1249e422fd97163201b6a38b48f2220a6262133b4302ad2d850669d71e144b06[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

1249e422fd97163201b6a38b48f2220a6262133b4302ad2d850669d71e144b06.exe
Size

9.4MB
MD5

9fae2084f15f67cc3549bdcdba10e595
SHA1

372f1fa71e6956647ed4087f063e9601458f926e
SHA256

1249e422fd97163201b6a38b48f2220a6262133b4302ad2d850669d71e144b06
SHA512

b710b89aaae2f58eaa382b7f3322f26c2f138a21086a90effebfe411c96c71d68dd976677d64d78ba088ffbf71f7bcec71b6757f4049246eac3279c2eb80c797
SSDEEP

98304:A9MGsP1O5ytaNopUeCEnOX0a4GXgt6RHVHSNzQpvzk1bpbEd5QDc:AI1O5ytqQw0a4GXgt63HIzj1aoc

Score

1^/10

Malware Config

Signatures

Files

1249e422fd97163201b6a38b48f2220a6262133b4302ad2d850669d71e144b06.exe
.exe windows:6 windows x64 arch:x64

92ad1eef9d9db8bbe25d3fde9a911af8

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:49:4d:7d:f0:20:97:10:7b:90:65:02:51:33:fe:92
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

07/02/2023, 00:00

Not After

08/03/2025, 23:59

Subject

SERIALNUMBER=000681038,CN=Bitsum LLC,O=Bitsum LLC,L=Morristown,ST=Tennessee,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130954656e6e6573736565,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1c:02:a9:e1:d1:ee:d5:df:80:b2:89:63:10:f5:a9:df:83:bb:a2:bd:2d:14:f3:1f:d7:90:67:4d:6e:e6:c3:90
Signer

Actual PE Digest

1c:02:a9:e1:d1:ee:d5:df:80:b2:89:63:10:f5:a9:df:83:bb:a2:bd:2d:14:f3:1f:d7:90:67:4d:6e:e6:c3:90

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\treesheets\treesheets\TS\TreeSheets.pdb

Imports

advapi32

GetUserNameA
RegEnumValueW
RegEnumKeyW
RegDeleteValueW
RegDeleteKeyExW
RegCreateKeyExW
RegCloseKey
RegQueryValueExW
RegSetValueExW
GetUserNameW
RegOpenKeyExW

