LeapFrogConnectSetup_LeapReader[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

LeapFrogConnectSetup_LeapReader.exe
Size

14.6MB
MD5

d085338c0b3375151ee79b8d3a42c4e8
SHA1

6507a93814664451d8d95be5617153cc02265083
SHA256

c257fd83d9ce74f7fb9f309614c7d4a4d82dafbfe9ee6b231e060b3c0df5779d
SHA512

f18b0246121cc4219ed4c99c64ae28c7d37c03f68ba2d857d3a7eb64ee424007813c6229d28022e49899062dbd1bdceffd48349f232a1f270c807f9a6a0780c2
SSDEEP

196608:+J1nGv+1QfrKfF4w+toyodNJsv6tWKFdu9Cnjt7G9:00BG+CxdNJsv6tWKFdu9CnJK9

Score

1^/10

Malware Config

Signatures

Files

LeapFrogConnectSetup_LeapReader.exe
.exe windows:6 windows x86 arch:x86

6c3121bf3f86c9941d536e0a7ff6be0c

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

02:09:3f:59:5d:a3:38:d2:2c:1c:ad:c4:10:88:2b:ad
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

26/01/2022, 00:00

Not After

24/01/2025, 23:59

Subject

SERIALNUMBER=C1765329,CN=LeapFrog Enterprises\, Inc.,OU=IT,O=LeapFrog Enterprises\, Inc.,L=Emeryville,ST=California,C=US,1.3.6.1.4.1.311.60.2.1.2=#130a43616c69666f726e6961,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2f:74:3d:a6:0d:89:f0:55:9b:80:bf:e9:a2:2d:6c:9e:ac:8b:96:07
Signer

Actual PE Digest

2f:74:3d:a6:0d:89:f0:55:9b:80:bf:e9:a2:2d:6c:9e:ac:8b:96:07

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSARecv
WSANtohs
WSANtohl
WSAIoctl
WSAHtonl
WSAConnect
WSAAccept
setsockopt
select
WSASend
htons
getsockname
getpeername
closesocket
bind
__WSAFDIsSet
getsockopt
getnameinfo
freeaddrinfo
getaddrinfo
WSAGetLastError
ntohl
htonl
WSAStartup
WSACleanup
WSAAsyncSelect
WSASendTo
WSARecvFrom
WSASocketW
listen
WSASetLastError
shutdown
send
recv
gethostname

winmm

timeSetEvent
PlaySoundW
timeKillEvent

userenv

CreateEnvironmentBlock
GetUserProfileDirectoryW

netapi32

NetApiBufferFree
NetShareEnum

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

dwmapi

DwmEnableBlurBehindWindow
DwmIsCompositionEnabled

kernel32

OpenProcess
LoadLibraryA
ReadFileEx
PeekNamedPipe
CancelIoEx
SleepEx
WriteFileEx
GetSystemDirectoryW
GetTimeZoneInformation
GetGeoInfoW
GetUserGeoID
DisconnectNamedPipe
WaitNamedPipeW
GetOverlappedResult
ExpandEnvironmentStringsW
CheckRemoteDebuggerPresent
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalSize
VirtualAlloc
VirtualFree
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
ExitProcess
GetUserDefaultLangID
LocalAlloc
FindFirstFileExW
GetCommandLineA
LoadLibraryExW
GetCurrencyFormatW
RtlUnwind
InitializeSListHead
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsProcessorFeaturePresent
EncodePointer
GetTickCount
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
SetLastError
Process32FirstW
CreateToolhelp32Snapshot
WTSGetActiveConsoleSessionId
GlobalMemoryStatusEx
GetDiskFreeSpaceExW
GetProcessHeap
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
HeapSize
InitializeCriticalSectionEx
HeapFree
FindNextFileW
FindNextChangeNotification
FindFirstChangeNotificationW
FindCloseChangeNotification
WideCharToMultiByte
MultiByteToWideChar
ExitThread
SetFileAttributesW
SetStdHandle
SetEnvironmentVariableW
IsValidLocale
EnumSystemLocalesW
SetConsoleCtrlHandler
IsValidCodePage
GetACP
GetUserPreferredUILanguages
GetLocaleInfoW
GetTimeFormatW
GetDateFormatW
RegisterWaitForSingleObject
UnregisterWaitEx
CreateProcessW
GetExitCodeProcess
CreateNamedPipeW
GetOEMCP
GetCPInfo
GetStringTypeW
WriteConsoleW
GlobalFree
SetHandleInformation
ConnectNamedPipe
SetFilePointer
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetStdHandle
LoadLibraryW
GetModuleHandleExW
FreeLibrary
GetProcAddress
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
WriteFile
SetFilePointerEx
SetEndOfFile
ReadFile
GetFileType
FlushFileBuffers
GetModuleFileNameW
GetStartupInfoW
FormatMessageW
GetFileInformationByHandleEx
GetModuleHandleA
GlobalMemoryStatus
FlushConsoleInputBuffer
SystemTimeToFileTime
FileTimeToSystemTime
TzSpecificLocalTimeToSystemTime
GetConsoleCP
MoveFileExW
MoveFileW
CopyFileW
DeviceIoControl
SetErrorMode
GetVolumePathNamesForVolumeNameW
GetTempPathW
SetFileTime
RemoveDirectoryW
GetLogicalDrives
GetFullPathNameW
GetFileInformationByHandle
GetFileAttributesW
FindFirstFileW
FindClose
DeleteFileW
CreateDirectoryW
GetCurrentDirectoryW
SetCurrentDirectoryW
GetFileAttributesExW
CreateFileW
ResetEvent
LCMapStringW
GetTickCount64
QueryPerformanceFrequency
QueryPerformanceCounter
WaitForSingleObjectEx
GetLocalTime
GetSystemTime
GetSystemInfo
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
ResumeThread
TerminateThread
GetThreadPriority
SetThreadPriority
GetCurrentThreadId
GetCurrentThread
CreateThread
SwitchToThread
GetCurrentProcess
CreateEventW
SetEvent
DuplicateHandle
GetConsoleWindow
OutputDebugStringW
LocalFree
GetCommandLineW
GetUserDefaultLCID
CompareStringW
GetDriveTypeW
GetLongPathNameW
GetVolumeInformationW
GetModuleHandleW
GetCurrentProcessId
WaitForMultipleObjects
Sleep
OpenMutexW
CreateMutexW
WaitForSingleObject
ReleaseMutex
GetLastError
CloseHandle
GetVersionExW
FreeLibraryAndExitThread
GetConsoleMode
ReadConsoleW
SetConsoleMode
ReadConsoleInputW
SystemTimeToTzSpecificLocalTime

