1af17c198c3d420d3ad9af74ecdfd940_console[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

1af17c198c3d420d3ad9af74ecdfd940_console.exe
Size

325KB
MD5

1af17c198c3d420d3ad9af74ecdfd940
SHA1

5951300d9443cddda9c65ad78a17dc008a3cec94
SHA256

ea0f1fa6d7cf15ae12db482f27f2c18741ced66cbbfbc2f5ee33801ee2c29372
SHA512

c7202552746b7543367cd85dd8c94bc43409f9708ad794fe6b32f24642bd541c4d886256f0c61673102fbdada88c33e4b8c6f90c1bd73fa93c595f076c87162d
SSDEEP

6144:3eBPQDcviyjDXdNrOTSvwvY6ONBV+UdvrEFp7hKo+B8:3eBQiXe2vwvYlNBjvrEH7R

Score

1^/10

Malware Config

Signatures

Files

1af17c198c3d420d3ad9af74ecdfd940_console.exe
.exe windows:4 windows x86

6e273159a62a643f5b71a612c34a2ad8

Code Sign

0c:01:51:a6:43:92:7a:cd:19:5d:b6:21:9e:e7:81:23
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

12/07/2019, 00:00

Not After

11/07/2022, 12:00

Subject

SERIALNUMBER=70538433,CN=Synology Inc.,O=Synology Inc.,L=New Taipei City,C=TW,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13025457

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

35:fc:67:ce:b4:48:6f:b7:f5:5c:16:6e:e1:f8:81:ae:dd:3d:63:7a:0b:cd:6a:0a:64:65:2b:a2:8f:66:d8:58
Signer

Actual PE Digest

35:fc:67:ce:b4:48:6f:b7:f5:5c:16:6e:e1:f8:81:ae:dd:3d:63:7a:0b:cd:6a:0a:64:65:2b:a2:8f:66:d8:58

Digest Algorithm

sha256

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winspool.drv

DocumentPropertiesA
GetPrinterA
OpenPrinterA
ClosePrinter

kernel32

GlobalFindAtomA
GlobalAddAtomA
GetLocaleInfoA
GetCPInfo
GetOEMCP
LCMapStringA
IsValidCodePage
GetACP
ExitProcess
HeapSize
GetFileType
SetStdHandle
GetCommandLineA
VirtualAlloc
HeapReAlloc
GlobalDeleteAtom
RaiseException
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
SetHandleCount
GetStdHandle
HeapDestroy
HeapCreate
VirtualFree
GetConsoleCP
GetConsoleMode
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetStringTypeA
GetStringTypeW
lstrcmpW
GlobalFlags
GetFileTime
FileTimeToLocalFileTime
GetFullPathNameA
GetVolumeInformationA
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
LoadLibraryA
FileTimeToSystemTime
GetThreadLocale
GlobalGetAtomNameA
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
GetCurrentProcessId
FreeLibrary
InterlockedDecrement
InterlockedIncrement
GetModuleHandleA
GetProcAddress
SetLastError
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
GetTickCount
GetProcessHeap
HeapFree
HeapAlloc
lstrcmpA
Sleep
lstrlenA
CompareStringW
LCMapStringW
CompareStringA
GetVersion
MultiByteToWideChar
InterlockedExchange
CreateProcessA
DeleteFileA
CreateFileA
GetEnvironmentVariableA
GetFileAttributesA
CreateDirectoryA
WaitForSingleObject
LocalAlloc
CreateEventA
ReleaseMutex
GetVersionExA
GetModuleFileNameA
FormatMessageA
LocalFree
GetCurrentThreadId
GetLocalTime
FindFirstFileA
FindClose
MoveFileExA
lstrcmpiA
CreateMutexA
GetStartupInfoA
WaitForMultipleObjects
SetEvent
AttachConsole
GenerateConsoleCtrlEvent
FreeConsole
GetExitCodeProcess
OpenProcess
GetLastError
CloseHandle
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
RtlUnwind
SetEnvironmentVariableA

