start[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

start.exe
Size

4.2MB
MD5

e148dbf4ec882021d6443de66b975a4e
SHA1

68222a5dabb51b5bacf72d10fea93e2321580b2b
SHA256

e5c48be3b73995dc0b80281dfe12b5925305c2c75a0e7cdbd94f786967da0117
SHA512

fb5b7ee64ccaf1db696e11a66085ce15d647b2fa02a6f38b1949519d5d22b3520d448856932da0a01e9e64bae4d648a277669e51ea8c9862c9b143a9ef834da2
SSDEEP

98304:Cdmj7OOr5ls6NyBySsdmXp+P/UPIFLOAkGkzdnEVomFHKnPr:AmGOrRep+P/UwFLOyomFHKnPr

Score

1^/10

Malware Config

Signatures

Files

start.exe
.exe windows:6 windows x86 arch:x86

dbd2e6fa169a2fa6d4015b7d8fb05c0f

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:90:ed:34:3a:d8:80:dd:a1:75:79:bc:43:66:ce:2c
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

12/05/2021, 00:00

Not After

09/06/2022, 23:59

Subject

CN=Brother Industries\, Ltd.,O=Brother Industries\, Ltd.,L=Nagoya,ST=Aichi,C=JP

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:d4:a4:b7:72:d7:ba:3c:7c:24:ab:fe:8b:d0:55:63:39:77:5c:53:1a:ae:a7:96:a8:3e:a4:b4:4a:ae:b8:87
Signer

Actual PE Digest

62:d4:a4:b7:72:d7:ba:3c:7c:24:ab:fe:8b:d0:55:63:39:77:5c:53:1a:ae:a7:96:a8:3e:a4:b4:4a:ae:b8:87

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msi

ord74
ord94
ord8

kernel32

GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SwitchToThread
SignalObjectAndWait
CreateTimerQueue
WriteConsoleW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindFirstFileExW
GetTimeZoneInformation
GetDriveTypeW
SetFilePointerEx
ReadConsoleW
GetConsoleMode
GetConsoleCP
EnumSystemLocalesW
IsValidLocale
GetProcessAffinityMask
GetACP
ExitProcess
GetStdHandle
VirtualQuery
VirtualAlloc
GetSystemInfo
HeapQueryInformation
GetCommandLineW
GetCommandLineA
GetFileType
SetStdHandle
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwind
GetStringTypeW
LCMapStringW
GetCPInfo
QueryPerformanceFrequency
TryEnterCriticalSection
GetExitCodeThread
OutputDebugStringW
SetThreadAffinityMask
RegisterWaitForSingleObject
GetThreadTimes
UnregisterWait
VirtualFree
ReleaseSemaphore
InterlockedPopEntrySList
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
WaitForSingleObjectEx
ResetEvent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetUserDefaultLCID
Sleep
GetProfileIntW
GetTickCount
SearchPathW
FindResourceExW
GetWindowsDirectoryW
GetTempPathW
GetTempFileNameW
SetErrorMode
GetFileTime
GetFileSizeEx
GetFileAttributesExW
GetFileAttributesW
GetCurrentDirectoryW
VirtualProtect
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
CompareStringW
GlobalFlags
LocalReAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSection
GlobalGetAtomNameW
VerifyVersionInfoW
VerSetConditionMask
GetThreadLocale
lstrcmpiW
DuplicateHandle
WriteFile
UnlockFile
SetFilePointer
SetEndOfFile
LockFile
GetVolumeInformationW
GetFullPathNameW
GetFileSize
FlushFileBuffers
CreateFileW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
FindNextFileW
FindFirstFileW
FindClose
FileTimeToLocalFileTime
WritePrivateProfileStringW
lstrcpyW
lstrcmpA
GetVersionExW
GetCurrentThread
GetCurrentProcessId
GlobalFindAtomW
GlobalAddAtomW
LoadLibraryA
lstrcmpW
GlobalDeleteAtom
LoadLibraryExW
GetSystemDirectoryW
EncodePointer
GetModuleHandleW
GetModuleHandleA
FreeResource
OutputDebugStringA
ResumeThread
SuspendThread
SetThreadPriority
GetCurrentThreadId
CreateEventW
SetEvent
SetLastError
CopyFileW
FormatMessageW
MulDiv
GlobalFree
GlobalUnlock
GlobalLock
GlobalSize
GlobalAlloc
InitializeCriticalSectionAndSpinCount
DeleteFileW
GetProcessHeap
DeleteCriticalSection
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
HeapSize
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
HeapFree
GetLongPathNameW
GetLastError
CreateMutexW
MultiByteToWideChar
GetCurrentProcess
Wow64RevertWow64FsRedirection
Wow64DisableWow64FsRedirection
GetModuleFileNameW
GetPrivateProfileStringW
GetPrivateProfileSectionW
ReadFile
GetExitCodeProcess
WaitForSingleObject
CloseHandle
CreateProcessW
CreatePipe
FreeLibrary
GetProcAddress
LoadLibraryW
LocalFree
LocalAlloc
WideCharToMultiByte
FindResourceW
LoadResource
LockResource
SizeofResource
GetPrivateProfileIntW
QueryDepthSList
UnregisterWaitEx

