Start[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

Start.exe
Size

456KB
MD5

552b77913d6c90595e9c4d97e38ccf78
SHA1

f26f738300206a19aa03cf8002cbd05dbd8d8fd7
SHA256

9d45b2d1dfbadb2297ab551084edc1ef31f14f058ca894ea1b7ce4f77a36bfb3
SHA512

f04e9e58dabee309364cd11e28fa8949613258a02fb668eb528f1023f68c0d5595da150b9b3cb1b713a06085eada5e4cdedbfdb6b3860aa634e1bc17a7f7dbb4
SSDEEP

6144:UwXaUhoveNAlh/MUAirc+G5xgT/AXTw/ohz28R7spOswaATH:UwXaUhoWo+iEwod7+U/

Score

1^/10

Malware Config

Signatures

Files

Start.exe
.exe windows x64

1259da9a5792464021859720f5f2f5d3

Code Sign

08:c8:ec:ea:59:44:ae:e2:2b:b2:18:50:8e:97:98:b8
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

31/07/2020, 00:00

Not After

03/08/2023, 12:00

Subject

CN=Qi An Xin Technology Group Inc.,O=Qi An Xin Technology Group Inc.,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:1c:b2:8a:00:00:00:00:00:26
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:41

Not After

15/04/2021, 19:51

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

31/05/2021, 06:43

Not After

17/09/2029, 06:43

Subject

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:d4:ae:70:b9:d0:63:5b:2a:e9:84:c8:d6:74:aa:30
Certificate

Issuer

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

28/07/2022, 08:56

Not After

27/07/2033, 08:56

Subject

CN=Certum Timestamp 2022,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:bc:db:09:00:11:fd:11:c3:34:1d:74:52:75:e9:9a
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

06/08/2020, 00:00

Not After

03/08/2023, 12:00

Subject

SERIALNUMBER=91110105397625067T,CN=Qi An Xin Technology Group Inc.,O=Qi An Xin Technology Group Inc.,ST=Beijing,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#13074265696a696e67,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2b:d4:ae:70:b9:d0:63:5b:2a:e9:84:c8:d6:74:aa:30
Certificate

Issuer

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

28/07/2022, 08:56

Not After

27/07/2033, 08:56

Subject

CN=Certum Timestamp 2022,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

31/05/2021, 06:43

Not After

17/09/2029, 06:43

Subject

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

a6:6a:d1:73:4f:16:4c:85:e2:a5:cb:32:71:db:cd:24:55:19:b7:8a:42:6e:52:c1:d6:d7:6f:59:7d:e5:be:2a
Signer

Actual PE Digest

a6:6a:d1:73:4f:16:4c:85:e2:a5:cb:32:71:db:cd:24:55:19:b7:8a:42:6e:52:c1:d6:d7:6f:59:7d:e5:be:2a

Digest Algorithm

sha256

PE Digest Matches

true

cb:0f:aa:d0:b5:e7:fd:4f:0a:51:3e:46:bb:32:25:2f:3c:cc:58:65
Signer

Actual PE Digest

cb:0f:aa:d0:b5:e7:fd:4f:0a:51:3e:46:bb:32:25:2f:3c:cc:58:65

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntdll

RtlVirtualUnwind
RtlCaptureContext
RtlUnwindEx
RtlLookupFunctionEntry
RtlPcToFileHeader
NtTerminateThread
NtTerminateProcess
NtOpenKey
RtlNtStatusToDosError
RtlInitUnicodeString
NtSetInformationFile
NtQueryInformationFile
NtCreateFile
NtClose

