TiWorker[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

TiWorker.exe
Size

263KB
MD5

5f369c9f4a04cc603bfec61e780979f0
SHA1

61695e4e3326b117294a9d71560ed337b3877a4b
SHA256

71bf1afe87c2d5f7c5bdf0f4885566ea945d0547927dcb90d9c8c909696268d4
SHA512

bbcb991ca046a62365d563513f1863fd9c3cc1337cc6f61d2cfdac389cbb40e767287d131602534c7ad685484ab58acf1629354ed5eef8f1e50031261feb9749
SSDEEP

6144:S9LQAfRpQSDaChrhg2jFN6XQKym+4nSiVMHxM8cNxEmSoY:S5DvGChrhgMFNO+4rVMHxMzS

Score

1^/10

Malware Config

Signatures

Files

TiWorker.exe
.exe windows:10 windows x64 arch:x64

a85eb04c60d9f7ae6c25298b2a8fe3e9

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7d:36:60:54:c9:07:97:38:0c:82:21:2f:b6:58:91:90:a9:d7:ce:d9:11:33:c1:18:f5:4c:f6:fb:92:7c:2f:54
Signer

Actual PE Digest

7d:36:60:54:c9:07:97:38:0c:82:21:2f:b6:58:91:90:a9:d7:ce:d9:11:33:c1:18:f5:4c:f6:fb:92:7c:2f:54

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

TiWorker.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm
_c_exit
_register_thread_local_exe_atexit_callback
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__get_initial_wide_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
memmove
_o_exit
_o_free
_o_malloc
_o_terminate
_o_toupper
_o_wcstoul
__C_specific_handler
_o__crt_atexit
_o__configure_wide_argv
_o__configthreadlocale
_o__cexit
_o__callnewh
wcsrchr
__CxxFrameHandler3
__std_terminate
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf
_o__exit
_o__errno
_o___p__commode
_o___p___wargv
_o___p___argc
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

memset
strcmp

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentProcess
GetThreadPriority
OpenProcessToken
TerminateProcess
SetThreadPriority
GetCurrentThread
GetCurrentThreadId

api-ms-win-core-heap-l1-1-0

HeapSetInformation
HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-libraryloader-l1-1-0

GetProcAddress
GetModuleHandleW
GetModuleFileNameA
FreeLibrary
GetModuleHandleExW
LoadLibraryExW
GetModuleFileNameW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak
OutputDebugStringA

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetLastError
GetLastError
SetUnhandledExceptionFilter

api-ms-win-core-synch-l1-1-0

OpenSemaphoreW
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
AcquireSRWLockShared
InitializeCriticalSection
TryEnterCriticalSection
ReleaseSRWLockShared
CreateSemaphoreExW
LeaveCriticalSection
CreateMutexExW
CreateEventW
SetEvent
WaitForMultipleObjectsEx
ReleaseMutex
WaitForSingleObject
DeleteCriticalSection
InitializeCriticalSectionEx
EnterCriticalSection
WaitForSingleObjectEx
ReleaseSemaphore

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
SetThreadpoolTimer
CreateThreadpoolTimer

api-ms-win-core-com-l1-1-0

StringFromGUID2
CoCreateGuid
CoGetMalloc
CoSuspendClassObjects
CoUninitialize
CoInitializeSecurity
CoCreateInstance
CoDisconnectContext
CoRevokeClassObject
CoResumeClassObjects
CoRegisterClassObject
CoInitializeEx

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegGetKeySecurity
RegQueryValueExW
RegSetValueExW
RegDeleteValueW

api-ms-win-core-kernel32-legacy-l1-1-0

LoadLibraryW

api-ms-win-core-sysinfo-l1-1-0

GetSystemWindowsDirectoryW
GetSystemTime
GetWindowsDirectoryW
GetSystemDirectoryW
GetSystemTimeAsFileTime
GetTickCount
GetVersionExW

api-ms-win-core-sysinfo-l1-2-0

GetOsSafeBootMode

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-registry-l2-1-0

RegDeleteKeyW

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

ntdll

NtQueryInformationThread
NtQueryObject
NtSetInformationThread
NtClose

api-ms-win-core-file-l1-1-0

FindNextFileW
FindFirstFileW
FindClose
DeleteFileW
CreateDirectoryW
CompareFileTime
GetFileAttributesExW
GetFileAttributesW
CreateFileW
SetFileInformationByHandle

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentVariableW

api-ms-win-core-file-l2-1-0

GetFileInformationByHandleEx
MoveFileExW

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-heap-obsolete-l1-1-0

LocalFree
LocalAlloc

api-ms-win-security-base-l1-1-0

CheckTokenMembership
AdjustTokenPrivileges

api-ms-win-security-sddl-l1-1-0

ConvertSecurityDescriptorToStringSecurityDescriptorW
ConvertStringSidToSidW

api-ms-win-eventing-classicprovider-l1-1-0

RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceLoggerHandle
UnregisterTraceGuids
GetTraceEnableLevel

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventUnregister
EventRegister
EventSetInformation
EventProviderEnabled

Sections

.text
Size: 118KB - Virtual size: 117KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a85eb04c60d9f7ae6c25298b2a8fe3e9

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5fCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

7d:36:60:54:c9:07:97:38:0c:82:21:2f:b6:58:91:90:a9:d7:ce:d9:11:33:c1:18:f5:4c:f6:fb:92:7c:2f:54Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-libraryloader-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-sysinfo-l1-2-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-registry-l2-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-interlocked-l1-1-0

ntdll

api-ms-win-core-file-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-file-l2-1-0

api-ms-win-core-io-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-heap-obsolete-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-security-sddl-l1-1-0

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-eventing-provider-l1-1-0

Sections

.text Size: 118KB - Virtual size: 117KB

.rdata Size: 128KB - Virtual size: 128KB

.data Size: 1024B - Virtual size: 3KB

.pdata Size: 3KB - Virtual size: 3KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 296B

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

7d:36:60:54:c9:07:97:38:0c:82:21:2f:b6:58:91:90:a9:d7:ce:d9:11:33:c1:18:f5:4c:f6:fb:92:7c:2f:54
Signer

.text
Size: 118KB - Virtual size: 117KB

.rdata
Size: 128KB - Virtual size: 128KB

.data
Size: 1024B - Virtual size: 3KB

.pdata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 296B