user32

IsHungAppWindow
LoadIconW
EnumDisplayMonitors
GetMonitorInfoW
MonitorFromWindow
SetMenuItemInfoW
GetMenuItemInfoW
TrackPopupMenu
ChangeClipboardChain
RegisterClipboardFormatW
GetKeyboardLayout
RegisterWindowMessageW
CreateCaret
DestroyCaret
HideCaret
SetCaretPos
IsZoomed
GetKeyState
GetKeyboardState
ToAscii
ToUnicode
MapVirtualKeyW
SetClipboardViewer
RemoveMenu
ModifyMenuW
InsertMenuW
DestroyMenu
CreatePopupMenu
MessageBoxA
GetUserObjectInformationW
GetProcessWindowStation
CreateMenu
DrawMenuBar
SetMenu
LoadImageW
GetSysColorBrush
ChildWindowFromPointEx
GetCursorPos
GetClientRect
GetFocus
RegisterClassExW
GetClassInfoW
GetKeyboardLayoutList
GetAncestor
NotifyWinEvent
SetCursorPos
GetCursor
LoadCursorW
CreateCursor
CreateIconIndirect
GetIconInfo
GetMenu
GetCursorInfo
ChangeWindowMessageFilterEx
GetClipboardFormatNameW
TrackMouseEvent
GetMessageExtraInfo
TrackPopupMenuEx
DestroyCursor
SetParent
GetParent
ScreenToClient
ClientToScreen
SetCursor
AdjustWindowRectEx
GetWindowRect
SetWindowTextW
InvalidateRect
SetWindowRgn
DrawIconEx
LoadStringW
FindWindowW
GetUpdateRect
EndPaint
BeginPaint
SetForegroundWindow
GetForegroundWindow
ReleaseCapture
SetCapture
GetCapture
SetFocus
IsIconic
IsWindowVisible
SetWindowPlacement
GetWindowPlacement
SetWindowPos
MoveWindow
FlashWindowEx
SetLayeredWindowAttributes
UpdateLayeredWindow
ShowWindow
IsChild
AttachThreadInput
SendMessageW
UpdateLayeredWindowIndirect
GetDesktopWindow
GetCaretBlinkTime
MessageBeep
IsWindow
GetDoubleClickTime
MessageBoxW
UnregisterDeviceNotification
RegisterDeviceNotificationW
CharNextExA
GetWindowThreadProcessId
EnumWindows
PostThreadMessageW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
SetWindowLongW
GetWindowLongW
KillTimer
SetTimer
MsgWaitForMultipleObjectsEx
GetQueueStatus
DestroyWindow
CreateWindowExW
UnregisterClassW
RegisterClassW
DefWindowProcW
PostMessageW
PeekMessageW
DispatchMessageW
TranslateMessage
SystemParametersInfoW
GetSysColor
GetSystemMetrics
EnableMenuItem
GetSystemMenu
ReleaseDC
GetDC
GetAsyncKeyState
GetWindowTextW
RealGetWindowClassW
DestroyIcon
AppendMenuW

gdi32

SelectClipRgn
GetDeviceCaps
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCW
DeleteDC
SelectObject
ChoosePixelFormat
DescribePixelFormat
GetPixelFormat
DeleteObject
SwapBuffers
GetBitmapBits
GetObjectW
CreateFontIndirectW
EnumFontFamiliesExW
GetFontData
CreateRectRgn
GetStockObject
AddFontResourceExW
RemoveFontResourceExW
AddFontMemResourceEx
OffsetRgn
CombineRgn
BitBlt
GetCharABCWidthsI
SetBkMode
SetGraphicsMode
SetTextColor
SetTextAlign
SetWorldTransform
SetPixelFormat
ExtTextOutW
RemoveFontMemResourceEx
GetTextMetricsW
GetTextFaceW
CreateDIBSection
GdiFlush
GetCharABCWidthsW
GetCharABCWidthsFloatW
GetGlyphOutlineW
GetTextExtentPoint32W
GetDIBits
CreateBitmap
GetOutlineTextMetricsW

