DFO_Install[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

DFO_Install.exe
Size

2.3MB
MD5

925c310d92f01155cdab6239158ca9f2
SHA1

7b9b2335835fe43c78c9004ccea11c4e0a134c23
SHA256

04dcaf5b7f9ed3b29d53f908e2766f73d99b218a785c95f3b7758408cafaaf5e
SHA512

fffb8bbf90d85656d5ebe6e859ebd1f569a468a2fb4ff0d035470edf43f8da1295c61af52e004eb41a08ff9b4801894b0b515d4395b83eded04c94af0780e508
SSDEEP

49152:Jr86k0NG9O0JQxioduDUqAQby8WquBP+2/ITj56uTBAmZcKBU:Jr8/0g406xisuDUqdby8IBPr/ITj56uO

Score

1^/10

Malware Config

Signatures

Files

DFO_Install.exe
.exe windows:6 windows x86 arch:x86

6bcdf94334a150d4584833e58f4b902b

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:59:c6:07:34:a9:f8:31:f8:b7:a4:93:11:bb:15:e8
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

31/03/2022, 00:00

Not After

28/04/2025, 23:59

Subject

SERIALNUMBER=110111-2207268,CN=Neople Inc.,O=Neople Inc.,L=Jeju-si,ST=Jeju-do,C=KR,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#13074a656a752d646f,1.3.6.1.4.1.311.60.2.1.3=#13024b52

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1b:bb:18:31:06:f8:90:b3:77:b1:bb:ec:38:8c:1d:31:01:f8:ed:d4:9e:48:a2:82:77:64:fc:a7:c6:56:0d:44
Signer

Actual PE Digest

1b:bb:18:31:06:f8:90:b3:77:b1:bb:ec:38:8c:1d:31:01:f8:ed:d4:9e:48:a2:82:77:64:fc:a7:c6:56:0d:44

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Work\_Univ\Install\Installer_DNFUniv\Release\NeopleIns.pdb

Imports

kernel32

RaiseException
HeapAlloc
DecodePointer
WriteConsoleW
FreeEnvironmentStringsW
GetEnvironmentStringsW
IsValidCodePage
GetTimeZoneInformation
CreateDirectoryW
GetConsoleCP
ReadConsoleW
GetConsoleMode
SetFilePointerEx
GetFileAttributesExW
EnumSystemLocalesW
IsValidLocale
LCMapStringW
CompareStringW
GetStdHandle
ExitProcess
SetStdHandle
QueryPerformanceFrequency
GetCommandLineW
GetCommandLineA
HeapQueryInformation
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
GetCurrentDirectoryW
SetCurrentDirectoryW
SetEnvironmentVariableW
GetFullPathNameW
FindNextFileW
FindFirstFileExW
LocalFree
LocalAlloc
HeapReAlloc
GetVersionExA
SetFilePointer
GetFileSize
GetFullPathNameA
GetCurrentDirectoryA
InitializeCriticalSection
CopyFileA
LoadLibraryA
GetWindowsDirectoryA
SetFileAttributesA
ReadFile
GetFileAttributesA
FindFirstFileA
FindClose
CreateFileA
WriteFile
GetTickCount
lstrcmpiA
FreeLibrary
GetProcAddress
CreateMutexA
SetThreadUILanguage
LoadLibraryExA
IsDBCSLeadByte
FreeResource
SizeofResource
MulDiv
GlobalUnlock
WideCharToMultiByte
GlobalLock
FindResourceW
LoadResource
GlobalFree
GlobalAlloc
GetFileType
GetDriveTypeW
GetLastError
HeapSize
InitializeCriticalSectionEx
LockResource
MultiByteToWideChar
lstrcmpA
GetCurrentThreadId
FindResourceA
LeaveCriticalSection
EnterCriticalSection
SetLastError
GlobalHandle
GetModuleFileNameA
CreateProcessA
GetCurrentProcessId
CloseHandle
WaitForSingleObject
Sleep
GetModuleHandleA
InitializeCriticalSectionAndSpinCount
GetProcessHeap
DeleteCriticalSection
OutputDebugStringA
EncodePointer
GetSystemDirectoryW
GetModuleFileNameW
GetModuleHandleW
LoadLibraryExW
LoadLibraryW
GlobalSize
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalReAlloc
LocalReAlloc
SetEvent
SetThreadPriority
ResumeThread
CompareStringA
GlobalGetAtomNameA
FileTimeToSystemTime
GlobalDeleteAtom
lstrcmpW
GlobalAddAtomA
GlobalFindAtomA
GlobalFlags
GetOEMCP
GetCPInfo
FlushFileBuffers
LockFile
SetEndOfFile
UnlockFile
GetVolumeInformationA
DuplicateHandle
GetCurrentProcess
GetLocaleInfoW
GetUserDefaultUILanguage
VirtualProtect
GetFileTime
GetTempFileNameA
GetUserDefaultLCID
FileTimeToLocalFileTime
GetFileAttributesExA
GetFileSizeEx
SystemTimeToTzSpecificLocalTime
GetACP
lstrcpyA
FindResourceExW
VerSetConditionMask
VerifyVersionInfoA
GetTempPathA
GetProfileIntA
SearchPathA
ResetEvent
WaitForSingleObjectEx
CreateEventW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
OutputDebugStringW
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
VirtualAlloc
VirtualFree
LCMapStringEx
GetStringTypeW
RtlUnwind
GetSystemInfo
VirtualQuery
CreateFileW
HeapFree

