test[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

test.exe
Size

391KB
MD5

ebd0e35ecce5c00d31c641690fc77d10
SHA1

2f34ac0d21ca46c555dd62166bb709c750ff7fdf
SHA256

002ce0d28ec990aadbbc89df457189de37d8adaadc9c084b78eb7be9a9820c81
SHA512

5a61d01533c905512a139a9dc5c90294f89fbaf8618185ef1dbf09482b1beafe25b1d80627c53e94d2f62b28669f345659505ec26e5ac0896e399663a0539297
SSDEEP

6144:fIddkHcc6C4OFfkpSjrwvros+8cRO/OSG/6CZUBkTRF83HYdUHNHVeGrS42SKp1g:ckz6C4OvjaoI8O2vReeDG+4ap1cz

Score

1^/10

Malware Config

Signatures

Files

test.exe
.exe windows:6 windows x64 arch:x64

ceaf3bf3cf5af1986b33f8d3ae5bd94f

Code Sign

61:19:cc:93:00:01:00:00:00:66
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

10-10-2011 20:32

Not After

10-01-2013 20:32

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:05:13:36:00:00:00:00:00:1a
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25-07-2011 20:42

Not After

25-10-2012 20:42

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:159C-A3F7-2570,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:08:e2:79:fa:0d:25:58:45:ea:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07-07-2012 00:14

Not After

07-10-2013 00:14

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d6:24:1e:26:15:2c:c1:26:93:fd:36:59:ce:c1:db:a5:d2:c0:67:7a:0b:ff:64:59:e1:8a:22:7f:aa:14:8e:72
Signer

Actual PE Digest

d6:24:1e:26:15:2c:c1:26:93:fd:36:59:ce:c1:db:a5:d2:c0:67:7a:0b:ff:64:59:e1:8a:22:7f:aa:14:8e:72

Digest Algorithm

sha256

PE Digest Matches

true

60:bb:bf:62:91:a9:6e:9b:19:c9:49:30:22:33:ba:bb:b4:f6:4d:9b
Signer

Actual PE Digest

60:bb:bf:62:91:a9:6e:9b:19:c9:49:30:22:33:ba:bb:b4:f6:4d:9b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

VSPerfCmd.pdb

Imports

advapi32

GetAclInformation
GetAce
GetSecurityDescriptorDacl
RegQueryValueExA
RegOpenKeyExA
GetSecurityInfo
IsValidSid
RegCloseKey
GetExplicitEntriesFromAclA
GetNamedSecurityInfoW
ConvertStringSecurityDescriptorToSecurityDescriptorW
IsValidSecurityDescriptor
GetSecurityDescriptorGroup
RegSetValueExW
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
GetSecurityDescriptorOwner
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
RegCreateKeyExW
MapGenericMask
SetSecurityDescriptorGroup
RegQueryValueExW
RegOpenKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueA
GetTokenInformation
OpenProcessToken
GetTraceEnableLevel
RegisterTraceGuidsA
TraceEvent
GetTraceLoggerHandle
GetTraceEnableFlags
IsTextUnicode
MakeSelfRelativeSD
GetSidLengthRequired
SetSecurityInfo
MakeAbsoluteSD
LookupAccountSidW
GetSecurityDescriptorLength
SetNamedSecurityInfoW
SetSecurityDescriptorDacl
LookupAccountNameW
GetSecurityDescriptorControl
GetSidSubAuthorityCount
SetEntriesInAclA
GetSidSubAuthority
IsValidAcl
GetSidIdentifierAuthority
ControlService
QueryServiceConfigA
OpenSCManagerA
QueryServiceStatus
ChangeServiceConfigA
StartServiceA
OpenServiceW
DeleteService
CloseServiceHandle
CreateServiceW

