aitstatic[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

aitstatic.exe
Size

1.1MB
MD5

f57e1d225ae5c2c8f475a99bfdf018f4
SHA1

b08fdcbee3dbf1d64f1bac43fffe03fc040dda35
SHA256

705cd3480ab71d08cf94fb62276f8f326a71d46c333fa042085992f589da307d
SHA512

532d3eb05ce25c8c917148704e18945fa91ef100a63aeebb435a26bbaabf85b17188836d1f0216faf0e71263eff4713d44f6c895655eaf162fdbfcc7d23b2167
SSDEEP

24576:o4QJ0BB0mr5r6atjDDE6V061wMNr0fdfTioS87KcFnUGw:o4k0BxftjDjVrqMNkdGoS8+wE

Score

1^/10

Malware Config

Signatures

Files

aitstatic.exe
.exe windows x86

e78c101bbd4d0ba29714abf76a7e3c2a

Code Sign

33:00:00:00:5a:ed:2f:f4:e4:20:99:3f:3a:00:00:00:00:00:5a
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2014, 17:13

Not After

23/08/2015, 17:13

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:B8EC-30A4-7144,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:00:ca:6c:d5:32:12:35:c4:e1:55:00:01:00:00:00:ca
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/04/2014, 17:39

Not After

22/07/2015, 17:39

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:7b:a2:81:0b:87:11:ab:e7:fc:00:00:00:00:00:7b
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

01/10/2014, 18:06

Not After

01/01/2016, 18:06

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

cf:76:e7:cb:35:ad:99:24:8b:68:f4:9f:7d:99:3e:80:ac:48:a7:db:b1:23:06:dc:dd:dc:bc:96:f7:4e:90:3e
Signer

Actual PE Digest

cf:76:e7:cb:35:ad:99:24:8b:68:f4:9f:7d:99:3e:80:ac:48:a7:db:b1:23:06:dc:dd:dc:bc:96:f7:4e:90:3e

Digest Algorithm

sha256

PE Digest Matches

true

e6:2b:39:09:46:41:1f:88:92:56:d6:5f:84:31:64:86:b8:d6:e6:be
Signer

Actual PE Digest

e6:2b:39:09:46:41:1f:88:92:56:d6:5f:84:31:64:86:b8:d6:e6:be

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LocalAlloc
HeapAlloc
MoveFileExW
HeapFree
GetProcessHeap
GetVolumePathNameW
GetFileAttributesExW
ReleaseMutex
GetVolumeNameForVolumeMountPointW
DeleteFileW
CreateMutexW
GetSystemWindowsDirectoryW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
GetModuleHandleA
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
FreeLibrary
GetModuleHandleExW
WriteFile
GetModuleFileNameW
CreateFileW
GetLastError
SetLastError
GetProcAddress
OutputDebugStringA
CloseHandle
DebugBreak
WaitForSingleObject
HeapReAlloc
FindFirstFileW
GetSystemDirectoryW
GetSystemWow64DirectoryW
GetFileAttributesW
MultiByteToWideChar
FindClose
FindNextFileW
RaiseException
MapViewOfFile
UnmapViewOfFile
VirtualQuery
GetFileSizeEx
CreateFileMappingW
GetFileInformationByHandle
WideCharToMultiByte
LocalFree
LoadLibraryExW
GetSystemTimeAsFileTime
HeapSetInformation
GetCurrentProcess
Sleep
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
GetSystemInfo
LoadLibraryExA
VirtualProtect

msvcrt

_wcsnicmp
strncpy_s
_strrev
free
_strdup
_stricmp
_wcsrev
wcsncmp
qsort_s
wcstoul
_wcslwr
_callnewh
swprintf_s
iswalpha
wcschr
memset
memcpy_s
_vsnprintf
_vsnwprintf
wcsrchr
strnlen
strrchr
malloc
swscanf_s
wcstombs_s
towlower
??1type_info@@UAE@XZ
strchr
memmove
sprintf_s
_ui64toa_s
__CxxFrameHandler3
memcpy
_except_handler4_common
_controlfp
?terminate@@YAXXZ
_initterm
__setusermatherr
__p__fmode
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__p__commode
_XcptFilter
_wfullpath
_wcsicmp
printf
vprintf
bsearch_s

