Sig[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Sig.exe
Size

19.1MB
MD5

d57ed4ebfe888904e707aa1531c08747
SHA1

5295f2ed47df4861096af1cf04fbe8f0d4ad3841
SHA256

6406f713fe7161b2297415cd448ad1f42374c04169a12fdfe7d81c7a7d737f98
SHA512

e80aff9030a39d0f3417025a4e7a5649dbe756df9556ae54ebc4a021eed45c5eed6efe9647cbdbe4a63ecf679f45366fae416878a352b3b1793f192dec4e15a2
SSDEEP

393216:wfPi20pvX5eZeAPTX5Jsv6tWKFdu9CiMe:wyVvXAe2e

Score

1^/10

Malware Config

Signatures

Files

Sig.exe
.exe windows:6 windows x86 arch:x86

e2d3461eb54992a59dffb8712f80070a

Code Sign

04:5b:d7:bd:e9:5f:97:12
Certificate

Issuer

CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

09/10/2020, 11:32

Not After

09/10/2021, 11:32

Subject

CN=JetBrains s.r.o.,O=JetBrains s.r.o.,L=Praha 4,C=CZ

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

07
Certificate

Issuer

CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

03/05/2011, 07:00

Not After

03/05/2031, 07:00

Subject

CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:5b:d7:bd:e9:5f:97:12
Certificate

Issuer

CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

09/10/2020, 11:32

Not After

09/10/2021, 11:32

Subject

CN=JetBrains s.r.o.,O=JetBrains s.r.o.,L=Praha 4,C=CZ

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

07
Certificate

Issuer

CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

03/05/2011, 07:00

Not After

03/05/2031, 07:00

Subject

CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

02:e4:23:91:39:88:8a:d3:be:75:7a:39:51:d5:83:e1:2b:83:2f:22:29:45:ea:8b:c7:04:52:a0:b9:38:46:69
Signer

Actual PE Digest

02:e4:23:91:39:88:8a:d3:be:75:7a:39:51:d5:83:e1:2b:83:2f:22:29:45:ea:8b:c7:04:52:a0:b9:38:46:69

Digest Algorithm

sha256

PE Digest Matches

false

fe:2a:6e:1f:e3:6b:4c:5b:c1:a2:ca:f4:3d:8b:62:a2:5b:88:33:d6
Signer

Actual PE Digest

fe:2a:6e:1f:e3:6b:4c:5b:c1:a2:ca:f4:3d:8b:62:a2:5b:88:33:d6

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

imm32

ImmAssociateContext
ImmGetCompositionStringW
ImmNotifyIME
ImmSetCompositionWindow
ImmSetCandidateWindow
ImmGetVirtualKey
ImmReleaseContext
ImmGetContext
ImmGetDefaultIMEWnd

oleaut32

SystemTimeToVariantTime
VariantChangeType
VariantInit
SysStringLen
SysFreeString
VariantCopy
VariantClear
SysAllocStringLen
SysAllocString

uxtheme

OpenThemeData
DrawThemeBackground
GetThemeColor
GetThemeSysFont
IsThemeActive
GetThemeTransitionDuration
GetCurrentThemeName
IsAppThemed
SetWindowTheme
GetThemePropertyOrigin
GetThemeMargins
GetThemeEnumValue
GetThemeInt
GetThemeBool
IsThemeBackgroundPartiallyTransparent
GetThemePartSize
GetThemeBackgroundRegion
ord47
CloseThemeData
DrawThemeTextEx
SetWindowThemeAttribute

dwmapi

DwmEnableBlurBehindWindow
DwmIsCompositionEnabled
DwmExtendFrameIntoClientArea
DwmDefWindowProc

iphlpapi

GetAdaptersAddresses
GetAdaptersInfo

crypt32

CertGetCertificateChain
CertGetCertificateContextProperty
CertDuplicateCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CertCreateCertificateContext
CertFreeCertificateContext
CertFreeCertificateChain

