overseer[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

overseer.exe
Size

1.9MB
MD5

6ae1afbc5a376bc9d0b4316056780acf
SHA1

7ad25394955b3499b4146058644bfd03d2b86f68
SHA256

8fb7469404a40350ff96bb6f059b049db5328f013613bf9b2cb440f35bd0c170
SHA512

45bb3925a11ffda4f81709b9844139a4ffe7351350410ca9c291c15c7413fb6f5a40d78c9b3a950336b21a84ce4aa043d30d65bb5ab13dfa2d421f382e2daf7c
SSDEEP

49152:Yipg/k51qJABggggMSezAuH1jGFKtTjmAaoP:hpgSwJagAuH1jeKt

Score

1^/10

Malware Config

Signatures

Files

overseer.exe
.exe windows x86

905e2f4d12bf699970e86c69159797e2

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:5a:1b:f3:e3:89:23:83:82:53:71:90:d3:49:e5:6a
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

15/10/2019, 00:00

Not After

19/10/2022, 12:00

Subject

CN=Avast Software s.r.o.,OU=RE 999,O=Avast Software s.r.o.,L=Prague,C=CZ

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:d5:fd:e4:e4:f2:28:cf:1a:d8:5b:29:62:50:e6:c7:21:e4:22:7b:83:79:48:e9:31:b6:00:95:26:c6:78:50
Signer

Actual PE Digest

62:d5:fd:e4:e4:f2:28:cf:1a:d8:5b:29:62:50:e6:c7:21:e4:22:7b:83:79:48:e9:31:b6:00:95:26:c6:78:50

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

ntdll

RtlNtStatusToDosError
VerSetConditionMask
RtlUnwind

kernel32

HeapAlloc
GetProcessHeap
K32GetProcessImageFileNameW
CreateProcessW
InitializeCriticalSectionEx
FreeLibrary
CreateEventW
SetEvent
ResetEvent
CreateSemaphoreW
ReleaseSemaphore
TryEnterCriticalSection
GetSystemInfo
GetTickCount
QueryPerformanceFrequency
QueryPerformanceCounter
ExpandEnvironmentStringsW
GetModuleFileNameW
GetFileAttributesW
LoadLibraryExW
GetWindowsDirectoryW
GetSystemDirectoryW
VirtualAlloc
VirtualFree
HeapDestroy
HeapReAlloc
GlobalMemoryStatusEx
GetExitCodeThread
TlsFree
GetDriveTypeW
SetFilePointer
SetFileAttributesW
LockFileEx
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetFileAttributesExW
FindClose
CreateDirectoryW
TlsSetValue
GetCurrentDirectoryW
FindFirstFileExW
FindNextFileW
QueryDosDeviceW
GetEnvironmentVariableW
FormatMessageW
GetDateFormatW
GetTimeFormatW
InitializeCriticalSectionAndSpinCount
GetVolumePathNameW
GetVolumeNameForVolumeMountPointW
GetVersion
HeapSize
LockResource
FindResourceExW
RaiseException
DecodePointer
SetEnvironmentVariableW
LoadLibraryW
GetFileSizeEx
GetModuleHandleExW
UnlockFileEx
WriteConsoleW
SetFileInformationByHandle
VerifyVersionInfoW
K32GetMappedFileNameW
CreateThreadpoolWork
FindNextVolumeW
GetVolumePathNamesForVolumeNameW
FindVolumeClose
GetSystemTimes
SleepEx
GetSystemDirectoryA
GetModuleHandleA
LoadLibraryA
MoveFileExA
GetEnvironmentVariableA
CreateFileA
GetVersionExA
ExpandEnvironmentStringsA
GetWindowsDirectoryA
IsProcessorFeaturePresent
SleepConditionVariableSRW
SleepConditionVariableCS
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
GetFileInformationByHandleEx
AreFileApisANSI
FormatMessageA
GetStringTypeW
TlsGetValue
TlsAlloc
GetSystemTimeAsFileTime
FileTimeToSystemTime
OutputDebugStringA
GetFullPathNameW
ReadFile
GetFileInformationByHandle
DeleteFileW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
CompareStringW
GetCurrentThread
SetEndOfFile
SetFilePointerEx
WriteFile
GetExitCodeProcess
WaitForSingleObject
GetCommandLineW
OpenMutexW
GetComputerNameW
GetLocaleInfoA
GetDiskFreeSpaceExW
GetNativeSystemInfo
GetVersionExW
SetLastError
ReleaseMutex
MultiByteToWideChar
OutputDebugStringW
GetCurrentProcessId
GetCurrentThreadId
DeviceIoControl
CopyFileW
MoveFileExW
FlushFileBuffers
CreateFileW
GetCurrentProcess
SetPriorityClass
HeapSetInformation
CreateMutexW
LocalFree
GetProcAddress
SetDllDirectoryW
GetSystemPowerStatus
QueryUnbiasedInterruptTime
SizeofResource
LoadResource
FindResourceW
GetModuleHandleW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetProcessTimes
WideCharToMultiByte
TerminateProcess
CloseHandle
OpenProcess
GetLastError
Sleep
GetTickCount64
LCMapStringW
GetLocaleInfoW
HeapFree
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
InitOnceComplete
InitOnceBeginInitialize
FreeLibraryWhenCallbackReturns
PeekNamedPipe
ExitProcess
GetStdHandle
GetFileType
SetStdHandle
FreeLibraryAndExitThread
ExitThread
CreateThread
InterlockedPushEntrySList
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
LCMapStringEx
EncodePointer
WaitForSingleObjectEx
CloseThreadpoolWork
SubmitThreadpoolWork
FindFirstVolumeW