kernel32

CreateMutexW
SetThreadPriority
TerminateThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FormatMessageW
GetFileType
ExpandEnvironmentStringsW
GetFileTime
GetLongPathNameW
GetTempFileNameW
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
ReadDirectoryChangesW
GetEnvironmentVariableW
GetVersionExW
GetModuleFileNameW
LoadResource
LockResource
SizeofResource
FindResourceW
IsValidCodePage
GetCommandLineW
GetModuleHandleExW
SetEvent
CreateEventW
PeekNamedPipe
WaitForMultipleObjects
CreateThread
GetDriveTypeW
GetLogicalDriveStringsW
IsBadReadPtr
IsBadStringPtrA
GetUserPreferredUILanguages
SetThreadPreferredUILanguages
GetUserDefaultLocaleName
GetFileSizeEx
LocalAlloc
OutputDebugStringW
FreeLibrary
GetProcAddress
LoadLibraryA
RtlCaptureContext
GetThreadLocale
GetLocaleInfoW
GetACP
SetErrorMode
LoadLibraryW
GlobalFree
GlobalHandle
GlobalLock
GlobalUnlock
GlobalSize
GlobalAlloc
ExitProcess
ReadConsoleOutputCharacterA
SetConsoleCursorPosition
GetConsoleScreenBufferInfo
FillConsoleOutputCharacterW
GetEnvironmentVariableA
GetCurrentDirectoryA
GetFileAttributesA
OutputDebugStringA
CloseHandle
GetLastError
SetLastError
RtlUnwindEx
InterlockedPushEntrySList
RtlUnwind
InitializeCriticalSectionAndSpinCount
LoadLibraryExW
ExitThread
FreeLibraryAndExitThread
SetStdHandle
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetTimeZoneInformation
DeleteFileW
FlushFileBuffers
GetConsoleMode
ReadConsoleW
GetConsoleOutputCP
SetFilePointerEx
HeapFree
HeapAlloc
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
HeapReAlloc
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetCommandLineA
GetProcessHeap
WriteConsoleW
WriteConsoleA
AttachConsole
GetStdHandle
MulDiv
GetCPInfo
CompareStringEx
SetEndOfFile
HeapSize
LCMapStringEx
DeleteCriticalSection
InitializeCriticalSectionEx
DecodePointer
EncodePointer
GetFileInformationByHandleEx
MoveFileExW
CopyFileW
AreFileApisANSI
GetTempPathW
GetCurrentThread
GetFullPathNameW
GetFileInformationByHandle
GetFileAttributesExW
SuspendThread
GetFileAttributesW
FindNextFileW
FindFirstFileExW
FindFirstFileW
CreateFileW
CreateDirectoryW
GetCurrentDirectoryW
SetCurrentDirectoryW
GetStringTypeW
MultiByteToWideChar
WideCharToMultiByte
WakeConditionVariable
TryAcquireSRWLockExclusive
GetNativeSystemInfo
GetExitCodeThread
Sleep
WaitForSingleObjectEx
GetLocaleInfoEx
FormatMessageA
LocalFree
RaiseException
RtlPcToFileHeader
InitializeSListHead
GetSystemTimeAsFileTime
TerminateProcess
GetModuleHandleW
IsProcessorFeaturePresent
GetStartupInfoW
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
IsDebuggerPresent
GetFullPathNameA
RtlDeleteFunctionTable
GetSystemDirectoryA
InitializeCriticalSection
LeaveCriticalSection
RtlAddFunctionTable
EnterCriticalSection
FreeConsole
AllocConsole
FindClose
FindNextFileA
FindFirstFileA
GetConsoleWindow
GetLogicalProcessorInformation
QueryPerformanceCounter
QueryPerformanceFrequency
GetOverlappedResult
ReadFile
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
CreateEventA
SetHandleInformation
CreatePipe
CreateNamedPipeA
GetCurrentThreadId
WriteProcessMemory
VirtualProtect
GetCurrentProcessId
GetCurrentProcess
FatalAppExitA
SetUnhandledExceptionFilter
WriteFile
CreateFileA
GetModuleFileNameA
ReadProcessMemory
GetVersionExA
GetThreadContext
ResumeThread

