advancedrun[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

advancedrun.exe
Size

102KB
MD5

a1d50ebe6124584f32de0625475cdb74
SHA1

c7c87bc010a7e22c99db83932520a25ddd31b6d2
SHA256

dfe303b38ff03d788a4a1c289b7900e17d274fbc7e9ccde43a890fd546de8cd7
SHA512

7fab2778ca1d4ef52625b4924ee4ca189ce4b1e5c8efbf5744f2d4ee123fda429325f0d1182e321382cc3a5e2b0c06c5cad3cc9a6ddb5c66c1b418b655ce1cbf
SSDEEP

1536:kcTwIYHh1PsR/WmeXFbmEEn6JLhAoDjvwzTWE2jsf+TpyUdDgQ+8iAX:uHh1PsRrs9En6JWWbwzTEjs+Tpy6DvDX

Score

10^/10

Malware Config

Signatures

Nirsoft 1 IoCs

resource	yara_rule
sample	Nirsoft

Files

advancedrun.exe
.exe windows:4 windows x86 arch:x86

90b23e2580b05f4266cceec18752431a

Code Sign

f7:a0:a7:30:c8:7d:94:cd:83:02:e3:ea:7f:66:1b:b7
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/09/2019, 00:00

Not After

09/09/2023, 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=7135117,STREET=Dakar 21\, Unit 82,L=Lod,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

81:30:77:38:2e:20:12:4f:e0:80:a4:d0:ab:41:08:fb:53:01:f3:0f:11:e0:94:6f:c9:36:e2:e8:f5:81:ff:9f
Signer

Actual PE Digest

81:30:77:38:2e:20:12:4f:e0:80:a4:d0:ab:41:08:fb:53:01:f3:0f:11:e0:94:6f:c9:36:e2:e8:f5:81:ff:9f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Projects\VS2005\AdvancedRun\Release\AdvancedRun.pdb

Imports

msvcrt

_onexit
__dllonexit
_wtol
_c_exit
swscanf
strlen
_exit
_XcptFilter
_cexit
exit
qsort
_wcslwr
_itow
memcmp
wcstoul
_wcmdln
_wcsicmp
wcscmp
free
modf
_memicmp
??2@YAPAXI@Z
??3@YAXPAX@Z
_ultow
memcpy
_purecall
wcsrchr
memset
wcscpy
_wcsnicmp
_wtoi
wcslen
wcschr
wcscat
_snwprintf
__set_app_type
_controlfp
_except_handler3
__wgetmainargs
_initterm
wcsncat
_adjust_fdiv
__setusermatherr
__p__commode
malloc
__p__fmode

comctl32

ImageList_SetImageCount
ImageList_AddMasked
ord17
ImageList_Create

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

kernel32

VirtualAllocEx
GetStartupInfoW
GetModuleHandleA
CompareFileTime
VirtualFreeEx
ResumeThread
SetEvent
CreateThread
DeleteFileW
LocalFree
GetLastError
ExpandEnvironmentStringsW
OpenProcess
SetProcessAffinityMask
SearchPathW
ReadProcessMemory
CreateProcessW
GetProcessAffinityMask
SetEnvironmentVariableW
GetEnvironmentStringsW
GetExitCodeProcess
FreeEnvironmentStringsW
WaitForSingleObject
CloseHandle
GetCurrentProcessId
FreeLibrary
GetModuleHandleW
GetProcAddress
WriteProcessMemory
GetCurrentProcess
FileTimeToSystemTime
LoadLibraryW
GetDriveTypeW
GetSystemDirectoryW
LoadLibraryExW
WideCharToMultiByte
SizeofResource
GetDateFormatW
FormatMessageW
GetVersionExW
GetWindowsDirectoryW
GetTimeFormatW
GetFileAttributesW
WriteFile
GetModuleFileNameW
LockResource
FindResourceW
lstrcpyW
LoadResource
lstrlenW
WritePrivateProfileStringW
GetPrivateProfileIntW
EnumResourceNamesW
GetPrivateProfileStringW
SetErrorMode
GetCurrentDirectoryW
ExitProcess
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
CreateRemoteThread
EnumResourceTypesW
Sleep
CopyFileW
GetExitCodeThread
CreateEventW

user32

GetSysColorBrush
ShowWindow
ChildWindowFromPoint
SetWindowPos
SendDlgItemMessageW
EndDialog
GetWindowTextLengthW
SetWindowLongW
GetDlgItem
GetWindow
EndPaint
InvalidateRect
DrawFrameControl
SetWindowTextW
UpdateWindow
SendMessageW
GetWindowPlacement
SetDlgItemTextW
GetDlgItemTextW
BeginPaint
GetClientRect
GetSystemMetrics
DeferWindowPos
GetWindowRect
MessageBoxW
LoadImageW
GetSysColor
LoadCursorW
CallWindowProcW
EndDeferWindowPos
BeginDeferWindowPos
GetKeyState
SetFocus
GetDC
ReleaseDC
GetClassNameW
MoveWindow
GetMenuItemCount
GetParent
EnableWindow
MapWindowPoints
GetWindowTextW
LoadMenuW
GetMenuItemInfoW
GetDlgCtrlID
DestroyMenu
DialogBoxParamW
CreateDialogParamW
EnumChildWindows
LoadStringW
DestroyWindow
GetDesktopWindow
DestroyIcon
SetCursor
GetWindowLongW

gdi32

GetDeviceCaps
SetTextColor
CreateFontIndirectW
SetBkMode
DeleteObject

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

ImpersonateLoggedOnUser
StartServiceCtrlDispatcherW
DeleteService
RegisterServiceCtrlHandlerW
CreateServiceW
SetServiceStatus
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
OpenProcessToken
RegDeleteKeyW
RegCloseKey
QueryServiceStatus
GetTokenInformation
StartServiceW
ControlService
OpenServiceW
SetTokenInformation
OpenSCManagerW
RevertToSelf
CreateProcessAsUserW
CloseServiceHandle

shell32

SHGetMalloc
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
ShellExecuteExW
DragAcceptFiles
DragFinish
DragQueryFileW

ole32

CoUninitialize
CoInitialize

Sections

.text
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

90b23e2580b05f4266cceec18752431a

Code Sign

f7:a0:a7:30:c8:7d:94:cd:83:02:e3:ea:7f:66:1b:b7Certificate

Extended Key Usages

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6bCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

81:30:77:38:2e:20:12:4f:e0:80:a4:d0:ab:41:08:fb:53:01:f3:0f:11:e0:94:6f:c9:36:e2:e8:f5:81:ff:9fSigner

Headers

File Characteristics

PDB Paths

Imports

msvcrt

comctl32

version

userenv

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

Sections

.text Size: 50KB - Virtual size: 49KB

.rdata Size: 14KB - Virtual size: 13KB

.data Size: 2KB - Virtual size: 57KB

.rsrc Size: 26KB - Virtual size: 26KB

f7:a0:a7:30:c8:7d:94:cd:83:02:e3:ea:7f:66:1b:b7
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

81:30:77:38:2e:20:12:4f:e0:80:a4:d0:ab:41:08:fb:53:01:f3:0f:11:e0:94:6f:c9:36:e2:e8:f5:81:ff:9f
Signer

.text
Size: 50KB - Virtual size: 49KB

.rdata
Size: 14KB - Virtual size: 13KB

.data
Size: 2KB - Virtual size: 57KB

.rsrc
Size: 26KB - Virtual size: 26KB