dwagentexe[.]exe

Resubmissions

09-01-2024 19:24

240109-x4vjmshbaj 1

10-07-2023 19:04

230710-xq6praec3y 5

Sharing

Copy URL

Twitter E-mail

General

Target

dwagentexe.exe
Size

13.1MB
MD5

de9f6a0056655da1e52bda92aac6b584
SHA1

03d0cbe3f4beecf468ee738c0a9b7c47529fdb75
SHA256

50350bce3908539a15a51d661a698e52937348f18fffbfa525dc8baa80315220
SHA512

5c0c1edb4f51f3dd6c2f5ff99a4bd9ea9acb321d8c5b5cbd286fc8da195bf1c7bb8a16261420736078231853d84723dd3a08752374c3307be49f45c0e31f5e95
SSDEEP

393216:ItrUgfPqghy78YSBp3fndAY6q5SU4SvdOJ:SFho8nBpPEGSdSi

Score

1^/10

Malware Config

Signatures

Files

dwagentexe.exe
.exe windows x86

5b43c6ba7f7073e19a5848932ff96076

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2021 00:00

Not After

31-12-2028 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

af:bd:d3:be:b2:4e:1d:e7:37:82:e9:f8:34:7c:f1:53
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

08-05-2023 00:00

Not After

07-08-2026 23:59

Subject

CN=DWSNET srl,O=DWSNET srl,ST=Napoli,C=IT

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11-05-2022 00:00

Not After

10-08-2033 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2021 00:00

Not After

31-12-2028 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

af:bd:d3:be:b2:4e:1d:e7:37:82:e9:f8:34:7c:f1:53
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

08-05-2023 00:00

Not After

07-08-2026 23:59

Subject

CN=DWSNET srl,O=DWSNET srl,ST=Napoli,C=IT

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11-05-2022 00:00

Not After

10-08-2033 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ab:5c:10:38:01:f6:58:e1:ad:20:e1:46:8b:49:a1:f0:16:b5:bc:25:bb:39:82:df:0d:0a:fe:a6:e7:53:f3:89
Signer

Actual PE Digest

ab:5c:10:38:01:f6:58:e1:ad:20:e1:46:8b:49:a1:f0:16:b5:bc:25:bb:39:82:df:0d:0a:fe:a6:e7:53:f3:89

Digest Algorithm

sha256

PE Digest Matches

true

0a:fd:8c:5f:af:b1:53:f6:f5:d5:cf:8c:30:d2:aa:17:7b:c0:5f:1a
Signer

Actual PE Digest

0a:fd:8c:5f:af:b1:53:f6:f5:d5:cf:8c:30:d2:aa:17:7b:c0:5f:1a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

AllocateAndInitializeSid
CheckTokenMembership
CreateWellKnownSid
DuplicateToken
FreeSid
GetTokenInformation
OpenProcessToken

gdi32

BitBlt
CreateCompatibleDC
CreateFontA
CreatePen
CreateRectRgn
CreateSolidBrush
DeleteDC
DeleteObject
Ellipse
GetObjectA
GetStockObject
GetTextMetricsA
LineTo
MoveToEx
SelectClipRgn
SelectObject
SetBkMode
SetDCBrushColor
SetTextColor

kernel32

CloseHandle
CopyFileW
CreateDirectoryW
CreateEventA
CreateFileA
CreateFileW
CreateSemaphoreA
CreateSemaphoreW
CreateThread
DeleteCriticalSection
DeleteFileW
EnterCriticalSection
FindClose
FindFirstFileW
FindNextFileW
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetFileAttributesW
GetFileSize
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetProcAddress
GetStartupInfoW
GetSystemDirectoryW
GetSystemTimeAsFileTime
GetTempPathW
GetTickCount
GetVersionExA
GlobalAlloc
GlobalLock
GlobalUnlock
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
MoveFileExW
MultiByteToWideChar
OpenProcess
QueryPerformanceCounter
ReadFile
ReleaseSemaphore
RemoveDirectoryW
ResetEvent
SetCurrentDirectoryW
SetEnvironmentVariableW
SetEvent
SetFileAttributesW
SetFilePointer
SetLastError
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForSingleObject
WriteFile
lstrcatW
lstrlenW