gdi32

GetRegionData
CreateBitmap
GetDIBits
SetWorldTransform
ExtTextOutW
BitBlt
CombineRgn
CreateRectRgn
DeleteObject
OffsetRgn
SelectClipRgn
GetDeviceCaps
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCW
DeleteDC
SelectObject
ChoosePixelFormat
SetPixelFormat
GetBitmapBits
GetObjectW
CreateFontIndirectW
EnumFontFamiliesExW
GetFontData
GetStockObject
AddFontResourceExW
RemoveFontResourceExW
AddFontMemResourceEx
RemoveFontMemResourceEx
GetTextMetricsW
GetTextFaceW
CreateDIBSection
GdiFlush
GetCharABCWidthsW
GetCharABCWidthsFloatW
GetGlyphOutlineW
GetOutlineTextMetricsW
GetTextExtentPoint32W
GetCharABCWidthsI
SetBkMode
SetGraphicsMode
SetTextColor
SetTextAlign

mpr

WNetGetUniversalNameA

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

ws2_32

WSARecvFrom
WSASend
WSASendTo
WSASocketW
recv
send
WSAConnect
WSAAccept
setsockopt
WSARecv
listen
WSANtohs
getsockname
getpeername
closesocket
bind
__WSAFDIsSet
getsockopt
WSAGetLastError
gethostbyname
gethostbyaddr
shutdown
inet_addr
htonl
WSANtohl
htons
WSAHtonl
select
WSASetLastError
gethostname
WSAStartup
WSACleanup
WSAAsyncSelect
WSAIoctl
ntohl

kernel32

SetConsoleCtrlHandler
AreFileApisANSI
HeapReAlloc
IsProcessorFeaturePresent
IsDebuggerPresent
ExitThread
HeapAlloc
GetCommandLineA
RtlUnwind
GetConsoleMode
HeapFree
GetStringTypeW
DecodePointer
EncodePointer
CreateMutexW
ReleaseMutex
ReadConsoleW
GetConsoleCP
SetStdHandle
RaiseException
ReadConsoleInputA
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
CreateTimerQueue
SignalObjectAndWait
GetLogicalProcessorInformation
CreateTimerQueueTimer
GetStdHandle
GetFileType
GetLargestConsoleWindowSize
SetConsoleScreenBufferSize
FreeConsole
AttachConsole
AllocConsole
SetConsoleMode
GetConsoleWindow
GetCommandLineW
CloseHandle
CreateProcessW
LocalFree
FormatMessageW
GetFileAttributesExW
GetLongPathNameW
GetShortPathNameW
GetEnvironmentVariableW
GetCurrentProcess
IsWow64Process
OpenProcess
GetLogicalDriveStringsA
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
FindFirstVolumeW
FindNextVolumeW
FindVolumeClose
GetDiskFreeSpaceExA
ChangeTimerQueueTimer
GetDriveTypeW
GetVolumePathNamesForVolumeNameW
SetErrorMode
WaitForSingleObject
TerminateProcess
GetLastError
FileTimeToSystemTime
CreateFileW
DeviceIoControl
FlushFileBuffers
LockFile
UnlockFile
WriteFile
CompareFileTime
GetProcAddress
GetFileSize
ReadFile
SetEndOfFile
SetFilePointer
SetFileTime
OpenEventW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
SetCurrentDirectoryW
GetCurrentDirectoryW
CreateDirectoryW
DeleteFileW
RemoveDirectoryW
SetFileAttributesW
GetTempPathW
SetLastError
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
GetSystemDirectoryW
GetModuleHandleW
MoveFileW
GetFileInformationByHandle
FindClose
FindCloseChangeNotification
FindFirstChangeNotificationW
FindFirstFileW
FindNextFileW
GetLogicalDriveStringsW
GetModuleHandleA
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
MultiByteToWideChar
WideCharToMultiByte
FreeLibrary
GetModuleFileNameW
LoadLibraryExW
LoadLibraryW
GetSystemTimeAsFileTime
FileTimeToDosDateTime
GetVersionExW
InitializeCriticalSection
SetEvent
ResetEvent
ReleaseSemaphore
CreateEventW
CreateSemaphoreW
VirtualAlloc
VirtualFree
GetSystemInfo
GlobalMemoryStatus
FileTimeToLocalFileTime
WaitForMultipleObjects
ExpandEnvironmentStringsW
CheckRemoteDebuggerPresent
GlobalAlloc
GlobalLock
GlobalUnlock
GetLocaleInfoW
LoadLibraryA
GlobalSize
GetUserDefaultLangID
LocalAlloc
lstrlenW
GetVolumeInformationW
lstrcmpW
Sleep
GetTempPathA
GetTempFileNameA
VerSetConditionMask
VerifyVersionInfoW
QueryPerformanceCounter
QueryPerformanceFrequency
ExitProcess
GetSystemTime
SystemTimeToFileTime
GetTimeZoneInformation
VirtualProtect
CreateFileMappingW
DisconnectNamedPipe
WaitNamedPipeW
GlobalFree
ConnectNamedPipe
CreateNamedPipeW
GetOverlappedResult
SetHandleInformation
FlushConsoleInputBuffer
GetNativeSystemInfo
OutputDebugStringW
CompareStringW
GetUserDefaultLCID
GetStartupInfoW
GetLocalTime
DuplicateHandle
SwitchToThread
CreateThread
GetCurrentThread
SetThreadPriority
GetThreadPriority
TerminateThread
ResumeThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
WaitForSingleObjectEx
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetExitCodeProcess
GetProcessId
GetTickCount64
GetDateFormatW
GetTimeFormatW
GetCurrencyFormatW
GetUserPreferredUILanguages
LCMapStringW
ReadFileEx
PeekNamedPipe
CancelIoEx
SleepEx
WriteFileEx
GetFileAttributesW
GetFullPathNameW
GetLogicalDrives
CopyFileW
GetFileInformationByHandleEx
SetFilePointerEx
MoveFileExW
FindFirstFileExW
GetModuleHandleExW
FindNextChangeNotification
GetGeoInfoW
GetUserGeoID
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
IsValidLocale
EnumSystemLocalesW
HeapSize
GetProcessHeap
GetModuleFileNameA
IsValidCodePage
GetACP
GetOEMCP
SystemTimeToTzSpecificLocalTime
SetEnvironmentVariableA
SetEnvironmentVariableW
WriteConsoleW
GetThreadTimes
FreeLibraryAndExitThread
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
CreateProcessA
GetDriveTypeA