user32

FindWindowExW
ChildWindowFromPoint
GetDesktopWindow
UnionRect
GetComboBoxInfo
IsRectEmpty
ValidateRgn
ValidateRect
PostThreadMessageW
GetMessageW
GetMenuBarInfo
GetWindowDC
HideCaret
keybd_event
IsMenu
CheckMenuRadioItem
GetSysColorBrush
GetMenuItemID
CheckMenuItem
DrawFrameControl
DrawEdge
DrawIconEx
GetCaretBlinkTime
GetDoubleClickTime
TranslateAcceleratorW
DestroyAcceleratorTable
CreateAcceleratorTableW
GetClassNameW
MessageBeep
GetWindowTextLengthW
GetWindowTextW
GetClipboardFormatNameW
RegisterClipboardFormatW
SetForegroundWindow
GetSystemMenu
GetDialogBaseUnits
CreateDialogIndirectParamW
IsZoomed
BringWindowToTop
IsIconic
FlashWindowEx
SetLayeredWindowAttributes
GetMonitorInfoW
MonitorFromWindow
GetWindowPlacement
SetWindowRgn
InsertMenuItemW
SetMenuInfo
RemoveMenu
ModifyMenuW
AppendMenuW
InsertMenuW
EnableMenuItem
DestroyMenu
CreatePopupMenu
CreateMenu
DrawMenuBar
GetMenuState
GetDlgItem
CreateDialogParamW
SystemParametersInfoW
GetScrollInfo
SetScrollInfo
IsDialogMessageW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetWindow
SetParent
SetWindowLongW
PtInRect
ChildWindowFromPointEx
WindowFromPoint
MapWindowPoints
ScreenToClient
DdeQueryStringW
GetCursorPos
SetCursorPos
GetClientRect
DefMDIChildProcW
DefFrameProcW
AdjustWindowRectEx
EnableScrollBar
ScrollWindow
RedrawWindow
InvalidateRect
GetUpdateRgn
UpdateWindow
GetMenuItemInfoW
TrackPopupMenu
GetMenuItemCount
EnableWindow
ReleaseCapture
IsClipboardFormatAvailable
GetPropW
ChangeDisplaySettingsExW
EnumDisplaySettingsW
MonitorFromPoint
MonitorFromRect
EnumDisplayMonitors
wsprintfW
DdeInitializeW
DdeUninitialize
DdeConnect
DdeDisconnect
DdePostAdvise
DdeNameService
DdeClientTransaction
DdeCreateDataHandle
DdeGetData
SetCapture
GetCapture
MapVirtualKeyW
VkKeyScanW
GetAsyncKeyState
GetFocus
GetActiveWindow
SetFocus
IsWindowVisible
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPos
MoveWindow
AnimateWindow
ShowWindow
IsWindow
CallWindowProcW
DdeFreeStringHandle
PostQuitMessage
DefWindowProcW
GetMessageTime
GetMessagePos
UnregisterHotKey
RegisterHotKey
PeekMessageW
DispatchMessageW
TranslateMessage
CreateIconIndirect
DestroyCursor
GetIconInfo
LoadImageW
LoadBitmapW
SetWindowTextW
ReleaseDC
GetDC
SetWindowLongPtrW
GetWindowLongPtrW
OffsetRect
InflateRect
CopyRect
SetRectEmpty
SetRect
FillRect
DrawFocusRect
GetSysColor
DrawStateW
TranslateMDISysAccel
MessageBoxA
DdeFreeDataHandle
DdeGetLastError
GetParent
DdeCreateStringHandleW
DrawTextW
IsWindowEnabled
GetWindowRect
SetMenu
PostMessageW
RegisterWindowMessageW
GetWindowLongW
EndPaint
BeginPaint
DestroyWindow
CreateWindowExW
SendMessageW
LoadIconW
LoadCursorW
GetProcessDefaultLayout
MessageBoxW
GetKeyState
UnregisterClassW
KillTimer
SetTimer
MsgWaitForMultipleObjects
ClientToScreen
RegisterClassW
DestroyIcon
SetCursor
GetSystemMetrics
SetMenuItemInfoW
GetSubMenu
UpdateLayeredWindow

gdi32

GdiFlush
ExtCreateRegion
GetRegionData
OffsetRgn
GetBkColor
LineTo
MoveToEx
ExtTextOutW
GetStockObject
CreateHatchBrush
CreatePatternBrush
CreatePen
ExtCreatePen
Arc
Ellipse
ExtFloodFill
GetClipBox
GetObjectType
GetPixel
MaskBlt
Pie
PolyPolygon
Rectangle
RoundRect
SelectClipRgn
ExtSelectClipRgn
SetGraphicsMode
SetMapMode
SetLayout
GetLayout
SetPixel
SetPolyFillMode
StretchDIBits
SetROP2
GetWorldTransform
SetWorldTransform
ModifyWorldTransform
CreatePolygonRgn
DPtoLP
LPtoDP
Polygon
SetBrushOrgEx
PolyBezier
SetViewportExtEx
SetWindowExtEx
SetWindowOrgEx
GetTextExtentPoint32W
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetCharABCWidthsW
GetTextExtentExPointW
CombineRgn
CreateRectRgnIndirect
RectInRegion
EqualRgn
GetRgnBox
PtInRegion
CreateDIBitmap
GetDIBits
CreateDIBSection
GetDIBColorTable
SetDIBColorTable
CreateICW
SetAbortProc
CreateDCW
StartDocW
EndDoc
StartPage
EndPage
EnumFontFamiliesExW
GetSystemPaletteEntries
CloseEnhMetaFile
CreateEnhMetaFileW
DeleteEnhMetaFile
GetEnhMetaFileW
GetEnhMetaFileHeader
PlayEnhMetaFile
SelectPalette
RealizePalette
ExcludeClipRect
CreateRectRgn
CreateCompatibleBitmap
CreateBitmapIndirect
CreateBitmap
SetStretchBltMode
BitBlt
StretchBlt
DeleteDC
CreateCompatibleDC
GetObjectW
GetTextMetricsW
SelectObject
GetOutlineTextMetricsW
GetDeviceCaps
CreateFontIndirectW
SetTextColor
SetBkMode
SetBkColor
GetWindowExtEx
GetViewportExtEx
GetGraphicsMode
DeleteObject
Polyline
CreateSolidBrush

