testdisk_win[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

testdisk_win.exe
Size

664KB
MD5

6fc7cd21e60a4c95039d325670498e7f
SHA1

5350a1e1608c4cd5c8379c2e8d81ec9cc925743e
SHA256

1b478018b9513e1c1f9da96c88a571d84b30a10748544b9b06f00da9ce761e56
SHA512

44f876bc11bd2fc8151f7402250917ce6cc2a5626d3dbe5d693bf812769f7e8f1119fabc4351ef6663a223c8a8241029d50349ff101182ceb58f503221ee71ad
SSDEEP

12288:u/VkD8epR+yaPJDrFriT7DBUNqPotsSAojbFvruvOjn:ZMyaFdiTpURASdT

Score

1^/10

Malware Config

Signatures

Files

testdisk_win.exe
.exe windows:4 windows x64 arch:x64

97ab03ac2d8eba76bae834beb6647e0f

Code Sign

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

29-10-2015 11:30

Not After

09-06-2027 11:30

Subject

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:17:51:80:53:5c:ac:5f:fa:85:f3:42:f4:67:c3:dc
Certificate

Issuer

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

16-04-2018 05:43

Not After

16-04-2019 05:43

Subject

CN=Open Source Developer\, Christophe GRENIER,OU=Open Source Developer,O=Open Source Developer,L=LE PERREUX SUR MARNE,C=FR,1.2.840.113549.1.9.1=#0c166772656e69657240636773656375726974792e6f7267

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8e:9f:71:04:18:da:30:78:03:e6:94:e1:89:5c:fc:9f:a1:d9:9a:a7:d5:46:72:25:97:8b:70:4c:e4:66:8f:ad
Signer

Actual PE Digest

8e:9f:71:04:18:da:30:78:03:e6:94:e1:89:5c:fc:9f:a1:d9:9a:a7:d5:46:72:25:97:8b:70:4c:e4:66:8f:ad

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

cyggcc_s-seh-1

__emutls_get_address

cygssp-0

__stack_chk_fail
__stack_chk_guard

cygwin1

__assert_func
__ctype_ptr__
__cxa_atexit
__errno
__getreent
__locale_ctype_ptr
__locale_mb_cur_max
__main
_dll_crt0
_get_osfhandle
_impure_ptr
abort
access
atoi
atol
calloc
close
closedir
connect
ctime
cygwin_conv_path
cygwin_detach_dll
cygwin_internal
dirname
dll_dllcrt0
dup2
endmntent
execl
exit
fclose
fcntl
fdopen
fflush
fgets
fileno
fopen
fork
fprintf
fputc
fputs
fread
free
fscanf
fstat
fsync
ftruncate
fwrite
getchar
getcwd
getegid
getenv
geteuid
getgid
gethostname
getmntent
getpagesize
getpid
gettimeofday
getuid
ioctl
isatty
kill
localtime_r
lseek
lstat
malloc
mbrtowc
mbsinit
mbsrtowcs
memcmp
memcpy
memmove
memset
mkdir
open
opendir
openlog
perror
posix_fadvise
posix_memalign
pread
printf
putchar
puts
pwrite
qsort
random
read
readdir
realloc
realpath
rewind
setenv
setlocale
setmntent
sigaction
sigaddset
sigemptyset
sleep
snprintf
socket
sprintf
srand
srandom
sscanf
stat
stpcpy
strcasestr
strcat
strchr
strcmp
strcpy
strdup
strerror
strlen
strncat
strncmp
strncpy
strrchr
strtol
strtoul
strtoull
sysconf
syslog
tcgetattr
time
toupper
umask
unlink
unsetenv
utime
vfprintf
vsnprintf
waitpid
wcrtomb
wctomb
write

cygewf-2

libewf_error_free
libewf_error_sprint
libewf_glob
libewf_glob_free
libewf_handle_close
libewf_handle_free
libewf_handle_get_bytes_per_sector
libewf_handle_get_media_size
libewf_handle_initialize
libewf_handle_open
libewf_handle_read_random
libewf_handle_set_header_values_date_format
libewf_handle_write_random

cygiconv-2

libiconv
libiconv_close
libiconv_open

cygncursesw-10

assume_default_colors
cbreak
clearok
curs_set
delwin
endwin
getcurx
getcury
getmaxy
has_colors
init_pair
keypad
ncwrap_COLS
ncwrap_LINES
ncwrap_stdscr
newterm
newwin
nl
nodelay
noecho
nonl
start_color
waddch
waddnstr
wattr_off
wattrset
wbkgdset
wborder
wclear
wclrtoeol
wgetch
wmove
wprintw
wredrawln
wrefresh
wtouchln

kernel32

CloseHandle
CreateFileA
DeviceIoControl
FlushFileBuffers
FormatMessageA
GetDiskFreeSpaceA
GetDiskFreeSpaceExA
GetFileSize
GetLastError
GetModuleHandleA
GetProcAddress
GetVersionExA
LocalFree
ReadFile
SetFilePointer
WriteFile

Sections

.text
Size: 482KB - Virtual size: 482KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 118KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.buildid
Size: 512B - Virtual size: 53B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

97ab03ac2d8eba76bae834beb6647e0f

Code Sign

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2Certificate

Extended Key Usages

Key Usages

1b:17:51:80:53:5c:ac:5f:fa:85:f3:42:f4:67:c3:dcCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

8e:9f:71:04:18:da:30:78:03:e6:94:e1:89:5c:fc:9f:a1:d9:9a:a7:d5:46:72:25:97:8b:70:4c:e4:66:8f:adSigner

Headers

DLL Characteristics

File Characteristics

Imports

cyggcc_s-seh-1

cygssp-0

cygwin1

cygewf-2

cygiconv-2

cygncursesw-10

kernel32

Sections

.text Size: 482KB - Virtual size: 482KB

.data Size: 5KB - Virtual size: 5KB

.rdata Size: 118KB - Virtual size: 117KB

.buildid Size: 512B - Virtual size: 53B

.pdata Size: 16KB - Virtual size: 16KB

.xdata Size: 16KB - Virtual size: 15KB

.bss Size: - Virtual size: 64KB

.idata Size: 7KB - Virtual size: 7KB

.rsrc Size: 10KB - Virtual size: 10KB

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2
Certificate

1b:17:51:80:53:5c:ac:5f:fa:85:f3:42:f4:67:c3:dc
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

8e:9f:71:04:18:da:30:78:03:e6:94:e1:89:5c:fc:9f:a1:d9:9a:a7:d5:46:72:25:97:8b:70:4c:e4:66:8f:ad
Signer

.text
Size: 482KB - Virtual size: 482KB

.data
Size: 5KB - Virtual size: 5KB

.rdata
Size: 118KB - Virtual size: 117KB

.buildid
Size: 512B - Virtual size: 53B

.pdata
Size: 16KB - Virtual size: 16KB

.xdata
Size: 16KB - Virtual size: 15KB

.bss
Size: - Virtual size: 64KB

.idata
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 10KB - Virtual size: 10KB