asd[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

asd.exe
Size

8.3MB
MD5

c6dae315884cdb037c6cd2fd736418b7
SHA1

7df6acb6027f01704595b5499994d759014b247d
SHA256

4aea61f4b50563f7f1ed491efe38daaa06c2deb6b89da4fe29345874386a362f
SHA512

b02b81bce45fed30980a403b6a399c0b13b6c15090aef7739954801d0d58dff6a71736cdf947f4f3e2e120fbbaf1e7be416cece7b084d61245d6513e957ab702
SSDEEP

196608:rtVxLIU4rVFCxMQsbRXpCZUIK4P/qaMg5uds9MBHaGc3:zZI0yRX+U4/qRcuds9Mtc3

Score

1^/10

Malware Config

Signatures

Files

asd.exe
.exe windows:4 windows x86 arch:x86

a9c887a4f18a3fede2cc29ceea138ed3

Code Sign

65:d7:40:59:cb:9d:d5:1f:13:78:86:54:5f:f5:73:ed
Certificate

Issuer

CN=GTS CA 1P5,O=Google Trust Services LLC,C=US

Not Before

31/12/2023, 20:05

Not After

30/03/2024, 20:05

Subject

CN=e621.net

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

4f:9d:bf:16:18:1b:32:8a:3e:23:e1:f5:e0:f3:37:50:78:c0:33:cb:dc:1a:b2:4c:d7:fa:62:01:27:c3:37:75
Signer

Actual PE Digest

4f:9d:bf:16:18:1b:32:8a:3e:23:e1:f5:e0:f3:37:50:78:c0:33:cb:dc:1a:b2:4c:d7:fa:62:01:27:c3:37:75

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

msvcrt

malloc
memset
strcmp
strcpy
getenv
sprintf
fopen
fwrite
fclose
__argc
__argv
_environ
_XcptFilter
__set_app_type
_controlfp
__getmainargs
exit

shell32

ShellExecuteA

kernel32

SetUnhandledExceptionFilter

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8.3MB - Virtual size: 8.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a9c887a4f18a3fede2cc29ceea138ed3

Code Sign

65:d7:40:59:cb:9d:d5:1f:13:78:86:54:5f:f5:73:edCertificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

4f:9d:bf:16:18:1b:32:8a:3e:23:e1:f5:e0:f3:37:50:78:c0:33:cb:dc:1a:b2:4c:d7:fa:62:01:27:c3:37:75Signer

Headers

File Characteristics

Imports

msvcrt

shell32

kernel32

Sections

.text Size: 2KB - Virtual size: 1KB

.rdata Size: 8.3MB - Virtual size: 8.3MB

.bss Size: - Virtual size: 4B

.rsrc Size: 2KB - Virtual size: 1KB

65:d7:40:59:cb:9d:d5:1f:13:78:86:54:5f:f5:73:ed
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

4f:9d:bf:16:18:1b:32:8a:3e:23:e1:f5:e0:f3:37:50:78:c0:33:cb:dc:1a:b2:4c:d7:fa:62:01:27:c3:37:75
Signer

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 8.3MB - Virtual size: 8.3MB

.bss
Size: - Virtual size: 4B

.rsrc
Size: 2KB - Virtual size: 1KB