=Cybertrust,O=Verizon Enterprise Solutions,L=Amsterdam,C=NL

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

37:b4:aa:db:1a:63:7f:13:f9:d0:37:b0:1a:e9:50:f9:d3:cf:02:6e
Certificate

Issuer

CN=Verizon Public SureCodeSign CA G14-SHA2,OU=Cybertrust,O=Verizon Enterprise Solutions,L=Amsterdam,C=NL

Not Before

11/12/2015, 22:03

Not After

11/12/2016, 22:03

Subject

CN=Dell Inc.,O=Dell USA L.P.,L=Round Rock,ST=TX,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ad:ad:f2:03:d2:c0:3f:f4:f1:a6:1d:27:30:c8:1a:b3:97:e7:e2:4b
Signer

Actual PE Digest

ad:ad:f2:03:d2:c0:3f:f4:f1:a6:1d:27:30:c8:1a:b3:97:e7:e2:4b

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory
WTSQueryUserToken

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

shlwapi

PathFileExistsW
PathAddBackslashW
PathRemoveFileSpecW
PathIsDirectoryW

ws2_32

WSASetLastError
__WSAFDIsSet
closesocket
inet_addr
WSAGetLastError
gethostbyname
inet_ntoa
htonl
getservbyname
htons
gethostbyaddr
getservbyport
getsockname
bind
listen
WSAStartup
socket
ioctlsocket
connect
select
getsockopt
recv
send
ntohs

kernel32

GetFileAttributesW
IsBadStringPtrW
FindClose
FindFirstFileW
FindNextFileW
DeleteFileW
RemoveDirectoryW
GetTickCount
GetWindowsDirectoryW
GetDiskFreeSpaceExW
IsBadWritePtr
WideCharToMultiByte
Sleep
DeviceIoControl
GetSystemPowerStatus
DefineDosDeviceW
GetSystemDirectoryW
SetLastError
LoadLibraryW
GetCurrentDirectoryW
GetFileAttributesExW
GetExitCodeProcess
WaitForSingleObject
FlushFileBuffers
CopyFileW
GetPrivateProfileStringW
LocalFree
LocalAlloc
SetEvent
FormatMessageW
ResetEvent
CreateEventW
FileTimeToLocalFileTime
WaitForMultipleObjects
GetCurrentProcess
GetFileSizeEx
VerifyVersionInfoW
VerSetConditionMask
QueryDosDeviceW
DeleteTimerQueue
DeleteTimerQueueTimer
GetCurrentThreadId
CreateThread
CreateProcessW
OpenProcess
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetUserDefaultLangID
CreateTimerQueueTimer
CreateTimerQueue
WTSGetActiveConsoleSessionId
GetVersionExW
GetCommandLineW
HeapFree
GetProcessHeap
HeapAlloc
SystemTimeToFileTime
GetLocalTime
DuplicateHandle
GetCurrentProcessId
ProcessIdToSessionId
WriteFile
IsBadReadPtr
FileTimeToSystemTime
GetVolumeNameForVolumeMountPointW
SetFilePointer
HeapReAlloc
GetFileSize
GetCurrentThread
GetVolumePathNamesForVolumeNameW
GetFileInformationByHandle
UnmapViewOfFile
GetModuleHandleExW
SetEndOfFile
CreateFileMappingW
GetSystemInfo
MapViewOfFile
GetFullPathNameW
GetFullPathNameA
CreateFileA
QueryPerformanceCounter
InterlockedCompareExchange
UnlockFile
LockFile
UnlockFileEx
GetSystemTimeAsFileTime
FormatMessageA
InitializeCriticalSection
GetFileAttributesA
GetTempPathW
LockFileEx
GetDiskFreeSpaceW
LoadLibraryA
GetDiskFreeSpaceA
GetTempPathA
GetSystemTime
AreFileApisANSI
DeleteFileA
GetModuleFileNameA
GetModuleHandleA
GetVersionExA
CreateMutexA
ReleaseMutex
TlsAlloc
TlsSetValue
TlsGetValue
GetSystemDirectoryA
GetFileType
GetConsoleCP
GetConsoleMode
GetDriveTypeA
FindFirstFileExA
SetFileAttributesW
WritePrivateProfileStringW
GetDriveTypeW
CreateFileW
ReadFile
CloseHandle
OutputDebugStringW
LoadLibraryExW
MultiByteToWideChar
FreeLibrary
GetModuleFileNameW
LeaveCriticalSection
EnterCriticalSection
GetVolumeInformationW
InterlockedDecrement
InterlockedIncrement
lstrcmpiW
GetModuleHandleW
GetProcAddress
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
RaiseException
lstrlenW
FindFirstFileExW
ExitThread
ResumeThread
LCMapStringW
ExitProcess
GetStdHandle
HeapCreate
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
TlsFree
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoW
IsProcessorFeaturePresent
GetTimeZoneInformation
SetHandleCount
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetStdHandle
WriteConsoleW
PeekNamedPipe
GetUserDefaultLCID
GetStartupInfoW
HeapSetInformation
GetDateFormatW
GetTimeFormatW
GetCPInfo
RtlUnwind
DecodePointer
EncodePointer
GetStringTypeW
InterlockedExchange
HeapSize
HeapDestroy
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
CompareStringW
SetEnvironmentVariableA
MoveFileExW
GetTimeFormatA
SetFilePointerEx
GetDateFormatA

