Vaults BETA[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Vaults BETA.exe
Size

2.6MB
MD5

fe62c6703cdbc4842aef79229d3f0c1f
SHA1

fefce1f8bb7dc34a061ab7a31e58183c326fc0d2
SHA256

011399516026f8c5c8b5d22f598dd019b60449f3368a1f9b0cd18cc767dc69fa
SHA512

498b8465afa62bc92b36f24965b9d66165e4dbc6752f684753964906e67a07b10080915e125a6614c9ab6aded06c0b42efcffcd89f2ee28ea59c0d3743042d57
SSDEEP

49152:53q91N5j9E6N5udA7PwJfAtly9+ATFBBU2VcZMP2Locb:53e1tEg5WJ9ZBBU2mw8

Score

1^/10

Malware Config

Signatures

Files

Vaults BETA.exe
.exe windows:6 windows x86 arch:x86

8d48832b5b0077d79afe940684a4fdd4

Code Sign

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2c:48:eb:5f:de:77:91:2d:96:1e:b6:68:3c:33:e0:fe
Certificate

Issuer

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

20/09/2023, 12:19

Not After

19/09/2024, 12:19

Subject

CN=Crow Hill Productions Ltd,O=Crow Hill Productions Ltd,L=London,ST=London,C=GB,1.2.840.113549.1.9.1=#0c1c68656c6c6f4074686563726f7768696c6c636f6d70616e792e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1a:6d:b5:a6:60:b1:57:1e:64:87:5f:25:e4:73:ed:4f:f9:d8:7e:dd:70:45:f9:2c:0f:fa:24:a3:70:43:9e:ad
Signer

Actual PE Digest

1a:6d:b5:a6:60:b1:57:1e:64:87:5f:25:e4:73:ed:4f:f9:d8:7e:dd:70:45:f9:2c:0f:fa:24:a3:70:43:9e:ad

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
GetFileAttributesExW
OutputDebugStringW
SetEvent
GetLogicalProcessorInformation
GetDiskFreeSpaceExW
GetCurrentThread
TerminateThread
QueryPerformanceFrequency
DeleteFileW
CloseHandle
LoadLibraryW
GetCurrentDirectoryW
GetOverlappedResult
GetProcAddress
ReplaceFileW
DeleteCriticalSection
ExitProcess
GetModuleHandleW
FreeLibrary
QueryPerformanceCounter
MoveFileW
GetDriveTypeW
IsDebuggerPresent
ConnectNamedPipe
SetUnhandledExceptionFilter
FlushFileBuffers
GetCommandLineW
AttachConsole
CompareStringOrdinal
GlobalSize
LoadLibraryA
GlobalAlloc
GlobalFree
GlobalLock
GetCurrentProcessId
GlobalUnlock
SetStdHandle
HeapSize
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
FindFirstFileExW
ReadConsoleW
SetFilePointerEx
GetFileSizeEx
GetConsoleMode
GetConsoleOutputCP
GetOEMCP
GetACP
DisconnectNamedPipe
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
HeapAlloc
HeapFree
HeapReAlloc
GetStdHandle
ExitThread
GetTimeZoneInformation
RaiseException
RtlUnwind
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
DuplicateHandle
VirtualFree
VirtualProtect
VirtualAlloc
GetVersionExW
LoadLibraryExW
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetThreadPriority
CreateThread
SignalObjectAndWait
CreateTimerQueue
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
UnhandledExceptionFilter
WaitForSingleObjectEx
ResetEvent
GetCPInfo
GetStringTypeW
LCMapStringW
CompareStringW
MultiByteToWideChar
DecodePointer
EncodePointer
GetTickCount
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SwitchToThread
InitializeCriticalSectionAndSpinCount
SetLastError
WideCharToMultiByte
FormatMessageW
Sleep
CreateEventW
GetLogicalDriveStringsW
IsValidCodePage
GetModuleHandleA
GetSystemDirectoryW
ReleaseMutex
GetCurrentThreadId
GetFileAttributesW
CreateFileW
WaitForSingleObject
GetLocaleInfoW
FindClose
CreateMutexW
GetTempPathW
SetEndOfFile
SetFilePointer
InitializeCriticalSection
LeaveCriticalSection
SetThreadPriority
WaitForMultipleObjects
CreateDirectoryW
GetModuleFileNameW
RemoveDirectoryW
TerminateProcess
GetModuleHandleExW
WriteFile
GetCurrentProcess
FindNextFileW
EnterCriticalSection
FindFirstFileW
CancelIo
GetVolumeInformationW
TryEnterCriticalSection
ReadFile
SetThreadAffinityMask
GetFileType
WriteConsoleW