user32

GetFocus
GetClientRect
GetCursorPos
ChildWindowFromPointEx
GetSysColorBrush
LoadImageW
MonitorFromWindow
GetMonitorInfoW
EnumDisplayMonitors
GetSysColor
LoadIconW
IsHungAppWindow
SetClipboardViewer
ChangeClipboardChain
RegisterClipboardFormatW
GetKeyboardLayout
RegisterWindowMessageW
CreateCaret
DestroyCaret
HideCaret
SetCaretPos
PeekMessageW
IsZoomed
GetKeyState
GetKeyboardState
ToAscii
ToUnicode
MapVirtualKeyW
GetMenu
TrackPopupMenuEx
SetMenuItemInfoW
NotifyWinEvent
RegisterClassW
SetCursorPos
RegisterClassExW
GetUpdateRect
CreateCursor
CreateIconIndirect
GetIconInfo
GetCursorInfo
GetClipboardFormatNameW
TrackMouseEvent
GetMessageExtraInfo
GetAsyncKeyState
GetWindowTextW
RealGetWindowClassW
DrawIconEx
MessageBoxW
WindowFromDC
CallWindowProcW
SetPropW
GetPropW
RemovePropW
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxA
PostThreadMessageW
TranslateMessage
DispatchMessageW
GetQueueStatus
MsgWaitForMultipleObjectsEx
SetTimer
KillTimer
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
CharNextExA
RegisterDeviceNotificationW
UnregisterDeviceNotification
GetClassInfoW
UnregisterClassW
GetKeyboardLayoutList
GetAncestor
DestroyIcon
DestroyCursor
SetParent
GetParent
SetWindowLongW
GetWindowLongW
ScreenToClient
ClientToScreen
SetCursor
AdjustWindowRectEx
GetWindowRect
SetWindowTextW
InvalidateRect
GetCursor
SetWindowRgn
EndPaint
BeginPaint
ReleaseDC
GetDC
SetForegroundWindow
GetForegroundWindow
EnableMenuItem
GetSystemMetrics
ReleaseCapture
SetCapture
GetCapture
SetFocus
SetWindowPlacement
IsIconic
IsWindowVisible
LoadCursorW
PostMessageW
DrawMenuBar
GetSystemMenu
RemoveMenu
EnumWindows
GetWindowPlacement
SetWindowPos
MoveWindow
FlashWindowEx
SetLayeredWindowAttributes
UpdateLayeredWindow
ShowWindow
DestroyWindow
IsChild
CreateWindowExW
DefWindowProcW
AttachThreadInput
SendMessageW
UpdateLayeredWindowIndirect
SystemParametersInfoW
GetDesktopWindow
GetCaretBlinkTime
MessageBeep
IsWindow
GetDoubleClickTime
CharUpperW
SendMessageTimeoutW
GetWindowThreadProcessId

