grepWin-x64-2[.]0[.]4_portable[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

grepWin-x64-2.0.4_portable.exe
Size

1.4MB
MD5

5c844661ea2e171724eac331552ee6a2
SHA1

23ec97a86b3baf6d3b43f0d566219cacf58a1cf8
SHA256

0b12f26e6c03cb0a05b9aecab9d95e7f3cdd2735892e038073d5619af2f19b8d
SHA512

f358f8cdd2e05984a71aecbcc296dc2b70f5ecbb4d01ff859d072625f701ea9c8682b243c2cccae79b5baaeb523ef4ca611babe8f91678088ef6ab20ee91684b
SSDEEP

24576:jjLF7cdNh5j3aJc3vo8j+D1bqeOvqhHdUsKE9snNdIOOA64b:jl7cdNh5j3aSvo8j+D1bqeL/KVNucZ

Score

1^/10

Malware Config

Signatures

Files

grepWin-x64-2.0.4_portable.exe
.exe windows:6 windows x64

10f96952efa236f089b0f35c0a72d02c

Code Sign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

31/05/2021, 06:43

Not After

17/09/2029, 06:43

Subject

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:d4:ae:70:b9:d0:63:5b:2a:e9:84:c8:d6:74:aa:30
Certificate

Issuer

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

28/07/2022, 08:56

Not After

27/07/2033, 08:56

Subject

CN=Certum Timestamp 2022,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

49:0e:01:f8:d6:da:dd:67:52:7e:d0:43:c7:80:37:92
Certificate

Issuer

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

13/05/2023, 07:28

Not After

11/05/2024, 06:16

Subject

CN=Open Source Developer\, Stefan KUENG,O=Open Source Developer,L=Altstätten,C=CH,1.2.840.113549.1.9.1=#0c15746f72746f69736573766e40676d61696c2e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

93:15:e3:5d:08:9d:58:2c:24:42:a2:da:ee:5f:19:f1:9d:2b:07:5c:e8:2b:13:40:4d:6b:c9:cd:6a:a3:e4:97
Signer

Actual PE Digest

93:15:e3:5d:08:9d:58:2c:24:42:a2:da:ee:5f:19:f1:9d:2b:07:5c:e8:2b:13:40:4d:6b:c9:cd:6a:a3:e4:97

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

shlwapi

StrCmpLogicalW
AssocQueryStringW
StrFormatByteSizeW
PathCompactPathExW
SHAutoComplete
SHDeleteKeyW
PathIsRootW
PathIsRelativeW
SHSetValueW
PathFileExistsW
PathIsDirectoryW
PathIsURLW
SHGetValueW
PathCanonicalizeW

urlmon

URLDownloadToFileW

uxtheme

CloseThemeData
GetThemeInt
GetThemeBackgroundContentRect
SetWindowTheme
OpenThemeData
GetThemeColor
BeginBufferedPaint
BufferedPaintSetAlpha
EndBufferedPaint
DrawThemeBackground