user32

RegisterClassW
CreateMenu
CreatePopupMenu
DestroyMenu
GetMenuItemCount
TrackPopupMenu
GetMenuInfo
SetMenuInfo
InsertMenuItemW
GetDC
DestroyIcon
DrawIconEx
IsWindowEnabled
GetWindowTextW
MapWindowPoints
GetWindowLongW
SetWindowLongW
GetMessageW
PostThreadMessageW
GetAsyncKeyState
AllowSetForegroundWindow
DefWindowProcW
DestroyWindow
SendDlgItemMessageW
SetFocus
EnableWindow
GetSystemMetrics
ExitWindowsEx
SetPropW
GetPropW
MessageBoxW
wsprintfW
ClientToScreen
GetWindowLongPtrW
SetWindowLongPtrW
GetSysColorBrush
CreateWindowExW
CallWindowProcW
LoadImageW
GetDesktopWindow
ScreenToClient
GetWindowRect
GetClientRect
SetWindowTextW
SetForegroundWindow
SendMessageW
ShowWindow
MoveWindow
SetWindowPos
DialogBoxParamW
DialogBoxIndirectParamW
KillTimer
SetTimer
SetDlgItemTextW
GetDlgItem
EndDialog

shell32

ShellExecuteExW
ExtractAssociatedIconW
ExtractIconW
ExtractIconExW
SHGetSpecialFolderPathW
ShellExecuteW
SHBindToParent
SHGetFolderPathW

shlwapi

SHAutoComplete
PathFileExistsW
AssocQueryStringW
StrStrIW

kernel32

InitializeCriticalSection
OutputDebugStringA
SetConsoleTextAttribute
GetConsoleScreenBufferInfo
DecodePointer
GlobalFree
GetWindowsDirectoryA
GlobalUnlock
GlobalAlloc
FindResourceW
SizeofResource
LockResource
LoadResource
GetComputerNameA
QueryPerformanceCounter
InitializeSListHead
DuplicateHandle
GetTimeZoneInformation
SetEndOfFile
GetEnvironmentStringsW
FreeEnvironmentStringsW
DeleteFileW
GetTempPathA
CreatePipe
FindFirstFileExW
GlobalLock
TlsAlloc
WriteConsoleW
HeapSize
OutputDebugStringW
ReadConsoleW
ReadFile
FlushFileBuffers
GetConsoleMode
GetConsoleOutputCP
SetStdHandle
GetStringTypeW
SetFilePointerEx
GetFileSizeEx
GetOEMCP
GetACP
IsValidCodePage
WideCharToMultiByte
GetCPInfo
MultiByteToWideChar
GetModuleHandleExW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetFileType
GetFileAttributesExW
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
HeapAlloc
HeapFree
GetProcessHeap
GetTickCount
GetModuleHandleW
LocalFree
GetCurrentProcessId
GetStartupInfoW
ExpandEnvironmentStringsW
FindClose
FindFirstFileW
FindNextFileW
RemoveDirectoryW
CloseHandle
SetLastError
HeapCreate
HeapDestroy
WaitForSingleObject
CreateEventW
Sleep
ExitProcess
GetExitCodeProcess
CreateThread
CreateProcessW
ProcessIdToSessionId
GetSystemTimeAsFileTime
GetModuleFileNameW
GetEnvironmentVariableW
SetEnvironmentVariableW
GetFileAttributesW
GetFullPathNameW
GetSystemWindowsDirectoryW
CreateFileW
GetLogicalDrives
HeapReAlloc
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
GetStdHandle
GetCommandLineW
SetCurrentDirectoryW
GetCurrentDirectoryW
WriteFile
GetLastError
GetCurrentThreadId
GetVersionExW
GetProcAddress
LoadLibraryW
FormatMessageW
RaiseException
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsGetValue
GetCommandLineA

gdi32

PatBlt
CreateCompatibleBitmap
SelectObject
CreateCompatibleDC

rfsbiedll

SbieApi_EnumBoxesEx
File_GetName
Key_GetName
SbieDll_StartCOM
SbieDll_CallServer
SbieDll_RunOutofSandboxed
SbieDll_RunSandboxed
SbieDll_FormatMessage
SbieDll_GetTokenElevationType
SbieDll_KillAll
SbieDll_GetLanguage
SbieDll_GetStartError
SbieDll_StartSbieSvc
SbieDll_RunStartExe
SbieDll_GetSysFunction
SbieApi_IsBoxEnabled
SbieApi_ReloadConf
SbieApi_DisableForceProcess
SbieDll_InitPStore
SbieApi_QueryProcessInfo
SbieDll_GetHandlePath
SbieDll_IsDirectory
SbieDll_IsReservedFileName
SbieDll_TranslateNtToDosPath
SbieApi_EnumBoxes
SbieApi_EnumProcessEx
SbieApi_QueryBoxPath
SbieApi_QueryConf
SbieApi_QueryProcess
SbieDll_FreeMem
SbieDll_CallServerQueue
SbieDll_FormatMessage1
SbieDll_FormatMessage0
SbieApi_QueryConfBool
SbieApi_Call
SbieApi_GetHomePath

