0358ec7c93e8a8d41c48767803dc5ab5f0136b32b542109725671e87732c1662

Sharing

Copy URL

Twitter E-mail

General

Target

0358ec7c93e8a8d41c48767803dc5ab5f0136b32b542109725671e87732c1662
Size

5.2MB
MD5

633bd17d2bfc02969c0298e814e1c324
SHA1

1165b196db9545ec3f151f61bf3aaee591a61f5b
SHA256

0358ec7c93e8a8d41c48767803dc5ab5f0136b32b542109725671e87732c1662
SHA512

637d0cd28f06a5a13d9dab3f8fdde4c1f06746f5705a9e6add3b2e4d6b92f9ea2f40344fdab5f0ff0edaa7f8f96cfc536b82e911cebdd44e014e1a464b80c2b0
SSDEEP

98304:FMHT6YZVyalZ5Sy3tAk3GqLLS5y1HfEuTIEAO/IIPfs2bdKy:iLIYfXIEArIPfs2b3

Score

1^/10

Malware Config

Signatures

Files

0358ec7c93e8a8d41c48767803dc5ab5f0136b32b542109725671e87732c1662
.exe windows:6 windows x86 arch:x86

e1a87aa50c7cdc063b81013fbc8b585d

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1b:8e:3a:ce:02:ad:a1:a2:43:b9:c1:76:21:45:99:28
Certificate

Issuer

CN=orscheln-CERTSRV-CA,0.9.2342.19200300.100.1.25=#13086f72736368656c6e,0.9.2342.19200300.100.1.25=#13026f69,0.9.2342.19200300.100.1.25=#13056c6f63616c

Not Before

17-07-2017 15:53

Not After

17-07-2042 16:03

Subject

CN=orscheln-CERTSRV-CA,0.9.2342.19200300.100.1.25=#13086f72736368656c6e,0.9.2342.19200300.100.1.25=#13026f69,0.9.2342.19200300.100.1.25=#13056c6f63616c

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

45:00:00:aa:7b:86:b1:38:c0:89:6f:36:cc:00:00:00:00:aa:7b
Certificate

Issuer

CN=orscheln-CERTSRV-CA,0.9.2342.19200300.100.1.25=#13086f72736368656c6e,0.9.2342.19200300.100.1.25=#13026f69,0.9.2342.19200300.100.1.25=#13056c6f63616c

Not Before

03-08-2023 12:20

Not After

01-08-2028 12:20

Subject

CN=Joel Tayon,OU=Manufacturing Operations+OU=Missouri+OU=Orscheln Products LLC (Site 75)+OU=Users,1.2.840.113549.1.9.1=#0c166a6f656c7461796f6e406f72736368656c6e2e636f6d,0.9.2342.19200300.100.1.25=#13086f72736368656c6e,0.9.2342.19200300.100.1.25=#13026f69,0.9.2342.19200300.100.1.25=#13056c6f63616c

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

fb:b4:da:51:6f:f2:40:a6:67:ec:cf:00:24:b8:d1:33:32:2a:c6:7f
Signer

Actual PE Digest

fb:b4:da:51:6f:f2:40:a6:67:ec:cf:00:24:b8:d1:33:32:2a:c6:7f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

PDB Paths

C:\dev\_r\1\src\installer_framework\mifd\MetaInstaller\objects\OemInstaller\win32U\i386\msvc-14.0\release\out\OEMsetup.pdb

Imports

wininet

InternetGetConnectedState
InternetCheckConnectionW

cabinet

ord23
ord22
ord20

rpcrt4

RpcStringFreeA
UuidCreate
UuidToStringA

mpr

WNetGetUserW

ole32

OleLockRunning
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
OleGetClipboard
DoDragDrop
CreateStreamOnHGlobal
CoDisconnectObject
ReleaseStgMedium
OleDuplicateData
CoTaskMemAlloc
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
CoTaskMemFree
CoCreateInstance
CoInitializeEx
CoCreateGuid
CoInitialize
CoUninitialize