kernel32

SetThreadPriority
TerminateThread
VirtualAllocEx
CreateRemoteThread
Module32NextW
CreateToolhelp32Snapshot
Process32NextW
Module32FirstW
OpenThread
Process32FirstW
Thread32Next
GetExitCodeProcess
ReadProcessMemory
Thread32First
CreateFileA
ResumeThread
SuspendThread
CreateMutexW
CreateFileMappingW
CreateEventW
ReleaseMutex
GetVersion
ExpandEnvironmentStringsW
WaitNamedPipeA
SetNamedPipeHandleState
LoadLibraryExA
ReadConsoleW
CreateMutexA
OpenSemaphoreA
CreateSemaphoreA
HeapSetInformation
SetUnhandledExceptionFilter
LocalAlloc
GetProcAddress
SwitchToThread
GetCurrentProcessId
DeviceIoControl
OpenEventA
ProcessIdToSessionId
OpenMutexA
SetLastError
MultiByteToWideChar
CreateFileW
GetModuleFileNameW
Sleep
GetLocaleInfoW
WideCharToMultiByte
OpenProcess
GetTickCount
GetModuleHandleW
GetSystemDefaultLCID
WaitForSingleObject
GetFullPathNameW
CloseHandle
GetModuleHandleA
LockResource
RaiseException
SizeofResource
LoadResource
FindResourceW
FindResourceExW
LocalFree
GetVersionExA
GetLastError
CompareStringW
VirtualFreeEx
GetCommandLineW
EncodePointer
DecodePointer
HeapFree
IsDebuggerPresent
IsProcessorFeaturePresent
GetCurrentThreadId
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetProcessHeap
GetFileType
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
InitOnceExecuteOnce
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount64
GetEnvironmentStringsW
FreeEnvironmentStringsW
RtlUnwindEx
HeapSize
HeapAlloc
RtlPcToFileHeader
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetStringTypeW
HeapReAlloc
EnterCriticalSection
LeaveCriticalSection
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetCurrentProcess
TerminateProcess
FreeLibrary
LoadLibraryExW
OutputDebugStringW
LoadLibraryW
LCMapStringEx
GetConsoleCP
GetConsoleMode
SetFilePointerEx
SetStdHandle
WriteConsoleW
FlushFileBuffers
InitializeCriticalSectionEx
HeapDestroy
FindFirstFileW
InitializeCriticalSection
FindClose
FormatMessageA
FormatMessageW
WriteConsoleA
GetConsoleScreenBufferInfo
GetDriveTypeW
GetFileAttributesW
LoadLibraryA
GetSystemInfo
QueryPerformanceFrequency
GetFileSize
ReadFile
MapViewOfFile
UnmapViewOfFile
VirtualUnlock
VirtualAlloc
CreateFileMappingA
VirtualLock
OpenFileMappingA
PeekNamedPipe
CreatePipe
lstrlenW
SetEvent
CreateEventA
ResetEvent
FindFirstFileA
GetModuleFileNameA
GetUserDefaultUILanguage
CreateProcessW
WaitForMultipleObjects
DuplicateHandle
WriteProcessMemory

vspmsg

SetErrorMessageModule
GetErrorMessageModule

ole32

CoInitializeEx
CoCreateInstance
CLSIDFromString
CoInitialize
CoUninitialize

oleaut32

SysFreeString
SysAllocStringLen
SysAllocString

psapi

GetModuleBaseNameW

setupapi

SetupDiGetClassRegistryPropertyA
SetupDiSetClassRegistryPropertyA

shlwapi

PathAddBackslashW
PathAppendW
SHCreateStreamOnFileW
PathRemoveFileSpecW

pdh

PdhLookupPerfNameByIndexW

xmllite

CreateXmlReader

Sections

.text
Size: 254KB - Virtual size: 253KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ceaf3bf3cf5af1986b33f8d3ae5bd94f

Code Sign

61:19:cc:93:00:01:00:00:00:66Certificate

Extended Key Usages

Key Usages

61:05:13:36:00:00:00:00:00:1aCertificate

Extended Key Usages

61:33:26:1a:00:00:00:00:00:31Certificate

Key Usages

61:16:68:34:00:00:00:00:00:1cCertificate

Extended Key Usages

Key Usages

33:00:00:00:08:e2:79:fa:0d:25:58:45:ea:00:00:00:00:00:08Certificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

d6:24:1e:26:15:2c:c1:26:93:fd:36:59:ce:c1:db:a5:d2:c0:67:7a:0b:ff:64:59:e1:8a:22:7f:aa:14:8e:72Signer

60:bb:bf:62:91:a9:6e:9b:19:c9:49:30:22:33:ba:bb:b4:f6:4d:9bSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

vspmsg

ole32

oleaut32

psapi

setupapi

shlwapi

pdh

xmllite

Sections

.text Size: 254KB - Virtual size: 253KB

.rdata Size: 92KB - Virtual size: 92KB

.data Size: 10KB - Virtual size: 22KB

.pdata Size: 12KB - Virtual size: 11KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 5KB - Virtual size: 4KB

61:19:cc:93:00:01:00:00:00:66
Certificate

61:05:13:36:00:00:00:00:00:1a
Certificate

61:33:26:1a:00:00:00:00:00:31
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

33:00:00:00:08:e2:79:fa:0d:25:58:45:ea:00:00:00:00:00:08
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

d6:24:1e:26:15:2c:c1:26:93:fd:36:59:ce:c1:db:a5:d2:c0:67:7a:0b:ff:64:59:e1:8a:22:7f:aa:14:8e:72
Signer

60:bb:bf:62:91:a9:6e:9b:19:c9:49:30:22:33:ba:bb:b4:f6:4d:9b
Signer

.text
Size: 254KB - Virtual size: 253KB

.rdata
Size: 92KB - Virtual size: 92KB

.data
Size: 10KB - Virtual size: 22KB

.pdata
Size: 12KB - Virtual size: 11KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 4KB