kernel32

DeleteAtom
MultiByteToWideChar
FindResourceW
LoadResource
LockResource
SizeofResource
GetCurrentThreadId
GetFullPathNameW
GetLongPathNameW
GetShortPathNameW
GetModuleFileNameW
GetTempPathW
GetTempFileNameW
CreateFileW
CloseHandle
CreateDirectoryW
GetCurrentDirectoryW
Sleep
SetCurrentDirectoryW
FormatMessageW
GetTickCount64
GetWindowsDirectoryW
GetCurrentProcess
DeleteFileW
GetFileTime
WriteFile
SetFileTime
GetFileSizeEx
GlobalMemoryStatusEx
ReadFile
WideCharToMultiByte
GetCommandLineW
SetDllDirectoryW
CreateMutexW
GetSystemDirectoryW
SystemTimeToFileTime
SetErrorMode
GetUserDefaultLCID
GetStringTypeExW
LoadLibraryA
LCMapStringW
OutputDebugStringW
QueryPerformanceCounter
QueryPerformanceFrequency
ExpandEnvironmentStringsW
GetStringTypeExA
LCMapStringA
GetSystemTime
FileTimeToSystemTime
CreateThread
CreateProcessW
CompareFileTime
CopyFileW
GetFileAttributesW
SetFileAttributesW
MoveFileExA
GetTimeZoneInformation
SystemTimeToTzSpecificLocalTime
GetDateFormatW
GetTimeFormatW
CreateFileA
GetFileSize
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
WriteConsoleW
HeapAlloc
HeapFree
GetStdHandle
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
SetEnvironmentVariableW
RtlUnwind
LoadLibraryExW
TlsFree
GlobalUnlock
TlsGetValue
TlsAlloc
RaiseException
RtlPcToFileHeader
RtlUnwindEx
CreateFileMappingA
GetModuleHandleA
MapViewOfFileEx
SetFilePointer
SetEndOfFile
InitializeSListHead
GetCurrentProcessId
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
CreateEventW
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
GetCPInfo
CompareStringEx
GetSystemTimeAsFileTime
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
LCMapStringEx
DecodePointer
EncodePointer
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
GetLocaleInfoEx
SleepConditionVariableSRW
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
GetNativeSystemInfo
GetExitCodeThread
WaitForSingleObjectEx
TryAcquireSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
GetStringTypeW
FormatMessageA
lstrcpyW
GlobalFree
GlobalLock
GlobalAlloc
FindNextFileW
FindClose
FindFirstFileW
FindFirstFileExW
lstrcpynW
GetModuleHandleW
MulDiv
GetLastError
GetProcAddress
FreeLibrary
HeapSize
SetStdHandle
LoadLibraryW
SetLastError
VerifyVersionInfoW
VerSetConditionMask
LocalFree
LocalAlloc
GetFileType
SetFilePointerEx
FlushFileBuffers
GlobalAddAtomW
GetConsoleOutputCP
GetConsoleMode
ReadConsoleW
CompareStringW
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesW
HeapReAlloc
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
TlsSetValue

user32

CheckDlgButton
GetKeyState
RedrawWindow
CreatePopupMenu
CheckRadioButton
PostMessageW
GetSysColor
AppendMenuW
InsertMenuW
SendDlgItemMessageW
GetClassNameW
InvalidateRgn
BeginPaint
GetClientRect
GetWindowLongPtrW
SendMessageW
GetWindowTextLengthW
GetWindowTextW
EndPaint
DrawTextW
InflateRect
GetWindowRect
GetCursorPos
PtInRect
GetFocus
GetSystemMetrics
IntersectRect
MapWindowPoints
GetParent
GetDC
ReleaseDC
SystemParametersInfoW
DialogBoxParamW
CreateDialogParamW
EnableWindow
DestroyMenu
GetDCEx
LoadStringA
SetTimer
KillTimer
IsDlgButtonChecked
EnumWindows
ShowWindow
BringWindowToTop
SetForegroundWindow
LoadAcceleratorsW
RegisterWindowMessageW
TrackPopupMenu
GetSubMenu
LoadMenuW
ClientToScreen
LoadStringW
SetDlgItemTextW
SetClipboardData
EmptyClipboard
OpenClipboard
CloseClipboard
EnumDisplayMonitors
GetMonitorInfoW
SetWindowTextW
SetMenuItemInfoW
GetMenuItemInfoW
GetMenuItemCount
GetSystemMenu
EnumThreadWindows
EnumChildWindows
LoadCursorW
SetCursor
CloseWindow
RemovePropW
GetPropW
SetPropW
RegisterClipboardFormatW
IsZoomed
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
InvalidateRect
SetWindowRgn
CallWindowProcW
SetWindowPlacement
MoveWindow
GetWindowDC
MessageBoxW
SetCursorPos
GetDlgItemTextW
DefDlgProcW
CreateWindowExW
SetWindowLongPtrW
GetDlgItem
LoadImageW
SetWindowPos
OffsetRect
CopyRect
GetDesktopWindow
GetWindowPlacement
CreateDialogIndirectParamW
SetFocus
EndDialog
DestroyWindow
PostQuitMessage
DispatchMessageW
TranslateMessage
IsDialogMessageW
TranslateAcceleratorW
GetMessageW