user32

MsgWaitForMultipleObjects
MessageBoxW
TrackMouseEvent
SetRect
MessageBeep
IsClipboardFormatAvailable
GetAsyncKeyState
GetSysColorBrush
CopyImage
RealChildWindowFromPoint
ShowOwnedPopups
InflateRect
GetMenuItemInfoW
DestroyMenu
OffsetRect
IsWindow
KillTimer
SetTimer
InvalidateRect
SystemParametersInfoW
SetRectEmpty
LoadIconW
DrawTextExW
GetKeyState
RedrawWindow
IsWindowVisible
DrawEdge
AppendMenuW
DrawStateW
CreatePopupMenu
GetSystemMetrics
FillRect
PostMessageW
PtInRect
DrawIconEx
LoadBitmapW
UpdateWindow
SetParent
GetCursorPos
IsIconic
TranslateAcceleratorW
IntersectRect
IsRectEmpty
LoadAcceleratorsW
ShowScrollBar
SetForegroundWindow
GetForegroundWindow
ChildWindowFromPoint
RegisterWindowMessageW
EnableMenuItem
DrawIcon
GetFocus
GetWindow
GetSystemMenu
FlashWindow
SetWindowPlacement
GetWindowPlacement
SetWindowPos
ExitWindowsEx
EnableWindow
ReleaseDC
GetParent
PostQuitMessage
MapDialogRect
GetClassNameW
MoveWindow
UnregisterClassW
SendMessageW
ScreenToClient
EnumChildWindows
GetDC
GetWindowRect
GetWindowLongW
GetSysColor
CopyRect
LoadStringW
LoadImageW
GetClientRect
SetCursor
LoadCursorW
PostThreadMessageW
IsCharAlphaW
IsCharAlphaNumericW
GetMessageW
DispatchMessageW
PeekMessageW
SendNotifyMessageW
TranslateMessage
GetWindowThreadProcessId
SendDlgItemMessageA
LoadMenuW
MapVirtualKeyW
GetKeyNameTextW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
DestroyCursor
GetWindowRgn
CreateMenu
SubtractRect
TranslateMDISysAccel
DefMDIChildProcW
DefFrameProcW
DrawMenuBar
GetUpdateRect
CharUpperBuffW
RegisterClipboardFormatW
ModifyMenuW
GetDoubleClickTime
SetMenuDefaultItem
LockWindowUpdate
CopyAcceleratorTableW
DestroyAcceleratorTable
CreateAcceleratorTableW
GetKeyboardState
ToUnicodeEx
MapVirtualKeyExW
IsCharLowerW
GetKeyboardLayout
GetComboBoxInfo
MonitorFromPoint
UpdateLayeredWindow
UnionRect
ReuseDDElParam
UnpackDDElParam
InsertMenuItemW
FrameRect
CopyIcon
SetCursorPos
BringWindowToTop
IsZoomed
DrawFrameControl
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
SetWindowRgn
SetClassLongW
EnumDisplayMonitors
SetLayeredWindowAttributes
NotifyWinEvent
InvertRect
HideCaret
EnableScrollBar
GetIconInfo
DrawFocusRect
GetNextDlgGroupItem
GetMenuDefaultItem
CharUpperW
WindowFromPoint
SetMenuItemBitmaps
ReleaseCapture
SetCapture
WaitMessage
DeleteMenu
DrawTextW
GrayStringW
TabbedTextOutW
GetWindowDC
BeginPaint
EndPaint
ClientToScreen
GetMessagePos
GetMessageTime
DefWindowProcW
CallWindowProcW
RegisterClassW
GetClassInfoW
GetClassInfoExW
CreateWindowExW
IsMenu
IsChild
DestroyWindow
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
GetDlgItem
GetDlgCtrlID
SetFocus
GetCapture
GetMenu
SetMenu
GetSubMenu
GetMenuItemID
GetMenuItemCount
TrackPopupMenu
SetActiveWindow
ValidateRect
ScrollWindow
SetScrollPos
GetScrollPos
SetScrollRange
GetScrollRange
SetPropW
GetPropW
RemovePropW
GetWindowTextW
GetWindowTextLengthW
AdjustWindowRectEx
MapWindowPoints
EqualRect
SetWindowLongW
GetClassLongW
GetTopWindow
GetLastActivePopup
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
SetScrollInfo
GetScrollInfo
WinHelpW
MonitorFromWindow
GetMonitorInfoW
ShowWindow
SetDlgItemTextW
CheckDlgButton
IsWindowEnabled
SetWindowTextW
IsDialogMessageW
CreateDialogIndirectParamW
EndDialog
GetNextDlgTabItem
GetActiveWindow
GetDesktopWindow
GetMenuStringW
GetMenuState
InsertMenuW
RemoveMenu
CheckMenuItem
DestroyIcon

