ODEPLOY[.]EXE | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ODEPLOY.EXE
Size

498KB
MD5

d63cb47f665ff3caa0cd0db21b50345f
SHA1

7a8b5c9a9b2dcf08a0622f3475f0fc486dc8ecd0
SHA256

b237f60afbf0ff3680d68b673b4f06072249fce099f943dc731e0cccb4437576
SHA512

830c4820393557adcae93e625aec760130bb569b3eb3255338dd8c5935e236a32aeddbce2a44cd7347c9dfd8340e5888748e74e4a8bf3f9cbc7b7adf8669ea8d
SSDEEP

6144:8Eg68PnUYy2apPYLSifwIx8tVTFUs82tppPKUKns:8EMPnU2AgLFSLfmn

Score

1^/10

Malware Config

Signatures

Files

ODEPLOY.EXE
.exe windows:5 windows x86

74f799015cbe66f75ac549102c58c370

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:cf:3e:00:00:00:00:00:0f
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/12/2009, 22:40

Not After

07/03/2011, 22:40

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:05:a2:30:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:01

Not After

25/07/2013, 19:11

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:85D3-305C-5BCF,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

0b:a6:d5:7e:c6:e2:f2:ed:23:93:03:1b:1d:02:c7:35:36:ef:19:bd
Signer

Actual PE Digest

0b:a6:d5:7e:c6:e2:f2:ed:23:93:03:1b:1d:02:c7:35:36:ef:19:bd

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CloseServiceHandle
QueryServiceStatusEx
OpenServiceW
OpenSCManagerW
RegCloseKey
RegOpenKeyExW
RegCreateKeyExW
ImpersonateLoggedOnUser
RevertToSelf
FreeSid
AllocateAndInitializeSid
ReportEventW
RegisterEventSourceW
DeregisterEventSource
CreateProcessAsUserW

kernel32

GetProcessHeap
WaitForSingleObject
GetLastError
GetTickCount
CreateFileW
SleepEx
CompareFileTime
GetSystemTimeAsFileTime
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
RtlUnwind
GetModuleHandleW
Sleep
GetProcAddress
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapCreate
VirtualFree
HeapFree
QueryPerformanceCounter
GetCurrentProcessId
HeapAlloc
EnterCriticalSection
LeaveCriticalSection
FreeLibrary
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
VirtualAlloc
HeapReAlloc
SetFilePointer
GetConsoleCP
GetConsoleMode
HeapSize
GetLocaleInfoA
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FlushFileBuffers
GetTimeZoneInformation
CreateFileA
CloseHandle
CompareStringA
CompareStringW
LocalFree
lstrlenW
SystemTimeToTzSpecificLocalTime
GetSystemTime
lstrlenA
SetFilePointerEx
FindClose
FindFirstFileW
GetFileAttributesW
SetFileAttributesW
DeleteFileW
FormatMessageW
GetExitCodeProcess
CreateProcessW
GetPriorityClass
GetModuleFileNameW
GetTempPathW
GetVersion
GetCommandLineW
ExpandEnvironmentStringsW
GlobalFree
OpenMutexW
GetModuleHandleA
LoadLibraryW
OutputDebugStringA
LoadLibraryExW
SetErrorMode

ole32

CoUninitialize
CoInitializeEx

shell32

CommandLineToArgvW
SHCreateDirectoryExW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

msi

ord177

secur32

GetUserNameExW

dbghelp

SymGetLineFromAddr64
SymCleanup
SymInitialize
SymGetSymFromAddr64

Sections

.text
Size: 154KB - Virtual size: 153KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 322KB - Virtual size: 322KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

74f799015cbe66f75ac549102c58c370

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0Certificate

Extended Key Usages

Key Usages

61:01:cf:3e:00:00:00:00:00:0fCertificate

Extended Key Usages

Key Usages

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2Certificate

Extended Key Usages

Key Usages

61:05:a2:30:00:00:00:00:00:08Certificate

Extended Key Usages

Key Usages

0b:a6:d5:7e:c6:e2:f2:ed:23:93:03:1b:1d:02:c7:35:36:ef:19:bdSigner

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

ole32

shell32

version

msi

secur32

dbghelp

Sections

.text Size: 154KB - Virtual size: 153KB

.data Size: 8KB - Virtual size: 14KB

.rsrc Size: 322KB - Virtual size: 322KB

.reloc Size: 7KB - Virtual size: 7KB

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

61:01:cf:3e:00:00:00:00:00:0f
Certificate

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

61:05:a2:30:00:00:00:00:00:08
Certificate

0b:a6:d5:7e:c6:e2:f2:ed:23:93:03:1b:1d:02:c7:35:36:ef:19:bd
Signer

.text
Size: 154KB - Virtual size: 153KB

.data
Size: 8KB - Virtual size: 14KB

.rsrc
Size: 322KB - Virtual size: 322KB

.reloc
Size: 7KB - Virtual size: 7KB