DesktopOK[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

DesktopOK.exe
Size

1.8MB
MD5

f392af09c273ddb493586291b1b43baa
SHA1

f1c7e236e8f85eb1f12cd94561a4f4bb65d86923
SHA256

8668538f5048d1cc76ca33f32d8db5f0f7b4acf36b3bd7cac3bbbc98a753329b
SHA512

6b54167d8ea4a4b35cf7c8d41d2ee217360980870c75f10525fe9e00c0cb38231b28bb834f0814ca46d4384445cc73970d4ddc6e53c6e861fb11735a6aeeb19c
SSDEEP

49152:28YqJu7nAuYMECIycFpw6RvPl2TaVdxPs9Fvcw5OZZiuo7j81qq5:b7aukj8Z5

Score

1^/10

Malware Config

Signatures

Files

DesktopOK.exe
.exe windows:5 windows x64 arch:x64

ad591acbb2d19f969653dcd7b1228f23

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:28:cf:12:7e:b4:52:6b:3f:c8:df:87
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

27/07/2023, 09:33

Not After

27/07/2024, 09:33

Subject

SERIALNUMBER=15.06.2017,CN=Nenad Hrg,O=Nenad Hrg,STREET=Edelweissstrasse 104,L=Taufkirchen,ST=Bayern,C=DE,1.2.840.113549.1.9.1=#0c16737570706f727440736f6674776172656f6b2e636f6d,1.3.6.1.4.1.311.60.2.1.1=#130b546175666b69726368656e,1.3.6.1.4.1.311.60.2.1.2=#130642617965726e,1.3.6.1.4.1.311.60.2.1.3=#13024445,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6a
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:45

Not After

08/05/2033, 07:45

Subject

CN=Globalsign TSA for CodeSign1 - R6,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f1:2d:18:2b:fc:e0:f2:cb:8a:fd:44:ca:fe:da:07:8f:c5:7f:e1:90:50:f1:31:9b:48:bb:1a:d8:27:be:e3:c4
Signer

Actual PE Digest

f1:2d:18:2b:fc:e0:f2:cb:8a:fd:44:ca:fe:da:07:8f:c5:7f:e1:90:50:f1:31:9b:48:bb:1a:d8:27:be:e3:c4

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetExitCodeProcess
FindFirstFileW
ExitProcess
WaitForSingleObject
lstrcpynW
GetSystemDirectoryW
CreateProcessW
SetEnvironmentVariableA
CompareStringA
SetEndOfFile
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetStdHandle
IsValidLocale
EnumSystemLocalesA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetLocaleInfoA
CompareStringW
GetConsoleMode
GetConsoleCP
SetFilePointer
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetTimeFormatA
GetDateFormatA
IsValidCodePage
GetOEMCP
ReadProcessMemory
GetCPInfo
HeapSize
GetTickCount
QueryPerformanceCounter
HeapCreate
HeapSetInformation
FlsAlloc
FlsFree
FlsSetValue
FlsGetValue
DecodePointer
EncodePointer
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetStdHandle
GetSystemTimeAsFileTime
RtlCaptureContext
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
HeapReAlloc
RtlPcToFileHeader
RtlUnwindEx
RtlLookupFunctionEntry
GetStartupInfoW
InterlockedPopEntrySList
GetProcessHeap
HeapAlloc
HeapFree
InterlockedPushEntrySList
WriteProcessMemory
VirtualFreeEx
VirtualAllocEx
VirtualFree
VirtualAlloc
LocalFree
GlobalSize
GetCurrentDirectoryW
FormatMessageW
GetFileAttributesW
GetLogicalDriveStringsW
GetDriveTypeW
RemoveDirectoryW
SetFileAttributesW
GlobalMemoryStatus
OpenProcess
GetWindowsDirectoryW
GetComputerNameW
CreateDirectoryW
GetUserDefaultLangID
GetPrivateProfileStringW
WritePrivateProfileStringW
GetTimeFormatW
GetDateFormatW
GetUserDefaultLCID
EnumDateFormatsW
EnumTimeFormatsW
GetLocaleInfoW
SystemTimeToFileTime
FileTimeToSystemTime
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
DeleteFileW
GetFileSize
ReadFile
lstrcatW
CopyFileW
CreateFileW
WriteFile
WideCharToMultiByte
GlobalReAlloc
OutputDebugStringW
lstrcmpiW
LoadLibraryExW
SizeofResource
FreeLibrary
GetModuleHandleW
CreateMutexW
CloseHandle
LoadLibraryW
GetProcAddress
GetLocalTime
CreateThread
Sleep
TerminateThread
GetVersionExW
GetCurrentProcessId
InitializeCriticalSection
DeleteCriticalSection
GetModuleFileNameW
MulDiv
lstrcmpW
GlobalLock
GlobalUnlock
FindResourceW
GlobalAlloc
LoadResource
LockResource
GetLastError
GlobalHandle
GlobalFree
SetLastError
GetCurrentProcess
FlushInstructionCache
LeaveCriticalSection
EnterCriticalSection
RaiseException
GetCurrentThreadId
lstrcpyW
MultiByteToWideChar
lstrlenW
lstrlenA
GetTempPathW
GetACP
GetTimeZoneInformation