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

shell32

SHAppBarMessage
SHBrowseForFolderW
DragFinish
DragQueryFileW
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHCreateItemFromParsingName
SHGetFolderPathW
SHFileOperationW

kernel32

WideCharToMultiByte
GetDiskFreeSpaceW
FindClose
WaitForSingleObject
OpenProcess
CreateEventW
Sleep
SetEvent
GetWindowsDirectoryW
GetProcAddress
CreateProcessW
GetTickCount
GetDriveTypeW
GetExitCodeProcess
GetModuleFileNameA
IsBadWritePtr
GetCurrentProcess
OutputDebugStringA
GetEnvironmentVariableA
GetCurrentDirectoryA
OutputDebugStringW
GetCurrentThread
LoadLibraryA
GetCurrentProcessId
IsBadReadPtr
VirtualQuery
ResetEvent
FindResourceExW
WriteFile
GetUserDefaultLangID
GetSystemDirectoryW
TerminateThread
WritePrivateProfileStringW
WritePrivateProfileSectionW
CreateDirectoryW
SetThreadLocale
LocalFree
GetTempPathW
CreateMutexW
GetVersionExW
ReleaseMutex
ResumeThread
GetExitCodeThread
GetVersionExA
DeleteFileW
MoveFileExW
GetTempFileNameW
SetFilePointer
FlushFileBuffers
SetThreadPriority
GetVolumeInformationW
FindFirstFileW
VirtualProtect
GetFullPathNameW
GetEnvironmentVariableW
GetSystemInfo
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
SetFileTime
GetCurrentThreadId
FileTimeToDosDateTime
DosDateTimeToFileTime
LocalAlloc
LocalReAlloc
FindNextFileW
GetFileTime
SetErrorMode
LoadLibraryExW
CreateThread
CreatePipe
K32GetModuleFileNameExW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
QueryPerformanceCounter
QueryPerformanceFrequency
MoveFileW
LoadLibraryExA
GlobalLock
GlobalUnlock
CloseHandle
GlobalFree
EncodePointer
GetModuleHandleA
GlobalDeleteAtom
lstrcmpW
GlobalAddAtomW
GlobalFindAtomW
GlobalSize
CopyFileW
InitializeCriticalSectionAndSpinCount
lstrcmpA
CompareStringA
SuspendThread
GetPrivateProfileIntW
GlobalFlags
GlobalGetAtomNameW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalReAlloc
GlobalHandle
CompareStringW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
FileTimeToSystemTime
lstrcmpiW
lstrcpyW
GetFileSize
LockFile
SetEndOfFile
UnlockFile
DuplicateHandle
VerSetConditionMask
VerifyVersionInfoW
FileTimeToLocalFileTime
GetFileAttributesExW
GetFileSizeEx
SystemTimeToTzSpecificLocalTime
GetProfileIntW
SearchPathW
WaitForSingleObjectEx
InitializeSListHead
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
IsDebuggerPresent
GetStartupInfoW
SetCurrentDirectoryW
GetCurrentDirectoryW
LoadLibraryW
GetUserDefaultLCID
GetPrivateProfileStringW
SetFileAttributesW
GetFileAttributesW
GetPrivateProfileSectionW
GetModuleFileNameW
SetLastError
GetSystemDefaultLCID
FreeResource
MulDiv
GetModuleHandleW
GetProcessHeap
DeleteCriticalSection
HeapDestroy
DecodePointer
HeapAlloc
FindResourceW
LoadResource
RaiseException
HeapReAlloc
LockResource
GetLastError
FormatMessageW
MultiByteToWideChar
HeapSize
GetLocaleInfoW
InitializeCriticalSectionEx
GetThreadLocale
HeapFree
SizeofResource
IsDBCSLeadByteEx
CreateFileW
ReadFile
GlobalAlloc
FreeLibrary
GetStringTypeW
LCMapStringW
GetCPInfo
InterlockedPushEntrySList
RtlUnwind
IsValidCodePage
GetACP
GetOEMCP
SetStdHandle
GetFileType
SetEnvironmentVariableA
SetEnvironmentVariableW
GetCommandLineA
GetCommandLineW
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
HeapQueryInformation
VirtualAlloc
GetStdHandle
ExitProcess
GetConsoleCP
GetConsoleMode
GetDateFormatW
GetTimeFormatW
IsValidLocale
EnumSystemLocalesW
SetFilePointerEx
ReadConsoleW
GetTimeZoneInformation
FindFirstFileExW
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteConsoleW
CreateFileA
RemoveDirectoryW

