Microsoft PID Checker[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

Microsoft PID Checker.zip
Size

1.8MB
MD5

f1894b7713591af59b65497c1ecaf47d
SHA1

b198a2b8a489f7e2d43ddc3271198a0f38427997
SHA256

e864b0f3448f3031c90f369f8c52b3e8bc2790f7b97ab40a74ae79a597d213c7
SHA512

716a88a736a1a17000cf12dd7d1318e3581199fc5660ba938dd333c1ffc114dcfca8d54c64665ea2c7509fdba3f65a69aae28c3f54e175a6203b88c5b659329b
SSDEEP

49152:syREAr5AfMiR4e/FaTd3LvO9KPGeAD81rIs:syREAr5+MiR4tNvOAemqs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Microsoft PID Checker/Microsoft PID Checker.exe

Files

Microsoft PID Checker.zip
.zip
Microsoft PID Checker/Microsoft PID Checker.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 10.5MB - Virtual size: 10.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Microsoft PID Checker/ProductKeyUtilities.dll
.dll windows:10 windows x86 arch:x86

bb767a1d6c27f14afe16d181a8180926

Code Sign

33:00:00:00:ae:ec:3f:ad:b6:8b:b9:2d:d2:00:00:00:00:00:ae
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03-05-2016 17:13

Not After

03-08-2017 17:13

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:B8EC-30A4-7144,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-06-2015 17:42

Not After

04-09-2016 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:ef:d8:87:2e:35:a3:82:8a:2f:00:00:00:00:00:ef
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28-10-2015 20:31

Not After

28-01-2017 20:31

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06-07-2010 20:40

Not After

06-07-2025 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

18:de:d0:26:d9:c8:53:31:e5:bc:10:6d:e8:95:c4:6e:60:ad:4a:47:92:67:c5:c6:19:0c:b1:8d:8c:a8:ea:e5
Signer

Actual PE Digest

18:de:d0:26:d9:c8:53:31:e5:bc:10:6d:e8:95:c4:6e:60:ad:4a:47:92:67:c5:c6:19:0c:b1:8d:8c:a8:ea:e5

Digest Algorithm

sha256

PE Digest Matches

true

54:5e:ae:de:c4:4a:a8:a9:4f:a8:07:a9:88:d0:d9:de:b8:bd:2f:bc
Signer

Actual PE Digest

54:5e:ae:de:c4:4a:a8:a9:4f:a8:07:a9:88:d0:d9:de:b8:bd:2f:bc

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

pidgenx.pdb

Imports

msvcrt

wcsncmp
_itow_s
memmove
_wcsicmp
_onexit
_wcsnicmp
_itow
_ui64tow_s
_except_handler4_common
__dllonexit
_unlock
_lock
_initterm
malloc
free
_amsg_exit
_XcptFilter
_purecall
_vsnwprintf
wcschr
_wtoi
wcsstr
_CIlog10
_ftol2
memcmp
memcpy
memset

kernel32

HeapAlloc
GetProcAddress
GetProcessHeap
SetLastError
GetVersionExA
GetLastError
LocalAlloc
LocalFree
CloseHandle
CreateFileW
GetFileSize
ReadFile
SetFilePointer
MultiByteToWideChar
WideCharToMultiByte
ExpandEnvironmentStringsW
GetCurrentProcess
TerminateProcess
GetCurrentThread
UnhandledExceptionFilter
SetUnhandledExceptionFilter
Sleep
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
GetModuleHandleExW
HeapFree
IsProcessorFeaturePresent
InitializeCriticalSection
SystemTimeToFileTime
GetLocalTime
GetProcessAffinityMask
GetThreadPriority
WaitForMultipleObjects
GetVersionExW
GetSystemDefaultLangID
FileTimeToSystemTime
FreeLibrary
SetThreadPriority
FreeLibraryAndExitThread
VirtualQuery
GetModuleFileNameW
LoadLibraryExW
CreateThread
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
CreateEventW
CreateSemaphoreW
InitializeCriticalSectionAndSpinCount
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
RaiseException
WaitForSingleObject
ReleaseSemaphore
SetEvent