msvcrt

__lconv_init
__p__fmode
__p__wcmdln
__set_app_type
__setusermatherr
__wgetmainargs
__winitenv
_amsg_exit
_beginthreadex
_cexit
_initterm
_iob
_onexit
_write
abort
calloc
exit
fopen
fprintf
fputc
fputs
free
gmtime
fwrite
malloc
memchr
memcmp
memcpy
memmove
memset
realloc
signal
sprintf
strcmp
strlen
strncmp
strtoul
time
tolower
vfprintf
wcscat
wcscmp
wcscpy
wcsftime
wcslen

shell32

ShellExecuteExW
Shell_NotifyIconW

user32

BeginPaint
CloseClipboard
CreateWindowExW
DefWindowProcA
DefWindowProcW
DestroyIcon
DestroyWindow
DispatchMessageW
DrawTextExW
EmptyClipboard
EndPaint
FillRect
GetClientRect
GetClipboardData
GetCursorPos
GetDC
GetKeyState
GetMessageW
GetSystemMetrics
GetWindowRect
InvalidateRect
IsWindowUnicode
KillTimer
LoadCursorA
LoadImageW
MessageBoxW
OpenClipboard
PostMessageW
PostQuitMessage
RegisterClassExW
SetClipboardData
SetForegroundWindow
SetTimer
SetWindowPos
SetWindowTextW
ShowWindow
TranslateMessage
UnregisterClassW
UpdateWindow
wsprintfW

Sections

.text
Size: 284KB - Virtual size: 284KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 25KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Resubmissions

Sharing

General

Malware Config

Signatures

Files

5b43c6ba7f7073e19a5848932ff96076

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

af:bd:d3:be:b2:4e:1d:e7:37:82:e9:f8:34:7c:f1:53Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43Certificate

Extended Key Usages

Key Usages

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

af:bd:d3:be:b2:4e:1d:e7:37:82:e9:f8:34:7c:f1:53Certificate

Extended Key Usages

Key Usages

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

ab:5c:10:38:01:f6:58:e1:ad:20:e1:46:8b:49:a1:f0:16:b5:bc:25:bb:39:82:df:0d:0a:fe:a6:e7:53:f3:89Signer

0a:fd:8c:5f:af:b1:53:f6:f5:d5:cf:8c:30:d2:aa:17:7b:c0:5f:1aSigner

Headers

File Characteristics

Imports

advapi32

gdi32

kernel32

msvcrt

shell32

user32

Sections

.text Size: 284KB - Virtual size: 284KB

.data Size: 512B - Virtual size: 172B

.rdata Size: 17KB - Virtual size: 16KB

.bss Size: - Virtual size: 25KB

.idata Size: 5KB - Virtual size: 5KB

.CRT Size: 512B - Virtual size: 52B

.tls Size: 512B - Virtual size: 8B

.rsrc Size: 38KB - Virtual size: 38KB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

af:bd:d3:be:b2:4e:1d:e7:37:82:e9:f8:34:7c:f1:53
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

af:bd:d3:be:b2:4e:1d:e7:37:82:e9:f8:34:7c:f1:53
Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

ab:5c:10:38:01:f6:58:e1:ad:20:e1:46:8b:49:a1:f0:16:b5:bc:25:bb:39:82:df:0d:0a:fe:a6:e7:53:f3:89
Signer

0a:fd:8c:5f:af:b1:53:f6:f5:d5:cf:8c:30:d2:aa:17:7b:c0:5f:1a
Signer

.text
Size: 284KB - Virtual size: 284KB

.data
Size: 512B - Virtual size: 172B

.rdata
Size: 17KB - Virtual size: 16KB

.bss
Size: - Virtual size: 25KB

.idata
Size: 5KB - Virtual size: 5KB

.CRT
Size: 512B - Virtual size: 52B

.tls
Size: 512B - Virtual size: 8B

.rsrc
Size: 38KB - Virtual size: 38KB