code9[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

code9.exe
Size

4.2MB
MD5

90454b28a84ef4460cebb209f4f32a9f
SHA1

5706da7141722d79bcb10c6117233c1803ecbc4e
SHA256

04c0a4f3b5f787a0c9fa8f6d8ef19e01097185dd1f2ba40ae4bbbeca9c3a1c72
SHA512

ab6a828f0f0a112edc58bfb4da200c583026bbb1383da4969b24f027caae75d1785995bb71fc0f939d64bc54e57a2f6f5492cd6ad060fa7f14fb520048ae19a2
SSDEEP

49152:O5OYStm19B3kZpbvEU+/z/Njy/mUuxtYP8Zgxyq5e5C116xq0aN3bjdmOVpMeqM:Uz38GLly/mhrgsre16xUNYOVpMeq

Score

1^/10

Malware Config

Signatures

Files

code9.exe
.exe windows x86

bd3f7f678fb430f11e2724eb0cd7bd18

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0d:bf:15:2d:ea:f0:b9:81:a8:a9:38:d5:3f:76:9d:b8
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

13/12/2021, 00:00

Not After

08/01/2025, 23:59

Subject

CN=philandro Software GmbH,O=philandro Software GmbH,L=Stuttgart,ST=Baden-Württemberg,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:bf:15:2d:ea:f0:b9:81:a8:a9:38:d5:3f:76:9d:b8
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

13/12/2021, 00:00

Not After

08/01/2025, 23:59

Subject

CN=philandro Software GmbH,O=philandro Software GmbH,L=Stuttgart,ST=Baden-Württemberg,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

20:41:49:68:85:f3:07:78:15:d1:ae:27:35:30:e3:0e:b3:6b:b1:df:df:4f:55:2b:0f:40:51:3d:40:95:0f:0f
Signer

Actual PE Digest

20:41:49:68:85:f3:07:78:15:d1:ae:27:35:30:e3:0e:b3:6b:b1:df:df:4f:55:2b:0f:40:51:3d:40:95:0f:0f

Digest Algorithm

sha256

PE Digest Matches

false

fc:40:d6:dd:3b:48:c9:35:8b:ea:bb:1b:2d:ea:4e:35:05:82:34:e5
Signer

Actual PE Digest

fc:40:d6:dd:3b:48:c9:35:8b:ea:bb:1b:2d:ea:4e:35:05:82:34:e5

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RtlUnwind
GetSystemTimeAsFileTime
HeapFree
IsBadReadPtr
TerminateProcess
HeapAlloc
HeapReAlloc
ExitThread
CreateThread
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapSize
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
ExitProcess
HeapCreate
VirtualFree
SetUnhandledExceptionFilter
IsBadWritePtr
LCMapStringA
LCMapStringW
GetTimeZoneInformation
GetOEMCP
GetCPInfo
IsBadCodePtr
SetStdHandle
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetStartupInfoW
GetFileTime
GetFileAttributesW
FileTimeToLocalFileTime
SetErrorMode
GetVolumeInformationW
FindClose
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
GlobalFlags
lstrcmpiW
FileTimeToSystemTime
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
GlobalHandle
GlobalReAlloc
LocalAlloc
RaiseException
WaitForMultipleObjects
WritePrivateProfileStringW
ConvertDefaultLocale
EnumResourceLanguagesW
GetLocaleInfoW
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
lstrcatW
lstrcmpW
GetModuleHandleW
CreateEventW
SuspendThread
ResumeThread
SetThreadPriority
SetLastError
lstrcpyW
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageW
lstrcpynW
CreateMutexA
ReleaseMutex
GetCurrentThread
GetThreadContext
GetCurrentThreadId
GetTempFileNameA
GetCurrentProcessId
DeleteFileA
DeviceIoControl
GetSystemDirectoryA
GetVolumeInformationA
GetVersion
MulDiv
CreateEventA
SetEvent
FormatMessageA
LocalFree
ResetEvent
GetThreadPriority
GetSystemDefaultLangID
WinExec
CreateDirectoryA
GetModuleFileNameW
GetUserDefaultLangID
GetModuleFileNameA
QueryPerformanceFrequency
QueryPerformanceCounter
ReleaseSemaphore
WaitForSingleObject
Sleep
lstrlenA
lstrlenW
LoadLibraryA
GetProcAddress
FreeLibrary
IsValidCodePage
WideCharToMultiByte
IsDBCSLeadByteEx
FindResourceExA
GetModuleHandleA
GetFullPathNameW
GetVersionExA
InterlockedDecrement
InterlockedIncrement
LeaveCriticalSection
InitializeCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetTickCount
GetCurrentDirectoryW
GetCurrentDirectoryA
ReadFile
GetStdHandle
GetCurrentProcess
DuplicateHandle
CreateFileA
CreateDirectoryW
FindFirstFileW
FreeResource
CreateFileW
GetFileSize
WriteFile
SetFilePointer
CloseHandle
GetLocalTime
LoadLibraryW
CreateSemaphoreW
GetLastError
GlobalFree
DeleteFileW
MultiByteToWideChar
FindResourceW
LoadResource
LockResource
SizeofResource
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
HeapDestroy
InterlockedExchange

