intel-s3610-HP-LK0800GEYMU-cp044694[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

intel-s3610-HP-LK0800GEYMU-cp044694.exe
Size

2.6MB
MD5

22c17241832ac0dcc97dde0cd27a4eaa
SHA1

2ab524d21e2050d9f71744e505c05c4cb61e47eb
SHA256

359847e9f6b2fe97b6c98f94ebe83eaf90b499435ad43685482d1ae3e161a7a0
SHA512

c12ce9e50e364118839945b7ae38231b2a56556eee8334ebc6b06ec092cded05f17d12b102162123e151f3b8d090a781a8d7ff2a05b304b8b6ec6165a803d174
SSDEEP

49152:Sz4gJ3Af55DGXfpOCn1TcFaO1IHccZ8iH4vjlD7g/x+plhs7ifS:S7J3ARRGXfYC1Tc1eHccZ8iH47h74+TQ

Score

1^/10

Malware Config

Signatures

Files

intel-s3610-HP-LK0800GEYMU-cp044694.exe
.exe windows:6 windows x64 arch:x64

cf704847e46e588f13559288ab209cd4

Code Sign

33:00:00:00:35:d8:d5:59:5b:06:71:41:2b:00:00:00:00:00:35
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-08-2013 20:26

Not After

15-08-2023 20:36

Subject

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d4:76:93:3a:8a:a1:95:fe:46:b7:4c:ff:5c:88:fd:3f
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

29-01-2020 00:00

Not After

28-01-2021 23:59

Subject

CN=Hewlett Packard Enterprise Company,OU=HP Cyber Security,O=Hewlett Packard Enterprise Company,POSTALCODE=94304,STREET=3000 Hanover Street,L=Palo Alto,ST=CA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

13:ea:28:70:5b:f4:ec:ed:0c:36:63:09:80:61:43:36
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30-05-2000 10:48

Not After

30-05-2020 10:48

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-11-2018 00:00

Not After

31-12-2030 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-10-2019 00:00

Not After

17-10-2030 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:4f:bb:43:a0:b9:2c:85:15:19:d3:2d:7d:e4:8b:a9:cd:61:f1:63:3b:8e:f2:57:e2:94:45:91:ae:6e:a7:63
Signer

Actual PE Digest

05:4f:bb:43:a0:b9:2c:85:15:19:d3:2d:7d:e4:8b:a9:cd:61:f1:63:3b:8e:f2:57:e2:94:45:91:ae:6e:a7:63

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

cpqstub.pdb

Imports

advapi32

RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegEnumKeyW
RegOpenKeyW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
InitiateSystemShutdownW
QueryServiceStatusEx
OpenServiceW
OpenSCManagerW
CloseServiceHandle
SystemFunction036

user32

GetDlgItem
DispatchMessageW
PeekMessageW
DestroyWindow
SetWindowPos
SendMessageW
LoadStringW
wsprintfW
GetClientRect
LoadImageW
DestroyIcon
SetWindowLongPtrW
ScreenToClient
SetWindowTextW
AppendMenuW
GetSystemMenu
GetSystemMetrics
EnableWindow
SetFocus
SetDlgItemTextW
DialogBoxParamW
MoveWindow
CallWindowProcW
GetParent
GetWindowRect
SetDlgItemTextA
EndDialog
GetDesktopWindow
MessageBoxW
SendDlgItemMessageW
CreateDialogParamW
CloseWindow
OpenIcon
ShowWindow
CharNextW