advapi32

RegOpenKeyExW
RegOpenKeyExA
RegQueryValueExA
AdjustTokenPrivileges
DuplicateTokenEx
SetTokenInformation
LookupPrivilegeValueW
CryptEnumProvidersA
CryptSignHashA
CryptDestroyHash
RegNotifyChangeKeyValue
DeregisterEventSource
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
RegisterEventSourceA
ReportEventA
CryptAcquireContextA
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
InitializeAcl
AddAccessAllowedAce
SystemFunction036
RegSetValueExW
RegQueryValueExW
RegFlushKey
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
BuildTrusteeWithSidW
GetNamedSecurityInfoW
GetEffectiveRightsFromAclW
LookupAccountSidW
MapGenericMask
GetTokenInformation
GetLengthSid
FreeSid
CryptReleaseContext
DuplicateToken
CopySid
AllocateAndInitializeSid
AccessCheck
OpenProcessToken
RegQueryInfoKeyW
RegDeleteValueA
RegCloseKey
RegEnumValueW

shell32

Shell_NotifyIconW
Shell_NotifyIconGetRect
SHGetFolderPathW
SHBrowseForFolderW
SHGetKnownFolderIDList
SHGetPathFromIDListW
SHGetMalloc
SHCreateItemFromParsingName
SHCreateItemFromIDList
ShellExecuteW
ord727
SHGetStockIconInfo
SHGetFileInfoW
SHGetKnownFolderPath
CommandLineToArgvW

ole32

CoCreateInstance
CoTaskMemFree
CoUninitialize
CoInitialize
CoCreateGuid
StringFromGUID2
CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
OleInitialize
OleUninitialize
CoInitializeEx
OleSetClipboard
OleGetClipboard
OleFlushClipboard
OleIsCurrentClipboard
ReleaseStgMedium
CoGetMalloc
CoTaskMemAlloc
DoDragDrop

oleaut32

SystemTimeToVariantTime
VariantChangeType
VariantInit
SysStringLen
SysFreeString
SysAllocStringLen
SysAllocString

imm32

ImmGetContext
ImmReleaseContext
ImmAssociateContext
ImmGetCompositionStringW
ImmNotifyIME
ImmSetCompositionWindow
ImmSetCandidateWindow
ImmGetVirtualKey
ImmGetDefaultIMEWnd

wtsapi32

WTSQueryUserToken

msi

ord141
ord137
ord88

iphlpapi

GetAdaptersAddresses
ConvertInterfaceNameToLuidW
ConvertInterfaceLuidToNameW
ConvertInterfaceLuidToIndex
ConvertInterfaceIndexToLuid

crypt32

CertGetCertificateChain
CertFreeCertificateChain
CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertGetCertificateContextProperty
CertCreateCertificateContext
CertFreeCertificateContext

Sections

.text
Size: 8.1MB - Virtual size: 8.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5.5MB - Virtual size: 5.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 140KB - Virtual size: 211KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qtmetad
Size: 512B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 292B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 513KB - Virtual size: 513KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 300KB - Virtual size: 300KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6c3121bf3f86c9941d536e0a7ff6be0c

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

02:09:3f:59:5d:a3:38:d2:2c:1c:ad:c4:10:88:2b:adCertificate

Extended Key Usages

Key Usages

2f:74:3d:a6:0d:89:f0:55:9b:80:bf:e9:a2:2d:6c:9e:ac:8b:96:07Signer

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

winmm

userenv

netapi32

version

dwmapi

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

imm32

wtsapi32

msi

iphlpapi

crypt32

Sections

.text Size: 8.1MB - Virtual size: 8.1MB

.rdata Size: 5.5MB - Virtual size: 5.5MB

.data Size: 140KB - Virtual size: 211KB

.qtmetad Size: 512B - Virtual size: 272B

_RDATA Size: 512B - Virtual size: 292B

.rsrc Size: 513KB - Virtual size: 513KB

.reloc Size: 300KB - Virtual size: 300KB

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

02:09:3f:59:5d:a3:38:d2:2c:1c:ad:c4:10:88:2b:ad
Certificate

2f:74:3d:a6:0d:89:f0:55:9b:80:bf:e9:a2:2d:6c:9e:ac:8b:96:07
Signer

.text
Size: 8.1MB - Virtual size: 8.1MB

.rdata
Size: 5.5MB - Virtual size: 5.5MB

.data
Size: 140KB - Virtual size: 211KB

.qtmetad
Size: 512B - Virtual size: 272B

_RDATA
Size: 512B - Virtual size: 292B

.rsrc
Size: 513KB - Virtual size: 513KB

.reloc
Size: 300KB - Virtual size: 300KB