user32

SetDlgItemInt
RegisterClipboardFormatW
MessageBoxA
EmptyClipboard
DialogBoxParamW
DrawIconEx
LoadIconW
CopyIcon
GetForegroundWindow
IsZoomed
GetWindowPlacement
SetWindowPlacement
EnableMenuItem
GetClassLongW
GetClassLongPtrW
GetSystemMenu
InsertMenuW
DeleteMenu
CheckMenuItem
EnableWindow
SetActiveWindow
SetForegroundWindow
CascadeWindows
TileWindows
GetCursor
GetAsyncKeyState
LoadMenuW
IsRectEmpty
FindWindowW
SetCursor
MapVirtualKeyW
keybd_event
SendDlgItemMessageW
SetDlgItemTextW
EnumDisplayMonitors
GetMenuBarInfo
SetPropW
CopyRect
SetWindowContextHelpId
MapDialogRect
SetClipboardData
OpenClipboard
GetClipboardData
CloseClipboard
FindWindowExW
EnumChildWindows
TrackPopupMenu
CreatePopupMenu
AppendMenuW
GetCursorPos
GetMessageW
TranslateMessage
DispatchMessageW
CreateDialogParamW
EnumWindows
MessageBoxW
WaitMessage
SwitchDesktop
CreateDesktopW
OpenDesktopW
GetUserObjectInformationW
GetThreadDesktop
SetCursorPos
SetMenuDefaultItem
GetMenuItemID
GetPropW
RemovePropW
CharUpperW
GetKeyboardState
DrawAnimatedRects
GetDlgItemTextW
GetDlgItemInt
GetDoubleClickTime
SetWindowRgn
EnumDisplaySettingsW
EndDialog
GetParent
GetDlgItem
UnregisterClassA
SetWindowPos
MapWindowPoints
GetClientRect
GetMonitorInfoW
MonitorFromWindow
GetWindowLongW
GetWindowRect
GetWindow
SendMessageW
ReleaseDC
GetDC
LoadBitmapW
LoadImageW
PostQuitMessage
GetFocus
SetRect
SendMessageTimeoutW
GetIconInfo
CreateIconIndirect
LoadStringW
wsprintfW
DrawEdge
ModifyMenuW
MonitorFromPoint
TrackPopupMenuEx
DrawFrameControl
DrawTextW
SetMenuItemInfoW
GetWindowDC
IsWindowEnabled
IsWindowVisible
UpdateWindow
InflateRect
OffsetRect
GetMenuItemInfoW
SystemParametersInfoW
SetRectEmpty
GetSubMenu
PeekMessageW
PtInRect
CallNextHookEx
GetSystemMetrics
IsMenu
SetWindowTextW
ShowWindow
RedrawWindow
SetTimer
KillTimer
IsChild
SetParent
IsDialogMessageW
SetWindowLongW
SetWindowLongPtrW
CreateDialogIndirectParamW
RegisterClassExW
LoadCursorW
GetClassInfoExW
RegisterWindowMessageW
DefWindowProcW
GetWindowLongPtrW
GetWindowTextW
GetWindowTextLengthW
DestroyAcceleratorTable
GetSysColor
SetFocus
EndPaint
FillRect
BeginPaint
IsWindow
GetClassNameW
CharNextW
GetMessagePos
WindowFromPoint
PostMessageW
GetSysColorBrush
FrameRect
GetKeyState
GetActiveWindow
GetWindowThreadProcessId
GetMenuItemCount
CharLowerW
MessageBeep
UnhookWindowsHookEx
SetWindowsHookExW
DestroyMenu
CreateWindowExW
CallWindowProcW
DestroyWindow
InvalidateRgn
InvalidateRect
SetCapture
ReleaseCapture
ScreenToClient
ClientToScreen
MoveWindow
CreateAcceleratorTableW
GetDesktopWindow
GetMenuDefaultItem