gdi32

GetDeviceCaps
SetBkColor
ExtTextOutW
SetBkMode
CreateRectRgn
CreateRectRgnIndirect
SetRectRgn
CombineRgn
DeleteObject
SetTextColor
CreateSolidBrush
SelectObject
PatBlt

comdlg32

GetOpenFileNameW

advapi32

RegOpenKeyExW
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptReleaseContext
CryptCreateHash
CryptAcquireContextW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegDeleteValueW
RegCloseKey
RegOpenKeyW

shell32

SHGetDesktopFolder
ord701
ShellExecuteExW
DragQueryFileW
CommandLineToArgvW
SHGetFolderPathW
SHGetFileInfoW
ShellExecuteW
SHCreateItemFromParsingName
SHGetKnownFolderPath

ole32

CoTaskMemFree
RegisterDragDrop
OleUninitialize
CoInitializeEx
OleInitialize
CoCreateInstance
CoUninitialize
DoDragDrop
OleDuplicateData
ReleaseStgMedium
CoTaskMemAlloc

gdiplus

GdipDeleteGraphics
GdipCreateFromHDC
GdipAddPathArcI
GdipClosePathFigure
GdipStartPathFigure
GdipResetPath
GdipDeletePath
GdipCreatePath
GdipSetPenDashStyle
GdipDeletePen
GdipCreatePen1
GdipDrawRectangleI
GdipAlloc
GdipFree
GdipDrawPath
GdiplusStartup
GdiplusShutdown

comctl32

ImageList_GetImageCount
InitCommonControlsEx
ord413
ord410
ord412
ImageList_GetImageInfo

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 193KB - Virtual size: 193KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 144KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

10f96952efa236f089b0f35c0a72d02c

Code Sign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27Certificate

Key Usages

2b:d4:ae:70:b9:d0:63:5b:2a:e9:84:c8:d6:74:aa:30Certificate

Extended Key Usages

Key Usages

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39Certificate

Extended Key Usages

Key Usages

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87Certificate

Extended Key Usages

Key Usages

49:0e:01:f8:d6:da:dd:67:52:7e:d0:43:c7:80:37:92Certificate

Extended Key Usages

Key Usages

93:15:e3:5d:08:9d:58:2c:24:42:a2:da:ee:5f:19:f1:9d:2b:07:5c:e8:2b:13:40:4d:6b:c9:cd:6a:a3:e4:97Signer

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

urlmon

uxtheme

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

gdiplus

comctl32

version

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 193KB - Virtual size: 193KB

.data Size: 15KB - Virtual size: 24KB

.pdata Size: 38KB - Virtual size: 38KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 144KB - Virtual size: 144KB

.reloc Size: 6KB - Virtual size: 5KB

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

2b:d4:ae:70:b9:d0:63:5b:2a:e9:84:c8:d6:74:aa:30
Certificate

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39
Certificate

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

49:0e:01:f8:d6:da:dd:67:52:7e:d0:43:c7:80:37:92
Certificate

93:15:e3:5d:08:9d:58:2c:24:42:a2:da:ee:5f:19:f1:9d:2b:07:5c:e8:2b:13:40:4d:6b:c9:cd:6a:a3:e4:97
Signer

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 193KB - Virtual size: 193KB

.data
Size: 15KB - Virtual size: 24KB

.pdata
Size: 38KB - Virtual size: 38KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 144KB - Virtual size: 144KB

.reloc
Size: 6KB - Virtual size: 5KB