Lazyware-WorkInk-Installer_741942[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

Lazyware-WorkInk-Installer_741942.exe
Size

16.7MB
MD5

6d8f5c4665148856a97378be9379c59f
SHA1

f773e933488bdc103678de32be77396a2ec897a9
SHA256

651c220c441664a46a5c9739c329797fb8879f39b4bd7c862d56e0c4fd239a75
SHA512

d8720fafb86cf17f30635c042dd3f786135aa374c05e49a5f770cc4c7d68f98c0c61465071a51ab60ecb7ca8fc43de5fb0ff427363f80de9cc536af7c9099971
SSDEEP

393216:LS5G463coqG9cYzrEMehHirI6QtUUTC/fd/rFDgOCY:uGMojcY0JhHis6uUUMfdzFfz

Score

1^/10

Malware Config

Signatures

Files

Lazyware-WorkInk-Installer_741942.exe
.exe windows:6 windows x86 arch:x86

f1ac09945c179604cebca90b4b7a9499

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:8d:fe:ba:d3:28:0c:ce:ea:2b:13:47:4f:9a:5e:3b
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

22-02-2024 00:00

Not After

22-02-2025 23:59

Subject

SERIALNUMBER=20201775850,CN=Sharp Innovations Inc,O=Sharp Innovations Inc,L=Aurora,ST=Colorado,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#1308436f6c6f7261646f,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2a:56:c4:d2:8d:be:52:43:09:6a:72:9a:d1:c3:7c:77:ac:15:aa:00:10:ea:66:39:54:fa:24:94:33:06:e9:2c
Signer

Actual PE Digest

2a:56:c4:d2:8d:be:52:43:09:6a:72:9a:d1:c3:7c:77:ac:15:aa:00:10:ea:66:39:54:fa:24:94:33:06:e9:2c

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTimeFormatW
VerSetConditionMask
InitializeCriticalSectionEx
GlobalUnlock
DeleteCriticalSection
GetConsoleMode
GetTickCount64
ExitProcess
GetUserDefaultLCID
GetLastError
InitializeSListHead
FindFirstFileW
FindNextFileW
GetStdHandle
LoadLibraryW
GetSystemDirectoryW
GetFileAttributesExW
HeapSize
GetVersionExW
ReleaseSRWLockExclusive
GetFileInformationByHandleEx
GetTickCount
GetFileType
GetModuleHandleW
InitializeCriticalSectionAndSpinCount
SystemTimeToTzSpecificLocalTime
CreateFileW
MultiByteToWideChar
SleepEx
WriteConsoleW
GetProcAddress
WaitForMultipleObjects
GetOEMCP
SetFileTime
SetPriorityClass
InitializeCriticalSection
lstrcatA
DecodePointer
WideCharToMultiByte
GetSystemInfo
FreeLibraryAndExitThread
FindClose
GetModuleFileNameW
GetDateFormatW
SetEvent
EnumSystemLocalesW
GetStringTypeW
GetModuleHandleExW
LocalFree
VirtualFree
TlsFree
FileTimeToLocalFileTime
FreeEnvironmentStringsW
SetEndOfFile
GetFullPathNameW
IsValidCodePage
GetSystemTimeAsFileTime
TlsSetValue
GetFileInformationByHandle
GetFileSize
AreFileApisANSI
GetCurrentThreadId
FindFirstFileExW
PeekNamedPipe
HeapFree
GetCPInfo
SetFilePointer
lstrlenA
FormatMessageW
CreateDirectoryW
FormatMessageA
GetEnvironmentStringsW
GetVersion
RaiseException
VirtualAlloc
HeapAlloc
GetModuleHandleA
UnhandledExceptionFilter
CompareFileTime
CreateThread
GetTempFileNameW
Sleep
GetFileSizeEx
LeaveCriticalSection
WriteFile
GlobalLock
LCMapStringEx
ReleaseSemaphore
GetConsoleOutputCP
GetTempPathW
GetProcessAffinityMask
VirtualQuery
CloseHandle
MoveFileExW
GetCommandLineA
CompareStringW
ExitThread
LoadLibraryExW
LCMapStringW
WaitForSingleObjectEx
GetACP
HeapReAlloc
ResetEvent
GetTimeZoneInformation
GlobalAlloc
GetCommandLineW
GetStartupInfoW
CreateSemaphoreW
WaitForSingleObject
TlsAlloc
GetCurrentProcess
ReadConsoleW
GetLogicalDriveStringsW
TlsGetValue
GlobalMemoryStatus
GetProcessHeap
QueryPerformanceFrequency
IsProcessorFeaturePresent
SetLastError
QueryPerformanceCounter
RemoveDirectoryW
SetEnvironmentVariableW
CreateEventW
GetLocaleInfoEx
SleepConditionVariableSRW
AcquireSRWLockExclusive
FreeLibrary
GetCurrentDirectoryW
MoveFileW
VerifyVersionInfoW
FlushFileBuffers
GetDriveTypeW
GetEnvironmentVariableA
RtlUnwind
DeleteFileW
EnterCriticalSection
FileTimeToSystemTime
GetFileAttributesW
GetLocaleInfoW
SetFileAttributesW
SetUnhandledExceptionFilter
IsValidLocale
SetStdHandle
IsDebuggerPresent
ReadFile
WakeAllConditionVariable
EncodePointer
SetFilePointerEx
GetCurrentProcessId
TerminateProcess
GlobalFree

