logioptionsplus_installer[.]exe

Resubmissions

25-04-2024 07:19

240425-h5msvsgg8z 8

25-04-2024 07:13

240425-h18jrsgf89 6

Sharing

Copy URL

Twitter E-mail

General

Target

logioptionsplus_installer.exe
Size

29.4MB
MD5

1052827b60890d7cb9b45d4842c9efd2
SHA1

06545f95abefd335810a6ee7784789de08350714
SHA256

ea539312b9e016690fdf97b1fdd3b422dc88161977d5d008a60a75163c6737aa
SHA512

4dfdf34dbdffa596e36d1cddfbc12c3b1406b8cce272078774bae6da0a788d8434c637b9ff8c827ddc1dcc1ac1f24a7df48cffee30250b9ad2a1cdf6773f86e8
SSDEEP

393216:kdnsqS5Gwb6+lptVYmfr7yBG/4oyFN/YuuccKU9oxcS23oxN2bz5frx1CmDfa+U2:kdn+5GU6upttD7yBG/PcXU9g52iN2hv

Score

1^/10

Malware Config

Signatures

Files

logioptionsplus_installer.exe
.exe windows:6 windows x64 arch:x64

705bb6db2b9629157c26706af792d667

Code Sign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

31-05-2021 06:43

Not After

17-09-2029 06:43

Subject

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

09:c5:cc:f8:bb:66:7d:71:37:aa:c1:59:80:06:cb:31
Certificate

Issuer

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

02-11-2023 08:32

Not After

30-10-2034 08:32

Subject

CN=Certum Timestamp 2023,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19-05-2021 05:32

Not After

18-05-2036 05:32

Subject

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:60:c5:35:4d:86:1d:ed:2f:31:76:45:dc:3f:ab:ca
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

21-09-2021 00:00

Not After

12-09-2024 23:59

Subject

CN=Logitech Inc,O=Logitech Inc,L=Newark,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

81:a6:70:ac:1c:9f:1a:15:a8:58:c8:f9:2a:7f:49:37:6b:23:fc:2d:4f:54:d4:3a:95:2b:51:8a:7e:c8:ee:c0
Signer

Actual PE Digest

81:a6:70:ac:1c:9f:1a:15:a8:58:c8:f9:2a:7f:49:37:6b:23:fc:2d:4f:54:d4:3a:95:2b:51:8a:7e:c8:ee:c0

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

comctl32

InitCommonControlsEx

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-errorhandling-l1-1-0

RaiseException
GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx
CreateEventW
WaitForSingleObject
DeleteCriticalSection
WaitForSingleObjectEx
ResetEvent
SetEvent
EnterCriticalSection

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-shcore-obsolete-l1-1-0

CommandLineToArgvW

api-ms-win-core-file-l1-1-0

DeleteFileW
WriteFile
GetFileAttributesExW
SetEndOfFile
FindFirstFileW
CreateDirectoryW
CreateFileW
GetFileType
SetFileInformationByHandle
ReadFile
FindNextFileW
FindFirstFileExW
FindClose
FlushFileBuffers
SetFilePointerEx
GetFileSizeEx

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-processthreads-l1-1-0

CreateProcessW
GetCurrentProcessId
TlsFree
GetStartupInfoW
ExitProcess
TerminateProcess
GetCurrentProcess
TlsSetValue
TlsGetValue
TlsAlloc
GetCurrentThreadId
GetExitCodeProcess

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetSystemTimeAsFileTime

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameW
LoadResource
GetModuleHandleExW
FreeResource
GetModuleHandleW
FreeLibrary
SizeofResource
LockResource
GetProcAddress
LoadLibraryExW

api-ms-win-core-libraryloader-l1-2-1

FindResourceW

api-ms-win-core-localization-l1-2-0

EnumSystemLocalesW
GetCPInfo
GetOEMCP
LCMapStringEx
GetACP
IsValidCodePage
GetUserPreferredUILanguages
GetLocaleInfoEx
GetLocaleInfoW
GetUserDefaultLCID
FormatMessageA
LCMapStringW
IsValidLocale

api-ms-win-core-rtlsupport-l1-1-0

RtlUnwindEx
RtlPcToFileHeader
RtlUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-console-l1-1-0

ReadConsoleW
GetConsoleMode
WriteConsoleW
GetConsoleOutputCP

api-ms-win-core-heap-l1-1-0

HeapFree
HeapSize
HeapAlloc
GetProcessHeap
HeapReAlloc

api-ms-win-core-fibers-l1-1-0

FlsAlloc
FlsGetValue
FlsFree
FlsSetValue

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW
CompareStringEx

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

user32

GetMessageW
TranslateMessage
DispatchMessageW
SendMessageW
IsDialogMessageW
PostQuitMessage
IsWindow
DestroyWindow
ShowWindow
CreateDialogParamW
SetDlgItemTextW
SetWindowLongPtrW
GetDlgCtrlID
SetWindowTextW
GetWindowLongPtrW

gdi32

SetBkColor
GetStockObject

api-ms-win-core-file-l1-2-2

AreFileApisANSI

api-ms-win-core-file-l2-1-0

GetFileInformationByHandleEx

Sections

.text
Size: 318KB - Virtual size: 317KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 113KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

SHARED
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 28.9MB - Virtual size: 28.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

705bb6db2b9629157c26706af792d667

Code Sign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27Certificate

Key Usages

09:c5:cc:f8:bb:66:7d:71:37:aa:c1:59:80:06:cb:31Certificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87Certificate

Extended Key Usages

Key Usages

01:60:c5:35:4d:86:1d:ed:2f:31:76:45:dc:3f:ab:caCertificate

Extended Key Usages

Key Usages

81:a6:70:ac:1c:9f:1a:15:a8:58:c8:f9:2a:7f:49:37:6b:23:fc:2d:4f:54:d4:3a:95:2b:51:8a:7e:c8:ee:c0Signer

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-shcore-obsolete-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-file-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-localization-l1-2-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-console-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-fibers-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-profile-l1-1-0

user32

gdi32

api-ms-win-core-file-l1-2-2

api-ms-win-core-file-l2-1-0

Sections

.text Size: 318KB - Virtual size: 317KB

.rdata Size: 113KB - Virtual size: 112KB

.data Size: 9KB - Virtual size: 15KB

.pdata Size: 17KB - Virtual size: 17KB

SHARED Size: 512B - Virtual size: 4B

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 28.9MB - Virtual size: 28.9MB

.reloc Size: 3KB - Virtual size: 3KB

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

09:c5:cc:f8:bb:66:7d:71:37:aa:c1:59:80:06:cb:31
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

01:60:c5:35:4d:86:1d:ed:2f:31:76:45:dc:3f:ab:ca
Certificate

81:a6:70:ac:1c:9f:1a:15:a8:58:c8:f9:2a:7f:49:37:6b:23:fc:2d:4f:54:d4:3a:95:2b:51:8a:7e:c8:ee:c0
Signer

.text
Size: 318KB - Virtual size: 317KB

.rdata
Size: 113KB - Virtual size: 112KB

.data
Size: 9KB - Virtual size: 15KB

.pdata
Size: 17KB - Virtual size: 17KB

SHARED
Size: 512B - Virtual size: 4B

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 28.9MB - Virtual size: 28.9MB

.reloc
Size: 3KB - Virtual size: 3KB