new-file[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

new-file.exe
Size

938KB
MD5

3f5ab00147ba7843f893d2b8e173f855
SHA1

733282dba5829f242adade83ef010d24cb00a4e4
SHA256

3cf597dc8700b98734dc890af3faa25f4acb4e83fd574b0bbb382352859385ca
SHA512

3e98330fc36f580e81111d30a6dbed9c1cd4825a1daa2f7db48487cbd418434f73d9361c33f27fe597157f77281c1e5cbf6292bd2a84062434edf71fe59eb183
SSDEEP

24576:EJbHg441/+7Dc1rHAaQ70vB3kQevMQn6525OagW0LecFz:+EMqxvBqPcWqecZ

Score

1^/10

Malware Config

Signatures

Files

new-file.exe
.exe windows x86

672bef9e4d5354b707b0e3972f9e16b0

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2021 00:00

Not After

31-12-2028 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1d:11:ed:10:06:34:3e:0f:d1:bc:55:11:f3:ab:20:84
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

31-08-2022 00:00

Not After

31-08-2023 23:59

Subject

CN=12980215 Canada Inc.,O=12980215 Canada Inc.,ST=Ontario,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

86:04:b8:c8:8f:b3:82:63:b5:e0:44:a9:2b:22:c8:04:3f:a7:98:0d
Signer

Actual PE Digest

86:04:b8:c8:8f:b3:82:63:b5:e0:44:a9:2b:22:c8:04:3f:a7:98:0d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TlsSetValue
ReleaseSRWLockShared
GetModuleHandleW
FormatMessageW
GetConsoleMode
GetStdHandle
WaitForSingleObject
MultiByteToWideChar
WriteConsoleW
CompareStringOrdinal
InitOnceBeginInitialize
TlsAlloc
TlsFree
TryAcquireSRWLockExclusive
SetThreadStackGuarantee
GetCurrentThread
CreateThread
ReadFileEx
SleepEx
WriteFileEx
GetEnvironmentVariableW
GetTempPathW
AcquireSRWLockShared
GetFullPathNameW
GetFileInformationByHandle
GetFileInformationByHandleEx
TlsGetValue
FindClose
IsProcessorFeaturePresent
TerminateProcess
GetProcAddress
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameW
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
GetCurrentProcessId
CreateNamedPipeW
GetCurrentProcess
DuplicateHandle
GetModuleHandleA
SetUnhandledExceptionFilter
ExitProcess
QueryPerformanceCounter
QueryPerformanceFrequency
GetSystemTimeAsFileTime
SleepConditionVariableSRW
SetHandleInformation
WakeConditionVariable
PostQueuedCompletionStatus
WakeAllConditionVariable
UnhandledExceptionFilter
IsDebuggerPresent
SetFileCompletionNotificationModes
LoadLibraryA
FreeLibrary
CreateIoCompletionPort
RtlUnwind
GetQueuedCompletionStatusEx
FindFirstFileW
InitializeSListHead
DeleteCriticalSection
CreateFileW
InitializeCriticalSectionAndSpinCount
SwitchToThread
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
HeapReAlloc
GetProcessHeap
HeapAlloc
AddVectoredExceptionHandler
CloseHandle
DeleteFileW
GetLastError
SetLastError
Sleep
GetCurrentThreadId
LoadLibraryExW
InitOnceComplete
HeapFree

ole32

CoInitializeSecurity
CoInitializeEx

ws2_32

ioctlsocket
shutdown
getsockopt
WSASend
bind
setsockopt
closesocket
freeaddrinfo
getaddrinfo
WSAStartup
WSAIoctl
WSACleanup
WSASocketW
recv
getsockname
WSAGetLastError
getpeername
send
connect

ntdll

NtDeviceIoControlFile
NtCreateFile
NtWriteFile
RtlNtStatusToDosError
NtCancelIoFileEx

crypt32

CertOpenStore
CertFreeCertificateContext
CertCloseStore
CertDuplicateCertificateChain
CertAddCertificateContextToStore
CertEnumCertificatesInStore
CertDuplicateCertificateContext
CertGetCertificateChain
CertDuplicateStore
CertVerifyCertificateChainPolicy
CertFreeCertificateChain

secur32

FreeContextBuffer
DeleteSecurityContext
FreeCredentialsHandle
EncryptMessage
QueryContextAttributesW
AcquireCredentialsHandleA
AcceptSecurityContext
InitializeSecurityContextW
DecryptMessage
ApplyControlToken

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey
SystemFunction036

bcrypt

BCryptGenRandom

oleaut32

GetErrorInfo
SysStringLen
SysFreeString

api-ms-win-crt-runtime-l1-1-0

_set_app_type
_initialize_onexit_table
_configure_narrow_argv
_initialize_narrow_environment
_crt_atexit
_register_thread_local_exe_atexit_callback
terminate
_get_initial_narrow_environment
_initterm
_initterm_e
abort
exit
_cexit
_exit
__p___argc
__p___argv
_controlfp_s
_seh_filter_exe
_register_onexit_function
_c_exit

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

free
calloc
_set_new_mode

api-ms-win-crt-string-l1-1-0

wcsncmp

Sections

.text
Size: 580KB - Virtual size: 580KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 271KB - Virtual size: 271KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

672bef9e4d5354b707b0e3972f9e16b0

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

1d:11:ed:10:06:34:3e:0f:d1:bc:55:11:f3:ab:20:84Certificate

Extended Key Usages

Key Usages

86:04:b8:c8:8f:b3:82:63:b5:e0:44:a9:2b:22:c8:04:3f:a7:98:0dSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ole32

ws2_32

ntdll

crypt32

secur32

advapi32

bcrypt

oleaut32

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

Sections

.text Size: 580KB - Virtual size: 580KB

.rdata Size: 271KB - Virtual size: 271KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 68KB - Virtual size: 67KB

.reloc Size: 12KB - Virtual size: 11KB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

1d:11:ed:10:06:34:3e:0f:d1:bc:55:11:f3:ab:20:84
Certificate

86:04:b8:c8:8f:b3:82:63:b5:e0:44:a9:2b:22:c8:04:3f:a7:98:0d
Signer

.text
Size: 580KB - Virtual size: 580KB

.rdata
Size: 271KB - Virtual size: 271KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 68KB - Virtual size: 67KB

.reloc
Size: 12KB - Virtual size: 11KB