3597_invoice[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

3597_invoice.exe
Size

22.4MB
MD5

3d8a2d25f97ecaec40875aa5b3bbf8f3
SHA1

1caa28e32bd3ed589c393a24601254803f0ccd73
SHA256

a7789cb7db59a2bce0b898e5b7a5b7073681156a2ba72f322a0a0c717b3ee05e
SHA512

cf7462f180346f042758b95755947ed52518457feadbea16543c708836a9e8ddd2db0b7f80054904867cf31c83aca92fb3f4e62a3a3e7d6dc327a9920d07ae6c
SSDEEP

393216:GOJnfyxbIeS66l3iKw7JV3RPyT9BZqfzsqHdxIwY+GYLL9XARbJ07ZlmkFdM:FnqtQ6yiLhwjZqbsqMwY+b+701l0

Score

1^/10

Malware Config

Signatures

Files

3597_invoice.exe
.exe windows:6 windows x86 arch:x86

b0c55d16c47bb9666aa36b8072ff856c

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

08:de:82:42:76:ee:62:da:18:13:fb:db:f1:28:a8:fb
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

10/11/2021, 00:00

Not After

06/11/2024, 23:59

Subject

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

b3:03:70:cd:e5:74:f4:46:0a:72:df:36:85:26:a6:57:c6:ab:26:f5
Signer

Actual PE Digest

b3:03:70:cd:e5:74:f4:46:0a:72:df:36:85:26:a6:57:c6:ab:26:f5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\build.tc\agent\work\464efc35df4c0270\build\RelWithDebInfo\GoToResolveUnattendedUpdater.pdb

Imports

shlwapi

PathIsDirectoryEmptyW
PathIsDirectoryW

ole32

StgOpenStorage

wtsapi32

WTSFreeMemory
WTSEnumerateProcessesW

kernel32

CreateFileW
UnmapViewOfFile
GetFileSize
CreateFileMappingW
MapViewOfFile
GetModuleHandleW
SetLastError
lstrlenW
WriteFile
GetVersionExW
FindFirstFileW
FindNextFileW
GetCurrentProcess
RemoveDirectoryW
FindClose
Sleep
DeleteFileW
LoadLibraryW
GetProcAddress
MoveFileExW
FreeLibrary
LocalAlloc
GetCurrentProcessId
ReadFile
HeapFree
TerminateProcess
InitializeCriticalSectionEx
WaitForSingleObject
GetCurrentThreadId
OpenProcess
HeapAlloc
GetCurrentDirectoryW
DecodePointer
DeleteCriticalSection
GetProcessHeap
IsWow64Process
GetExitCodeProcess
MoveFileExA
GetThreadLocale
LCIDToLocaleName
GetStdHandle
K32GetModuleFileNameExW
ProcessIdToSessionId
FlushFileBuffers
GetFileAttributesA
GetDynamicTimeZoneInformation
GetConsoleMode
WriteConsoleA
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
GetFileType
RaiseException
SetUnhandledExceptionFilter
AddVectoredExceptionHandler
SetEvent
SleepEx
CreateEventW
CreateThread
GetExitCodeThread
GetVersion
GetLocaleInfoW
GetFileAttributesW
LockFileEx
SetEndOfFile
UnlockFileEx
RemoveVectoredExceptionHandler
InitializeCriticalSection
SetNamedPipeHandleState
TransactNamedPipe
CreateNamedPipeW
WaitNamedPipeW
GetFileSizeEx
FormatMessageA
FindFirstFileExW
GetFileTime
GetSystemTimeAsFileTime
OutputDebugStringW
GetLocalTime
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
WideCharToMultiByte
GetFileAttributesExW
GetFileInformationByHandle
GetFullPathNameW
SetFileAttributesW
DeviceIoControl
CreateDirectoryExW
CopyFileW
AreFileApisANSI
MultiByteToWideChar
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
HeapReAlloc
GetConsoleCP
ExitProcess
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
LCMapStringEx
InitOnceComplete
InitOnceBeginInitialize
SleepConditionVariableSRW
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
TryAcquireSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
WaitForSingleObjectEx
GetStringTypeW
QueryPerformanceFrequency
QueryPerformanceCounter
IsValidLocale
GetUserDefaultLCID
GetLocaleInfoEx
EnumSystemLocalesW
ReadConsoleW
GetTimeZoneInformation
HeapSize
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
CreateEventA
OpenEventA
VerifyVersionInfoW
SetFilePointerEx
lstrcpyW
CreateProcessW
VerSetConditionMask
EncodePointer
CompareStringEx
GetCPInfo
ResetEvent
UnhandledExceptionFilter
GetDriveTypeW
SetConsoleCtrlHandler
SetStdHandle
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
GetCommandLineA
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
LocalFree
SetCurrentDirectoryW
FindResourceW
LoadResource
CloseHandle
LockResource
lstrcatW
GetLastError
FormatMessageW
GetModuleFileNameW
GetCommandLineW
SizeofResource
CreateDirectoryW
WriteConsoleW
IsProcessorFeaturePresent
TlsAlloc
RtlUnwind
GetStartupInfoW
IsDebuggerPresent
SetFileInformationByHandle
GetFileInformationByHandleEx
CreateSymbolicLinkW
InitializeSListHead