user32

CharLowerW
LoadStringW
GetClassInfoExW
RegisterClassExW

advapi32

FreeSid
OpenServiceW
QueryServiceStatusEx
CloseServiceHandle
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegCreateKeyExW
RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
QueryServiceStatus
ControlService
StartServiceW
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyExA
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptAcquireContextA
CryptReleaseContext
CryptGenRandom
CryptAcquireContextW
RegDeleteKeyExW
RegEnumKeyW
RegQueryInfoKeyW
EqualSid
ConvertStringSidToSidW
OpenSCManagerW
LookupAccountSidW
AllocateAndInitializeSid
RevertToSelf
ImpersonateSelf
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenThreadToken
GetTokenInformation
OpenProcessToken

shell32

SHGetFolderPathW
ShellExecuteExW

ole32

CoUninitialize
CoInitializeEx
CoCreateInstance

oleaut32

SysFreeString
VariantClear
VariantInit
SysAllocString

shlwapi

PathMatchSpecW

winhttp

WinHttpCrackUrl

ws2_32

ioctlsocket
select
__WSAFDIsSet
WSACleanup
WSAStartup
WSAIoctl
WSASetLastError
socket
setsockopt
ntohs
htons
gethostname
recvfrom
htonl
connect
closesocket
bind
WSAGetLastError
recv
ntohl
WSAWaitForMultipleEvents
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
send
getpeername
inet_addr
getsockname
getsockopt

crypt32

CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertFindExtension
CertAddCertificateContextToStore
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryA
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertOpenStore
CertCloseStore

Exports

Exports

asw_process_storage_allocate_connector
asw_process_storage_deallocate_connector
on_avast_dll_unload
onexit_register_connector_avast_2

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 400KB - Virtual size: 399KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

905e2f4d12bf699970e86c69159797e2

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

02:5a:1b:f3:e3:89:23:83:82:53:71:90:d3:49:e5:6aCertificate

Extended Key Usages

Key Usages

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

62:d5:fd:e4:e4:f2:28:cf:1a:d8:5b:29:62:50:e6:c7:21:e4:22:7b:83:79:48:e9:31:b6:00:95:26:c6:78:50Signer

Headers

DLL Characteristics

File Characteristics

Imports

version

ntdll

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

winhttp

ws2_32

crypt32

Exports

Exports

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 400KB - Virtual size: 399KB

.data Size: 29KB - Virtual size: 39KB

.rsrc Size: 51KB - Virtual size: 51KB

.reloc Size: 65KB - Virtual size: 64KB

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

02:5a:1b:f3:e3:89:23:83:82:53:71:90:d3:49:e5:6a
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

62:d5:fd:e4:e4:f2:28:cf:1a:d8:5b:29:62:50:e6:c7:21:e4:22:7b:83:79:48:e9:31:b6:00:95:26:c6:78:50
Signer

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 400KB - Virtual size: 399KB

.data
Size: 29KB - Virtual size: 39KB

.rsrc
Size: 51KB - Virtual size: 51KB

.reloc
Size: 65KB - Virtual size: 64KB