psfile[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

psfile.exe
Size

146KB
MD5

201058594991d79d5d8891dbbeeee3c6
SHA1

3e99f3680b7e4ba4fade90fd338999b2ab4ca7f8
SHA256

9d45453285ff3b4a41056317c96866d06481751307d703e3355b18d5eeb092ad
SHA512

b5b2c61ab892024e8a69bb93afd392e176d71f7a07239db9cd85b3457a08a30a35dc783d395b4fe438925b5d8be9501ebccf9ba6ae73ac4b0c1cdabe81fbaad2
SSDEEP

3072:pFI050rRO7uwCNZUFzc1cNKxc06QreNcEw:bI0Z3zWcp/c

Score

1^/10

Malware Config

Signatures

Files

psfile.exe
.exe windows:5 windows x86

bdc943a53dded9831fb5dc068d4b1d71

Code Sign

33:00:00:00:ae:ec:3f:ad:b6:8b:b9:2d:d2:00:00:00:00:00:ae
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/05/2016, 17:13

Not After

03/08/2017, 17:13

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:B8EC-30A4-7144,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:64:47:84:94:86:db:41:19:38:00:00:00:00:00:64
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/10/2015, 20:31

Not After

28/01/2017, 20:31

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5b:15:1a:47:a9:88:5b:df:18:b4:4f:78:63:27:e1:ca:2f:fb:09:5c:ad:e3:3a:ca:1d:9e:b9:9f:22:d3:64:14
Signer

Actual PE Digest

5b:15:1a:47:a9:88:5b:df:18:b4:4f:78:63:27:e1:ca:2f:fb:09:5c:ad:e3:3a:ca:1d:9e:b9:9f:22:d3:64:14

Digest Algorithm

sha256

PE Digest Matches

true

43:07:27:71:dd:14:6e:b3:48:80:dd:c5:b2:0b:43:c4:57:8b:33:3b
Signer

Actual PE Digest

43:07:27:71:dd:14:6e:b3:48:80:dd:c5:b2:0b:43:c4:57:8b:33:3b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

netapi32

NetFileGetInfo
NetFileEnum
NetFileClose

mpr

WNetCancelConnection2W
WNetAddConnection2W

kernel32

GetModuleHandleW
GetCommandLineW
GetModuleFileNameW
FreeLibrary
GetCurrentProcess
GetLastError
SetLastError
Sleep
LoadLibraryW
GetFileType
FormatMessageA
LoadLibraryExW
CreateFileW
GetComputerNameW
MultiByteToWideChar
GetVersion
WriteFile
GetStdHandle
LocalFree
LocalAlloc
GetProcAddress
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
OutputDebugStringW
HeapSize
HeapReAlloc
SetFilePointerEx
WriteConsoleW
ReadConsoleW
CloseHandle
RaiseException
LoadLibraryExA
EncodePointer
DecodePointer
ExitProcess
GetModuleHandleExW
WideCharToMultiByte
HeapFree
HeapAlloc
GetConsoleMode
ReadConsoleInputA
SetConsoleMode
EnterCriticalSection
LeaveCriticalSection
SetStdHandle
GetCurrentThreadId
IsDebuggerPresent
IsProcessorFeaturePresent
GetStringTypeW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
DeleteCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetProcessHeap
FlushFileBuffers
GetConsoleCP
ReadFile
RtlUnwind
QueryPerformanceCounter
GetCurrentProcessId

comdlg32

PrintDlgW

advapi32

RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyW
RegCreateKeyW
RegCloseKey

Sections

.text
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bdc943a53dded9831fb5dc068d4b1d71

Code Sign

33:00:00:00:ae:ec:3f:ad:b6:8b:b9:2d:d2:00:00:00:00:00:aeCertificate

Extended Key Usages

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0aCertificate

Extended Key Usages

61:33:26:1a:00:00:00:00:00:31Certificate

Key Usages

61:16:68:34:00:00:00:00:00:1cCertificate

Extended Key Usages

Key Usages

33:00:00:00:64:47:84:94:86:db:41:19:38:00:00:00:00:00:64Certificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

5b:15:1a:47:a9:88:5b:df:18:b4:4f:78:63:27:e1:ca:2f:fb:09:5c:ad:e3:3a:ca:1d:9e:b9:9f:22:d3:64:14Signer

43:07:27:71:dd:14:6e:b3:48:80:dd:c5:b2:0b:43:c4:57:8b:33:3bSigner

Headers

DLL Characteristics

File Characteristics

Imports

version

netapi32

mpr

kernel32

comdlg32

advapi32

Sections

.text Size: 75KB - Virtual size: 74KB

.rdata Size: 48KB - Virtual size: 47KB

.data Size: 5KB - Virtual size: 14KB

.rsrc Size: 1KB - Virtual size: 1KB

33:00:00:00:ae:ec:3f:ad:b6:8b:b9:2d:d2:00:00:00:00:00:ae
Certificate

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

61:33:26:1a:00:00:00:00:00:31
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

33:00:00:00:64:47:84:94:86:db:41:19:38:00:00:00:00:00:64
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

5b:15:1a:47:a9:88:5b:df:18:b4:4f:78:63:27:e1:ca:2f:fb:09:5c:ad:e3:3a:ca:1d:9e:b9:9f:22:d3:64:14
Signer

43:07:27:71:dd:14:6e:b3:48:80:dd:c5:b2:0b:43:c4:57:8b:33:3b
Signer

.text
Size: 75KB - Virtual size: 74KB

.rdata
Size: 48KB - Virtual size: 47KB

.data
Size: 5KB - Virtual size: 14KB

.rsrc
Size: 1KB - Virtual size: 1KB