shell32

CommandLineToArgvW
SHParseDisplayName
ord155
SHBrowseForFolderW
SHGetKnownFolderIDList
SHGetPathFromIDListW
SHGetMalloc
SHCreateItemFromParsingName
SHCreateItemFromIDList
ShellExecuteW
ord727
SHGetStockIconInfo
SHGetFileInfoW
SHChangeNotify
SHGetFolderLocation
ShellExecuteExW
SHGetFolderPathW
SHGetKnownFolderPath

ole32

ReleaseStgMedium
OleIsCurrentClipboard
OleGetClipboard
OleSetClipboard
CoGetMalloc
CoTaskMemAlloc
CoCreateGuid
StringFromGUID2
DoDragDrop
CoInitializeEx
OleUninitialize
OleInitialize
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
CoTaskMemFree
CoCreateInstance
CoInitialize
CoUninitialize
OleFlushClipboard

advapi32

AllocateAndInitializeSid
RegQueryInfoKeyW
RegFlushKey
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
MapGenericMask
CheckTokenMembership
FreeSid
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
GetFileSecurityW
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
RegNotifyChangeKeyValue
AddAccessAllowedAce
GetLengthSid
GetTokenInformation
InitializeAcl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
DeregisterEventSource
RegisterEventSourceA
ReportEventA
CryptAcquireContextA
CryptReleaseContext
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
DuplicateToken
CryptExportKey
CryptDecrypt
CryptCreateHash
CryptDestroyHash
CryptSignHashA
CryptEnumProvidersA
AccessCheck
CopySid

winmm

timeSetEvent
PlaySoundW
timeKillEvent

d3d9

D3DPERF_GetStatus
D3DPERF_SetMarker
D3DPERF_EndEvent
D3DPERF_BeginEvent
Direct3DCreate9

Sections

.text
Size: 13.1MB - Virtual size: 13.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5.1MB - Virtual size: 5.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 167KB - Virtual size: 332KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qtmetad
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 738KB - Virtual size: 737KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e2d3461eb54992a59dffb8712f80070a

Code Sign

04:5b:d7:bd:e9:5f:97:12Certificate

Extended Key Usages

Key Usages

07Certificate

Key Usages

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14Certificate

Extended Key Usages

Key Usages

04:5b:d7:bd:e9:5f:97:12Certificate

Extended Key Usages

Key Usages

07Certificate

Key Usages

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14Certificate

Extended Key Usages

Key Usages

02:e4:23:91:39:88:8a:d3:be:75:7a:39:51:d5:83:e1:2b:83:2f:22:29:45:ea:8b:c7:04:52:a0:b9:38:46:69Signer

fe:2a:6e:1f:e3:6b:4c:5b:c1:a2:ca:f4:3d:8b:62:a2:5b:88:33:d6Signer

Headers

DLL Characteristics

File Characteristics

Imports

imm32

oleaut32

uxtheme

dwmapi

iphlpapi

crypt32

gdi32

mpr

version

ws2_32

kernel32

user32

shell32

ole32

advapi32

winmm

d3d9

Sections

.text Size: 13.1MB - Virtual size: 13.1MB

.rdata Size: 5.1MB - Virtual size: 5.1MB

.data Size: 167KB - Virtual size: 332KB

.qtmetad Size: 512B - Virtual size: 4KB

_RDATA Size: 512B - Virtual size: 4KB

.rsrc Size: 738KB - Virtual size: 737KB

04:5b:d7:bd:e9:5f:97:12
Certificate

07
Certificate

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

04:5b:d7:bd:e9:5f:97:12
Certificate

07
Certificate

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

02:e4:23:91:39:88:8a:d3:be:75:7a:39:51:d5:83:e1:2b:83:2f:22:29:45:ea:8b:c7:04:52:a0:b9:38:46:69
Signer

fe:2a:6e:1f:e3:6b:4c:5b:c1:a2:ca:f4:3d:8b:62:a2:5b:88:33:d6
Signer

.text
Size: 13.1MB - Virtual size: 13.1MB

.rdata
Size: 5.1MB - Virtual size: 5.1MB

.data
Size: 167KB - Virtual size: 332KB

.qtmetad
Size: 512B - Virtual size: 4KB

_RDATA
Size: 512B - Virtual size: 4KB

.rsrc
Size: 738KB - Virtual size: 737KB