user32

FindWindowW
wsprintfW
BringWindowToTop
AttachThreadInput
ShowWindow
GetWindowThreadProcessId

shell32

ShellExecuteW
ShellExecuteExW
CommandLineToArgvW

oleaut32

VariantClear

advapi32

RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
SystemFunction036
ConvertStringSecurityDescriptorToSecurityDescriptorW
BuildExplicitAccessWithNameW
BuildSecurityDescriptorW
RegDeleteTreeA
SetEntriesInAclW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
ConvertStringSidToSidW
RegDeleteKeyExA
QueryServiceStatus
CloseServiceHandle
OpenSCManagerW
RegDeleteKeyW
ChangeServiceConfig2W
RegCreateKeyExW
DeleteService
ControlService
StartServiceW
QueryServiceConfigW
OpenServiceW
EnumServicesStatusW
RegQueryInfoKeyW
RegEnumValueW
RegQueryValueExW
RegCloseKey
RegOpenKeyExA

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

ws2_32

WSACleanup
WSAStartup
WSAGetLastError
gethostname

crypt32

CryptProtectData
CertOpenStore
CertGetNameStringW
CertFindCertificateInStore
CertCloseStore
CertFreeCertificateContext
CertDeleteCertificateFromStore

comctl32

ord345

Sections

.text
Size: 828KB - Virtual size: 828KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 199KB - Virtual size: 199KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21.3MB - Virtual size: 21.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b0c55d16c47bb9666aa36b8072ff856c

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

08:de:82:42:76:ee:62:da:18:13:fb:db:f1:28:a8:fbCertificate

Extended Key Usages

Key Usages

b3:03:70:cd:e5:74:f4:46:0a:72:df:36:85:26:a6:57:c6:ab:26:f5Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

ole32

wtsapi32

kernel32

user32

shell32

oleaut32

advapi32

version

ws2_32

crypt32

comctl32

Sections

.text Size: 828KB - Virtual size: 828KB

.rdata Size: 199KB - Virtual size: 199KB

.data Size: 22KB - Virtual size: 26KB

.rsrc Size: 21.3MB - Virtual size: 21.3MB

.reloc Size: 36KB - Virtual size: 36KB

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

08:de:82:42:76:ee:62:da:18:13:fb:db:f1:28:a8:fb
Certificate

b3:03:70:cd:e5:74:f4:46:0a:72:df:36:85:26:a6:57:c6:ab:26:f5
Signer

.text
Size: 828KB - Virtual size: 828KB

.rdata
Size: 199KB - Virtual size: 199KB

.data
Size: 22KB - Virtual size: 26KB

.rsrc
Size: 21.3MB - Virtual size: 21.3MB

.reloc
Size: 36KB - Virtual size: 36KB