user32

RealChildWindowFromPoint
EnumDisplayMonitors
SystemParametersInfoW
LoadCursorW
SetLayeredWindowAttributes
CharUpperW
IntersectRect
MapVirtualKeyW
GetKeyNameTextW
SetRectEmpty
SendDlgItemMessageA
LoadMenuW
SetCursor
ShowOwnedPopups
DrawIconEx
IsRectEmpty
OffsetRect
InflateRect
DrawFocusRect
GetSysColorBrush
SetWindowRgn
GetSystemMetrics
DrawFrameControl
DrawEdge
MapDialogRect
SetWindowContextHelpId
PostQuitMessage
ClientToScreen
GetWindowDC
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
GetWindowThreadProcessId
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
GetMonitorInfoW
MonitorFromWindow
WinHelpW
GetScrollInfo
SetScrollInfo
UnhookWindowsHookEx
GetLastActivePopup
GetTopWindow
GetClassLongW
PtInRect
EqualRect
CopyRect
GetSysColor
MapWindowPoints
ScreenToClient
AdjustWindowRectEx
DestroyMenu
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
RedrawWindow
EndPaint
BeginPaint
DeleteMenu
MessageBeep
WindowFromPoint
NotifyWinEvent
CreatePopupMenu
GetMenuDefaultItem
SetMenuDefaultItem
UpdateLayeredWindow
EnableScrollBar
UnionRect
GetForegroundWindow
MonitorFromPoint
SetMenu
GetMenu
GetCapture
IsIconic
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
IsChild
IsMenu
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
CallWindowProcW
CharNextW
CopyAcceleratorTableW
InvalidateRgn
SetRect
GetNextDlgGroupItem
SetParent
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
DestroyIcon
LoadImageW
SetCursorPos
DefWindowProcW
PostMessageW
GetMenuItemInfoW
CopyImage
GetSystemMenu
GetAsyncKeyState
TrackMouseEvent
IsZoomed
SetCapture
ReleaseCapture
RemovePropW
BringWindowToTop
GetMessagePos
RegisterWindowMessageW
LockWindowUpdate
GetDoubleClickTime
GetIconInfo
CopyIcon
ModifyMenuW
DestroyAcceleratorTable
SetClassLongW
GetUpdateRect
ToUnicodeEx
GetKeyboardLayout
GetKeyboardState
LoadAcceleratorsW
CreateAcceleratorTableW
RegisterClipboardFormatW
CharUpperBuffW
TranslateAcceleratorW
SetWindowPos
MessageBoxW
GetFocus
EnableWindow
SendMessageW
InsertMenuItemW
GetDC
ReleaseDC
LoadIconW
GetWindowRect
GetDesktopWindow
GetClientRect
LoadBitmapW
InvalidateRect
GetKeyState
SetForegroundWindow
SetWindowLongW
KillTimer
SetTimer
UnregisterClassW
DrawStateW
UpdateWindow
FillRect
GetClassNameW
GetMenuStringW
GetMenuState
GetSubMenu
GetMenuItemID
GetMenuItemCount
InsertMenuW
AppendMenuW
RemoveMenu
IsWindow
ShowWindow
MoveWindow
GetDlgItem
SetDlgItemTextW
CheckDlgButton
GetDlgCtrlID
SetFocus
IsWindowEnabled
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
GetWindowLongW
GetParent
GetWindow
IsDialogMessageW
GetMessageW
TranslateMessage
DispatchMessageW
PeekMessageW
IsWindowVisible
GetActiveWindow
ValidateRect
GetCursorPos
SetWindowsHookExW
CallNextHookEx
DestroyWindow
CreateDialogIndirectParamW
EndDialog
GetNextDlgTabItem
UnpackDDElParam
SetActiveWindow
ReuseDDElParam
FrameRect
PostThreadMessageW
WaitMessage
SubtractRect
IsClipboardFormatAvailable
IsCharLowerW
MapVirtualKeyExW
DrawMenuBar
DefFrameProcW
DefMDIChildProcW
TranslateMDISysAccel
GetComboBoxInfo
HideCaret
InvertRect
DrawIcon
CreateMenu
GetWindowRgn
DestroyCursor
TrackPopupMenu
GetMessageTime