user32

PostMessageA
RegisterClassA
GetClassInfoA
IsMenu
GetWindowPlacement
SetWindowPlacement
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
IsIconic
GetCapture
GetMenu
SetMenu
TrackPopupMenu
GetForegroundWindow
SetForegroundWindow
ScrollWindow
SetScrollPos
GetScrollPos
SetScrollRange
GetScrollRange
ShowScrollBar
SetPropA
GetPropA
RemovePropA
MapWindowPoints
CopyRect
EqualRect
PtInRect
GetClassLongA
GetTopWindow
LoadIconA
LoadIconW
SetScrollInfo
GetScrollInfo
WinHelpA
MonitorFromWindow
GetMonitorInfoA
CheckMenuItem
EnableMenuItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
SetMenuItemInfoA
LoadBitmapW
DrawTextExA
GrayStringA
TabbedTextOutA
GetWindowDC
RealChildWindowFromPoint
SetRectEmpty
DestroyIcon
CharUpperA
DestroyMenu
GetMenuItemInfoA
InflateRect
SystemParametersInfoA
CopyImage
OffsetRect
GetNextDlgTabItem
GetAsyncKeyState
IntersectRect
BringWindowToTop
LoadAcceleratorsA
TranslateAcceleratorA
LoadMenuA
CreatePopupMenu
InsertMenuItemA
SetCursor
LoadImageA
UnpackDDElParam
ReuseDDElParam
SetTimer
KillTimer
WindowFromPoint
TrackMouseEvent
LoadImageW
ShowOwnedPopups
DeleteMenu
GetKeyNameTextA
MapVirtualKeyA
UnionRect
IsRectEmpty
GetSystemMenu
SetParent
LoadAcceleratorsW
LoadMenuW
GetNextDlgGroupItem
DrawFocusRect
DrawIconEx
GetIconInfo
EnableScrollBar
HideCaret
InvertRect
LoadCursorW
NotifyWinEvent
GetMenuDefaultItem
SetLayeredWindowAttributes
EnumDisplayMonitors
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
DrawStateA
SetClassLongA
GetMessagePos
DrawEdge
DrawFrameControl
IsZoomed
AdjustWindowRectEx
CopyIcon
FrameRect
DrawIcon
LockWindowUpdate
UpdateLayeredWindow
MonitorFromPoint
GetComboBoxInfo
PostThreadMessageA
WaitMessage
GetKeyboardLayout
IsCharLowerA
MapVirtualKeyExA
GetKeyboardState
ToAsciiEx
CopyAcceleratorTableA
SetMenuDefaultItem
GetDoubleClickTime
ModifyMenuA
RegisterClipboardFormatA
CharUpperBuffA
GetUpdateRect
DrawMenuBar
DefFrameProcA
DefMDIChildProcA
TranslateMDISysAccel
SubtractRect
CreateMenu
GetWindowRgn
DestroyCursor
RemoveMenu
AppendMenuA
InsertMenuA
GetMenuItemCount
GetSubMenu
GetMenuState
GetMenuStringA
UnregisterClassA
UpdateWindow
RegisterClassExA
PeekMessageA
TranslateMessage
CreateWindowExA
DefWindowProcA
MessageBoxA
GetWindowLongA
SetWindowLongA
DestroyWindow
LoadCursorA
DispatchMessageA
EndPaint
BeginPaint
ReleaseDC
InvalidateRect
ReleaseCapture
GetParent
GetWindowTextLengthA
GetDesktopWindow
GetDlgItem
GetClientRect
CreateDialogIndirectParamA
MapDialogRect
SetCapture
GetMenuItemID
SendMessageA
SetDlgItemTextA
SetWindowContextHelpId
SendDlgItemMessageA
SetFocus
MoveWindow
SetActiveWindow
IsClipboardFormatAvailable
CallNextHookEx
SetWindowsHookExA
GetCursorPos
ValidateRect
GetSysColor
SetWindowTextA
CreateAcceleratorTableA
IsChild
GetWindowTextA
DestroyAcceleratorTable
CallWindowProcA
ClientToScreen
RedrawWindow
RegisterWindowMessageA
GetClassInfoExA
InvalidateRgn
DialogBoxIndirectParamA
IsWindow
ShowWindow
GetActiveWindow
GetClassNameA
EndDialog
GetMessageTime
GetSysColorBrush
GetSystemMetrics
GetLastActivePopup
GetWindowThreadProcessId
UnhookWindowsHookEx
SetRect
SetWindowRgn
GetKeyState
ScreenToClient
FillRect
SetWindowPos
GetDC
GetFocus
GetWindow
CharNextA
EnableWindow
IsDlgButtonChecked
IsWindowEnabled
DrawTextA
GetDlgItemTextA
GetWindowRect
PostQuitMessage
MessageBeep
IsWindowVisible
GetMessageA
IsDialogMessageA
GetDlgCtrlID
SetCursorPos
CheckDlgButton