ole32

CoTaskMemFree
CoCreateInstance
CoInitialize
CreateStreamOnHGlobal

advapi32

RegEnumValueW

comctl32

InitCommonControlsEx

comdlg32

GetOpenFileNameW

gdiplus

GdipDisposeImage
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromStream
GdiplusStartup

Sections

.text
Size: 269KB - Virtual size: 269KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1259da9a5792464021859720f5f2f5d3

Code Sign

08:c8:ec:ea:59:44:ae:e2:2b:b2:18:50:8e:97:98:b8Certificate

Extended Key Usages

Key Usages

61:1c:b2:8a:00:00:00:00:00:26Certificate

Key Usages

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27Certificate

Key Usages

2b:d4:ae:70:b9:d0:63:5b:2a:e9:84:c8:d6:74:aa:30Certificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87Certificate

Extended Key Usages

Key Usages

61:20:4d:b4:00:00:00:00:00:27Certificate

Key Usages

0a:bc:db:09:00:11:fd:11:c3:34:1d:74:52:75:e9:9aCertificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

2b:d4:ae:70:b9:d0:63:5b:2a:e9:84:c8:d6:74:aa:30Certificate

Extended Key Usages

Key Usages

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87Certificate

Extended Key Usages

Key Usages

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27Certificate

Key Usages

a6:6a:d1:73:4f:16:4c:85:e2:a5:cb:32:71:db:cd:24:55:19:b7:8a:42:6e:52:c1:d6:d7:6f:59:7d:e5:be:2aSigner

cb:0f:aa:d0:b5:e7:fd:4f:0a:51:3e:46:bb:32:25:2f:3c:cc:58:65Signer

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

user32

shell32

shlwapi

kernel32

gdi32

rfsbiedll

ole32

advapi32

comctl32

comdlg32

gdiplus

Sections

.text Size: 269KB - Virtual size: 269KB

.rdata Size: 108KB - Virtual size: 107KB

.data Size: 5KB - Virtual size: 75KB

.pdata Size: 13KB - Virtual size: 13KB

_RDATA Size: 512B - Virtual size: 148B

.rsrc Size: 32KB - Virtual size: 31KB

.reloc Size: 4KB - Virtual size: 3KB

08:c8:ec:ea:59:44:ae:e2:2b:b2:18:50:8e:97:98:b8
Certificate

61:1c:b2:8a:00:00:00:00:00:26
Certificate

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

2b:d4:ae:70:b9:d0:63:5b:2a:e9:84:c8:d6:74:aa:30
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

61:20:4d:b4:00:00:00:00:00:27
Certificate

0a:bc:db:09:00:11:fd:11:c3:34:1d:74:52:75:e9:9a
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

2b:d4:ae:70:b9:d0:63:5b:2a:e9:84:c8:d6:74:aa:30
Certificate

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

a6:6a:d1:73:4f:16:4c:85:e2:a5:cb:32:71:db:cd:24:55:19:b7:8a:42:6e:52:c1:d6:d7:6f:59:7d:e5:be:2a
Signer

cb:0f:aa:d0:b5:e7:fd:4f:0a:51:3e:46:bb:32:25:2f:3c:cc:58:65
Signer

.text
Size: 269KB - Virtual size: 269KB

.rdata
Size: 108KB - Virtual size: 107KB

.data
Size: 5KB - Virtual size: 75KB

.pdata
Size: 13KB - Virtual size: 13KB

_RDATA
Size: 512B - Virtual size: 148B

.rsrc
Size: 32KB - Virtual size: 31KB

.reloc
Size: 4KB - Virtual size: 3KB