gdi32

ExcludeClipRect
GetClipBox
GetObjectType
GetPixel
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
LineTo
PtVisible
RectVisible
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectObject
SelectPalette
SetBkMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetTextAlign
MoveToEx
TextOutW
ExtTextOutW
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CombineRgn
CreateEllipticRgn
CreateRectRgnIndirect
Ellipse
Escape
GetTextColor
GetTextExtentPoint32W
PatBlt
CreatePolygonRgn
Polygon
Polyline
GetTextMetricsW
GetMapMode
SetRectRgn
DPtoLP
CreateCompatibleBitmap
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
CreateRoundRectRgn
CreateDIBSection
GetRgnBox
RealizePalette
SetPixel
SetDIBColorTable
Rectangle
OffsetRgn
RoundRect
CreatePalette
GetPaletteEntries
EnumFontFamiliesExW
GetNearestPaletteIndex
GetSystemPaletteEntries
LPtoDP
ExtFloodFill
SetPaletteEntries
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
GetViewportOrgEx
GetWindowOrgEx
SetPixelV
GetTextFaceW
CreateRectRgn
CreatePatternBrush
CreatePen
CreateHatchBrush
BitBlt
CreateBitmap
SetTextColor
SetBkColor
CreateDCW
CopyMetaFileW
DeleteObject
CreateSolidBrush
DeleteDC
CreateFontIndirectW
GetStockObject
StretchBlt
GetObjectW
CreateCompatibleDC
GetBkColor
GetDeviceCaps

msimg32

TransparentBlt
AlphaBlend

winspool.drv

DocumentPropertiesW
EnumPortsW
OpenPrinterW
ClosePrinter
EnumPrinterDriversW

advapi32

RegQueryValueExW
RegEnumKeyExW
RegEnumValueW
RegQueryValueW
RegEnumKeyW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegOpenKeyExW
QueryServiceStatus
CloseServiceHandle
OpenServiceW
OpenSCManagerW
RegCloseKey
RegSetValueExW

shell32

SHGetPathFromIDListW
SHGetMalloc
ShellExecuteW
SHBrowseForFolderW
SHGetDesktopFolder
SHGetFileInfoW
SHAppBarMessage
DragQueryFileW
DragFinish
SHGetSpecialFolderLocation

