VolatilityWorkbench[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

VolatilityWorkbench.exe
Size

1.1MB
MD5

f28d211534bec5505028418917b843dd
SHA1

ceee6efd39f40c9132d8bdcc80bac5f615de1cb6
SHA256

1ce5b5a651a2725e37add3660f8cf98f6932597b33ce07321c7204e7df7e2f57
SHA512

e30a8de0b14018cc2ab0d718ebd789ba7967d396e3e2e18528d3d7de827e00b8d069a91764bf13cfc5fd34c9ee6ec55ab0427338ffba3003c1007f4f5a465f53
SSDEEP

24576:wx3todzcHJykgUwtRc7ZwmxbQPdR8LD1cIfNWn+O:zdTkgUWRc7ZwmxbQPdaLeQAJ

Score

1^/10

Malware Config

Signatures

Files

VolatilityWorkbench.exe
.exe windows:6 windows x86 arch:x86

b02c9a40a229986a54cd395f39e792b0

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3a:40:f3:37:08:08:bd:a1:52:08:27:09:0b:fa:05:41
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

08/09/2022, 00:00

Not After

07/09/2025, 23:59

Subject

CN=PassMark Software Pty Ltd,O=PassMark Software Pty Ltd,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

39:cc:90:88:40:8b:fb:24:a0:b5:ae:34:8f:77:38:a8:39:17:0d:ed
Signer

Actual PE Digest

39:cc:90:88:40:8b:fb:24:a0:b5:ae:34:8f:77:38:a8:39:17:0d:ed

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Simon La\Downloads\Source Code V3 1.0.1006\Release\CGIFrontEnd.pdb

Imports

shlwapi

PathFileExistsW

kernel32

FindClose
FindFirstFileW
FindNextFileW
ReadFile
CloseHandle
GetLastError
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetEvent
ResetEvent
WaitForSingleObject
CreateEventW
WaitForMultipleObjects
TerminateProcess
GetModuleFileNameW
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalFree
MultiByteToWideChar
DuplicateHandle
CreatePipe
GetCurrentProcess
CreateProcessW
LocalFree
FormatMessageW
DecodePointer
InitializeCriticalSectionEx
DeleteCriticalSection
GetModuleHandleW
lstrlenW
WideCharToMultiByte
RtlUnwind
CreateFileW
ReadConsoleW
HeapSize
SetStdHandle
GetProcessHeap
SetEnvironmentVariableW
CreateDirectoryW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
GetTimeZoneInformation
SetConsoleCtrlHandler
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetTempPathW
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
SetFilePointerEx
GetFileSizeEx
GetFileType
HeapReAlloc
HeapAlloc
HeapFree
GetCurrentThread
WriteFile
GetStdHandle
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
ResumeThread
ExitThread
CreateThread
LoadLibraryExW
GetProcAddress
FreeLibrary
TlsFree
SetEndOfFile
FreeEnvironmentStringsW
WriteConsoleW
RaiseException
OutputDebugStringW
TlsSetValue
TlsGetValue
InitializeSListHead
TlsAlloc
InitializeCriticalSectionAndSpinCount
SetLastError
InterlockedFlushSList
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
FormatMessageA
GetStringTypeW
GetLocaleInfoEx
EncodePointer
LCMapStringEx
CompareStringEx
InterlockedPushEntrySList

user32

GetMessageW
TranslateMessage
DispatchMessageW
SendMessageW
PostMessageW
PostQuitMessage
SetWindowLongW
GetWindowLongW
CopyRect
SetRectEmpty
CreateWindowExW
GetClassInfoW
UnregisterClassW
RegisterClassW
DefWindowProcW
IsDialogMessageW
LoadIconW
LoadCursorW
GetWindowThreadProcessId
EnumWindows
SetClassLongW
ScreenToClient
MessageBoxW
GetWindowRect
GetClientRect
GetWindowTextW
SetWindowTextW
InvalidateRect
GetSystemMetrics
EnableWindow
SetTimer
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
SendDlgItemMessageW
IsDlgButtonChecked
SetDlgItemTextW
GetDlgItem
EndDialog
DialogBoxParamW
CreateDialogParamW
SetWindowPos
MoveWindow
ShowWindow
DestroyWindow

comdlg32

GetOpenFileNameW
GetSaveFileNameW

shell32

SHGetFolderPathW

ole32

CoCreateInstance
CoTaskMemAlloc
OleInitialize
OleUninitialize
CLSIDFromString
CreateStreamOnHGlobal

oleaut32

VariantInit
SafeArrayCreateVector
SafeArrayPutElement
VariantClear
SafeArrayAccessData
SafeArrayDestroy
SafeArrayCreate
SysAllocString
SafeArrayUnaccessData

Sections

.text
Size: 603KB - Virtual size: 602KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 38KB - Virtual size: 467KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 361KB - Virtual size: 360KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b02c9a40a229986a54cd395f39e792b0

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

3a:40:f3:37:08:08:bd:a1:52:08:27:09:0b:fa:05:41Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

39:cc:90:88:40:8b:fb:24:a0:b5:ae:34:8f:77:38:a8:39:17:0d:edSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

kernel32

user32

comdlg32

shell32

ole32

oleaut32

Sections

.text Size: 603KB - Virtual size: 602KB

.rdata Size: 112KB - Virtual size: 111KB

.data Size: 38KB - Virtual size: 467KB

.rsrc Size: 361KB - Virtual size: 360KB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

3a:40:f3:37:08:08:bd:a1:52:08:27:09:0b:fa:05:41
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

39:cc:90:88:40:8b:fb:24:a0:b5:ae:34:8f:77:38:a8:39:17:0d:ed
Signer

.text
Size: 603KB - Virtual size: 602KB

.rdata
Size: 112KB - Virtual size: 111KB

.data
Size: 38KB - Virtual size: 467KB

.rsrc
Size: 361KB - Virtual size: 360KB