Fattura di 1800[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

Fattura di 1800.exe
Size

245.9MB
MD5

2fe7edd2acb9faa9706425cd07a89bb7
SHA1

591f19611d09274428da9a149dd5d07ceff4f233
SHA256

586f9cae48e4c3b938b98e7e8145bd84c00a6c4dad2940bbd54bfe76b3b8ac2a
SHA512

9e11ffb75e8a85434382e907c5cea89a7ea98cedc7efdcc83688de4407f8fbb75182fa50ad5d833b76fd33eab4bcd7a00d2db9db69edb9fe120cf5086935b1c4
SSDEEP

49152:XZRP5u6EihWcWMcpGcoyvaRV/csji8ur7SXTlXOBrffXxBrCj50vl:MshcdYVxmBr7SXTkBTvxBWe

Score

1^/10

Malware Config

Signatures

Files

Fattura di 1800.exe
.exe windows x64

75c8bf1c9af400a8443d23dff3b017cd

Code Sign

0c:b5:19:da:ab:4d:05:0f:a4:68:6a:65:da:4a:e0:3f
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

26-03-2020 00:00

Not After

11-04-2023 23:59

Subject

CN=Ashampoo GmbH & Co. KG,O=Ashampoo GmbH & Co. KG,L=Rastede,ST=Niedersachsen,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-01-2021 00:00

Not After

06-01-2031 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

35:ea:32:f5:1f:88:1b:5b:ba:fc:4d:b2:b5:6e:47:86:c3:21:1d:d8:22:51:40:d5:01:c2:87:7d:d0:b6:68:cf
Signer

Actual PE Digest

35:ea:32:f5:1f:88:1b:5b:ba:fc:4d:b2:b5:6e:47:86:c3:21:1d:d8:22:51:40:d5:01:c2:87:7d:d0:b6:68:cf

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegEnumValueA
RegEnumKeyExA
RegDeleteTreeA
RegDeleteValueA
RegDeleteKeyExW
RegDeleteKeyExA
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegLoadAppKeyW
RegDeleteTreeW
RegSaveKeyW
RegGetKeySecurity
AdjustTokenPrivileges
LookupPrivilegeValueW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegEnumKeyW
CryptAcquireContextW
CryptImportKey
CryptReleaseContext
CryptCreateHash
CryptHashData
CryptVerifySignatureW
EventProviderEnabled
EventWrite
EventRegister
EventUnregister
CryptDestroyKey
RegDeleteKeyA
RegDeleteKeyValueW
RegDeleteKeyValueA
CryptDestroyHash
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
ImpersonateLoggedOnUser
RevertToSelf
OpenProcessToken
GetTokenInformation
IsValidSid
ConvertSidToStringSidW
RegQueryInfoKeyA

kernel32

GetTempFileNameW
GetTempPathW
GetLongPathNameW
GetFullPathNameW
ExpandEnvironmentStringsW
FindFirstFileExW
GetFileAttributesExW
FileTimeToSystemTime
FindAtomW
AddAtomW
DeleteAtom
LoadLibraryExA
SetLastError
VirtualQuery
VirtualProtect
VirtualFree
VirtualAlloc
FlushInstructionCache
SetThreadContext
GetThreadContext
SuspendThread
GetCurrentThread
OpenEventW
LocalFree
SetFilePointer
DeleteFileW
GetModuleHandleA
EncodePointer
SetThreadStackGuarantee
SetErrorMode
GetErrorMode
GlobalMemoryStatusEx
WerRegisterFile
CopyFileW
HeapLock
HeapUnlock
Thread32Next
OpenThread
Thread32First
CreateToolhelp32Snapshot
WaitForSingleObject
CreateThread
ResumeThread
SetThreadPriority
GetSystemInfo
DuplicateHandle
SetEvent
ResetEvent
CreateEventW
SetEnvironmentVariableW
GetSystemDirectoryW
CreateMutexW
GetUserDefaultUILanguage
FindClose
FindNextFileW
FindFirstFileW
GetVersionExW
CompareFileTime
GetCommandLineW
GetFileAttributesW
SystemTimeToFileTime
GetSystemTime
Sleep
lstrlenA
WideCharToMultiByte
GetStdHandle
GetEnvironmentVariableW
GetTickCount
CreateSemaphoreW
OpenProcess
LoadLibraryW
WriteFile
ReadFile
CreateFileW
CloseHandle
OutputDebugStringW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetFileSizeEx
GetPrivateProfileSectionW
VerSetConditionMask
VerifyVersionInfoW
CreateDirectoryW
GetModuleHandleExW
FlushViewOfFile
InitializeCriticalSection
MulDiv
ReleaseMutex
FlushFileBuffers
GetFileSize
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
IsValidCodePage
GetACP
ReleaseSemaphore
GetSystemDefaultUILanguage
GetSystemPreferredUILanguages
MoveFileW
GetVersionExA
SwitchToThread
InitializeCriticalSectionAndSpinCount
OpenMutexW
RaiseException
DecodePointer
SetDllDirectoryW
HeapSetInformation
LoadLibraryExW
lstrcmpiW
FreeLibrary
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetLastError
FindResourceExW
MultiByteToWideChar
GetModuleFileNameW
lstrlenW
InitializeCriticalSectionEx
SizeofResource
LockResource
LoadResource
FindResourceW
HeapDestroy
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
GetProcAddress
GetModuleHandleW
SetUnhandledExceptionFilter
CreateProcessW