kernel32

InitializeCriticalSectionAndSpinCount
WriteConsoleW
FlushFileBuffers
HeapSize
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
FindFirstFileExW
HeapReAlloc
GetOEMCP
IsValidCodePage
GetCPInfo
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
LCMapStringW
CompareStringW
GetStringTypeW
RaiseException
GetLastError
InitializeCriticalSectionEx
DeleteCriticalSection
lstrcmpW
lstrcpyW
lstrcatW
lstrlenW
WideCharToMultiByte
DosDateTimeToFileTime
FileTimeToSystemTime
GetDateFormatA
GetTimeFormatA
GetStdHandle
GetCommandLineW
SetCurrentDirectoryW
GetCurrentDirectoryW
CreateFileW
GetDiskFreeSpaceExW
WriteFile
TlsAlloc
DuplicateHandle
CreatePipe
WaitForSingleObject
Sleep
GetCurrentProcess
GetExitCodeProcess
CreateProcessW
GetLocalTime
GetModuleFileNameW
GlobalFree
CopyFileW
GetDateFormatW
GetTimeFormatW
CreateDirectoryW
DeleteFileW
FindClose
FindFirstFileW
FindNextFileW
GetDriveTypeW
RemoveDirectoryW
SetFileAttributesW
GetTempPathW
SetErrorMode
GetCurrentProcessId
LocalAlloc
LocalSize
LocalFree
FormatMessageW
lstrcmpiW
MoveFileExW
GetLocaleInfoW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
SetProcessShutdownParameters
FreeLibrary
LoadLibraryW
GetConsoleCP
SetFilePointerEx
GetConsoleMode
GetModuleHandleExW
ExitProcess
SetStdHandle
GetFileType
GetACP
SetLastError
LeaveCriticalSection
EnterCriticalSection
OutputDebugStringW
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
GetFileAttributesExW
LoadLibraryExW
RtlUnwindEx
EncodePointer
TlsGetValue
TlsSetValue
TlsFree
CloseHandle
RtlPcToFileHeader
ReadFile
SetFilePointer
GetFileSize
GetFileTime
LocalFileTimeToFileTime
SetFileTime
HeapAlloc
HeapFree
GetProcessHeap
lstrcmpA
lstrcpynA
lstrlenA
MultiByteToWideChar
GetEnvironmentVariableW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
GetProcAddress

shell32

Shell_NotifyIconW
SHGetMalloc
SHGetPathFromIDListW
SHBrowseForFolderW
CommandLineToArgvW

ole32

CoInitializeSecurity
CoSetProxyBlanket
CoInitializeEx
CoCreateGuid
CoTaskMemFree
CoUninitialize
StringFromCLSID
OleUninitialize
CoCreateInstance
OleInitialize

oleaut32

SafeArrayGetLBound
SafeArrayGetUBound
VariantClear
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetElemsize
SafeArrayCreate
SysAllocString
SysFreeString
SafeArrayGetElement
VariantInit

shlwapi

PathStripPathW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

Sections

.text
Size: 192KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 292B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cf704847e46e588f13559288ab209cd4

Code Sign

33:00:00:00:35:d8:d5:59:5b:06:71:41:2b:00:00:00:00:00:35Certificate

Extended Key Usages

Key Usages

d4:76:93:3a:8a:a1:95:fe:46:b7:4c:ff:5c:88:fd:3fCertificate

Extended Key Usages

Key Usages

13:ea:28:70:5b:f4:ec:ed:0c:36:63:09:80:61:43:36Certificate

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6dCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

05:4f:bb:43:a0:b9:2c:85:15:19:d3:2d:7d:e4:8b:a9:cd:61:f1:63:3b:8e:f2:57:e2:94:45:91:ae:6e:a7:63Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

user32

kernel32

shell32

ole32

oleaut32

shlwapi

version

Sections

.text Size: 192KB - Virtual size: 192KB

.rdata Size: 80KB - Virtual size: 79KB

.data Size: 10KB - Virtual size: 22KB

.pdata Size: 9KB - Virtual size: 8KB

.gfids Size: 512B - Virtual size: 292B

.rsrc Size: 24KB - Virtual size: 24KB

.reloc Size: 2KB - Virtual size: 2KB

33:00:00:00:35:d8:d5:59:5b:06:71:41:2b:00:00:00:00:00:35
Certificate

d4:76:93:3a:8a:a1:95:fe:46:b7:4c:ff:5c:88:fd:3f
Certificate

13:ea:28:70:5b:f4:ec:ed:0c:36:63:09:80:61:43:36
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

05:4f:bb:43:a0:b9:2c:85:15:19:d3:2d:7d:e4:8b:a9:cd:61:f1:63:3b:8e:f2:57:e2:94:45:91:ae:6e:a7:63
Signer

.text
Size: 192KB - Virtual size: 192KB

.rdata
Size: 80KB - Virtual size: 79KB

.data
Size: 10KB - Virtual size: 22KB

.pdata
Size: 9KB - Virtual size: 8KB

.gfids
Size: 512B - Virtual size: 292B

.rsrc
Size: 24KB - Virtual size: 24KB

.reloc
Size: 2KB - Virtual size: 2KB