user32

CharNextW
wsprintfW
CharUpperW
PostThreadMessageW
UnregisterDeviceNotification
LoadStringW
GetKeyboardLayoutNameW
DispatchMessageW
TranslateMessage
GetMessageW
RegisterDeviceNotificationW

advapi32

GetSecurityDescriptorDacl
LookupAccountNameW
LookupAccountSidW
GetSecurityInfo
GetSecurityDescriptorLength
CreateProcessAsUserW
GetTokenInformation
DuplicateTokenEx
ImpersonateLoggedOnUser
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerW
RegisterServiceCtrlHandlerExW
StartServiceW
CreateServiceW
ChangeServiceConfig2W
DeleteService
ControlService
RegisterEventSourceW
ReportEventW
DeregisterEventSource
SetServiceStatus
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetFileSecurityW
FreeSid
InitializeAcl
AddAccessAllowedAce
GetAce
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
ReadEventLogW
OpenEventLogW
NotifyChangeEventLog
CloseEventLog
GetNumberOfEventLogRecords
GetOldestEventLogRecord
RegLoadKeyW
RegUnLoadKeyW
RegFlushKey
RegCreateKeyW
RegOpenKeyW
RegQueryValueExW
AllocateAndInitializeSid
SetNamedSecurityInfoW
OpenSCManagerW
OpenServiceW
CloseServiceHandle
QueryServiceStatusEx
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegOpenKeyExW
GetAclInformation
AddAce
OpenThreadToken
ImpersonateSelf
IsTextUnicode

shell32

ShellExecuteExW
SHGetFolderPathW

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoInitialize
CoUninitialize
CoCreateInstance
CoRevokeClassObject
CoRegisterClassObject
CoInitializeSecurity
StringFromGUID2
CoAddRefServerProcess
CoReleaseServerProcess
CoInitializeEx
CoSetProxyBlanket

oleaut32

SafeArrayDestroyDescriptor
VariantClear
VariantInit
SafeArrayGetElement
SafeArrayPutElement
SafeArrayRedim
SafeArrayCopyData
SafeArrayCreate
SafeArrayDestroyData
SafeArrayGetVartype
VarUdateFromDate
RegisterTypeLi
UnRegisterTypeLi
SystemTimeToVariantTime
VariantTimeToSystemTime
SysAllocString
LoadTypeLi
LoadRegTypeLi
SysStringLen
VarUI4FromStr
SysFreeString

setupapi

SetupDiGetClassDevsW
SetupDiEnumDeviceInfo
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW

pdh

PdhAddEnglishCounterW
PdhOpenQueryW
PdhGetFormattedCounterValue
PdhCollectQueryData

Exports

Exports

GetLibXmlInterface

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 317KB - Virtual size: 317KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 41KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 124KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

77518031a4b3b35a32828f1162ac65ef

Code Sign

4c:17:93:4dCertificate

Extended Key Usages

Key Usages

38:63:e2:e2Certificate

Key Usages

07:27:a4:71Certificate

Key Usages

37:b4:aa:db:1a:63:7f:13:f9:d0:37:b0:1a:e9:50:f9:d3:cf:02:6eCertificate

Extended Key Usages

Key Usages

ad:ad:f2:03:d2:c0:3f:f4:f1:a6:1d:27:30:c8:1a:b3:97:e7:e2:4bSigner

Headers

DLL Characteristics

File Characteristics

Imports

wtsapi32

userenv

version

shlwapi

ws2_32

kernel32

user32

advapi32

shell32

ole32

oleaut32

setupapi

pdh

Exports

Exports

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 317KB - Virtual size: 317KB

.data Size: 41KB - Virtual size: 55KB

.rsrc Size: 8KB - Virtual size: 7KB

.reloc Size: 124KB - Virtual size: 124KB

4c:17:93:4d
Certificate

38:63:e2:e2
Certificate

07:27:a4:71
Certificate

37:b4:aa:db:1a:63:7f:13:f9:d0:37:b0:1a:e9:50:f9:d3:cf:02:6e
Certificate

ad:ad:f2:03:d2:c0:3f:f4:f1:a6:1d:27:30:c8:1a:b3:97:e7:e2:4b
Signer

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 317KB - Virtual size: 317KB

.data
Size: 41KB - Virtual size: 55KB

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 124KB - Virtual size: 124KB