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter
GetPrinterW

comdlg32

GetSaveFileNameW
GetOpenFileNameW
PageSetupDlgW
PrintDlgExW
PrintDlgW
CommDlgExtendedError
ChooseFontW
ChooseColorW

shell32

ord6
ExtractIconExW
DragQueryFileW
DragQueryPoint
SHGetFolderPathW
CommandLineToArgvW
SHCreateItemFromParsingName
ExtractIconW
SHGetStockIconInfo
SHGetFileInfoW
Shell_NotifyIconW
ShellExecuteExW
DragAcceptFiles
DragFinish

ole32

DoDragDrop
CoInitializeEx
CoTaskMemAlloc
RevokeDragDrop
OleGetClipboard
CoCreateInstance
CoLockObjectExternal
ReleaseStgMedium
OleUninitialize
OleInitialize
OleSetClipboard
OleFlushClipboard
OleIsCurrentClipboard
RegisterDragDrop
CoUninitialize
CoTaskMemFree

oleacc

LresultFromObject

uxtheme

CloseThemeData
IsThemeBackgroundPartiallyTransparent
GetThemeMargins
DrawThemeParentBackground
GetThemeBackgroundContentRect
GetThemePartSize
GetCurrentThemeName
GetThemeBackgroundExtent
IsThemePartDefined
GetThemeTextExtent
GetThemeFont
IsAppThemed
IsThemeActive
GetThemeColor
DrawThemeBackground
OpenThemeData
DrawThemeTextEx
SetWindowTheme
GetThemeSysFont
GetThemeSysColor
GetThemeInt

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

msimg32

GradientFill
AlphaBlend

shlwapi

PathMatchSpecW
SHAutoComplete

comctl32

ord16
ImageList_GetImageInfo
ImageList_GetIconSize
ImageList_GetIcon
ImageList_Remove
ImageList_AddMasked
ImageList_Replace
ImageList_Draw
ImageList_SetBkColor
ImageList_Add
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create
ord413
ord412
ord410
ord17

rpcrt4

UuidToStringW
RpcStringFreeW

Sections

.text
Size: 5.6MB - Virtual size: 5.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 107KB - Virtual size: 446KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 222KB - Virtual size: 222KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 113KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

92ad1eef9d9db8bbe25d3fde9a911af8

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0b:49:4d:7d:f0:20:97:10:7b:90:65:02:51:33:fe:92Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

1c:02:a9:e1:d1:ee:d5:df:80:b2:89:63:10:f5:a9:df:83:bb:a2:bd:2d:14:f3:1f:d7:90:67:4d:6e:e6:c3:90Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

user32

gdi32

winspool.drv

comdlg32

shell32

ole32

oleacc

uxtheme

version

msimg32

shlwapi

comctl32

rpcrt4

Sections

.text Size: 5.6MB - Virtual size: 5.6MB

.rdata Size: 2.3MB - Virtual size: 2.3MB

.data Size: 107KB - Virtual size: 446KB

.pdata Size: 222KB - Virtual size: 222KB

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 1.1MB - Virtual size: 1.1MB

.reloc Size: 113KB - Virtual size: 113KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0b:49:4d:7d:f0:20:97:10:7b:90:65:02:51:33:fe:92
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

1c:02:a9:e1:d1:ee:d5:df:80:b2:89:63:10:f5:a9:df:83:bb:a2:bd:2d:14:f3:1f:d7:90:67:4d:6e:e6:c3:90
Signer

.text
Size: 5.6MB - Virtual size: 5.6MB

.rdata
Size: 2.3MB - Virtual size: 2.3MB

.data
Size: 107KB - Virtual size: 446KB

.pdata
Size: 222KB - Virtual size: 222KB

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

.reloc
Size: 113KB - Virtual size: 113KB