gdi32

GetViewportExtEx
GetWindowExtEx
IntersectClipRect
LineTo
PtVisible
RectVisible
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectPalette
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetTextAlign
MoveToEx
TextOutA
ExtTextOutA
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
CopyMetaFileA
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
GetTextExtentPoint32A
CombineRgn
CreateRectRgnIndirect
PatBlt
SetRectRgn
GetObjectType
EnumFontFamiliesExA
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
RealizePalette
CreateDIBitmap
EnumFontFamiliesA
GetTextCharsetInfo
SetPixel
StretchBlt
CreateDIBSection
SetDIBColorTable
CreateEllipticRgn
Ellipse
GetTextColor
CreatePolygonRgn
Polygon
GetPixel
GetClipBox
ExcludeClipRect
Escape
CreateRectRgn
CreatePatternBrush
CreateHatchBrush
CreateBitmap
GetTextFaceA
GetViewportOrgEx
GetWindowOrgEx
SetPixelV
SetPaletteEntries
ExtFloodFill
PtInRegion
GetBoundsRect
FrameRgn
FillRgn
OffsetRgn
GetRgnBox
Rectangle
LPtoDP
CreateRoundRectRgn
Polyline
GetObjectA
CreateSolidBrush
DeleteObject
DeleteDC
GetDeviceCaps
GetStockObject
CreateCompatibleDC
SelectObject
CreateCompatibleBitmap
BitBlt
RoundRect
CreatePen
SetBkMode
SetTextColor
SetBkColor
DPtoLP
GetTextMetricsA
CreateFontIndirectA
CreateDCA
GetBkColor
OffsetViewportOrgEx

