cryp4[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cryp4.exe
Size

6.5MB
MD5

350de6cf8c24f0b30247ccebc1e96acf
SHA1

5ab7872784651b2c831864312bb0fbc49c7813ba
SHA256

56a74e0e935c0cc023768158910b96f3d24b75260d34ccbe2b19e574d4e0e011
SHA512

0711bf7cdb1a2fbf91c7e26458b2c56734cd3bb848341788fa199c86afb85b799b2a668f0f74783307e309402b556867ddc30896d3e6d1c566de0994e3d08d7c
SSDEEP

98304:L3AmIHzLwNuccUa7k949PnpoZ4DY40Kl7ZF8snl4wz+:L3RITeuccUL9wPnpo+n0a3by

Score

1^/10

Malware Config

Signatures

Files

cryp4.exe
.exe windows:4 windows x86 arch:x86

d00a6c0ce75076ddc4fcd87bc7a7c503

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

61:1c:b2:8a:00:00:00:00:00:26
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:41

Not After

15/04/2021, 19:51

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:30:8b:76:ac:2e:15:b2:97:20:fb:43:95:f6:5f:38
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

19/03/2019, 00:00

Not After

23/03/2022, 12:00

Subject

CN=Oracle Corporation,OU=Virtualbox,O=Oracle Corporation,L=Redwood Shores,ST=CA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:4b:33:30:a9:7d:03:a0:b4:51:59:1d:a8:68:7f:72
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

18/03/2019, 00:00

Not After

18/03/2021, 23:59

Subject

CN=Oracle Corporation,OU=VirtualBox,O=Oracle Corporation,L=Redwood City,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

ce:70:78:30:50:42:5b:1c:97:45:9f:14:73:cf:68:c3:9c:3f:7b:b5:dc:7d:92:3c:49:c8:22:0e:2b:79:65:70
Signer

Actual PE Digest

ce:70:78:30:50:42:5b:1c:97:45:9f:14:73:cf:68:c3:9c:3f:7b:b5:dc:7d:92:3c:49:c8:22:0e:2b:79:65:70

Digest Algorithm

sha256

PE Digest Matches

false

2f:72:1e:6b:b5:96:41:5b:9f:a1:a2:16:d3:ec:4d:3c:b1:98:ac:6f
Signer

Actual PE Digest

2f:72:1e:6b:b5:96:41:5b:9f:a1:a2:16:d3:ec:4d:3c:b1:98:ac:6f

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\mw\Speed\PC\CDMWCollectors\NfsMWCollectorsRelease.pdb

Imports

kernel32

GetPriorityClass
GetCurrentThread
GetCurrentProcess
GetLongPathNameA
SetErrorMode
CloseHandle
Process32Next
Process32First
CreateToolhelp32Snapshot
CreateDirectoryA
GetModuleHandleA
FreeLibrary
GetProcAddress
LoadLibraryA
InterlockedIncrement
InterlockedDecrement
GetTickCount
IsDebuggerPresent
RemoveDirectoryA
GetFullPathNameA
SetCurrentDirectoryA
GetDiskFreeSpaceA
FileTimeToLocalFileTime
FileTimeToSystemTime
ExitThread
GetThreadPriority
GetProcessAffinityMask
SetPriorityClass
SetThreadPriority
SetProcessAffinityMask
Sleep
GetVersionExA
GetLogicalDrives
GetDriveTypeA
GlobalMemoryStatusEx
ResumeThread
SuspendThread
DeleteFileA
MultiByteToWideChar
FindFirstFileA
FindNextFileA
FindClose
FatalAppExitA
DebugBreak
SetupComm
SetCommTimeouts
GetCommConfig
SetCommConfig
GetCommState
SetCommState
PurgeComm
WaitForMultipleObjects
SetCommMask
GetOverlappedResult
WaitCommEvent
GetProcessHeap
QueueUserAPC
SetThreadAffinityMask
ReleaseSemaphore
CreateSemaphoreA
ReleaseMutex
CreateMutexA
CreateThread
GlobalFree
GlobalAlloc
GetDiskFreeSpaceExA
GetFileSize
MoveFileA
GetCurrentDirectoryA
ResetEvent
QueryPerformanceCounter
QueryPerformanceFrequency
CreateProcessA
GetLastError
IsBadReadPtr
OutputDebugStringA
CreateEventA
SetEvent
CreateWaitableTimerA
GetSystemTime
GetCommandLineA
RtlUnwind
RaiseException
IsBadWritePtr
HeapValidate
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
ExitProcess
GetTimeZoneInformation
GetSystemTimeAsFileTime
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
TlsAlloc
GetCurrentThreadId
TlsFree
TlsSetValue
TlsGetValue
SetLastError
HeapDestroy
HeapCreate
HeapFree
VirtualFree
WriteFile
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
HeapAlloc
HeapReAlloc
VirtualAlloc
GetCPInfo
CompareStringA
CompareStringW
ReadFile
SetConsoleCtrlHandler
GetACP
GetOEMCP
InitializeCriticalSection
VirtualQuery
InterlockedExchange
IsBadCodePtr
GetTimeFormatA
GetDateFormatA
GetStringTypeA
GetStringTypeW
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
VirtualProtect
GetSystemInfo
SetFilePointer
GetCurrentProcessId
FlushFileBuffers
SetStdHandle
CreateFileA
SetEndOfFile
GetLocaleInfoW
SetEnvironmentVariableA
DuplicateHandle
TerminateThread
SleepEx
GetExitCodeThread
SetWaitableTimer
WaitForSingleObject
SystemTimeToFileTime

