test1[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

test1.exe
Size

7.2MB
MD5

0c702acbc7d30c865839dcb8a94a4a86
SHA1

06186c0bace78cf632d1bf31566d3e6479ab329c
SHA256

f3c880591e06396f588d5b45c599ba6aef1aae4065d0d55b3560e3547242b697
SHA512

5de2485877995cfe5b74385ed68df580c0ca8105a9089ecd9255c0e273a1677899157d73817f689af667b50da6510a8561c56309937dc32dca408fd5b2f2af7c
SSDEEP

98304:VXoFOv7y5Wm9647jfOzEa+yF0tznDOrq50oE7kwKSRPAb2Zpbq6+QYa:9E647jfOzCyCtL75YRPAkFvZX

Score

1^/10

Malware Config

Signatures

Files

test1.exe
.exe windows:5 windows x86 arch:x86

e6eb9784e3e43efe106eacda31be13ae

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

61:1c:b2:8a:00:00:00:00:00:26
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-04-2011 19:41

Not After

15-04-2021 19:51

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:30:8b:76:ac:2e:15:b2:97:20:fb:43:95:f6:5f:38
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

19-03-2019 00:00

Not After

23-03-2022 12:00

Subject

CN=Oracle Corporation,OU=Virtualbox,O=Oracle Corporation,L=Redwood Shores,ST=CA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11-02-2011 12:00

Not After

10-02-2026 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:4b:33:30:a9:7d:03:a0:b4:51:59:1d:a8:68:7f:72
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

18-03-2019 00:00

Not After

18-03-2021 23:59

Subject

CN=Oracle Corporation,OU=VirtualBox,O=Oracle Corporation,L=Redwood City,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22-02-2011 19:25

Not After

22-02-2021 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23-12-2017 00:00

Not After

22-03-2029 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

d3:c3:df:64:09:05:c3:be:90:29:9e:ed:06:53:6e:31:7d:dc:ea:f3:5a:33:e5:ac:3a:90:e0:5f:7a:e1:f3:96
Signer

Actual PE Digest

d3:c3:df:64:09:05:c3:be:90:29:9e:ed:06:53:6e:31:7d:dc:ea:f3:5a:33:e5:ac:3a:90:e0:5f:7a:e1:f3:96

Digest Algorithm

sha256

PE Digest Matches

false

ad:6c:a0:1e:19:81:34:99:c8:b9:1d:fa:a4:7e:91:36:59:64:10:6a
Signer

Actual PE Digest

ad:6c:a0:1e:19:81:34:99:c8:b9:1d:fa:a4:7e:91:36:59:64:10:6a

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

timeBeginPeriod
timeEndPeriod
mmioStringToFOURCCA
joyGetPosEx
joyGetDevCapsW
mmioAscend
mmioDescend
mmioSeek
mmioRead
mmioClose
mmioOpenW
timeGetDevCaps

imm32

ImmDisableIME
ImmSetCompositionWindow
ImmGetContext

shlwapi

PathIsDirectoryW
PathFileExistsW

d3d9

Direct3DCreate9

dsound

ord11

kernel32

GetFileType
DecodePointer
GetACP
CreateProcessA
ExitThread
GetModuleHandleExW
VirtualQuery
RtlUnwind
RaiseException
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
VirtualProtect
GetTimeFormatW
CompareStringW
FindFirstFileExA
GetCPInfo
EnumSystemLocalesW
GetConsoleMode
GetUserDefaultUILanguage
LockResource
GlobalMemoryStatusEx
LocalFree
GetCurrentProcessId
GetCurrentThread
SetThreadAffinityMask
GetLastError
SetLastError
IsDebuggerPresent
ReleaseMutex
Sleep
LoadResource
SizeofResource
GetFileSize
GetStdHandle
FindClose
CloseHandle
GetLocalTime
GetTickCount
FormatMessageA
GetModuleFileNameW
OutputDebugStringA
OutputDebugStringW
FindResourceA
EnumResourceTypesA
EnumResourceNamesA
GetSystemDirectoryW
GetTempPathW
GetCurrentDirectoryW
CreateFileW
GetFileAttributesW
DeleteFileW
FindFirstFileW
FindNextFileW
QueryPerformanceCounter
QueryPerformanceFrequency
MultiByteToWideChar
WideCharToMultiByte
FillConsoleOutputCharacterA
FillConsoleOutputAttribute
GetConsoleScreenBufferInfo
SetConsoleCursorPosition
SetConsoleTextAttribute
AllocConsole
FreeConsole
TerminateThread
WaitForSingleObject
lstrlenA
LoadLibraryExA
GetModuleHandleW
FindResourceW
EnumResourceNamesW
FlushFileBuffers
MapViewOfFile
ReadConsoleW
GetSystemTime
GetSystemTimeAsFileTime
FreeLibrary
SystemTimeToFileTime
GetProcessHeap
LCMapStringW
CreateFileMappingA
GetProcAddress
UnlockFile
HeapDestroy
HeapCompact
HeapAlloc
LoadLibraryW
GetSystemInfo
HeapReAlloc
DeleteFileA
GetVersionExA
WaitForSingleObjectEx
LoadLibraryA
CreateFileA
FlushViewOfFile
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
FormatMessageW
GetTempPathA
HeapSize
HeapValidate
UnmapViewOfFile
GetVersionExW
CreateMutexW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
GetDiskFreeSpaceW
InterlockedCompareExchange
WriteFile
GetFullPathNameW
HeapFree
HeapCreate
ReadFile
AreFileApisANSI
GetCurrentThreadId
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
GlobalAlloc
GlobalLock
GlobalUnlock
GetModuleFileNameA
ExitProcess
InterlockedExchange
lstrcmpiA
GetModuleHandleA
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
LoadLibraryExW
FreeLibraryAndExitThread
GetThreadTimes
EncodePointer
UnregisterWait
RegisterWaitForSingleObject
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
CreateThread
SignalObjectAndWait
CreateTimerQueue
GetStartupInfoW
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InitializeSListHead
ResetEvent
SetEvent
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
CreateEventW
InitializeCriticalSectionAndSpinCount
GetExitCodeThread
SwitchToThread
GetCurrentProcess
DuplicateHandle
SetFilePointerEx
GetStringTypeW
GetDriveTypeW
GetConsoleCP
GetTimeZoneInformation
GetExitCodeProcess
GetDateFormatW
GetLocaleInfoW
IsValidLocale
LockFileEx
GetUserDefaultLCID
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetStdHandle
WriteConsoleW
CreateFileMappingW
MoveFileExW
CreatePipe

