8[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8.exe
Size

2.8MB
MD5

409e73d4db097ae85b67160fc73bffe1
SHA1

5402610a97bcf74bf25e0b54d8271b41e086ac6f
SHA256

e3f67fe4fb16880366abd9cbf288bc6e03d38330a22eb5522f8e8c53ff14208e
SHA512

cf00be42b3239a15755ddd628cc65748c0cef2bdc578da152d00ede8b75e24d5458bcfbcad2b17940a4faed5a77137eaf81053f82970c4032de8026231c2a040
SSDEEP

49152:Ih5c8827CRluo/KHhSyy71rgPQyC4zvMHxWV4eySFfID:Ih5c8qnKHvo1tyCuMHV

Score

1^/10

Malware Config

Signatures

Files

8.exe
.exe windows:6 windows x86 arch:x86

72914ac3174ab6f6ce9a60d8dbb8bf43

Code Sign

71:ab:43:b1:12:97:54:ea:58:09:10:2a:59:ec:89:50
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

28/01/2020, 00:00

Not After

27/04/2023, 23:59

Subject

CN=Irfan Skiljan,O=Irfan Skiljan,POSTALCODE=2723,L=Winzendorf-Muthmannsdorf,C=AT

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

b1:32:c3:c8:1a:db:53:68:6d:95:be:4d:70:fc:81:b5:78:ee:d6:1d
Signer

Actual PE Digest

b1:32:c3:c8:1a:db:53:68:6d:95:be:4d:70:fc:81:b5:78:ee:d6:1d

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

crypt32

CertDuplicateCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertFreeCertificateContext
CertGetCertificateContextProperty
CertOpenStore

kernel32

QueueUserAPC
GetProcAddress
LocalFree
DeleteCriticalSection
WideCharToMultiByte
SleepEx
TlsGetValue
GetSystemTimeAsFileTime
TlsFree
FormatMessageA
CreateIoCompletionPort
InitializeSRWLock
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
GetCurrentThreadId
GetModuleHandleExW
GetSystemDirectoryA
FreeLibrary
LoadLibraryA
SetEvent
VirtualFree
LoadLibraryW
SwitchToFiber
DeleteFiber
CreateFiberEx
MultiByteToWideChar
GetStdHandle
GetFileType
WriteFile
GetModuleHandleW
GetCurrentProcessId
GetACP
ConvertFiberToThread
ConvertThreadToFiberEx
FindClose
FindFirstFileW
FindNextFileW
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
GetSystemTime
SystemTimeToFileTime
WriteConsoleW
HeapSize
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
CloseHandle
TlsAlloc
GetEnvironmentVariableW
GetLastError
FormatMessageW
CreateEventW
PostQueuedCompletionStatus
WaitForSingleObject
GetQueuedCompletionStatus
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
WaitForMultipleObjects
CreateWaitableTimerW
EnterCriticalSection
SetLastError
TlsSetValue
SetWaitableTimer
TerminateThread
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
GetTimeZoneInformation
GetFullPathNameW
GetCurrentDirectoryW
SetEndOfFile
SetStdHandle
GetFileSizeEx
SetFilePointerEx
GetConsoleOutputCP
FlushFileBuffers
HeapReAlloc
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
HeapFree
HeapAlloc
GetModuleFileNameW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileInformationByHandle
GetDriveTypeW
CreateFileW
ReadFile
ExitProcess
SetConsoleCtrlHandler
FreeLibraryAndExitThread
ExitThread
CreateThread
LoadLibraryExW
RtlUnwind
InitializeSListHead
RaiseException
InitializeCriticalSectionEx
EncodePointer
DecodePointer
LCMapStringEx
GetStringTypeW
GetCPInfo
WakeAllConditionVariable
SleepConditionVariableSRW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter

user32

GetUserObjectInformationW
GetWindowTextW
MessageBoxW
GetProcessWindowStation
GetForegroundWindow

gdi32

DeleteObject
DeleteDC

advapi32

CryptSignHashW
CryptReleaseContext
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
ReportEventW
RegisterEventSourceW
DeregisterEventSource
CryptEnumProvidersW
CryptAcquireContextW
CryptDestroyHash
CryptCreateHash
CryptDecrypt

gdiplus

GdipFree
GdipGetImageEncodersSize
GdipSaveImageToStream
GdipDisposeImage
GdipCreateBitmapFromHBITMAP
GdipAlloc
GdipCloneImage
GdipGetImageEncoders
GdiplusShutdown
GdiplusStartup

ws2_32

send
recv
getservbyname
getservbyport
gethostbyaddr
inet_ntoa
inet_addr
htons
htonl
gethostbyname
ntohs
WSACleanup
closesocket
WSASend
select
WSASetLastError
WSASocketW
getaddrinfo
connect
gethostname
WSARecv
getsockopt
freeaddrinfo
ioctlsocket
setsockopt
WSAGetLastError
socket
shutdown
WSAStartup

bcrypt

BCryptGenRandom

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 585KB - Virtual size: 584KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

72914ac3174ab6f6ce9a60d8dbb8bf43

Code Sign

71:ab:43:b1:12:97:54:ea:58:09:10:2a:59:ec:89:50Certificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

b1:32:c3:c8:1a:db:53:68:6d:95:be:4d:70:fc:81:b5:78:ee:d6:1dSigner

Headers

DLL Characteristics

File Characteristics

Imports

crypt32

kernel32

user32

gdi32

advapi32

gdiplus

ws2_32

bcrypt

Sections

.text Size: 2.1MB - Virtual size: 2.1MB

.rdata Size: 585KB - Virtual size: 584KB

.data Size: 28KB - Virtual size: 37KB

.rsrc Size: 23KB - Virtual size: 23KB

.reloc Size: 102KB - Virtual size: 102KB

71:ab:43:b1:12:97:54:ea:58:09:10:2a:59:ec:89:50
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

b1:32:c3:c8:1a:db:53:68:6d:95:be:4d:70:fc:81:b5:78:ee:d6:1d
Signer

.text
Size: 2.1MB - Virtual size: 2.1MB

.rdata
Size: 585KB - Virtual size: 584KB

.data
Size: 28KB - Virtual size: 37KB

.rsrc
Size: 23KB - Virtual size: 23KB

.reloc
Size: 102KB - Virtual size: 102KB