user32

RegisterClipboardFormatW
PostThreadMessageW
SetWindowContextHelpId
wsprintfW
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
PostQuitMessage
GetWindowDC
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
SetMenuItemBitmaps
CheckMenuItem
GetMenuCheckMarkDimensions
MoveWindow
SetWindowTextW
IsDialogMessageW
IsDlgButtonChecked
SetDlgItemTextW
CheckDlgButton
RegisterWindowMessageW
WinHelpW
CreateWindowExW
GetClassInfoExW
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
SendDlgItemMessageW
SendDlgItemMessageA
IsChild
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
GetLastActivePopup
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetScrollRange
GetScrollPos
SetForegroundWindow
GetScrollInfo
GetClassInfoW
RegisterClassW
UnregisterClassW
DefWindowProcW
CallWindowProcW
GetWindowLongW
IntersectRect
GetWindowPlacement
GetWindow
CallNextHookEx
GetActiveWindow
PeekMessageW
ValidateRect
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
CallWindowProcA
GetMessageA
IsDialogMessageA
LoadBitmapA
IsWindowEnabled
SetFocus
LoadImageA
RemovePropA
GetDlgCtrlID
GetWindowLongA
DrawFocusRect
GetWindowTextLengthA
GetWindowTextA
wsprintfA
SetWindowTextA
GetUpdateRect
BeginPaint
GetPropA
DrawTextA
SetPropA
EndPaint
LoadCursorA
GetQueueStatus
TrackMouseEvent
DestroyCursor
GetDlgItem
MsgWaitForMultipleObjectsEx
PeekMessageA
DispatchMessageA
LoadIconA
RegisterClassExA
CreateDialogIndirectParamA
MapDialogRect
AdjustWindowRectEx
CreateWindowExA
SystemParametersInfoA
SetWindowPos
DefWindowProcA
EnumChildWindows
SetWindowLongA
DeleteMenu
SendMessageA
SetActiveWindow
DestroyWindow
GetAsyncKeyState
GetMessagePos
ScreenToClient
GetCursorPos
DrawIconEx
GetSysColor
ClientToScreen
PostMessageW
DestroyIcon
LoadImageW
SetParent
MessageBeep
MapWindowPoints
GetNextDlgGroupItem
InvalidateRgn
CopyAcceleratorTableW
SetRect
IsRectEmpty
CharNextW
CharUpperW
GetFocus
GetCapture
LoadBitmapW
PtInRect
RedrawWindow
FrameRect
FillRect
GetParent
EqualRect
OffsetRect
CopyRect
IsWindow
LoadStringW
LoadCursorW
SetCursor
IsWindowVisible
LoadAcceleratorsW
InflateRect
GetSysColorBrush
MsgWaitForMultipleObjects
DestroyMenu
GetMessageW
GetKeyState
GetSystemMetrics
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
InvalidateRect
GetWindowRect
IsIconic
GetSystemMenu
GetMenu
ModifyMenuW
EnableMenuItem
AppendMenuW
DrawIcon
FindWindowW
BringWindowToTop
ShowWindow
GetDesktopWindow
MessageBoxW
SetWindowLongW
ReleaseCapture
LoadIconW
EnableWindow
SetCapture
KillTimer
SetTimer
UpdateWindow
ReleaseDC
GetDC
GetClientRect
SendMessageW
SetWindowsHookExW