user32

EnableMenuItem
CheckMenuItem
GetSystemMenu
GetMenu
IsZoomed
IsIconic
IsWindowVisible
SetWindowPos
ShowWindow
DestroyWindow
CreateWindowExW
RegisterClassExW
PostQuitMessage
InsertMenuItemW
SendMessageW
PeekMessageW
DispatchMessageW
TranslateMessage
TrackMouseEvent
GetKeyState
GetMonitorInfoA
MonitorFromRect
SystemParametersInfoW
IntersectRect
MessageBoxA
GetSystemMetrics
GetActiveWindow
GetDoubleClickTime
MessageBoxW
GetAsyncKeyState
wsprintfW
GetMenuItemInfoW
SetMenuItemInfoW
GetForegroundWindow
InvalidateRect
SetWindowTextW
GetClientRect
GetWindowRect
AdjustWindowRectEx
SetCursor
GetCursorPos
ScreenToClient
GetWindowLongA
GetWindowLongW
SetWindowLongW
LoadCursorW
DestroyCursor
ReleaseCapture
SetCapture
GetCapture
EmptyClipboard
GetClipboardData
SetClipboardData
CloseClipboard
OpenClipboard
DrawIconEx
GetMenuItemCount
LoadImageA
DefWindowProcW
LoadIconW

gdi32

CreateDIBSection
SelectObject
DeleteObject
DeleteDC
CreateCompatibleDC

shell32

ShellExecuteW
SHGetFolderPathW
DragAcceptFiles

advapi32

RegCloseKey
RegOpenKeyExA
RegOpenKeyA
RegQueryValueExA

Sections

.text
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 100KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.1MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e6eb9784e3e43efe106eacda31be13ae

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

61:1c:b2:8a:00:00:00:00:00:26Certificate

Key Usages

05:30:8b:76:ac:2e:15:b2:97:20:fb:43:95:f6:5f:38Certificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

06:4b:33:30:a9:7d:03:a0:b4:51:59:1d:a8:68:7f:72Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

d3:c3:df:64:09:05:c3:be:90:29:9e:ed:06:53:6e:31:7d:dc:ea:f3:5a:33:e5:ac:3a:90:e0:5f:7a:e1:f3:96Signer

ad:6c:a0:1e:19:81:34:99:c8:b9:1d:fa:a4:7e:91:36:59:64:10:6aSigner

Headers

DLL Characteristics

File Characteristics

Imports

winmm

imm32

shlwapi

d3d9

dsound

kernel32

user32

gdi32

shell32

advapi32

Sections

.text Size: 3.9MB - Virtual size: 3.9MB

.rdata Size: 2.1MB - Virtual size: 2.1MB

.data Size: 100KB - Virtual size: 180KB

_RDATA Size: 2KB - Virtual size: 4KB

.rsrc Size: 1.1MB - Virtual size: 1.0MB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

61:1c:b2:8a:00:00:00:00:00:26
Certificate

05:30:8b:76:ac:2e:15:b2:97:20:fb:43:95:f6:5f:38
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

06:4b:33:30:a9:7d:03:a0:b4:51:59:1d:a8:68:7f:72
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

d3:c3:df:64:09:05:c3:be:90:29:9e:ed:06:53:6e:31:7d:dc:ea:f3:5a:33:e5:ac:3a:90:e0:5f:7a:e1:f3:96
Signer

ad:6c:a0:1e:19:81:34:99:c8:b9:1d:fa:a4:7e:91:36:59:64:10:6a
Signer

.text
Size: 3.9MB - Virtual size: 3.9MB

.rdata
Size: 2.1MB - Virtual size: 2.1MB

.data
Size: 100KB - Virtual size: 180KB

_RDATA
Size: 2KB - Virtual size: 4KB

.rsrc
Size: 1.1MB - Virtual size: 1.0MB