InstallCharityEngine_7[.]14[.]2_S16-01[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

InstallCharityEngine_7.14.2_S16-01.exe
Size

108.6MB
MD5

8d82aab981db33a652f25f1951eb1bf8
SHA1

88f484430f353879f4ababe64ed8919551ac5b47
SHA256

0f03bbc5a23c73c203f9dcedee184f8ba5842d33e7ec305f3eb244c1ed41765a
SHA512

fce582dee14cbafddf3987e5bf47b7e2c7fa235b71f05aa109f200c1b70d3ee55c2e18523ecfaaa1a243b9b8680a28c60037793bd302203417e2add7c00a6e26
SSDEEP

1572864:pGRcxtt/AIdFKd9/tK8f3l257rcLHTZc5s2m8VYr+FcPuiE9C9so0G/ic5XGczxY:4RcxzA1dRf3lAELHdjR/r/sCqc5XBzkJ

Score

1^/10

Malware Config

Signatures

Files

InstallCharityEngine_7.14.2_S16-01.exe
.exe windows:6 windows x64 arch:x64

013c74198fc6e42dcf33737d6c40c012

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

92:03:b4:d0:f4:36:63:22:ab:55:25:bd:59:3c:ae:f7
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

19/11/2022, 00:00

Not After

18/11/2024, 23:59

Subject

CN=COMPUTATIONAL CHARITY PROJECT INC,O=COMPUTATIONAL CHARITY PROJECT INC,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b6:44:bf:36:4f:ad:9e:cc:e0:d8:2f:b2:7e:97:7f:db:58:15:3e:1b
Signer

Actual PE Digest

b6:44:bf:36:4f:ad:9e:cc:e0:d8:2f:b2:7e:97:7f:db:58:15:3e:1b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

wextract.pdb

Imports

advapi32

OpenProcessToken
GetTokenInformation
RegSetValueExA
EqualSid
RegQueryValueExA
LookupPrivilegeValueA
RegCreateKeyExA
RegOpenKeyExA
RegQueryInfoKeyA
RegDeleteValueA
AllocateAndInitializeSid
FreeSid
AdjustTokenPrivileges
RegCloseKey

kernel32

GetPrivateProfileIntA
GetFileAttributesA
IsDBCSLeadByte
GetSystemDirectoryA
GlobalUnlock
GetShortPathNameA
CreateDirectoryA
FindFirstFileA
GetLastError
GetProcAddress
RemoveDirectoryA
SetFileAttributesA
GlobalFree
FindClose
GetPrivateProfileStringA
LoadLibraryA
LocalAlloc
WritePrivateProfileStringA
GetModuleFileNameA
FindNextFileA
CompareStringA
_lopen
CloseHandle
LocalFree
DeleteFileA
ExitProcess
DosDateTimeToFileTime
CreateFileA
FindResourceA
SetFilePointer
GlobalAlloc
ExpandEnvironmentStringsA
WaitForSingleObject
SetEvent
GetModuleHandleW
FormatMessageA
SetFileTime
WriteFile
GetDriveTypeA
GetVolumeInformationA
TerminateThread
SizeofResource
CreateEventA
GetExitCodeProcess
CreateProcessA
ReadFile
SetCurrentDirectoryA
_llseek
ResetEvent
LockResource
GetSystemInfo
LoadLibraryExA
CreateMutexA
GetCurrentDirectoryA
GetVersionExA
GetVersion
GetTempPathA
CreateThread
LocalFileTimeToFileTime
Sleep
FreeResource
GetWindowsDirectoryA
lstrcmpA
_lclose
GlobalLock
GetCurrentProcess
LoadResource
FreeLibrary
GetStartupInfoW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
OutputDebugStringA
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
EnumResourceLanguagesA
MulDiv
GetDiskFreeSpaceA
GetTempFileNameA

gdi32

GetDeviceCaps

user32

SetForegroundWindow
MsgWaitForMultipleObjects
SendDlgItemMessageA
GetWindowLongPtrA
GetWindowRect
GetDC
MessageBoxA
PeekMessageA
ReleaseDC
GetDlgItem
SetWindowPos
ShowWindow
SetWindowLongPtrA
DispatchMessageA
SetWindowTextA
EnableWindow
CallWindowProcA
DialogBoxIndirectParamA
GetDlgItemTextA
LoadStringA
MessageBeep
CharUpperA
CharNextA
ExitWindowsEx
CharPrevA
EndDialog
GetDesktopWindow
SetDlgItemTextA
SendMessageA
GetSystemMetrics

msvcrt

?terminate@@YAXXZ
_fmode
_acmdln
__C_specific_handler
_initterm
__setusermatherr
_ismbblead
_cexit
memset
memcpy
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
_errno
_vsnprintf
_commode

comctl32

ord17

cabinet

ord22
ord23
ord21
ord20

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 108.6MB - Virtual size: 108.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 516B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

013c74198fc6e42dcf33737d6c40c012

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

92:03:b4:d0:f4:36:63:22:ab:55:25:bd:59:3c:ae:f7Certificate

Extended Key Usages

Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

b6:44:bf:36:4f:ad:9e:cc:e0:d8:2f:b2:7e:97:7f:db:58:15:3e:1bSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

gdi32

user32

msvcrt

comctl32

cabinet

version

Sections

.text Size: 32KB - Virtual size: 31KB

.data Size: 512B - Virtual size: 7KB

.pdata Size: 1KB - Virtual size: 1KB

.idata Size: 5KB - Virtual size: 5KB

.rsrc Size: 108.6MB - Virtual size: 108.6MB

.reloc Size: 1024B - Virtual size: 516B

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

92:03:b4:d0:f4:36:63:22:ab:55:25:bd:59:3c:ae:f7
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

b6:44:bf:36:4f:ad:9e:cc:e0:d8:2f:b2:7e:97:7f:db:58:15:3e:1b
Signer

.text
Size: 32KB - Virtual size: 31KB

.data
Size: 512B - Virtual size: 7KB

.pdata
Size: 1KB - Virtual size: 1KB

.idata
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 108.6MB - Virtual size: 108.6MB

.reloc
Size: 1024B - Virtual size: 516B