user32

CloseClipboard
GetWindowTextW
SetClipboardData
MessageBoxA
MapDialogRect
EnableWindow
SetFocus
LoadCursorW
SetTimer
InvalidateRect
GetKeyState
EmptyClipboard
GetWindowLongW
SystemParametersInfoW
GetDlgItem
MoveWindow
GetParent
GetFocus
CharUpperW
SetWindowTextW
SendMessageW
SetCursor
PostMessageW
CheckDlgButton
SetWindowLongW
MonitorFromWindow
MessageBoxW
GetWindowRect
OpenClipboard
ShowWindow
SetDlgItemTextW
GetMonitorInfoA
LoadStringW
LoadIconW
KillTimer
EndDialog
GetWindowTextLengthW
DialogBoxParamW
wsprintfA
IsDlgButtonChecked
ScreenToClient

oleaut32

SysAllocString
SysAllocStringLen
SysFreeString
SysStringLen
VariantClear

ole32

OleInitialize
CoCreateInstance
CoUninitialize
CoInitialize
CoTaskMemFree

shell32

SHGetPathFromIDListW
SHGetFileInfoW
SHGetKnownFolderPath
SHBrowseForFolderW

advapi32

CryptHashData
CryptEncrypt
CryptGetHashParam
CryptImportKey
CloseServiceHandle
CryptDestroyHash
CryptDestroyKey
CryptAcquireContextW
CryptReleaseContext
CryptCreateHash

ws2_32

WSACleanup
freeaddrinfo
WSAIoctl
WSAResetEvent
WSACreateEvent
WSAGetLastError
WSACloseEvent
WSAEnumNetworkEvents
WSASetLastError
WSAStartup
WSAWaitForMultipleEvents
__WSAFDIsSet
accept
bind
closesocket
connect
WSAEventSelect
getaddrinfo
gethostname
getpeername
getsockname
getsockopt
htonl
htons
ioctlsocket
listen
ntohs
recv
recvfrom
select
send
sendto
setsockopt
socket

crypt32

CertFreeCertificateChain
CertCloseStore
CertFreeCertificateChainEngine
CertFindExtension
CryptDecodeObjectEx
CryptStringToBinaryW
PFXImportCertStore
CertFreeCertificateContext
CertCreateCertificateChainEngine
CertAddCertificateContextToStore
CertOpenStore
CertGetCertificateChain
CertGetNameStringW
CryptQueryObject
CertEnumCertificatesInStore
CertFindCertificateInStore

wldap32

ord301
ord73
ord117
ord127
ord26
ord133
ord142
ord145
ord147
ord41
ord167
ord27
ord208
ord14
ord216
ord219
ord46
ord79

bcrypt

BCryptGenRandom

Sections

.text
Size: 4.4MB - Virtual size: 4.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 260KB - Virtual size: 259KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.voltbl
Size: 512B - Virtual size: 168B

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f1ac09945c179604cebca90b4b7a9499

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0d:8d:fe:ba:d3:28:0c:ce:ea:2b:13:47:4f:9a:5e:3bCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

2a:56:c4:d2:8d:be:52:43:09:6a:72:9a:d1:c3:7c:77:ac:15:aa:00:10:ea:66:39:54:fa:24:94:33:06:e9:2cSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

oleaut32

ole32

shell32

advapi32

ws2_32

crypt32

wldap32

bcrypt

Sections

.text Size: 4.4MB - Virtual size: 4.4MB

.rdata Size: 260KB - Virtual size: 259KB

.data Size: 9KB - Virtual size: 29KB

.00cfg Size: 512B - Virtual size: 8B

.tls Size: 512B - Virtual size: 9B

.voltbl Size: 512B - Virtual size: 168B

.rsrc Size: 9KB - Virtual size: 9KB

.reloc Size: 102KB - Virtual size: 101KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0d:8d:fe:ba:d3:28:0c:ce:ea:2b:13:47:4f:9a:5e:3b
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

2a:56:c4:d2:8d:be:52:43:09:6a:72:9a:d1:c3:7c:77:ac:15:aa:00:10:ea:66:39:54:fa:24:94:33:06:e9:2c
Signer

.text
Size: 4.4MB - Virtual size: 4.4MB

.rdata
Size: 260KB - Virtual size: 259KB

.data
Size: 9KB - Virtual size: 29KB

.00cfg
Size: 512B - Virtual size: 8B

.tls
Size: 512B - Virtual size: 9B

.voltbl
Size: 512B - Virtual size: 168B

.rsrc
Size: 9KB - Virtual size: 9KB

.reloc
Size: 102KB - Virtual size: 101KB