Catalog[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Catalog.exe
Size

1.7MB
MD5

800accd71f42eb2a9beec38ecb6f4c9b
SHA1

084e69e3e300f66fa2380b8e904f9d993d97655a
SHA256

0dae9c759072f9c0e5a61a9de24a89e76da35ffab8ff9610cc90df417c741f3f
SHA512

9d71dc048e63ba6d1fcd522a73abddb18dd7013ed4af6f5f051bc6a4a23eada941d4a3dec4eac92b3b404d382776fbeb7666a3ca7a8576ae78a17fd09f90d66d
SSDEEP

24576:9damHBgkMmt7BUgGdP8LPE/ug/1B7C8RHQVKWuRICArSNir6JJgBHYk+pGA0Ev:9dVBBK0ZozNQV5uGCAr+PgSkE0e

Score

1^/10

Malware Config

Signatures

Files

Catalog.exe
.exe windows:5 windows x86 arch:x86

90a06fe7bac1554c3a1cf6f2228bd8b0

Code Sign

33:00:00:00:56:35:88:7e:de:18:82:ef:76:00:00:00:00:00:56
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/06/2022, 18:08

Not After

01/06/2023, 18:08

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/10/2014, 20:31

Not After

15/10/2029, 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d3:f8:49:c7:e9:93:23:10:3d:95:9f:a2:64:15:da:73:5a:23:c0:ba:b5:1a:98:e4:ff:9b:44:84:0f:43:14:ca
Signer

Actual PE Digest

d3:f8:49:c7:e9:93:23:10:3d:95:9f:a2:64:15:da:73:5a:23:c0:ba:b5:1a:98:e4:ff:9b:44:84:0f:43:14:ca

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeConsole
GetCurrentProcessId
GetCurrentThreadId
DeleteCriticalSection
LocalFree
GetVersionExA
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateThread
GetModuleFileNameA
GetModuleFileNameW
CloseHandle
QueueUserWorkItem
CreateEventW
GetLastError
Sleep
SetEvent
WaitForSingleObject
CreateToolhelp32Snapshot
Process32NextW
GetSystemInfo
SetEnvironmentVariableA
CompareStringW
GetProcessHeap
SetEndOfFile
GetDriveTypeW
ReadFile
SetStdHandle
GetStringTypeW
HeapSize
SetFilePointer
GetCurrentDirectoryW
CreateFileA
PeekNamedPipe
GetFileInformationByHandle
GetFullPathNameA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetTickCount
QueryPerformanceCounter
HeapCreate
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetExitCodeProcess
CreatePipe
GetStartupInfoW
SetHandleCount
GetFileAttributesA
WriteFile
LoadLibraryW
Process32FirstW
TerminateProcess
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
EncodePointer
DecodePointer
InterlockedExchange
MultiByteToWideChar
GetProcAddress
GetModuleHandleW
ExitProcess
CreateProcessA
DuplicateHandle
GetCurrentProcess
GetCommandLineW
HeapSetInformation
GetSystemTimeAsFileTime
DeleteFileA
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileExA
HeapAlloc
HeapFree
GetTimeZoneInformation
ExitThread
HeapReAlloc
WriteConsoleW
GetFileType
GetStdHandle
RaiseException
RtlUnwind
LCMapStringW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
CreateFileW
HeapAlloc
HeapFree
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

advapi32

StartServiceCtrlDispatcherW
DeregisterEventSource
ControlService
QueryServiceStatus
StartServiceW
ChangeServiceConfig2W
OpenServiceW
OpenSCManagerW
DeleteService
CloseServiceHandle
CreateServiceW
ReportEventW
RegisterServiceCtrlHandlerW
SetServiceStatus
RegisterEventSourceW

odbc32

ord31
ord7
ord39
ord75
ord24
ord11
ord9

ws2_32

WSAGetLastError
socket
accept
bind
listen
connect
getpeername
getsockname
getsockopt
WSAPoll
ioctlsocket
sendto
recv
recvfrom
shutdown
closesocket
setsockopt
htons
ntohl
ntohs
WSAStartup
htonl
gethostbyname
gethostname
WSASocketA
inet_pton
inet_ntoa
send

dnsapi

DnsQuery_A

Sections

.text
Size: - Virtual size: 295KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fsg0
Size: - Virtual size: 564KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.fsg1
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fsg2
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 344B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

90a06fe7bac1554c3a1cf6f2228bd8b0

Code Sign

33:00:00:00:56:35:88:7e:de:18:82:ef:76:00:00:00:00:00:56Certificate

Extended Key Usages

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0dCertificate

Key Usages

d3:f8:49:c7:e9:93:23:10:3d:95:9f:a2:64:15:da:73:5a:23:c0:ba:b5:1a:98:e4:ff:9b:44:84:0f:43:14:caSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

odbc32

ws2_32

dnsapi

Sections

.text Size: - Virtual size: 295KB

.rdata Size: - Virtual size: 24KB

.data Size: - Virtual size: 57KB

.fsg0 Size: - Virtual size: 564KB

.fsg1 Size: 1KB - Virtual size: 1KB

.fsg2 Size: 1.7MB - Virtual size: 1.7MB

.reloc Size: 512B - Virtual size: 344B

.rsrc Size: 1KB - Virtual size: 1KB

33:00:00:00:56:35:88:7e:de:18:82:ef:76:00:00:00:00:00:56
Certificate

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

d3:f8:49:c7:e9:93:23:10:3d:95:9f:a2:64:15:da:73:5a:23:c0:ba:b5:1a:98:e4:ff:9b:44:84:0f:43:14:ca
Signer

.text
Size: - Virtual size: 295KB

.rdata
Size: - Virtual size: 24KB

.data
Size: - Virtual size: 57KB

.fsg0
Size: - Virtual size: 564KB

.fsg1
Size: 1KB - Virtual size: 1KB

.fsg2
Size: 1.7MB - Virtual size: 1.7MB

.reloc
Size: 512B - Virtual size: 344B

.rsrc
Size: 1KB - Virtual size: 1KB