HDD_DiskInfo[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

HDD_DiskInfo.exe
Size

932KB
MD5

2d10f22d3c1662a3cb545302dfee0fc9
SHA1

66f804a3bc690ab7ff930a82d665bf5bc03cde09
SHA256

d747aa8f3199292f44d41770736621b9f7d1508058b9f6b4f1d90ef8e3289729
SHA512

8fc82d25a3678fa0354a3541d87fd4741d5722b44e9960a8228102f09909992cf5a18bcb3e54ccb45f7d6c85f7e2e2b966868254462da2ef7a4912c5267cde06
SSDEEP

12288:/SYBCKA9z7MpSSUoq+MxskumgDamhEDR67s+NoM32HYHinV004R6KG37EvMZsrT:/DCKAhMHUaalDR67scZ3246VZ43APs3

Score

1^/10

Malware Config

Signatures

Files

HDD_DiskInfo.exe
.exe windows:6 windows x86

1800c15a9adf04e3ec8bed09512c3cf0

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11/05/2022, 00:00

Not After

10/08/2033, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

9e:b8:63:20:bc:00:ab:f1:85:bb:de:03:32:c2:6f:58
Certificate

Issuer

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Not Before

10/01/2022, 00:00

Not After

09/01/2025, 23:59

Subject

SERIALNUMBER=789 849 163 00025,CN=DOS SANTOS DA SILVA ALFREDO,O=DOS SANTOS DA SILVA ALFREDO,ST=Occitanie,C=FR,2.5.4.15=#130f427573696e65737320456e74697479,1.3.6.1.4.1.311.60.2.1.3=#13024652

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9e:b8:63:20:bc:00:ab:f1:85:bb:de:03:32:c2:6f:58
Certificate

Issuer

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Not Before

10/01/2022, 00:00

Not After

09/01/2025, 23:59

Subject

SERIALNUMBER=789 849 163 00025,CN=DOS SANTOS DA SILVA ALFREDO,O=DOS SANTOS DA SILVA ALFREDO,ST=Occitanie,C=FR,2.5.4.15=#130f427573696e65737320456e74697479,1.3.6.1.4.1.311.60.2.1.3=#13024652

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11/05/2022, 00:00

Not After

10/08/2033, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

20:bd:67:18:a8:2e:7d:41:e5:a2:32:6e:eb:8f:1e:a8:fa:5e:7c:10:a0:63:31:00:00:53:d3:45:31:3a:85:ee
Signer

Actual PE Digest

20:bd:67:18:a8:2e:7d:41:e5:a2:32:6e:eb:8f:1e:a8:fa:5e:7c:10:a0:63:31:00:00:53:d3:45:31:3a:85:ee

Digest Algorithm

sha256

PE Digest Matches

true

c2:28:39:95:c9:89:9c:45:ef:e6:c5:47:f7:08:ff:81:5f:86:b6:3a
Signer

Actual PE Digest

c2:28:39:95:c9:89:9c:45:ef:e6:c5:47:f7:08:ff:81:5f:86:b6:3a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleExW
GetStdHandle
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
EncodePointer
RaiseException
RtlUnwind
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetCurrentThreadId
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LoadLibraryExW
HeapAlloc
OpenThread
GetDriveTypeW
GlobalUnlock
QueryPerformanceCounter
GetSystemTimeAsFileTime
HeapFree
VerifyVersionInfoW
SleepEx
WideCharToMultiByte
CopyFileW
FreeLibrary
GetModuleHandleW
CreateProcessW
SystemTimeToFileTime
LocalFree
GetCurrentProcessId
GetComputerNameW
VerSetConditionMask
ExitProcess
GetFileSize
SetFilePointerEx
GlobalLock
GetProcAddress
GetLocalTime
FindResourceW
LoadResource
CreateThread
LoadLibraryW
CloseHandle
CreateDirectoryW
GlobalFree
DeleteFileW
GlobalAlloc
QueryPerformanceFrequency
LockResource
TerminateThread
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetFileType
GetStringTypeW
LCMapStringW
GetProcessHeap
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
WriteConsoleW
DecodePointer
MoveFileExW
GetLastError
Sleep
MultiByteToWideChar
CreateToolhelp32Snapshot
SetFileAttributesW
OpenProcess
GetFileAttributesW
CreateFileW
LocalAlloc
WaitForSingleObject
FindClose
Thread32First
SetFilePointer
SetErrorMode
Thread32Next
GetProcessId
GetModuleFileNameW
RemoveDirectoryW
TerminateProcess
DeviceIoControl
ExpandEnvironmentStringsW
WriteFile
GetCurrentProcess
FindNextFileW
GetCommandLineW
SetLastError
GetFileSizeEx
FindFirstFileW
GetLogicalDrives
GetVolumeInformationW
SizeofResource
ReadFile

