3858_invoice[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

3858_invoice.exe
Size

25.8MB
MD5

9b28351713f6b95a04996fee315aa7fd
SHA1

edac4aa27925404263fafdaad6dd375732861ad1
SHA256

39e246d194e4a5ade27a08d4a925dbff009fa8b66963c05f18712c1472e24a81
SHA512

7971eacbb3e56be9803abcd11f9fd3246ba763b16de5d3331e984b040c2c9730a9ba085ed1a7d0ae0d24bd28ed108938284111c8f65d011ee0e62c6c2c4fc624
SSDEEP

393216:M+Jsv6tWKFdu9CRXu3AzmqTL6zemNMg56LLnToMjmmV5BBWCJP0/3uj7XlC4t6no:RfmqG3Q3TTyanWCJM/e9Ch6dv

Score

1^/10

Malware Config

Signatures

Files

3858_invoice.exe
.exe windows:6 windows x86 arch:x86

945643a25ab9bf838bd0527ad772105a

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

08:de:82:42:76:ee:62:da:18:13:fb:db:f1:28:a8:fb
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

10-11-2021 00:00

Not After

06-11-2024 23:59

Subject

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

c4:b5:37:82:52:40:60:1f:a1:65:7f:29:5f:48:c5:54:76:c2:66:90
Signer

Actual PE Digest

c4:b5:37:82:52:40:60:1f:a1:65:7f:29:5f:48:c5:54:76:c2:66:90

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\build.tc\agent\work\464efc35df4c0270\build\RelWithDebInfo\GoToResolveUnattendedUpdater.pdb

Imports

shlwapi

PathIsDirectoryW
PathIsDirectoryEmptyW

wtsapi32

WTSFreeMemory
WTSEnumerateProcessesW

ole32

StgOpenStorage
CoCreateInstance
CoInitialize
CoUninitialize
CoTaskMemFree

kernel32

FindFirstFileW
FindNextFileW
GetCurrentProcess
RemoveDirectoryW
FindClose
Sleep
DeleteFileW
LoadLibraryW
GetProcAddress
MoveFileExW
FreeLibrary
LocalAlloc
GetCurrentProcessId
HeapFree
WaitForSingleObject
GetCurrentThreadId
GetSystemDirectoryW
OpenProcess
HeapAlloc
GetCurrentDirectoryW
GetProcessHeap
IsWow64Process
GetExitCodeProcess
MoveFileExA
GetThreadLocale
LCIDToLocaleName
GetStdHandle
TerminateProcess
K32GetModuleFileNameExW
ProcessIdToSessionId
FlushFileBuffers
GetFileAttributesA
GetDynamicTimeZoneInformation
GetConsoleMode
WriteConsoleA
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
WriteConsoleW
OutputDebugStringW
GetLocalTime
GetFileAttributesW
LockFileEx
SetEndOfFile
UnlockFileEx
GetFileType
RaiseException
SetUnhandledExceptionFilter
SetEvent
SleepEx
CreateEventW
CreateThread
GetExitCodeThread
FlushInstructionCache
GetVersion
VirtualAllocEx
VirtualProtectEx
WriteProcessMemory
WerRegisterRuntimeExceptionModule
GetFileSizeEx
ReadFile
SetFilePointerEx
GetNamedPipeInfo
FindFirstFileExW
GetFileTime
InitializeCriticalSection
DuplicateHandle
GetSystemInfo
VirtualQueryEx
ReadProcessMemory
SetNamedPipeHandleState
TransactNamedPipe
GetVersionExW
WaitNamedPipeW
GetSystemTimeAsFileTime
CompareStringEx
WaitForSingleObjectEx
GetSystemTime
IsProcessorFeaturePresent
GetConsoleWindow
WaitForMultipleObjects
GetCurrentThread
SetThreadPriority
GetThreadPriority
TerminateThread
ResumeThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetErrorMode
GetModuleHandleExW
QueryPerformanceCounter
QueryPerformanceFrequency
GetTickCount64
MultiByteToWideChar
GetDateFormatW
GetTimeFormatW
GetLocaleInfoW
GetCurrencyFormatW
GetUserDefaultLCID
GetUserPreferredUILanguages
GetStartupInfoW
ResetEvent
GetTimeZoneInformation
GetGeoInfoW
GetUserGeoID
GetFileAttributesExW
GetFileInformationByHandle
GetFullPathNameW
GetLogicalDrives
GetLongPathNameW
SetFileTime
GetTempPathW
GetVolumePathNamesForVolumeNameW
DeviceIoControl
CopyFileW
MoveFileW
TzSpecificLocalTimeToSystemTime
FileTimeToSystemTime
SystemTimeToFileTime
GetFileInformationByHandleEx
GetDriveTypeW
UnregisterWaitEx
RegisterWaitForSingleObject
ReleaseMutex
CreateMutexW
VirtualAlloc
VirtualFree
lstrlenW
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
SetConsoleCtrlHandler
SetStdHandle
FreeLibraryAndExitThread
ExitThread
GetCommandLineA
LoadLibraryExW
RtlUnwind
IsDebuggerPresent
InitializeSListHead
UnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCPInfo
DecodePointer
EncodePointer
SetLastError
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetModuleHandleW
MapViewOfFile
CreateFileMappingW
GetFileSize
UnmapViewOfFile
FormatMessageA
VerifyVersionInfoW
lstrcpyW
WideCharToMultiByte
CreateProcessW
VerSetConditionMask
LocalFree
SetCurrentDirectoryW
FindResourceW
LoadResource
CloseHandle
LockResource
lstrcatW
GetLastError
FormatMessageW
FreeResource
CreateFileW
SetFilePointer
GetModuleFileNameW
WriteFile
GetCommandLineW
SizeofResource
CreateDirectoryW
ReadConsoleW
GetConsoleCP
ExitProcess
HeapReAlloc
CompareStringW
LCMapStringW
IsValidLocale
EnumSystemLocalesW
HeapSize
SetEnvironmentVariableW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
TryEnterCriticalSection
SetFileAttributesW
SetFileInformationByHandle
AreFileApisANSI
CreateDirectoryExW
CreateSymbolicLinkW
GetLocaleInfoEx
GetStringTypeW
InitializeSRWLock
ReleaseSRWLockExclusive
CreateEventA
OpenEventA
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableSRW
InitOnceBeginInitialize
InitOnceComplete
CreateNamedPipeW
InitializeCriticalSectionEx
LCMapStringEx