gdi32

SetViewportOrgEx
CreatePolygonRgn
SetViewportExtEx
ExtTextOutW
TextOutW
MoveToEx
SetTextAlign
SetTextColor
SetROP2
SetPolyFillMode
GetLayout
SetLayout
SetMapMode
SetBkMode
ExtSelectClipRgn
SelectClipRgn
SaveDC
RestoreDC
RectVisible
PtVisible
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetObjectType
GetTextFaceW
GetViewportOrgEx
GetWindowOrgEx
SetPixelV
SetPaletteEntries
ExtFloodFill
PtInRegion
GetBoundsRect
FrameRgn
FillRgn
RoundRect
OffsetRgn
GetRgnBox
Rectangle
LPtoDP
CreateRoundRectRgn
Polyline
Polygon
GetClipBox
GetTextColor
Ellipse
CreateEllipticRgn
SetDIBColorTable
CreateDIBSection
SetPixel
GetTextCharsetInfo
EnumFontFamiliesW
CreateDIBitmap
GetBkColor
GetSystemPaletteEntries
GetPaletteEntries
GetNearestPaletteIndex
EnumFontFamiliesExW
DPtoLP
SetRectRgn
CombineRgn
PatBlt
CreateRectRgnIndirect
CopyMetaFileW
ScaleWindowExtEx
ScaleViewportExtEx
OffsetWindowOrgEx
OffsetViewportOrgEx
SetWindowOrgEx
ExcludeClipRect
Escape
CreateRectRgn
CreatePatternBrush
CreatePen
CreateHatchBrush
GetPixel
DeleteDC
SetBkColor
CreateBitmap
BitBlt
GetDIBColorTable
SetGraphicsMode
StretchBlt
PolyPolyline
RealizePalette
SelectPalette
CreatePalette
CreateSolidBrush
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCW
GetObjectA
SelectObject
GetTextMetricsW
GetStockObject
GetDeviceCaps
GetTextExtentPoint32W
GetObjectW
DeleteObject
CreateFontIndirectW
TranslateCharsetInfo
SetWindowExtEx

msimg32

TransparentBlt
AlphaBlend

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

uxtheme

DrawThemeText
DrawThemeParentBackground
OpenThemeData
CloseThemeData
DrawThemeBackground
GetThemeColor
GetThemePartSize
GetThemeSysColor
IsAppThemed
GetWindowTheme
IsThemeBackgroundPartiallyTransparent
GetCurrentThemeName

oleaut32

VariantTimeToSystemTime
SystemTimeToVariantTime
SysAllocString
SysAllocStringLen
SysFreeString
VariantInit
VariantChangeType
VariantClear
LoadTypeLi
VarBstrFromDate
VariantCopy
SysStringLen

gdiplus

GdiplusShutdown
GdipFree
GdiplusStartup
GdipCloneImage
GdipDisposeImage
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePalette
GdipGetImagePaletteSize
GdipCreateBitmapFromStream
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipDeleteGraphics
GdipDrawImageI
GdipCreateBitmapFromHBITMAP
GdipCreateFromHDC
GdipSetInterpolationMode
GdipDrawImageRectI
GdipAlloc

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

winmm

PlaySoundW

ws2_32

closesocket

Exports

Exports

NI_MetaToolbox_MetaOutput_GetSharedGlobalData

Sections

.text
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 217KB - Virtual size: 250KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 358KB - Virtual size: 357KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 262KB - Virtual size: 262KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e1a87aa50c7cdc063b81013fbc8b585d

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

1b:8e:3a:ce:02:ad:a1:a2:43:b9:c1:76:21:45:99:28Certificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

45:00:00:aa:7b:86:b1:38:c0:89:6f:36:cc:00:00:00:00:aa:7bCertificate

Extended Key Usages

Key Usages

fb:b4:da:51:6f:f2:40:a6:67:ec:cf:00:24:b8:d1:33:32:2a:c6:7fSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wininet

cabinet

rpcrt4

mpr

ole32

user32

version

wtsapi32

shell32

kernel32

gdi32

msimg32

winspool.drv

uxtheme

oleaut32

gdiplus

imm32

winmm

ws2_32

Exports

Exports

Sections

.text Size: 3.2MB - Virtual size: 3.2MB

.rdata Size: 1.2MB - Virtual size: 1.2MB

.data Size: 217KB - Virtual size: 250KB

.gfids Size: 2KB - Virtual size: 1KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 358KB - Virtual size: 357KB

.reloc Size: 262KB - Virtual size: 262KB

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

1b:8e:3a:ce:02:ad:a1:a2:43:b9:c1:76:21:45:99:28
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

45:00:00:aa:7b:86:b1:38:c0:89:6f:36:cc:00:00:00:00:aa:7b
Certificate

fb:b4:da:51:6f:f2:40:a6:67:ec:cf:00:24:b8:d1:33:32:2a:c6:7f
Signer

.text
Size: 3.2MB - Virtual size: 3.2MB

.rdata
Size: 1.2MB - Virtual size: 1.2MB

.data
Size: 217KB - Virtual size: 250KB

.gfids
Size: 2KB - Virtual size: 1KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 358KB - Virtual size: 357KB

.reloc
Size: 262KB - Virtual size: 262KB