user32

GetWindowRect
GetMenuItemID
GetFocus
InsertMenuItemW
DestroyWindow
GetWindow
GetDC
IsWindowVisible
FindWindowExW
PostMessageW
ShowWindowAsync
AdjustWindowRectEx
DefWindowProcW
GetMenuItemInfoW
DeferWindowPos
GetMessageW
BeginPaint
ReleaseDC
ChildWindowFromPoint
InvalidateRect
LoadImageW
SetForegroundWindow
UpdateWindow
GetParent
GetClassInfoExW
SystemParametersInfoW
GetSysColorBrush
DrawIconEx
GetClassLongW
GetClientRect
RemoveMenu
SetWindowLongW
SetCursor
SetClipboardData
EndDeferWindowPos
GetWindowDC
GetClassNameW
LoadCursorW
TranslateMessage
GetUpdateRect
TranslateAcceleratorW
BringWindowToTop
GetMenuStringW
SetFocus
GetWindowRgnBox
DestroyMenu
CreateAcceleratorTableW
IsWindowEnabled
GetForegroundWindow
GetSysColor
GetTopWindow
SetMenuDefaultItem
SetMenuInfo
EndPaint
GetWindowRgn
EnableWindow
GetWindowTextW
SetWindowPos
CopyImage
EnumChildWindows
MapWindowPoints
PeekMessageW
GetWindowLongW
GetWindowThreadProcessId
EmptyClipboard
DestroyAcceleratorTable
SetMenuItemInfoW
CloseClipboard
DefDlgProcW
DestroyIcon
IsDialogMessageW
RedrawWindow
DispatchMessageW
OpenClipboard
BeginDeferWindowPos
IsWindow
ShowWindow
TrackPopupMenu
WindowFromPoint
CopyIcon
RegisterClassExW
CreatePopupMenu
UnregisterClassW
GetSystemMetrics
SendMessageW
DeleteMenu
GetIconInfo
CreateWindowExW
FillRect
SetWindowRgn

gdi32

CombineRgn
SetBrushOrgEx
GetBkColor
BitBlt
CreateCompatibleBitmap
SelectObject
CreateDIBSection
CreateCompatibleDC
PatBlt
StretchBlt
CreateFontW
GetStockObject
GetDeviceCaps
CreatePatternBrush
OffsetRgn
CreateRectRgn
DeleteDC
GetTextExtentPoint32W
SetTextColor
SetBkMode
SelectClipRgn
GetObjectW
ExcludeClipRect
SetBkColor
SetStretchBltMode
DeleteObject
CreateSolidBrush
ExtSelectClipRgn
FillRgn

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

CloseServiceHandle
CryptDecrypt
RegCreateKeyExW
SetNamedSecurityInfoW
ControlService
RegEnumKeyExW
CryptCreateHash
CryptHashData
IsValidSid
RegSetValueExW
AddAce
CryptDestroyHash
OpenProcessToken
InitializeAcl
RegOpenKeyExW
CryptSetKeyParam
CryptImportKey
RegDeleteValueW
OpenServiceW
GetLengthSid
CryptGetHashParam
GetUserNameW
RegEnumValueW
RegQueryValueExW
CryptReleaseContext
TreeResetNamedSecurityInfoW
RegDeleteKeyW
OpenSCManagerW
GetAce
RegQueryInfoKeyW
CryptAcquireContextW
RegCloseKey
AdjustTokenPrivileges
LookupPrivilegeValueW
CryptDestroyKey
CreateWellKnownSid

shell32

ord6
ShellExecuteExW
SHChangeNotify
SHGetFolderPathW
CommandLineToArgvW
DragFinish
DragQueryPoint
Shell_NotifyIconW
DragQueryFileW

ole32

CoUninitialize
CoInitialize
CoCreateInstance
CoTaskMemFree
CreateStreamOnHGlobal
CoInitializeEx
CoInitializeSecurity
CoSetProxyBlanket