gdi32

GetMapMode
GetTextColor
GetRgnBox
CreatePen
SetMapMode
SetStretchBltMode
RestoreDC
SaveDC
CreateBitmap
SetBkColor
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
CreateSolidBrush
GetClipBox
CreateRectRgnIndirect
CreatePatternBrush
UnrealizeObject
SetBrushOrgEx
GetStockObject
SetBkMode
SetTextColor
GetTextMetricsA
GetDeviceCaps
GetTextFaceA
CreateFontIndirectA
GetTextExtentPoint32A
BitBlt
Rectangle
CreateCompatibleBitmap
GetBkColor
GetStretchBltMode
CreateDIBPatternBrushPt
DeleteObject
CreateDIBSection
DeleteDC
GetTextExtentPoint32W
GetObjectW
StretchBlt
SelectObject
CreateCompatibleDC

msimg32

TransparentBlt

comdlg32

GetFileTitleW
GetOpenFileNameW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegQueryInfoKeyW
RegOpenKeyW
RegQueryValueExA
RegCloseKey
RegEnumKeyExA
RegOpenKeyExA
RegEnumKeyW
RegOverridePredefKey
RegOpenKeyExW
RegQueryInfoKeyA
RegDeleteKeyW
RegQueryValueW
RegCreateKeyExW
RegQueryValueExW
RegSetValueExW

shell32

ShellExecuteW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetSpecialFolderPathW
DragQueryFileW
ShellExecuteA
SHGetSpecialFolderPathA

comctl32

ImageList_ReplaceIcon
ImageList_BeginDrag
ImageList_DragMove
ImageList_DragShowNolock
ImageList_DragEnter
ImageList_DragLeave
ord17
ImageList_Destroy
ImageList_Create

shlwapi

PathFindFileNameW
PathStripToRootW
PathFindExtensionW
PathIsUNCW

oledlg

OleUIBusyW

ole32

CLSIDFromProgID
OleIsCurrentClipboard
CoInitialize
CoCreateInstance
CoTaskMemFree
CLSIDFromString
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
CoRegisterMessageFilter
CoTaskMemAlloc
CoUninitialize
OleFlushClipboard

oleaut32

OleCreateFontIndirect
SysAllocString
SystemTimeToVariantTime
SafeArrayDestroy
VariantCopy
VariantInit
VariantChangeType
VariantClear
SysAllocStringLen
SysStringLen
SysFreeString

wininet

HttpQueryInfoA
InternetErrorDlg
InternetCheckConnectionA
InternetOpenA
InternetConnectA
HttpOpenRequestA
InternetSetOptionA
HttpSendRequestA
InternetReadFile
InternetCloseHandle

winmm

timeKillEvent
timeSetEvent
timeGetTime
timeEndPeriod
timeBeginPeriod

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 836KB - Virtual size: 835KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 960KB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

TORQ_CX_
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bd3f7f678fb430f11e2724eb0cd7bd18

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

0d:bf:15:2d:ea:f0:b9:81:a8:a9:38:d5:3f:76:9d:b8Certificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0d:bf:15:2d:ea:f0:b9:81:a8:a9:38:d5:3f:76:9d:b8Certificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

20:41:49:68:85:f3:07:78:15:d1:ae:27:35:30:e3:0e:b3:6b:b1:df:df:4f:55:2b:0f:40:51:3d:40:95:0f:0fSigner

fc:40:d6:dd:3b:48:c9:35:8b:ea:bb:1b:2d:ea:4e:35:05:82:34:e5Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

wininet

winmm

Sections

.text Size: 2.4MB - Virtual size: 2.4MB

.rdata Size: 836KB - Virtual size: 835KB

.data Size: 960KB - Virtual size: 1.8MB

TORQ_CX_ Size: 4KB - Virtual size: 4KB

.rsrc Size: 28KB - Virtual size: 27KB

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

0d:bf:15:2d:ea:f0:b9:81:a8:a9:38:d5:3f:76:9d:b8
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0d:bf:15:2d:ea:f0:b9:81:a8:a9:38:d5:3f:76:9d:b8
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

20:41:49:68:85:f3:07:78:15:d1:ae:27:35:30:e3:0e:b3:6b:b1:df:df:4f:55:2b:0f:40:51:3d:40:95:0f:0f
Signer

fc:40:d6:dd:3b:48:c9:35:8b:ea:bb:1b:2d:ea:4e:35:05:82:34:e5
Signer

.text
Size: 2.4MB - Virtual size: 2.4MB

.rdata
Size: 836KB - Virtual size: 835KB

.data
Size: 960KB - Virtual size: 1.8MB

TORQ_CX_
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 28KB - Virtual size: 27KB