General

Malware Config

Signatures

Files

• am.exe

  .exe windows:5 windows x86 arch:x86

  4cdb28bb127d72a9bdbe2baa89ad4456

  
  

  Code Sign

  09:90:7e:01:ed:c3:e3:4b:49:71:b2:a5:07:92:7b:6e

  Certificate

  Issuer

  CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

  Not Before

  14-01-2022 00:00

  Not After

  14-01-2023 23:59

  Subject

  CN=Cisco Systems\, Inc.,O=Cisco Systems\, Inc.,L=Milpitas,ST=California,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d

  Certificate

  Issuer

  CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

  Not Before

  29-03-2022 00:00

  Not After

  14-03-2033 23:59

  Subject

  CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b

  Certificate

  Issuer

  CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  23-03-2022 00:00

  Not After

  22-03-2037 23:59

  Subject

  CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a

  Certificate

  Issuer

  CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  01-08-2022 00:00

  Not After

  09-11-2031 23:59

  Subject

  CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  a2:e7:96:44:f4:84:c6:eb:75:df:de:85:03:6e:af:6c:07:74:18:08:30:bf:0d:45:6f:45:57:2c:09:ee:26:86

  Signer

  Actual PE Digest

  a2:e7:96:44:f4:84:c6:eb:75:df:de:85:03:6e:af:6c:07:74:18:08:30:bf:0d:45:6f:45:57:2c:09:ee:26:86

  Digest Algorithm

  sha256

  PE Digest Matches

  false

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  PDB Paths

  C:\build.tc\agent\work\be4aeed6d8977370\lpchrome\nplastpass\native_messaging Release\nplastpass.pdb