oleaut32

VariantInit
SysFreeString
SysAllocString
VariantClear

shlwapi

PathFindOnPathW
PathIsDirectoryW
PathIsRootW
PathFileExistsW

gdiplus

GdipCreateBitmapFromStream
GdipDrawEllipseI
GdipDeleteBrush
GdipCloneImage
GdipDrawImageRect
GdipCreateFontFamilyFromName
GdipAddPathPolygon
GdipDrawRectangleI
GdipDeletePath
GdipDrawImageRectI
GdipFillPolygonI
GdipGetImageHeight
GdipDeleteFontFamily
GdipCreateStringFormat
GdipAddPathLine
GdiplusShutdown
GdiplusStartup
GdipDrawLineI
GdipAlloc
GdipDisposeImage
GdipSetSmoothingMode
GdipCreatePath
GdipSetStringFormatLineAlign
GdipCreateFont
GdipSetInterpolationMode
GdipCreateSolidFill
GdipResetPath
GdipFillPath
GdipGraphicsClear
GdipSetStringFormatAlign
GdipCreatePen1
GdipCreateFromHWND
GdipCreateRegionPath
GdipCreateHBITMAPFromBitmap
GdipSetPixelOffsetMode
GdipFillRectangle
GdipClosePathFigure
GdipGetGenericFontFamilySansSerif
GdipFree
GdipDrawPath
GdipDrawString
GdipCreateFromHDC
GdipFillEllipseI
GdipFillEllipse
GdipSetPenEndCap
GdipDrawEllipse
GdipDeleteRegion
GdipGetImageGraphicsContext
GdipFillRectangleI
GdipAddPathArc
GdipDeleteGraphics
GdipDrawArc
GdipDeleteStringFormat
GdipDeleteFont
GdipGetImageWidth
GdipDeletePen
GdipCreateBitmapFromScan0
GdipDrawImageI
GdipGetRegionHRgn

comctl32

ord413
ImageList_Destroy
ImageList_DrawEx
ImageList_Remove
ord412
ord411
ImageList_Replace
ImageList_Create
ImageList_GetImageCount
ImageList_Add
ImageList_ReplaceIcon
ord410

uxtheme

SetWindowTheme

wininet

InternetQueryDataAvailable
InternetOpenUrlW
InternetReadFile
FtpOpenFileW
InternetOpenW
FtpGetFileSize
HttpQueryInfoW
InternetCrackUrlW
InternetSetOptionW
InternetGetConnectedState
InternetConnectW
InternetCloseHandle

setupapi

SetupDiGetDeviceInterfaceDetailW
SetupDiGetClassDevsW
CM_Request_Device_EjectW
SetupDiEnumDeviceInterfaces
CM_Query_And_Remove_SubTreeW
SetupDiDestroyDeviceInfoList

Sections

.text
Size: 503KB - Virtual size: 502KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 210KB - Virtual size: 209KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 177KB - Virtual size: 177KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1800c15a9adf04e3ec8bed09512c3cf0

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6eCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43Certificate

Extended Key Usages

Key Usages

9e:b8:63:20:bc:00:ab:f1:85:bb:de:03:32:c2:6f:58Certificate

Extended Key Usages

Key Usages

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6eCertificate

Extended Key Usages

Key Usages

9e:b8:63:20:bc:00:ab:f1:85:bb:de:03:32:c2:6f:58Certificate

Extended Key Usages

Key Usages

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

20:bd:67:18:a8:2e:7d:41:e5:a2:32:6e:eb:8f:1e:a8:fa:5e:7c:10:a0:63:31:00:00:53:d3:45:31:3a:85:eeSigner

c2:28:39:95:c9:89:9c:45:ef:e6:c5:47:f7:08:ff:81:5f:86:b6:3aSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

gdiplus

comctl32

uxtheme

wininet

setupapi

Sections

.text Size: 503KB - Virtual size: 502KB

.rdata Size: 210KB - Virtual size: 209KB

.data Size: 3KB - Virtual size: 5KB

.rsrc Size: 177KB - Virtual size: 177KB

.reloc Size: 18KB - Virtual size: 17KB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

9e:b8:63:20:bc:00:ab:f1:85:bb:de:03:32:c2:6f:58
Certificate

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

9e:b8:63:20:bc:00:ab:f1:85:bb:de:03:32:c2:6f:58
Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

20:bd:67:18:a8:2e:7d:41:e5:a2:32:6e:eb:8f:1e:a8:fa:5e:7c:10:a0:63:31:00:00:53:d3:45:31:3a:85:ee
Signer

c2:28:39:95:c9:89:9c:45:ef:e6:c5:47:f7:08:ff:81:5f:86:b6:3a
Signer

.text
Size: 503KB - Virtual size: 502KB

.rdata
Size: 210KB - Virtual size: 209KB

.data
Size: 3KB - Virtual size: 5KB

.rsrc
Size: 177KB - Virtual size: 177KB

.reloc
Size: 18KB - Virtual size: 17KB