comctl32

InitCommonControlsEx

shlwapi

PathFindFileNameW
PathRemoveFileSpecW
StrFormatKBSizeW
PathStripToRootW
PathIsUNCW
PathFindExtensionW
PathFileExistsW

uxtheme

GetThemeColor
IsAppThemed
GetCurrentThemeName
OpenThemeData
CloseThemeData
GetThemeSysColor
IsThemeBackgroundPartiallyTransparent
GetThemePartSize
GetWindowTheme
DrawThemeText
DrawThemeParentBackground
DrawThemeBackground

ole32

CoInitialize
CoRegisterMessageFilter
CoRevokeClassObject
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
OleLockRunning
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
OleGetClipboard
OleUninitialize
OleInitialize
CoFreeUnusedLibraries
DoDragDrop
OleIsCurrentClipboard
OleFlushClipboard
CreateStreamOnHGlobal
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoGetClassObject
CoDisconnectObject
CLSIDFromProgID
CLSIDFromString
CoCreateGuid
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc
CoUninitialize
CoInitializeEx
CoCreateInstance

oleaut32

VariantTimeToSystemTime
SystemTimeToVariantTime
SysAllocStringLen
SysAllocString
SysStringLen
SysAllocStringByteLen
SysFreeString
VariantChangeType
VariantInit
VariantClear
VariantCopy
VarBstrFromDate
LoadTypeLi
OleCreateFontIndirect
SafeArrayDestroy

oledlg

OleUIBusyW

gdiplus

GdipDisposeImage
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipCloneImage
GdipGetImagePixelFormat
GdipGetImagePalette
GdipGetImagePaletteSize
GdipCreateBitmapFromStream
GdiplusStartup
GdipGetImageHeight
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipDeleteGraphics
GdipDrawImageI
GdipCreateBitmapFromHBITMAP
GdipCreateFromHDC
GdipSetInterpolationMode
GdipDrawImageRectI
GdipFree
GdipAlloc
GdiplusShutdown
GdipCreateBitmapFromScan0

oleacc

LresultFromObject
CreateStdAccessibleObject
AccessibleObjectFromWindow

imm32

ImmGetContext
ImmGetOpenStatus
ImmReleaseContext

winmm

PlaySoundW

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 409KB - Virtual size: 408KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 110KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.giats
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 142KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dbd2e6fa169a2fa6d4015b7d8fb05c0f

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0b:90:ed:34:3a:d8:80:dd:a1:75:79:bc:43:66:ce:2cCertificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

62:d4:a4:b7:72:d7:ba:3c:7c:24:ab:fe:8b:d0:55:63:39:77:5c:53:1a:ae:a7:96:a8:3e:a4:b4:4a:ae:b8:87Signer

Headers

DLL Characteristics

File Characteristics

Imports

msi

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

oledlg

gdiplus

oleacc

imm32

winmm

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rdata Size: 409KB - Virtual size: 408KB

.data Size: 30KB - Virtual size: 56KB

.gfids Size: 110KB - Virtual size: 109KB

.giats Size: 512B - Virtual size: 16B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 1.7MB - Virtual size: 1.7MB

.reloc Size: 142KB - Virtual size: 141KB

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0b:90:ed:34:3a:d8:80:dd:a1:75:79:bc:43:66:ce:2c
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

62:d4:a4:b7:72:d7:ba:3c:7c:24:ab:fe:8b:d0:55:63:39:77:5c:53:1a:ae:a7:96:a8:3e:a4:b4:4a:ae:b8:87
Signer

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 409KB - Virtual size: 408KB

.data
Size: 30KB - Virtual size: 56KB

.gfids
Size: 110KB - Virtual size: 109KB

.giats
Size: 512B - Virtual size: 16B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 1.7MB - Virtual size: 1.7MB

.reloc
Size: 142KB - Virtual size: 141KB