ntdll

RtlReAllocateHeap
RtlGUIDFromString
RtlNtStatusToDosError
RtlCharToInteger
RtlGetNativeSystemInformation
EtwTraceMessage
RtlAppendUnicodeToString
RtlAppendUnicodeStringToString
ZwQueryValueKey
RtlInitUnicodeStringEx
ZwOpenKey
RtlInitUnicodeString
EtwEventWrite
RtlInitializeCriticalSection
RtlLeaveCriticalSection
RtlDeleteCriticalSection
EtwEventUnregister
RtlAllocateHeap
ZwClose
EtwEventRegister
RtlFreeHeap
RtlEnterCriticalSection
EtwEventWriteNoRegistration

ole32

CoInitializeEx
CoUninitialize
CoCreateGuid
CoCreateInstance

oleaut32

SysFreeString
VariantClear
SysStringLen
SysAllocString
VariantInit

advapi32

RegLoadAppKeyW
RegDeleteValueW
EventRegister
EventUnregister
EventWriteTransfer
RegEnumKeyExW
RegCloseKey
RegGetValueW
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW

shlwapi

PathFindExtensionA
PathStripPathW
PathRemoveBackslashW
PathFindExtensionW

mscoree

CLRCreateInstance

Exports

Exports

_CreateDCW@16
_DeleteDC@4
_GetFirmwareType@4
_RtlCheckPortableOperatingSystem@4

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e78c101bbd4d0ba29714abf76a7e3c2a

Code Sign

33:00:00:00:5a:ed:2f:f4:e4:20:99:3f:3a:00:00:00:00:00:5aCertificate

Extended Key Usages

33:00:00:00:ca:6c:d5:32:12:35:c4:e1:55:00:01:00:00:00:caCertificate

Extended Key Usages

61:33:26:1a:00:00:00:00:00:31Certificate

Key Usages

61:16:68:34:00:00:00:00:00:1cCertificate

Extended Key Usages

Key Usages

33:00:00:00:7b:a2:81:0b:87:11:ab:e7:fc:00:00:00:00:00:7bCertificate

Extended Key Usages

61:0c:52:4c:00:00:00:00:00:03Certificate

Key Usages

cf:76:e7:cb:35:ad:99:24:8b:68:f4:9f:7d:99:3e:80:ac:48:a7:db:b1:23:06:dc:dd:dc:bc:96:f7:4e:90:3eSigner

e6:2b:39:09:46:41:1f:88:92:56:d6:5f:84:31:64:86:b8:d6:e6:beSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

ntdll

ole32

oleaut32

advapi32

shlwapi

mscoree

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.data Size: 1024B - Virtual size: 2KB

.idata Size: 4KB - Virtual size: 4KB

.didat Size: 512B - Virtual size: 16B

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 20KB - Virtual size: 20KB

33:00:00:00:5a:ed:2f:f4:e4:20:99:3f:3a:00:00:00:00:00:5a
Certificate

33:00:00:00:ca:6c:d5:32:12:35:c4:e1:55:00:01:00:00:00:ca
Certificate

61:33:26:1a:00:00:00:00:00:31
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

33:00:00:00:7b:a2:81:0b:87:11:ab:e7:fc:00:00:00:00:00:7b
Certificate

61:0c:52:4c:00:00:00:00:00:03
Certificate

cf:76:e7:cb:35:ad:99:24:8b:68:f4:9f:7d:99:3e:80:ac:48:a7:db:b1:23:06:dc:dd:dc:bc:96:f7:4e:90:3e
Signer

e6:2b:39:09:46:41:1f:88:92:56:d6:5f:84:31:64:86:b8:d6:e6:be
Signer

.text
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 1024B - Virtual size: 2KB

.idata
Size: 4KB - Virtual size: 4KB

.didat
Size: 512B - Virtual size: 16B

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 20KB - Virtual size: 20KB