user32

DestroyWindow
FindWindowW
wsprintfW
BringWindowToTop
AttachThreadInput
SetWindowLongW
GetWindowLongW
KillTimer
SetTimer
MsgWaitForMultipleObjectsEx
GetQueueStatus
CreateWindowExW
UnregisterClassW
RegisterClassW
DefWindowProcW
PostMessageW
PeekMessageW
DispatchMessageW
TranslateMessage
CharNextExA
GetWindowThreadProcessId
ShowWindow

shell32

ShellExecuteExW
CommandLineToArgvW
ShellExecuteW

oleaut32

VariantClear

advapi32

FreeSid
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
GetSidSubAuthorityCount
GetSidSubAuthority
RegFlushKey
BuildTrusteeWithSidW
GetEffectiveRightsFromAclW
LookupAccountSidW
MapGenericMask
DuplicateToken
CopySid
AccessCheck
RegEnumKeyExW
SystemFunction036
ConvertStringSecurityDescriptorToSecurityDescriptorW
BuildExplicitAccessWithNameW
BuildSecurityDescriptorW
RegQueryValueExA
RegCloseKey
RegQueryValueExW
RegEnumValueW
RegQueryInfoKeyW
EnumServicesStatusW
RegDeleteTreeA
AllocateAndInitializeSid
SetEntriesInAclW
OpenServiceW
QueryServiceConfigW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
ConvertStringSidToSidW
RegDeleteKeyExA
RegSetValueExW
OpenProcessToken
RegOpenKeyExW
RegDeleteValueW
GetLengthSid
GetTokenInformation
QueryServiceStatus
CloseServiceHandle
OpenSCManagerW
RegDeleteKeyW
ChangeServiceConfig2W
RegCreateKeyExW
DeleteService
ControlService
StartServiceW

userenv

GetUserProfileDirectoryW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

netapi32

NetApiBufferFree
NetShareEnum

ws2_32

WSAAsyncSelect
htonl
WSACleanup
WSAGetLastError
gethostname
WSAStartup

winmm

timeKillEvent
timeSetEvent

iphlpapi

GetAdaptersAddresses
ConvertInterfaceLuidToNameW
ConvertInterfaceIndexToLuid
ConvertInterfaceNameToLuidW

crypt32

CertFindCertificateInStore
CertGetNameStringW
CertOpenStore
CryptProtectData
CertDeleteCertificateFromStore
CertFreeCertificateContext
CertCloseStore

comctl32

ord345

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 107KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qtmetad
Size: 512B - Virtual size: 106B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 21.7MB - Virtual size: 21.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

945643a25ab9bf838bd0527ad772105a

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

08:de:82:42:76:ee:62:da:18:13:fb:db:f1:28:a8:fbCertificate

Extended Key Usages

Key Usages

c4:b5:37:82:52:40:60:1f:a1:65:7f:29:5f:48:c5:54:76:c2:66:90Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

wtsapi32

ole32

kernel32

user32

shell32

oleaut32

advapi32

userenv

version

netapi32

ws2_32

winmm

iphlpapi

crypt32

comctl32

Sections

.text Size: 2.1MB - Virtual size: 2.1MB

.rdata Size: 1.8MB - Virtual size: 1.8MB

.data Size: 107KB - Virtual size: 127KB

.qtmetad Size: 512B - Virtual size: 106B

.rsrc Size: 21.7MB - Virtual size: 21.7MB

.reloc Size: 85KB - Virtual size: 84KB

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

08:de:82:42:76:ee:62:da:18:13:fb:db:f1:28:a8:fb
Certificate

c4:b5:37:82:52:40:60:1f:a1:65:7f:29:5f:48:c5:54:76:c2:66:90
Signer

.text
Size: 2.1MB - Virtual size: 2.1MB

.rdata
Size: 1.8MB - Virtual size: 1.8MB

.data
Size: 107KB - Virtual size: 127KB

.qtmetad
Size: 512B - Virtual size: 106B

.rsrc
Size: 21.7MB - Virtual size: 21.7MB

.reloc
Size: 85KB - Virtual size: 84KB