R301698[.]exe | Triage

Resubmissions

29/08/2023, 17:30

230829-v3clbshb81 7

Sharing

Copy URL

Twitter E-mail

General

Target

R301698.exe
Size

78.7MB
MD5

b4d9f3038a40a7a27736e4e3a966e127
SHA1

784a746737662e9d80bdfc0bbfad4c16f42eb103
SHA256

fd43800177d4995efa8165e036bd60d05c32c7dd4fbc5bd24ef01a4df8c900f8
SHA512

32b693e07de4bb74f197b42a08a12d562be8bb45cd51e2f66bf431beb0eecf32f07fdfbfc8c1526ed6421f18a687d60643572ece51bcdbfce6e71418d0345bf6
SSDEEP

1572864:k0GjHFlsQYkCras0UoKjyGFgn/QY41CmBDgluCxm8HZpZ3k/dV+oxD8pZyZ3Nv:k0GjHFlsvkI6Uo7GG/41fahDHZpVkzvz

Score

1^/10

Malware Config

Signatures

Files

R301698.exe
.exe windows x86

fb98b857a706c11e09afedb36de7d6be

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:00:f9:7f:aa:2e:1e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

16/12/2003, 13:00

Not After

27/01/2014, 11:00

Subject

CN=GlobalSign RootSign Partners CA,OU=RootSign Partners CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:05:8a:2e:00:00:00:00:01:35
Certificate

Issuer

CN=Dell Inc. Enterprise Issuing CA2,O=Dell Inc.

Not Before

20/06/2008, 17:22

Not After

20/06/2011, 17:22

Subject

CN=Dell Inc,OU=IT,O=Dell Inc,L=Round Rock,ST=TX,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:03:f0:37:e4:45
Certificate

Issuer

CN=GlobalSign RootSign Partners CA,OU=RootSign Partners CA,O=GlobalSign nv-sa,C=BE

Not Before

18/05/2005, 10:00

Not After

18/05/2012, 10:00

Subject

CN=Dell Inc. Enterprise Issuing CA2,O=Dell Inc.

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageKeyEncipherment
KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersion
lstrlenA
CreateProcessA
lstrcmpiA
lstrcatA
lstrcpyA
WaitForSingleObject
WinExec
OpenFile
_lclose
GetFileAttributesA
_lwrite
GetTimeZoneInformation
_lread
LocalFileTimeToFileTime
DosDateTimeToFileTime
SetFileTime
GetFullPathNameA
CreateDirectoryA
GetLastError
SetVolumeLabelA
GetFileSize
GetVolumeInformationA
SetFilePointer
SetStdHandle
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetFileType
GetStdHandle
SetHandleCount
LoadLibraryA
FlushFileBuffers
GetCurrentProcess
TerminateProcess
GetOEMCP
GetCPInfo
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
WideCharToMultiByte
TlsGetValue
SetLastError
TlsAlloc
TlsSetValue
GetCurrentThreadId
RtlUnwind
DeleteCriticalSection
InitializeCriticalSection
HeapReAlloc
HeapCreate
HeapDestroy
GetEnvironmentVariableA
ExitProcess
GetCommandLineA
GetStartupInfoA
GetModuleHandleA
LeaveCriticalSection
EnterCriticalSection
FileTimeToLocalFileTime
FileTimeToSystemTime
GetCurrentDirectoryA
InterlockedIncrement
InterlockedDecrement
GetLocalTime
GetSystemTime
HeapFree
HeapAlloc
GetProcAddress
FreeLibrary
CompareFileTime
SetFileAttributesA
CopyFileA
GetTempPathA
DeleteFileA
SetCurrentDirectoryA
RemoveDirectoryA
ReadFile
_llseek
GetVersionExA
GetACP
GetDriveTypeA
FindFirstFileA
FindNextFileA
FindClose
VirtualAlloc
VirtualFree
Sleep
GetModuleFileNameA
CreateFileA
CloseHandle
GetWindowsDirectoryA
WriteFile
GetSystemDirectoryA

user32

SetActiveWindow
DestroyWindow
EnableWindow
SetWindowPos
EnumWindows
LoadBitmapA
LoadCursorA
OemToCharA
ShowWindow
GetMessageA
IsDialogMessageA
PostQuitMessage
GetDlgCtrlID
EnableMenuItem
KillTimer
SetTimer
GetWindowTextA
PostMessageA
SetFocus
CreateWindowExA
SetCursor
GetParent
AdjustWindowRectEx
DrawFocusRect
DdeInitializeA
DdeCreateStringHandleA
DdeConnect
wsprintfA
DdeCreateDataHandle
DdeClientTransaction
DdeGetLastError
DdeFreeStringHandle
DdeDisconnect
DdeUninitialize
UnregisterClassA
GetClassInfoA
RegisterClassA
MessageBeep
GetWindowLongA
SetWindowLongA
DefWindowProcA
SetWindowWord
GetClientRect
InvalidateRect
UpdateWindow
BeginPaint
FillRect
EndPaint
CallWindowProcA
GetDC
ScreenToClient
GetSysColor
FrameRect
ReleaseDC
MoveWindow
GetWindowWord
SetWindowTextA
SendMessageA
PeekMessageA
TranslateMessage
DispatchMessageA
MessageBoxA
DestroyIcon
DestroyCursor
GetDesktopWindow
GetWindowRect
LoadIconA
GetDlgItem

gdi32

SelectObject
CreateCompatibleDC
SetTextColor
SetBkColor
BitBlt
GetStockObject
SetBkMode
TextOutA
CreateSolidBrush
GetTextExtentPoint32A
DeleteObject
MoveToEx
LineTo
CreatePen
GetTextMetricsA
CreateFontIndirectA
DeleteDC
EnumFontFamiliesA

advapi32

RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegSetValueA
RegCreateKeyA

shell32

SHBrowseForFolderA
SHGetPathFromIDListA
ShellExecuteA
FindExecutableA

ole32

CoTaskMemFree

mpr

WNetGetConnectionA

Sections

.text
Size: 80KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

fb98b857a706c11e09afedb36de7d6be

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

04:00:00:00:00:00:f9:7f:aa:2e:1eCertificate

Key Usages

25:05:8a:2e:00:00:00:00:01:35Certificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:03:f0:37:e4:45Certificate

Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

mpr

Sections

.text Size: 80KB - Virtual size: 77KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 16KB - Virtual size: 123KB

.rsrc Size: 12KB - Virtual size: 9KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

04:00:00:00:00:00:f9:7f:aa:2e:1e
Certificate

25:05:8a:2e:00:00:00:00:01:35
Certificate

04:00:00:00:00:01:03:f0:37:e4:45
Certificate

.text
Size: 80KB - Virtual size: 77KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 16KB - Virtual size: 123KB

.rsrc
Size: 12KB - Virtual size: 9KB