user32

GetScrollPos
GetScrollInfo
ShowScrollBar
SetScrollRange
GetScrollBarInfo
EnableScrollBar
DefWindowProcW
DefWindowProcA
GetQueueStatus
WaitMessage
GetMessageW
GetMessageA
SetScrollPos
LoadImageW
LoadIconW
DispatchMessageW
TranslateMessage
PeekMessageW
MsgWaitForMultipleObjectsEx
ReleaseDC
GetDC
UnregisterClassW
CharNextW
MessageBoxW
LoadStringW
GetClipboardFormatNameW
ValidateRect
GetGuiResources
PostThreadMessageW
DestroyWindow
RegisterClassW
CreateWindowExW
ShowWindow
KillTimer
SetTimer
GetMessageTime
UpdateLayeredWindow
GetSystemMetrics
SetScrollInfo
SystemParametersInfoA
PeekMessageA
GetScrollRange

imm32

ImmAssociateContext

shell32

SHGetFolderPathW
SHGetFileInfoW
SHCreateDirectoryExW
SHFileOperationW

ole32

CLSIDFromString
CreateStreamOnHGlobal
StringFromCLSID
CoInitialize
CoCreateGuid
CoGetCurrentLogicalThreadId
CreateItemMoniker
GetRunningObjectTable
CoWaitForMultipleHandles
CoCreateFreeThreadedMarshaler
OleUninitialize
CoInitializeSecurity
OleInitialize
StringFromGUID2
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance
IIDFromString
CoUninitialize

oleaut32

VariantTimeToSystemTime
SetErrorInfo
GetErrorInfo
SafeArrayRedim
SafeArrayLock
SafeArrayCopy
SafeArrayGetVartype
SysAllocString
SysAllocStringLen
SysFreeString
VariantClear
SysAllocStringByteLen
SysStringByteLen
VariantInit
SysStringLen
VarUI4FromStr
VarBstrCat
SafeArrayGetUBound
SafeArrayGetLBound
SystemTimeToVariantTime
SafeArrayUnlock
SafeArrayDestroy
SafeArrayCreate

shlwapi

PathFindFileNameW
PathAppendW
PathFileExistsW
PathRemoveFileSpecW
StrCmpIW
StrToInt64ExW
StrToIntExW
PathIsRelativeW
SHCreateStreamOnFileEx
PathIsFileSpecW
SHDeleteKeyW
PathMatchSpecW
PathRemoveBlanksW
PathFindExtensionW
PathIsDirectoryW
PathStripPathW
PathCombineW
AssocQueryStringW
PathRenameExtensionW
StrStrIW
PathRemoveBackslashW
PathRemoveExtensionW
PathAddBackslashW
PathCanonicalizeW

gdiplus

GdipCloneImage
GdiplusShutdown
GdipDisposeImage
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdiplusStartup
GdipFree
GdipCreateBitmapFromStream
GdipCreateBitmapFromScan0
GdipCreateHBITMAPFromBitmap
GdipAlloc
GdipCreateBitmapFromResource
GdipDrawImageRectRect
GdipDeleteGraphics
GdipGraphicsClear
GdipSetInterpolationMode
GdipCreateBitmapFromFile

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

crypt32

CryptUnprotectData

psapi

GetPerformanceInfo

gdi32

GetObjectW
CreateCompatibleDC
SelectObject
DeleteDC
GetDeviceCaps
DeleteObject

Exports

Exports

GetCallstack64
IsAssertEtwEnabled
SetOnAssertCallback
WriteAssertEtwEventA
WriteAssertEtwEventW

Sections

.text
Size: 401KB - Virtual size: 400KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 169KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

75c8bf1c9af400a8443d23dff3b017cd

Code Sign

0c:b5:19:da:ab:4d:05:0f:a4:68:6a:65:da:4a:e0:3fCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

35:ea:32:f5:1f:88:1b:5b:ba:fc:4d:b2:b5:6e:47:86:c3:21:1d:d8:22:51:40:d5:01:c2:87:7d:d0:b6:68:cfSigner

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

user32

imm32

shell32

ole32

oleaut32

shlwapi

gdiplus

version

crypt32

psapi

gdi32

Exports

Exports

Sections

.text Size: 401KB - Virtual size: 400KB

.rdata Size: 169KB - Virtual size: 168KB

.data Size: 2KB - Virtual size: 12KB

.pdata Size: 18KB - Virtual size: 17KB

.detourc Size: 8KB - Virtual size: 8KB

.detourd Size: 512B - Virtual size: 24B

.rsrc Size: 3.2MB - Virtual size: 3.2MB

.reloc Size: 4KB - Virtual size: 3KB

0c:b5:19:da:ab:4d:05:0f:a4:68:6a:65:da:4a:e0:3f
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

35:ea:32:f5:1f:88:1b:5b:ba:fc:4d:b2:b5:6e:47:86:c3:21:1d:d8:22:51:40:d5:01:c2:87:7d:d0:b6:68:cf
Signer

.text
Size: 401KB - Virtual size: 400KB

.rdata
Size: 169KB - Virtual size: 168KB

.data
Size: 2KB - Virtual size: 12KB

.pdata
Size: 18KB - Virtual size: 17KB

.detourc
Size: 8KB - Virtual size: 8KB

.detourd
Size: 512B - Virtual size: 24B

.rsrc
Size: 3.2MB - Virtual size: 3.2MB

.reloc
Size: 4KB - Virtual size: 3KB