PadTest[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

PadTest.exe
Size

19.5MB
MD5

0f65eea5703f319c15c553e7b3f2711d
SHA1

4a4dce86bed0d794d6ee0b1c44bd4f7192c62948
SHA256

7787d29891db5e7cb5a9707acb323b8a6c7b0238c36f16d3e05b1f689502d0cc
SHA512

fb0c16bb471c2ab670e00cdf6c709b6a653d161a4052ba78cdafa46f652e2e122121c5a54f5bccf2d35ec251ee4a14d0a129c2fd455e990e4f6b7f86abb51402
SSDEEP

393216:bwlYAIHlSzHFhvKolgNunEaoW6cmx8ylzg8JEuwY3RD02OvlP+dTd5lZiAOxgOGJ:UlLdXh+

Score

1^/10

Malware Config

Signatures

Files

PadTest.exe
.exe windows:6 windows x64 arch:x64

6335e7bedeee65fc4497c365d58039af

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31-12-2015 00:00

Not After

09-07-2019 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

29-10-2015 11:30

Not After

09-06-2027 11:30

Subject

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

31:30:97:16:3b:bd:aa:25:9d:94:29:54:01:ba:4e:53
Certificate

Issuer

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

06-09-2016 10:03

Not After

06-09-2017 10:03

Subject

CN=Open Source Developer\, Rajko Stojadinovic,O=Open Source Developer,C=RS,1.2.840.113549.1.9.1=#0c1061646d696e4072616a6b6f2e696e666f

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:12:24:b7:f9:7e:d7:38:22:d2:69:1f:c9:70:84:23:55:69:b9:1f
Signer

Actual PE Digest

0c:12:24:b7:f9:7e:d7:38:22:d2:69:1f:c9:70:84:23:55:69:b9:1f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Projects\Taurine\Out\x64\v120\PadTest.pdb

Imports

d3d9

Direct3DCreate9

kernel32

GetUserDefaultUILanguage
SetCurrentDirectoryW
GetCurrentDirectoryW
CreateDirectoryW
DeleteFileW
FindClose
FindFirstFileW
GetFileAttributesW
GetFileInformationByHandle
GetFullPathNameW
GetLogicalDrives
GetLongPathNameW
RemoveDirectoryW
GetTempPathW
SetErrorMode
DeviceIoControl
LoadLibraryW
CopyFileW
MoveFileW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
FlushFileBuffers
GetFileType
ReadFile
SetEndOfFile
SetFilePointerEx
WriteFile
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
MoveFileExW
GetSystemDirectoryW
FreeLibrary
FindFirstFileExW
FindNextFileW
GetTimeZoneInformation
GetGeoInfoW
GetUserGeoID
ExitProcess
lstrlenA
GetVolumeInformationW
lstrcmpW
GetDriveTypeW
IsValidLanguageGroup
IsValidLocale
ExpandEnvironmentStringsW
CreateProcessW
GetUserDefaultLangID
CheckRemoteDebuggerPresent
OpenProcess
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalSize
IsDebuggerPresent
GetSystemTimeAsFileTime
VerifyVersionInfoA
CreateWaitableTimerA
QueueUserAPC
SetWaitableTimer
SleepEx
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
PostQueuedCompletionStatus
GetQueuedCompletionStatus
CreateIoCompletionPort
SetLastError
GetCurrencyFormatW
GetLocaleInfoW
GetTimeFormatW
GetDateFormatW
WideCharToMultiByte
MultiByteToWideChar
ResetEvent
VirtualFree
EncodePointer
DecodePointer
RaiseException
GetLastError
InitializeCriticalSectionEx
DeleteCriticalSection
LocalFree
FormatMessageW
DebugBreak
OutputDebugStringW
CompareStringW
GetUserDefaultLCID
GetCommandLineW
GetCurrentProcessId
CloseHandle
ReleaseSemaphore
WaitForSingleObject
CreateSemaphoreW
VerSetConditionMask
GetVersionExW
VerifyVersionInfoW
OutputDebugStringA
GetStartupInfoW
GetConsoleWindow
SetEvent
IsProcessorFeaturePresent
CreateEventW
DuplicateHandle
Sleep
GetCurrentProcess
SwitchToThread
CreateThread
GetCurrentThread
GetCurrentThreadId
SetThreadPriority
GetThreadPriority
TerminateThread
ResumeThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemInfo
WaitForMultipleObjects
GetModuleFileNameW
GetModuleHandleW
QueryPerformanceCounter
QueryPerformanceFrequency
GetTickCount
GetProcAddress
WaitForSingleObjectEx
GetSystemTime
GetLocalTime
CreateFileW
GetFileAttributesExW
ReleaseMutex
CreateMutexW
VirtualAlloc
FindNextChangeNotification
FindFirstChangeNotificationW
FindCloseChangeNotification
FormatMessageA
lstrlenW

