link[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

link.exe
Size

782KB
MD5

fd40cc6371471f1bfbe26c326a2937c1
SHA1

6c0e9c22476dc4f5f59b77e2f04cb19e76b0200f
SHA256

db188969504987decffb77e15f64f1b7eb94215cea12aa6cd7901510bb21e804
SHA512

df4a3286bfb94162102a2412816ee36dfc5640659821c5b0c7b87f9142b0ea73d2e6cfcb9a3e83bcd09ff9d972fcfe3c890e716fde9f36e9711e630b541db135
SSDEEP

12288:d/Ugjor5G0zXAkFU+ayJtc3tf3pTTIAu8ZLaN1kvLgo8E/IQPvan:dmn7c3tfJIAu8ZKkC6An

Score

1^/10

Malware Config

Signatures

Files

link.exe
.exe windows:5 windows x86 arch:x86

aff1991c1b93ed383d8ca05c2ef5fc3d

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:0f:78:4d:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/08/2007, 00:23

Not After

23/02/2009, 00:33

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:47:52:ba:00:00:00:00:00:04
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/09/2006, 01:53

Not After

16/09/2011, 02:03

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:D8A9-CFCC-579C,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:47:52:ba:00:00:00:00:00:04
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/09/2006, 01:53

Not After

16/09/2011, 02:03

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:D8A9-CFCC-579C,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

87:26:da:b7:d9:4d:24:c7:b4:34:9a:9a:fd:a0:db:cf:21:52:b1:80
Signer

Actual PE Digest

87:26:da:b7:d9:4d:24:c7:b4:34:9a:9a:fd:a0:db:cf:21:52:b1:80

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptGetHashParam
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

kernel32

FindResourceExW
LoadResource
GetDriveTypeW
CreateFileW
GetLastError
GetFileSize
CloseHandle
FlushViewOfFile
UnmapViewOfFile
SetFilePointer
SetEndOfFile
CreateFileMappingW
VirtualFree
MapViewOfFileEx
DeleteFileW
ExitProcess
GetTempPathW
GetTempFileNameW
WideCharToMultiByte
GetACP
lstrcmpiW
GetTickCount
FormatMessageW
GetProcAddress
CopyFileW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
GetUserDefaultUILanguage
GetFileAttributesW
FindFirstFileW
FindNextFileW
FindClose
LoadLibraryExW
GetFileInformationByHandle
GetSystemInfo
MoveFileExW
SetProcessWorkingSetSize
GetCurrentProcess
GetCommandLineW
GetFileAttributesExW
GetVersion
MapViewOfFile
CreateEventW
CreateMutexW
DuplicateHandle
GetCurrentProcessId
GetCurrentThreadId
CreateProcessW
WaitForSingleObject
ReleaseMutex
SetEvent
Sleep
HeapSetInformation
GetModuleHandleW
SetErrorMode
SetConsoleCtrlHandler
SetUnhandledExceptionFilter
VirtualQuery
GetModuleFileNameW
HeapAlloc
HeapReAlloc
VirtualAlloc
HeapCreate
HeapDestroy
HeapFree
GetCPInfo
MultiByteToWideChar
GetFileType
GetConsoleMode
GetConsoleScreenBufferInfo
FreeLibrary
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
QueryPerformanceCounter
InterlockedCompareExchange
InterlockedExchange
LocalAlloc
LoadLibraryA
RaiseException
IsDebuggerPresent

msvcr90

wcscat_s
_read
iswascii
strchr
strcpy_s
strcat_s
_tzset
_time64
_wgetcwd
_wpgmptr
sprintf_s
isalnum
strrchr
_wmakepath_s
clock
wcschr
wcscpy_s
iswdigit
swscanf_s
_errno
_wcstoui64
_ultoa_s
strncpy_s
qsort
_wsplitpath_s
_wspawnv
_wspawnvp
_wremove
fwprintf
_wcsicmp
bsearch
__iob_func
strncmp
_vswprintf_c_l
vsprintf_s
strtoul
__unDName
free
malloc
__unDNameEx
exit
_wdupenv_s
_wcsnicmp
fgetws
iswspace
wcstok_s
_ui64tow_s
_snwprintf_s
_wfsopen
_fileno
_get_osfhandle
_filelength
fclose
_ultow_s
wcsrchr
isprint
_wctime64
iswprint
_stricmp
_strnicmp
sscanf_s
_itow_s
wcsncpy_s
_snprintf_s
wcsncat_s
wcscspn
calloc
strstr
toupper
_wputenv_s
fwrite
_wgetenv_s
fread
wcsstr
memcpy_s
swprintf_s
_wcsupr_s
setlocale
_set_invalid_parameter_handler
memmove
setvbuf
_itoa_s
wcsncmp
_wtoi64
_open_osfhandle
_wfdopen
_putwch
fputwc
_cputws
fputws
_vcwprintf
vfwprintf
_wsearchenv_s
wcspbrk
ftell
fseek
getenv
fopen
atoi
_isatty
getwchar
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
__winitenv
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
__set_app_type
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
?terminate@@YAXXZ
_except_handler4_common
_invoke_watson
_controlfp_s
_crt_debugger_hook
memset
_wfullpath
_tell
_write
_lseek
isdigit
strncpy
isxdigit
_close
_wstat64i32
__doserrno
_wsopen_s
_wunlink
_waccess
fflush
wcsncpy
memcpy
__CxxFrameHandler3

mspdb80

?Open2W@PDB@@SAHPBGPBDPAJPAGIPAPAU1@@Z
PDBExportValidateInterface
SzCanonFilename
?OpenValidate5@PDB@@SAHPBG0PAXP6AP6AHXZ1W4POVC@@@ZPAJPAGIPAPAU1@@Z
SigForPbCb

user32

LoadStringW

Sections

.text
Size: 676KB - Virtual size: 676KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

aff1991c1b93ed383d8ca05c2ef5fc3d

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40Certificate

2e:ab:11:dc:50:ff:5c:9d:cb:c0Certificate

Extended Key Usages

Key Usages

61:0f:78:4d:00:00:00:00:00:03Certificate

Extended Key Usages

Key Usages

61:47:52:ba:00:00:00:00:00:04Certificate

Extended Key Usages

Key Usages

61:47:52:ba:00:00:00:00:00:04Certificate

Extended Key Usages

Key Usages

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2Certificate

Extended Key Usages

Key Usages

87:26:da:b7:d9:4d:24:c7:b4:34:9a:9a:fd:a0:db:cf:21:52:b1:80Signer

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcr90

mspdb80

user32

Sections

.text Size: 676KB - Virtual size: 676KB

.data Size: 1KB - Virtual size: 60KB

.rsrc Size: 54KB - Virtual size: 54KB

.reloc Size: 40KB - Virtual size: 39KB

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

61:0f:78:4d:00:00:00:00:00:03
Certificate

61:47:52:ba:00:00:00:00:00:04
Certificate

61:47:52:ba:00:00:00:00:00:04
Certificate

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

87:26:da:b7:d9:4d:24:c7:b4:34:9a:9a:fd:a0:db:cf:21:52:b1:80
Signer

.text
Size: 676KB - Virtual size: 676KB

.data
Size: 1KB - Virtual size: 60KB

.rsrc
Size: 54KB - Virtual size: 54KB

.reloc
Size: 40KB - Virtual size: 39KB