psapi

EnumProcesses
GetModuleBaseNameA
EnumProcessModules

user32

GetClassInfoA
RegisterClassA
AdjustWindowRectEx
CopyRect
DefWindowProcA
CallWindowProcA
SystemParametersInfoA
IsIconic
GetWindowPlacement
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
EnableMenuItem
CheckMenuItem
SetWindowPos
GetClassInfoExA
IsWindow
GetDlgItem
SetWindowsHookExA
CallNextHookEx
DispatchMessageA
GetKeyState
PeekMessageA
ValidateRect
UnregisterClassA
GetFocus
CreateWindowExA
PostMessageA
GetMenu
GetClientRect
SetForegroundWindow
SetWindowLongA
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
GetClassNameA
PtInRect
SetWindowTextA
GetWindowTextA
GetWindowThreadProcessId
SendMessageA
GetParent
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
EnableWindow
MessageBoxA
MapWindowPoints
GetMessagePos
GetMessageTime
GetTopWindow
GetForegroundWindow
RemovePropA
GetPropA
SetPropA
GetClassLongA
GetCapture
WinHelpA
LoadIconA
RegisterWindowMessageA
TabbedTextOutA
DrawTextA
DrawTextExA
GrayStringA
DestroyMenu
PostQuitMessage
UnhookWindowsHookEx
LoadCursorA
GetSystemMetrics
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
CharUpperA
DestroyWindow

gdi32

PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
DeleteDC
GetStockObject
SetMapMode
GetDeviceCaps
DeleteObject
CreateBitmap
GetClipBox
SetTextColor
SetBkColor
SaveDC
RestoreDC

comdlg32

GetFileTitleA

advapi32

StartServiceA
EnumDependentServicesA
ControlService
QueryServiceStatusEx
CreateServiceA
ChangeServiceConfigA
QueryServiceConfigA
QueryServiceConfig2A
ChangeServiceConfig2A
OpenSCManagerA
OpenServiceA
CloseServiceHandle
DeleteService
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
SetServiceStatus
AllocateAndInitializeSid
SetEntriesInAclA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
FreeSid
GetSecurityDescriptorDacl

shlwapi

PathStripToRootA
PathIsUNCA
PathFindFileNameA

oleaut32

VariantInit
VariantChangeType
VariantClear

ws2_32

WSACleanup
WSAStartup

Sections

.text
Size: 184KB - Virtual size: 183KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6e273159a62a643f5b71a612c34a2ad8

Code Sign

0c:01:51:a6:43:92:7a:cd:19:5d:b6:21:9e:e7:81:23Certificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

35:fc:67:ce:b4:48:6f:b7:f5:5c:16:6e:e1:f8:81:ae:dd:3d:63:7a:0b:cd:6a:0a:64:65:2b:a2:8f:66:d8:58Signer

Headers

File Characteristics

Imports

winspool.drv

kernel32

psapi

user32

gdi32

comdlg32

advapi32

shlwapi

oleaut32

ws2_32

Sections

.text Size: 184KB - Virtual size: 183KB

.rdata Size: 40KB - Virtual size: 38KB

.data Size: 8KB - Virtual size: 22KB

.rsrc Size: 4KB - Virtual size: 312B

0c:01:51:a6:43:92:7a:cd:19:5d:b6:21:9e:e7:81:23
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

35:fc:67:ce:b4:48:6f:b7:f5:5c:16:6e:e1:f8:81:ae:dd:3d:63:7a:0b:cd:6a:0a:64:65:2b:a2:8f:66:d8:58
Signer

.text
Size: 184KB - Virtual size: 183KB

.rdata
Size: 40KB - Virtual size: 38KB

.data
Size: 8KB - Virtual size: 22KB

.rsrc
Size: 4KB - Virtual size: 312B