logioptionsplus_installer[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

logioptionsplus_installer.exe
Size

28.8MB
MD5

767717c6fec15c8609fdea09ad0ac63c
SHA1

448c45264a34fe0a7beecd6d6dc3fa36181d9de0
SHA256

18ee6ce57bc84f415f27e01f4250cb1b44539ed3ded3f9033e157495824f90c5
SHA512

8c9e8a2ceff6e704322cc642b93cb0d8bec35e7982cb1571568f259813d7b8ca9233b7ab2cbc8aebc3c952bc866620486f118e804ab6954b62c1c94b2eac64cd
SSDEEP

393216:aMnsqS5Gwb6+lptVYmfr7yBG/4oyFN/YuuccKU9oxcS24nKlT5o7utJU4m5fGsD7:aMn+5GU6upttD7yBG/PcXU9g55oTbtw

Score

1^/10

Malware Config

Signatures

Files

logioptionsplus_installer.exe
.exe windows:6 windows x64 arch:x64

705bb6db2b9629157c26706af792d667

Code Sign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

31/05/2021, 06:43

Not After

17/09/2029, 06:43

Subject

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

09:c5:cc:f8:bb:66:7d:71:37:aa:c1:59:80:06:cb:31
Certificate

Issuer

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

02/11/2023, 08:32

Not After

30/10/2034, 08:32

Subject

CN=Certum Timestamp 2023,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:60:c5:35:4d:86:1d:ed:2f:31:76:45:dc:3f:ab:ca
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

21/09/2021, 00:00

Not After

12/09/2024, 23:59

Subject

CN=Logitech Inc,O=Logitech Inc,L=Newark,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

e5:e6:9e:48:d0:49:8c:99:72:91:d9:7e:54:fa:a1:5e:3b:e1:4a:4f:f8:54:66:5e:ce:2a:33:a8:53:52:1c:40
Signer

Actual PE Digest

e5:e6:9e:48:d0:49:8c:99:72:91:d9:7e:54:fa:a1:5e:3b:e1:4a:4f:f8:54:66:5e:ce:2a:33:a8:53:52:1c:40

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

comctl32

InitCommonControlsEx

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-errorhandling-l1-1-0

RaiseException
GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx
CreateEventW
WaitForSingleObject
DeleteCriticalSection
WaitForSingleObjectEx
ResetEvent
SetEvent
EnterCriticalSection

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-shcore-obsolete-l1-1-0

CommandLineToArgvW

api-ms-win-core-file-l1-1-0

DeleteFileW
WriteFile
GetFileAttributesExW
SetEndOfFile
FindFirstFileW
CreateDirectoryW
CreateFileW
GetFileType
SetFileInformationByHandle
ReadFile
FindNextFileW
FindFirstFileExW
FindClose
FlushFileBuffers
SetFilePointerEx
GetFileSizeEx

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-processthreads-l1-1-0

CreateProcessW
GetCurrentProcessId
TlsFree
GetStartupInfoW
ExitProcess
TerminateProcess
GetCurrentProcess
TlsSetValue
TlsGetValue
TlsAlloc
GetCurrentThreadId
GetExitCodeProcess

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetSystemTimeAsFileTime

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameW
LoadResource
GetModuleHandleExW
FreeResource
GetModuleHandleW
FreeLibrary
SizeofResource
LockResource
GetProcAddress
LoadLibraryExW

api-ms-win-core-libraryloader-l1-2-1

FindResourceW

api-ms-win-core-localization-l1-2-0

EnumSystemLocalesW
GetCPInfo
GetOEMCP
LCMapStringEx
GetACP
IsValidCodePage
GetUserPreferredUILanguages
GetLocaleInfoEx
GetLocaleInfoW
GetUserDefaultLCID
FormatMessageA
LCMapStringW
IsValidLocale

api-ms-win-core-rtlsupport-l1-1-0

RtlUnwindEx
RtlPcToFileHeader
RtlUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-console-l1-1-0

ReadConsoleW
GetConsoleMode
WriteConsoleW
GetConsoleOutputCP

api-ms-win-core-heap-l1-1-0

HeapFree
HeapSize
HeapAlloc
GetProcessHeap
HeapReAlloc

api-ms-win-core-fibers-l1-1-0

FlsAlloc
FlsGetValue
FlsFree
FlsSetValue

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW
CompareStringEx

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

user32

GetMessageW
TranslateMessage
DispatchMessageW
SendMessageW
IsDialogMessageW
PostQuitMessage
IsWindow
DestroyWindow
ShowWindow
CreateDialogParamW
SetDlgItemTextW
SetWindowLongPtrW
GetDlgCtrlID
SetWindowTextW
GetWindowLongPtrW

gdi32

SetBkColor
GetStockObject

api-ms-win-core-file-l1-2-2

AreFileApisANSI

api-ms-win-core-file-l2-1-0

GetFileInformationByHandleEx

Sections

.text
Size: 318KB - Virtual size: 317KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 113KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

SHARED
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 28.4MB - Virtual size: 28.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

705bb6db2b9629157c26706af792d667

Code Sign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27Certificate

Key Usages

09:c5:cc:f8:bb:66:7d:71:37:aa:c1:59:80:06:cb:31Certificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87Certificate

Extended Key Usages

Key Usages

01:60:c5:35:4d:86:1d:ed:2f:31:76:45:dc:3f:ab:caCertificate

Extended Key Usages

Key Usages

e5:e6:9e:48:d0:49:8c:99:72:91:d9:7e:54:fa:a1:5e:3b:e1:4a:4f:f8:54:66:5e:ce:2a:33:a8:53:52:1c:40Signer

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-shcore-obsolete-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-file-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-localization-l1-2-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-console-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-fibers-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-profile-l1-1-0

user32

gdi32

api-ms-win-core-file-l1-2-2

api-ms-win-core-file-l2-1-0

Sections

.text Size: 318KB - Virtual size: 317KB

.rdata Size: 113KB - Virtual size: 112KB

.data Size: 9KB - Virtual size: 15KB

.pdata Size: 17KB - Virtual size: 17KB

SHARED Size: 512B - Virtual size: 4B

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 28.4MB - Virtual size: 28.4MB

.reloc Size: 3KB - Virtual size: 3KB

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

09:c5:cc:f8:bb:66:7d:71:37:aa:c1:59:80:06:cb:31
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

01:60:c5:35:4d:86:1d:ed:2f:31:76:45:dc:3f:ab:ca
Certificate

e5:e6:9e:48:d0:49:8c:99:72:91:d9:7e:54:fa:a1:5e:3b:e1:4a:4f:f8:54:66:5e:ce:2a:33:a8:53:52:1c:40
Signer

.text
Size: 318KB - Virtual size: 317KB

.rdata
Size: 113KB - Virtual size: 112KB

.data
Size: 9KB - Virtual size: 15KB

.pdata
Size: 17KB - Virtual size: 17KB

SHARED
Size: 512B - Virtual size: 4B

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 28.4MB - Virtual size: 28.4MB

.reloc
Size: 3KB - Virtual size: 3KB