NCEls240(5881)_x64[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NCEls240(5881)_x64.exe
Size

632.5MB
MD5

db7f98450401b0b45e3d490d721fc850
SHA1

6435e09b1aa477c6c85bc8ae17411c5e3694d6e6
SHA256

cff61c0c42ed3270f4ec2d70244cfacbd880e33d34edb4c0cc17c1ace57f0817
SHA512

0cb8f57d6976f10f4e7dd35e15a127b3e7768234576373185234c8dafbcf042d8261b3cfa09fd66829a45c5332a13b8b54be683e76207b65c4068b32ad63dad2
SSDEEP

12582912:AJklSMBGEtd4SwagTLAUbQxB6iRYoJf+8WOMW5xNkTdqG0pvMkPibbKONQd:8oSGuJa3WQxYVKfeOMWDNqdqGEvV6gd

Score

1^/10

Malware Config

Signatures

Files

NCEls240(5881)_x64.exe
.exe windows:4 windows x86 arch:x86

3c75d170143a73bdabd2c747f66fff0d

Code Sign

16:0a:b5:0c:e0:d9:60:1d:60:21:4c:89
Certificate

Issuer

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

05/09/2023, 11:28

Not After

30/08/2026, 15:12

Subject

CN=OOO Nanosoft Razrabotka,O=OOO Nanosoft Razrabotka,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6a
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:45

Not After

08/05/2033, 07:45

Subject

CN=Globalsign TSA for CodeSign1 - R6,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:f6:87:18:51:20:0f:7a:85:e7:7a:c3:2d:c4:28:f8:d7:95:45:0a:34:46:55:fd:0c:0d:db:1a:b8:2c:9d:8e
Signer

Actual PE Digest

41:f6:87:18:51:20:0f:7a:85:e7:7a:c3:2d:c4:28:f8:d7:95:45:0a:34:46:55:fd:0c:0d:db:1a:b8:2c:9d:8e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
SystemTimeToFileTime
GetLocalTime
GetFileAttributesW
CreateDirectoryW
WriteFile
GetStdHandle
VirtualAlloc
VirtualFree
GetACP
GetOEMCP
GetModuleHandleW
MultiByteToWideChar
WideCharToMultiByte
ExpandEnvironmentStringsW
lstrlenA
lstrcmpW
RemoveDirectoryW
FindClose
FindNextFileW
DeleteFileW
FindFirstFileW
CompareFileTime
GetSystemTimeAsFileTime
lstrlenW
GetUserDefaultUILanguage
GetUserDefaultLCID
GetTempPathW
SetEnvironmentVariableW
CloseHandle
CreateFileW
CreateThread
SetCurrentDirectoryW
lstrcmpiW
GetModuleFileNameW
GetCommandLineW
GetVersionExW
GetProcAddress
LoadLibraryA
MulDiv
TerminateThread
ResumeThread
SuspendThread
LocalFree
lstrcpyW
FormatMessageW
GetSystemDirectoryW
DeleteCriticalSection
GetFileSize
SetFilePointer
ReadFile
SetFileTime
SetEndOfFile
EnterCriticalSection
LeaveCriticalSection
WaitForMultipleObjects
CreateEventW
SetEvent
ResetEvent
InitializeCriticalSection
WaitForSingleObject
GetExitCodeThread
Sleep
SetFileAttributesW
GetDriveTypeW
SetLastError
GetStartupInfoA

user32

ScreenToClient
GetWindowRect
ShowWindow
ReleaseDC
DrawTextW
GetSystemMetrics
GetDC
SetWindowPos
GetWindowTextLengthW
ClientToScreen
GetParent
GetWindow
DialogBoxIndirectParamW
SystemParametersInfoW
DrawIconEx
GetWindowDC
CallWindowProcW
SetFocus
wvsprintfW
SetWindowTextW
GetWindowTextW
LoadImageW
LoadIconW
MessageBeep
EnableMenuItem
GetSystemMenu
DispatchMessageW
KillTimer
DestroyWindow
CharUpperW
EndDialog
SendMessageW
GetWindowLongW
GetMessageW
SetTimer
GetClientRect
SetDlgItemTextW
GetDlgItem
GetKeyState
MessageBoxA
wsprintfA
wsprintfW
CreateWindowExW
DefWindowProcW
SetWindowLongW

gdi32

SelectObject
CreateFontIndirectW
GetObjectW
DeleteObject
GetDeviceCaps

shell32

SHGetFileInfoW
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetMalloc
ShellExecuteW
SHGetSpecialFolderPathW
ShellExecuteExW

ole32

CoInitialize
CoCreateInstance

oleaut32

SysAllocString
VariantClear

msvcrt

_controlfp
?terminate@@YAXXZ
??3@YAXPAX@Z
??2@YAPAXI@Z
_purecall
__CxxFrameHandler
memcmp
free
malloc
memmove
memcpy
_wtol
_wcsnicmp
memset
_CxxThrowException
_beginthreadex
_except_handler3
__dllonexit
_onexit
??1type_info@@UAE@XZ
_c_exit
_exit
_XcptFilter
_cexit
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type

Sections

.text
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: 1024B - Virtual size: 660B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3c75d170143a73bdabd2c747f66fff0d

Code Sign

16:0a:b5:0c:e0:d9:60:1d:60:21:4c:89Certificate

Extended Key Usages

Key Usages

01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6aCertificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51Certificate

Key Usages

41:f6:87:18:51:20:0f:7a:85:e7:7a:c3:2d:c4:28:f8:d7:95:45:0a:34:46:55:fd:0c:0d:db:1a:b8:2c:9d:8eSigner

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

ole32

oleaut32

msvcrt

Sections

.text Size: 67KB - Virtual size: 66KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 1KB - Virtual size: 2KB

.sxdata Size: 1024B - Virtual size: 660B

.rsrc Size: 9KB - Virtual size: 8KB

16:0a:b5:0c:e0:d9:60:1d:60:21:4c:89
Certificate

01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6a
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

41:f6:87:18:51:20:0f:7a:85:e7:7a:c3:2d:c4:28:f8:d7:95:45:0a:34:46:55:fd:0c:0d:db:1a:b8:2c:9d:8e
Signer

.text
Size: 67KB - Virtual size: 66KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 1KB - Virtual size: 2KB

.sxdata
Size: 1024B - Virtual size: 660B

.rsrc
Size: 9KB - Virtual size: 8KB