AnyGrab[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

AnyGrab.exe
Size

42.4MB
MD5

8c198165df2c8bc8c99ab363516d8503
SHA1

ac04945c71a543a571d42067b29e2e16194e4853
SHA256

98dc05bc20033ce4db1fc8092bb7c67ac600d5f45b1e3ddf9a9f15c4fef13160
SHA512

081943ae7ee5bde516e8ccfc9f329e8b63c6a47e42965087d830847fac0e2c80c0acf787709e8a7685e485b4221f123632dc87e4cdffa1daac9840ad17120b06
SSDEEP

786432:6WgmASlGfi0m3LFr/tDKfWSuxoWyCs1yZqHqgcyT0TI0XHCn4hNfZIK:qef3LFr/tDKfWSuGCs14cH0s0XHECNft

Score

1^/10

Malware Config

Signatures

Files

AnyGrab.exe
.exe windows:6 windows x64 arch:x64

0346904c0d46eab62aebe793097f0742

Code Sign

3d:29:4e:0c:b5:86:f9:9f:4e:ae:74:73:e2:28:32:e6
Certificate

Issuer

CN=Swezy

Not Before

23/04/2023, 12:05

Not After

31/12/2039, 23:59

Subject

CN=Swezy

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a9:4a:cd:b3:a7:38:da:69:b6:17:94:61:43:e4:03:22:65:93:b7:22:a7:99:a6:79:22:83:aa:94:8d:f3:3f:4a
Signer

Actual PE Digest

a9:4a:cd:b3:a7:38:da:69:b6:17:94:61:43:e4:03:22:65:93:b7:22:a7:99:a6:79:22:83:aa:94:8d:f3:3f:4a

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

shell32

SHFileOperationW

kernel32

DeleteCriticalSection
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

Sections

.text
Size: - Virtual size: 127KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: - Virtual size: 31.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 42.4MB - Virtual size: 42.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 280B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0346904c0d46eab62aebe793097f0742

Code Sign

3d:29:4e:0c:b5:86:f9:9f:4e:ae:74:73:e2:28:32:e6Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

a9:4a:cd:b3:a7:38:da:69:b6:17:94:61:43:e4:03:22:65:93:b7:22:a7:99:a6:79:22:83:aa:94:8d:f3:3f:4aSigner

Headers

DLL Characteristics

File Characteristics

Imports

shell32

kernel32

Sections

.text Size: - Virtual size: 127KB

.rdata Size: - Virtual size: 48KB

.data Size: - Virtual size: 67KB

.pdata Size: - Virtual size: 5KB

_RDATA Size: - Virtual size: 500B

Size: - Virtual size: 31.1MB

Size: 2KB - Virtual size: 2KB

Size: 42.4MB - Virtual size: 42.4MB

.reloc Size: 512B - Virtual size: 280B

.rsrc Size: 6KB - Virtual size: 5KB

3d:29:4e:0c:b5:86:f9:9f:4e:ae:74:73:e2:28:32:e6
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

a9:4a:cd:b3:a7:38:da:69:b6:17:94:61:43:e4:03:22:65:93:b7:22:a7:99:a6:79:22:83:aa:94:8d:f3:3f:4a
Signer

.text
Size: - Virtual size: 127KB

.rdata
Size: - Virtual size: 48KB

.data
Size: - Virtual size: 67KB

.pdata
Size: - Virtual size: 5KB

_RDATA
Size: - Virtual size: 500B

.reloc
Size: 512B - Virtual size: 280B

.rsrc
Size: 6KB - Virtual size: 5KB