advapi32

TraceMessage
CryptExportKey
CryptVerifySignatureA
CryptSignHashA
CryptDecrypt
CryptEncrypt
CryptGenKey
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptAcquireContextW
CryptReleaseContext
CryptGenRandom

rpcrt4

RpcStringFreeW
UuidFromStringW
I_RpcMapWin32Status
UuidToStringW

bcrypt

BCryptGenRandom

Exports

Exports

GetPKeyData
PidGenX
PidGenX2

Sections

.text
Size: 586KB - Virtual size: 586KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Microsoft PID Checker/_Visit MajorgeeksDotCom.url.website
Microsoft PID Checker/pkeyconfig-downlevel.xrm-ms
Microsoft PID Checker/pkeyconfig-office2019-kmshost.xrm-ms
Microsoft PID Checker/pkeyconfig-office2019.xrm-ms
Microsoft PID Checker/pkeyconfig.xrm-ms
Microsoft PID Checker/readme.txt

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 10.5MB - Virtual size: 10.5MB

.rsrc Size: 100KB - Virtual size: 99KB

.reloc Size: 512B - Virtual size: 12B

bb767a1d6c27f14afe16d181a8180926

Code Sign

33:00:00:00:ae:ec:3f:ad:b6:8b:b9:2d:d2:00:00:00:00:00:aeCertificate

Extended Key Usages

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0aCertificate

Extended Key Usages

61:33:26:1a:00:00:00:00:00:31Certificate

Key Usages

61:16:68:34:00:00:00:00:00:1cCertificate

Extended Key Usages

Key Usages

33:00:00:00:ef:d8:87:2e:35:a3:82:8a:2f:00:00:00:00:00:efCertificate

Extended Key Usages

61:0c:52:4c:00:00:00:00:00:03Certificate

Key Usages

18:de:d0:26:d9:c8:53:31:e5:bc:10:6d:e8:95:c4:6e:60:ad:4a:47:92:67:c5:c6:19:0c:b1:8d:8c:a8:ea:e5Signer

54:5e:ae:de:c4:4a:a8:a9:4f:a8:07:a9:88:d0:d9:de:b8:bd:2f:bcSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

advapi32

rpcrt4

bcrypt

Exports

Exports

Sections

.text Size: 586KB - Virtual size: 586KB

.data Size: 1024B - Virtual size: 2KB

.idata Size: 3KB - Virtual size: 2KB

.rsrc Size: 1024B - Virtual size: 1016B

.reloc Size: 32KB - Virtual size: 32KB

.text
Size: 10.5MB - Virtual size: 10.5MB

.rsrc
Size: 100KB - Virtual size: 99KB

.reloc
Size: 512B - Virtual size: 12B

33:00:00:00:ae:ec:3f:ad:b6:8b:b9:2d:d2:00:00:00:00:00:ae
Certificate

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

61:33:26:1a:00:00:00:00:00:31
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

33:00:00:00:ef:d8:87:2e:35:a3:82:8a:2f:00:00:00:00:00:ef
Certificate

61:0c:52:4c:00:00:00:00:00:03
Certificate

18:de:d0:26:d9:c8:53:31:e5:bc:10:6d:e8:95:c4:6e:60:ad:4a:47:92:67:c5:c6:19:0c:b1:8d:8c:a8:ea:e5
Signer

54:5e:ae:de:c4:4a:a8:a9:4f:a8:07:a9:88:d0:d9:de:b8:bd:2f:bc
Signer

.text
Size: 586KB - Virtual size: 586KB

.data
Size: 1024B - Virtual size: 2KB

.idata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 1016B

.reloc
Size: 32KB - Virtual size: 32KB