user32

GetWindowTextW
SetWindowLongW
TranslateMessage
SetFocus
EnumWindows
PeekMessageW
DispatchMessageW
RegisterClassExW
GetWindowThreadProcessId
AttachThreadInput
LoadStringA
FindWindowExW
MapVirtualKeyW
GetMessagePos
GetUpdateRgn
UnregisterClassW
CreateWindowExW
DestroyWindow
GetFocus
GetMessageExtraInfo
PostMessageW
DefWindowProcW
GetMessageW
GetWindowLongW
ReleaseDC
GetDC
EndPaint
BeginPaint
GetCursorPos
SetCursorPos
GetAncestor
InvalidateRect
ReleaseCapture
GetParent
SystemParametersInfoW
EnableMenuItem
GetDesktopWindow
ShowCaret
DrawIconEx
UpdateLayeredWindow
GetClientRect
SetCursor
ToUnicode
SetClipboardData
SetWindowsHookExW
SetCapture
DestroyCaret
LoadCursorW
FindWindowW
LoadIconW
GetClipboardData
BringWindowToTop
SetLayeredWindowAttributes
GetMessageTime
UnhookWindowsHookEx
GetForegroundWindow
TrackMouseEvent
MapWindowPoints
CreateCaret
GetSystemMenu
SendMessageTimeoutW
IsChild
EmptyClipboard
CloseClipboard
CreateIconIndirect
GetMonitorInfoW
GetWindowInfo
DestroyIcon
GetAsyncKeyState
RedrawWindow
GetCapture
GetWindowRect
IsWindowVisible
SetWindowPos
MessageBoxW
MonitorFromWindow
EnumChildWindows
EnumDisplayMonitors
GetIconInfo
SendMessageW
CallNextHookEx
EndDialog
SetWindowTextW
MessageBeep
WindowFromPoint
GetWindowPlacement
DestroyCursor
GetKeyboardState
SetCaretPos
GetActiveWindow
ShowWindow
IsWindow
OpenClipboard

gdi32

CreateRectRgn
GetRegionData
GetObjectW
ExcludeClipRect
RestoreDC
CreateBitmap
CombineRgn
CreateDIBSection
GetKerningPairsW
CreateCompatibleDC
EnumFontFamiliesExW
CreateRectRgnIndirect
GetTextMetricsW
DeleteDC
SetMapperFlags
GetGlyphIndicesW
GetGlyphOutlineW
DeleteObject
RemoveFontMemResourceEx
SetMapMode
CreateFontIndirectW
GetOutlineTextMetricsW
SaveDC
StretchDIBits
GetDeviceCaps
SelectObject
AddFontMemResourceEx

comdlg32

GetSaveFileNameW
GetOpenFileNameW

shell32

SHGetSpecialFolderPathW
DragQueryFileW
ShellExecuteW
SHGetMalloc
ExtractAssociatedIconW
SHBrowseForFolderW
SHGetKnownFolderPath
SHParseDisplayName
SHGetPathFromIDListW
SHCreateShellItem

ole32

RevokeDragDrop
CoInitializeEx
RegisterDragDrop
DoDragDrop
CoTaskMemFree
CoUninitialize
CoTaskMemAlloc
OleInitialize
OleUninitialize
CoCreateInstance

oleaut32

SafeArrayUnaccessData
SafeArrayCreateVector
SafeArrayDestroy
SysAllocString
SafeArrayPutElement
SafeArrayAccessData

wininet

HttpSendRequestExW
FtpOpenFileW
InternetConnectW
InternetSetOptionW
HttpEndRequestW
InternetCrackUrlW
InternetWriteFile
InternetCloseHandle
HttpOpenRequestW
InternetOpenW
InternetReadFile
HttpQueryInfoW
InternetSetFilePointer

ws2_32

bind
send
inet_ntoa
recv
inet_addr
accept
htons
freeaddrinfo
sendto
ioctlsocket
setsockopt
__WSAFDIsSet
WSAStartup
getaddrinfo
select
getsockopt
closesocket
htonl

shlwapi

PathStripToRootW

winmm

timeGetTime
timeKillEvent
timeBeginPeriod

imm32

ImmSetCandidateWindow
ImmGetCompositionStringW
ImmReleaseContext
ImmGetContext
ImmNotifyIME

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 438KB - Virtual size: 438KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 47KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 118KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8d48832b5b0077d79afe940684a4fdd4

Code Sign

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39Certificate

Extended Key Usages

Key Usages

2c:48:eb:5f:de:77:91:2d:96:1e:b6:68:3c:33:e0:feCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

1a:6d:b5:a6:60:b1:57:1e:64:87:5f:25:e4:73:ed:4f:f9:d8:7e:dd:70:45:f9:2c:0f:fa:24:a3:70:43:9e:adSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

shell32

ole32

oleaut32

wininet

ws2_32

shlwapi

winmm

imm32

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rdata Size: 438KB - Virtual size: 438KB

.data Size: 47KB - Virtual size: 52KB

.rsrc Size: 118KB - Virtual size: 118KB

.reloc Size: 99KB - Virtual size: 99KB

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39
Certificate

2c:48:eb:5f:de:77:91:2d:96:1e:b6:68:3c:33:e0:fe
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

1a:6d:b5:a6:60:b1:57:1e:64:87:5f:25:e4:73:ed:4f:f9:d8:7e:dd:70:45:f9:2c:0f:fa:24:a3:70:43:9e:ad
Signer

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 438KB - Virtual size: 438KB

.data
Size: 47KB - Virtual size: 52KB

.rsrc
Size: 118KB - Virtual size: 118KB

.reloc
Size: 99KB - Virtual size: 99KB