advapi32

RegQueryInfoKeyW
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegDeleteValueA
RegEnumKeyExA
RegCloseKey
RegQueryValueExA
RegCreateKeyA
RegDeleteKeyA

shell32

SHGetPathFromIDListA
ShellExecuteA
SHGetSpecialFolderLocation
SHGetSpecialFolderPathA
SHBrowseForFolderA
ShellExecuteExA
SHGetFileInfoA
DragQueryFileA
DragFinish
SHGetDesktopFolder
SHAppBarMessage
SHGetMalloc

ole32

DoDragDrop
OleGetClipboard
CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
CoInitializeEx
CoDisconnectObject
ReleaseStgMedium
OleDuplicateData
CoGetClassObject
OleUninitialize
CoTaskMemAlloc
CoUninitialize
CoTaskMemRealloc
CoInitialize
OleLockRunning
CLSIDFromString
OleInitialize
CreateStreamOnHGlobal
CoTaskMemFree
CLSIDFromProgID
CoCreateInstance
StringFromGUID2

oleaut32

VarBstrFromDate
VarUI4FromStr
LoadRegTypeLi
VariantInit
LoadTypeLi
OleCreateFontIndirect
SysAllocString
SysStringLen
SysAllocStringLen
VariantClear
SysFreeString
VariantChangeType
VariantCopy
VariantTimeToSystemTime
SystemTimeToVariantTime
SysAllocStringByteLen

msimg32

AlphaBlend
TransparentBlt

shlwapi

PathIsUNCA
PathStripToRootA
PathFindExtensionA
PathRemoveFileSpecW
StrFormatKBSizeA
PathFindFileNameA

uxtheme

GetThemeSysColor
GetWindowTheme
GetCurrentThemeName
GetThemeColor
DrawThemeParentBackground
IsAppThemed
IsThemeBackgroundPartiallyTransparent
GetThemePartSize
DrawThemeBackground
CloseThemeData
OpenThemeData
DrawThemeText

gdiplus

GdipFree
GdiplusStartup
GdipCloneImage
GdiplusShutdown
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePalette
GdipGetImagePaletteSize
GdipAlloc
GdipDisposeImage
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipBitmapUnlockBits

oleacc

CreateStdAccessibleObject
LresultFromObject
AccessibleObjectFromWindow

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

winmm

PlaySoundA
timeGetTime

wininet

InternetOpenA
InternetCloseHandle
InternetOpenUrlA
InternetReadFile
HttpQueryInfoA
InternetConnectA
InternetWriteFile
HttpOpenRequestA
HttpAddRequestHeadersA
HttpSendRequestA
HttpSendRequestExA
HttpEndRequestA
InternetAttemptConnect

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 339KB - Virtual size: 339KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 195KB - Virtual size: 194KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 139KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6bcdf94334a150d4584833e58f4b902b

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0b:59:c6:07:34:a9:f8:31:f8:b7:a4:93:11:bb:15:e8Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

1b:bb:18:31:06:f8:90:b3:77:b1:bb:ec:38:8c:1d:31:01:f8:ed:d4:9e:48:a2:82:77:64:fc:a7:c6:56:0d:44Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

msimg32

shlwapi

uxtheme

gdiplus

oleacc

imm32

winmm

wininet

winspool.drv

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 339KB - Virtual size: 339KB

.data Size: 24KB - Virtual size: 42KB

.rsrc Size: 195KB - Virtual size: 194KB

.reloc Size: 139KB - Virtual size: 138KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0b:59:c6:07:34:a9:f8:31:f8:b7:a4:93:11:bb:15:e8
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

1b:bb:18:31:06:f8:90:b3:77:b1:bb:ec:38:8c:1d:31:01:f8:ed:d4:9e:48:a2:82:77:64:fc:a7:c6:56:0d:44
Signer

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 339KB - Virtual size: 339KB

.data
Size: 24KB - Virtual size: 42KB

.rsrc
Size: 195KB - Virtual size: 194KB

.reloc
Size: 139KB - Virtual size: 138KB