d3d9

Direct3DCreate9

dinput8

DirectInput8Create

user32

SetWindowPos
SetWindowLongA
BeginPaint
EndPaint
PostMessageA
IsIconic
PostQuitMessage
SetCapture
ReleaseCapture
DefWindowProcA
wvsprintfA
GetCursorPos
PeekMessageA
ShowCursor
GetMessageA
TranslateMessage
DispatchMessageA
GetKeyState
MapVirtualKeyExA
GetKeyboardLayout
GetDesktopWindow
GetForegroundWindow
wsprintfA
PostThreadMessageA
SendInput
LoadIconA
LoadCursorA
RegisterClassExA
GetWindowRect
GetClientRect
MapVirtualKeyA
ToUnicode
MessageBoxA
AdjustWindowRect
CreateWindowExA
UpdateWindow
SetCursor
SetFocus
SetForegroundWindow
ShowWindow
DestroyWindow

advapi32

RegCreateKeyA
RegOpenKeyExA
RegCloseKey
RegSetValueExA
RegQueryValueExA
RegOpenKeyA

shfolder

SHGetFolderPathA

shell32

ShellExecuteA

dsound

ord6
ord1

winmm

waveOutGetDevCapsA
waveOutGetNumDevs
waveOutWrite
waveOutGetPosition
waveOutSetVolume
waveInStart
waveInAddBuffer
waveInGetPosition
timeEndPeriod
timeGetTime
timeBeginPeriod
waveOutReset
waveOutOpen
waveOutClose
waveInStop
waveInGetNumDevs
waveInGetDevCapsA
waveInReset
waveInOpen
waveInClose
waveInUnprepareHeader
waveOutUnprepareHeader
waveInPrepareHeader
waveOutPrepareHeader

gdi32

ExtTextOutA
BitBlt
GetPixel
DeleteObject
DeleteDC
SetBkMode
SetBkColor
SetTextColor
CreateFontA
CreateBitmap
SelectObject
CreateCompatibleDC

tapi32

lineGetDevCaps
lineShutdown
lineInitialize
lineAnswer
lineMakeCall
lineGetID
lineClose
lineNegotiateAPIVersion
lineOpen

netapi32

Netbios

ws2_32

shutdown
WSASetEvent
bind
connect
listen
accept
sendto
send
recv
recvfrom
select
getpeername
getsockname
gethostbyname
gethostname
WSAIoctl
WSACleanup
getsockopt
WSAGetLastError
WSACreateEvent
setsockopt
socket
WSACloseEvent
ioctlsocket
WSARecv
WSARecvFrom
closesocket
WSAStartup
WSAGetOverlappedResult
WSAWaitForMultipleEvents
WSAResetEvent

Sections

.text
Size: 4.6MB - Virtual size: 4.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 360KB - Virtual size: 357KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 144KB - Virtual size: 883KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 260KB - Virtual size: 259KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d00a6c0ce75076ddc4fcd87bc7a7c503

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

61:1c:b2:8a:00:00:00:00:00:26Certificate

Key Usages

05:30:8b:76:ac:2e:15:b2:97:20:fb:43:95:f6:5f:38Certificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

06:4b:33:30:a9:7d:03:a0:b4:51:59:1d:a8:68:7f:72Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

ce:70:78:30:50:42:5b:1c:97:45:9f:14:73:cf:68:c3:9c:3f:7b:b5:dc:7d:92:3c:49:c8:22:0e:2b:79:65:70Signer

2f:72:1e:6b:b5:96:41:5b:9f:a1:a2:16:d3:ec:4d:3c:b1:98:ac:6fSigner

Headers

File Characteristics

PDB Paths

Imports

kernel32

d3d9

dinput8

user32

advapi32

shfolder

shell32

dsound

winmm

gdi32

tapi32

netapi32

ws2_32

Sections

.text Size: 4.6MB - Virtual size: 4.6MB

.rdata Size: 360KB - Virtual size: 357KB

.data Size: 144KB - Virtual size: 883KB

.rsrc Size: 1.2MB - Virtual size: 1.2MB

Size: 260KB - Virtual size: 259KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

61:1c:b2:8a:00:00:00:00:00:26
Certificate

05:30:8b:76:ac:2e:15:b2:97:20:fb:43:95:f6:5f:38
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

06:4b:33:30:a9:7d:03:a0:b4:51:59:1d:a8:68:7f:72
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

ce:70:78:30:50:42:5b:1c:97:45:9f:14:73:cf:68:c3:9c:3f:7b:b5:dc:7d:92:3c:49:c8:22:0e:2b:79:65:70
Signer

2f:72:1e:6b:b5:96:41:5b:9f:a1:a2:16:d3:ec:4d:3c:b1:98:ac:6f
Signer

.text
Size: 4.6MB - Virtual size: 4.6MB

.rdata
Size: 360KB - Virtual size: 357KB

.data
Size: 144KB - Virtual size: 883KB

.rsrc
Size: 1.2MB - Virtual size: 1.2MB