  Imports

  crypt32

  CryptUnprotectData

  CryptProtectData

  oleacc

  AccessibleChildren

  AccessibleObjectFromWindow

  kernel32

  GetFileAttributesA

  GetCurrentProcessId

  GetTempPathA

  CreateProcessW

  CompareFileTime

  CreateDirectoryW

  WriteFile

  GetSystemDirectoryW

  GetExitCodeProcess

  ReadFile

  CreateFileW

  GetTempPathW

  GetFileTime

  CloseHandle

  GetWindowsDirectoryW

  DeleteFileW

  CreateThread

  GetCommandLineW

  GetTempFileNameW

  CopyFileA

  GetShortPathNameW

  DeleteFileA

  GetFullPathNameW

  GetFullPathNameA

  CreateFileA

  GetFileSize

  HeapCompact

  SetFilePointer

  TryEnterCriticalSection

  MapViewOfFile

  UnmapViewOfFile

  SetEndOfFile

  SystemTimeToFileTime

  QueryPerformanceCounter

  InterlockedCompareExchange

  UnlockFile

  FlushViewOfFile

  LockFile

  WaitForSingleObjectEx

  OutputDebugStringW

  UnlockFileEx

  GetSystemTimeAsFileTime

  FormatMessageA

  FormatMessageW

  HeapCreate

  HeapValidate

  FlushFileBuffers

  LockFileEx

  GetDiskFreeSpaceW

  LoadLibraryA

  CreateFileMappingA

  CreateFileMappingW

  GetDiskFreeSpaceA

  GetSystemInfo

  GetFileAttributesExW

  OutputDebugStringA

  GetVersionExA

  GetSystemTime

  AreFileApisANSI

  SetUnhandledExceptionFilter

  GetCurrentThread

  SizeofResource

  ConnectNamedPipe

  CreateNamedPipeW

  WaitNamedPipeW

  TerminateThread

  DisconnectNamedPipe

  ProcessIdToSessionId

  GetExitCodeThread

  SetNamedPipeHandleState

  OpenFileMappingW

  ReleaseMutex

  LocalFree

  OpenProcess

  Process32FirstW

  Process32NextW

  CreateToolhelp32Snapshot

  LocalAlloc

  QueryPerformanceFrequency

  GetThreadTimes

  QueryDepthSList

  InterlockedFlushSList

  ReleaseSemaphore

  DuplicateHandle

  VirtualProtect

  GetModuleHandleA

  FreeLibraryAndExitThread

  FreeEnvironmentStringsW

  GetEnvironmentStringsW

  GetModuleFileNameA

  SetStdHandle

  ReadConsoleW

  GetOEMCP

  GetACP

  IsValidCodePage

  GetConsoleMode

  GetConsoleCP

  SetFilePointerEx

  GetFileType

  GetStdHandle

  EnumSystemLocalesW

  GetUserDefaultLCID

  IsValidLocale

  GetLocaleInfoW

  LCMapStringW

  CompareStringW

  CreateSemaphoreW

  GetStartupInfoW

  TerminateProcess

  CreateEventW

  UnhandledExceptionFilter

  UnregisterWait

  RegisterWaitForSingleObject

  SetThreadAffinityMask

  GetProcessAffinityMask

  GetNumaHighestNodeNumber

  GetModuleHandleW

  DeleteTimerQueueTimer

  ChangeTimerQueueTimer

  CreateTimerQueueTimer

  SetEnvironmentVariableA

  GetLogicalProcessorInformation

  TlsFree

  TlsSetValue

  TlsGetValue

  TlsAlloc

  GetThreadPriority

  SetThreadPriority

  SwitchToThread

  SignalObjectAndWait

  SetEvent

  CreateTimerQueue

  GetCPInfo

  RtlUnwind

  GetCommandLineA

  GetModuleHandleExW

  ExitProcess

  GetTimeZoneInformation

  FindNextFileW

  GetCurrentDirectoryW

  Sleep

  InitializeCriticalSection

  GetTickCount

  FindFirstFileW

  GetFileAttributesW

  GetVersionExW

  DebugBreak

  FreeLibrary

  WaitForSingleObject

  CreateMutexW

  GetCurrentThreadId

  GlobalHandle

  LockResource

  GlobalFree

  EnterCriticalSection

  GetProcAddress

  SetLastError

  FlushInstructionCache

  GlobalUnlock

  lstrcmpW

  GetModuleFileNameW

  MulDiv

  LeaveCriticalSection

  LoadLibraryW

  GlobalAlloc

  GlobalLock

  GetCurrentProcess

  InterlockedDecrement

  InterlockedIncrement

  LoadResource

  FindResourceW

  MultiByteToWideChar

  WideCharToMultiByte

  DeleteCriticalSection

  DecodePointer

  HeapSize

  GetLastError

  RaiseException

  HeapDestroy

  InitializeCriticalSectionAndSpinCount

  GetProcessHeap

  HeapFree

  HeapAlloc

  HeapReAlloc

  UnregisterWaitEx

  WriteConsoleW

  IsDebuggerPresent

  LoadLibraryExW

  ExitThread

  VirtualFree

  VirtualAlloc

  IsProcessorFeaturePresent

  InterlockedPushEntrySList

  InterlockedPopEntrySList

  InitializeSListHead

  EncodePointer

  GetStringTypeW

  user32

  SetWindowTextW

  SendMessageW

  SetDlgItemTextW

  ReleaseCapture

  CreateWindowExW

  CallWindowProcW

  DefWindowProcW

  GetWindow

  MoveWindow

  UnregisterClassW

  ClientToScreen

  SetTimer

  KillTimer

  GetClipboardData

  CloseClipboard

  SetClipboardData

  EmptyClipboard

  FindWindowExW

  GetForegroundWindow

  OpenClipboard

  LoadStringW

  GetLastInputInfo

  MessageBoxW

  MapDialogRect

  SetWindowContextHelpId

  SendDlgItemMessageW

  EndPaint

  DestroyWindow

  GetWindowTextLengthW

  DestroyAcceleratorTable

  ScreenToClient

  CharNextW

  RegisterWindowMessageW

  FillRect

  IsChild

  SetCapture

  DialogBoxIndirectParamW

  GetFocus

  GetParent

  InvalidateRgn

  LoadCursorW

  GetClientRect

  CreateAcceleratorTableW

  SetFocus

  BeginPaint

  GetClassInfoExW

  GetDC

  RegisterClassExW

  InvalidateRect

  GetWindowLongW

  GetWindowTextW

  GetClassNameW

  ReleaseDC

  GetDlgItem

  SetWindowLongW

  EndDialog

  RedrawWindow

  GetDesktopWindow

  GetSysColor

  SetWindowPos

  ShowWindow

  GetActiveWindow

  IsWindow

  gdi32

  DeleteDC

  GetDeviceCaps

  DeleteObject

  SelectObject

  CreateCompatibleDC

  CreateCompatibleBitmap

  GetObjectW

  GetStockObject

  CreateSolidBrush

  BitBlt

  comdlg32

  GetSaveFileNameW

  GetOpenFileNameW

  advapi32

  CryptAcquireContextW

  CryptReleaseContext

  CryptAcquireContextA

  ConvertStringSecurityDescriptorToSecurityDescriptorW

  GetSecurityInfo

  GetAce

  SetSecurityDescriptorDacl

  InitializeSecurityDescriptor

  RevertToSelf

  ImpersonateLoggedOnUser

  GetUserNameW

  SetNamedSecurityInfoW

  AdjustTokenPrivileges

  LookupPrivilegeValueW

  OpenThreadToken

  RegCloseKey

  GetLengthSid

  RegOpenKeyExW

  RegQueryValueExW

  CopySid

  GetTokenInformation

  OpenProcessToken

  CryptGenRandom

  shell32

  SHGetFolderPathW

  CommandLineToArgvW

  ShellExecuteExW

  ShellExecuteW

  ole32

  CoCreateInstance

  OleLockRunning

  CLSIDFromProgID

  CLSIDFromString

  CreateStreamOnHGlobal

  CoInitialize

  CoUninitialize

  CoTaskMemAlloc

  CoGetClassObject

  CoTaskMemFree

  OleUninitialize

  OleInitialize

  StringFromGUID2

  oleaut32

  OleCreateFontIndirect

  SysStringByteLen

  LoadRegTypeLi

  SysFreeString

  SysAllocStringLen

  VariantInit

  SysAllocString

  SysStringLen

  VariantClear

  LoadTypeLi

  Exports

  Exports

  ASOEnableLogging

  ASOGetInfo

  ASOInitialize

  ASOInitializeWithCallback

  ASOLIBSetProcessMsgCallback

  ASONotify

  ASONotifyCallback

  ASONotifyClient

  ASONotifyClientThreaded

  ASONotifySimple

  ASONumClients

  ASOServiceInitialize

  ASOServiceUninitialize

  ASOSetupGlobals

  ASOUninitialize

  Sections

  .text

  Size: 1.4MB - Virtual size: 1.4MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 312KB - Virtual size: 312KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 37KB - Virtual size: 564KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 1.2MB - Virtual size: 1.2MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 74KB - Virtual size: 74KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