gdi32

StretchDIBits
SetDIBitsToDevice
SetStretchBltMode
StretchBlt
Rectangle
CreateRectRgn
GetCurrentObject
GetPixel
CreatePen
SetROP2
RestoreDC
SaveDC
GetTextExtentPointW
Ellipse
ExcludeClipRect
OffsetWindowOrgEx
SetWindowOrgEx
SetDCPenColor
SetPixel
PatBlt
CreateBitmap
CreatePatternBrush
SetBrushOrgEx
SetTextColor
SetBkMode
GetStockObject
GetDeviceCaps
CreateSolidBrush
CreateCompatibleBitmap
GetObjectW
CreateDIBSection
CreateCompatibleDC
SelectObject
SetBkColor
ExtTextOutW
GetTextExtentPoint32W
MoveToEx
LineTo
TextOutW
GetClipBox
CreateDCW
CreateEnhMetaFileW
CloseEnhMetaFile
SelectPalette
RealizePalette
DeleteDC
GetDIBits
CreateFontIndirectW
BitBlt
DeleteObject

comdlg32

ChooseFontW
GetSaveFileNameW
GetOpenFileNameW
ChooseColorW

advapi32

RegEnumKeyExW
RegCloseKey
RegOpenKeyExW
RegSetValueExW
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegQueryInfoKeyW
CryptCreateHash
CryptAcquireContextW
CryptDestroyHash
RegOpenKeyW
GetTokenInformation
GetUserNameW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
CryptGetHashParam
CryptHashData
CryptReleaseContext
RegQueryValueExW

shell32

SHGetSpecialFolderLocation
SHGetMalloc
SHGetFileInfoW
ord25
SHFileOperationW
ord190
SHGetDesktopFolder
ord18
ord17
ord16
ord155
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetSpecialFolderPathW
SHGetSettings
ShellExecuteExW
Shell_NotifyIconW
ShellExecuteW
SHAppBarMessage

ole32

CoInitializeEx
CoInitializeSecurity
CoTaskMemRealloc
CoTaskMemFree
CoInitialize
CoUninitialize
CoSetProxyBlanket
OleLockRunning
CoTaskMemAlloc
StringFromGUID2
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleInitialize
CreateStreamOnHGlobal
OleUninitialize
ReleaseStgMedium

oleaut32

SysAllocStringLen
SysStringLen
SysAllocString
VariantInit
VariantClear
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
VarUI4FromStr
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreateVector
SafeArrayDestroy
DispCallFunc
VarRound
SysFreeString

comctl32

ImageList_GetImageCount
ImageList_Draw
ImageList_DrawIndirect
InitCommonControlsEx
ord17
ImageList_Create
ImageList_ReplaceIcon
ImageList_GetIcon
ImageList_LoadImageW
ImageList_Destroy

gdiplus

GdipCreateBitmapFromScan0
GdipGetImageHeight
GdipGetImageWidth
GdipDrawImageRectI
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipCloneImage
GdipDisposeImage
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipFree
GdipCreateHICONFromBitmap
GdiplusStartup
GdipAlloc

winmm

mixerClose
mixerGetNumDevs
waveOutOpen
mixerGetID
waveOutClose
PlaySoundW
timeGetTime
mixerOpen
mixerGetLineInfoW
mixerGetLineControlsW
mixerGetControlDetailsW
mixerSetControlDetails

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 243KB - Virtual size: 243KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 268KB - Virtual size: 465KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 223KB - Virtual size: 223KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ad591acbb2d19f969653dcd7b1228f23

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

07:28:cf:12:7e:b4:52:6b:3f:c8:df:87Certificate

Extended Key Usages

Key Usages

01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6aCertificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51Certificate

Key Usages

f1:2d:18:2b:fc:e0:f2:cb:8a:fd:44:ca:fe:da:07:8f:c5:7f:e1:90:50:f1:31:9b:48:bb:1a:d8:27:be:e3:c4Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

comctl32

gdiplus

winmm

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 243KB - Virtual size: 243KB

.data Size: 268KB - Virtual size: 465KB

.pdata Size: 69KB - Virtual size: 68KB

.rsrc Size: 223KB - Virtual size: 223KB

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

07:28:cf:12:7e:b4:52:6b:3f:c8:df:87
Certificate

01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6a
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

f1:2d:18:2b:fc:e0:f2:cb:8a:fd:44:ca:fe:da:07:8f:c5:7f:e1:90:50:f1:31:9b:48:bb:1a:d8:27:be:e3:c4
Signer

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 243KB - Virtual size: 243KB

.data
Size: 268KB - Virtual size: 465KB

.pdata
Size: 69KB - Virtual size: 68KB

.rsrc
Size: 223KB - Virtual size: 223KB