user32

SetCapture
GetIconInfo
RealGetWindowClassW
EnumWindows
GetWindowTextW
GetClipboardFormatNameW
GetMessageExtraInfo
TrackMouseEvent
GetCursorInfo
CreateIconIndirect
CreateCursor
SetCursorPos
NotifyWinEvent
SetMenuItemInfoW
TrackPopupMenuEx
GetMenu
MapVirtualKeyW
ToUnicode
ToAscii
GetKeyboardState
GetKeyState
IsZoomed
GetKeyboardLayout
SetCaretPos
HideCaret
DestroyCaret
CreateCaret
RegisterWindowMessageW
DestroyCursor
GetAsyncKeyState
RegisterClipboardFormatW
GetWindowThreadProcessId
ChangeClipboardChain
SetClipboardViewer
LoadIconW
EnumDisplayMonitors
GetMonitorInfoW
LoadImageW
GetSysColorBrush
ChildWindowFromPointEx
GetCursorPos
GetClientRect
GetFocus
RegisterClassExW
GetClassInfoW
GetKeyboardLayoutList
GetAncestor
DestroyIcon
SetParent
GetParent
GetDesktopWindow
SetWindowLongW
GetWindowLongW
ScreenToClient
ClientToScreen
SetCursor
DrawIconEx
GetWindowRect
SetWindowTextW
InvalidateRect
GetUpdateRect
EndPaint
BeginPaint
SetForegroundWindow
ReleaseCapture
AdjustWindowRectEx
GetCapture
SetFocus
IsIconic
IsWindowVisible
GetWindowPlacement
SetWindowPos
MoveWindow
FlashWindowEx
ShowWindow
IsChild
SendMessageW
MessageBeep
GetCaretBlinkTime
GetDoubleClickTime
SetWindowRgn
GetSysColor
GetSystemMetrics
ReleaseDC
GetDC
EnableMenuItem
GetSystemMenu
UnregisterClassW
GetForegroundWindow
MessageBoxW
TranslateMessage
DispatchMessageW
PeekMessageW
PostMessageW
DefWindowProcW
RegisterClassW
CreateWindowExW
DestroyWindow
GetQueueStatus
MsgWaitForMultipleObjectsEx
SetTimer
KillTimer
GetWindowLongPtrW
SetWindowLongPtrW
SetWindowsHookExW
UnhookWindowsHookEx
SystemParametersInfoW
CharNextExA
CallNextHookEx

gdi32

GetTextMetricsW
RemoveFontMemResourceEx
AddFontMemResourceEx
RemoveFontResourceExW
AddFontResourceExW
GetStockObject
GetFontData
CreateFontIndirectW
EnumFontFamiliesExW
CreateDCW
CreateCompatibleBitmap
GetObjectW
OffsetRgn
BitBlt
GdiFlush
CreateDIBSection
SelectObject
SelectClipRgn
GetRegionData
DeleteObject
DeleteDC
CreateRectRgn
CreateCompatibleDC
CombineRgn
GetCharABCWidthsW
GetCharABCWidthsFloatW
GetGlyphOutlineW
GetOutlineTextMetricsW
GetTextExtentPoint32W
GetCharABCWidthsI
SetBkMode
SetGraphicsMode
SetTextColor
SetTextAlign
SetWorldTransform
ExtTextOutW
GetTextFaceW
GetDeviceCaps
GetDIBits
CreateBitmap

advapi32

RegCreateKeyExW
RegCloseKey
GetTokenInformation
GetLengthSid
FreeSid
CopySid
OpenProcessToken
RegSetValueExW
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegFlushKey
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW

shell32

SHGetFileInfoW
SHGetMalloc
SHGetSpecialFolderPathW
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteW

ole32

CoTaskMemAlloc
CoGetMalloc
ReleaseStgMedium
DoDragDrop
OleIsCurrentClipboard
OleFlushClipboard
OleGetClipboard
OleSetClipboard
OleUninitialize
OleInitialize
RevokeDragDrop
CoLockObjectExternal
CoTaskMemFree
CoInitialize
CoCreateInstance
CoUninitialize
CoCreateGuid
RegisterDragDrop

oleaut32

SystemTimeToVariantTime
VariantChangeType
VariantInit
SysStringLen
SysFreeString
SysAllocStringLen
SysAllocString
SetErrorInfo
VariantClear
GetErrorInfo
CreateErrorInfo

msvcp120

?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Orphan_all@_Container_base0@std@@QEAAXXZ
??0id@locale@std@@QEAA@_K@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Winerror_map@std@@YAPEBDH@Z
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
_Mbrtowc
??0_Locinfo@std@@QEAA@PEBD@Z
??1_Locinfo@std@@QEAA@XZ
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
?_Getlconv@_Locinfo@std@@QEBAPEBUlconv@@XZ
?_Getfalse@_Locinfo@std@@QEBAPEBDXZ
?_Gettrue@_Locinfo@std@@QEBAPEBDXZ
?c_str@?$_Yarn@D@std@@QEBAPEBDXZ
??Bid@locale@std@@QEAA_KXZ
??0facet@locale@std@@IEAA@_K@Z
??1facet@locale@std@@MEAA@XZ
?classic@locale@std@@SAAEBV12@XZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?gptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
?pptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
?gbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXH@Z
?pbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXH@Z
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
?_BADOFF@std@@3_JB
?id@?$numpunct@_W@std@@2V0locale@2@A
?_Swap_all@_Container_base0@std@@QEAAXAEAU12@@Z
?uncaught_exception@std@@YA_NXZ
?_Random_device@std@@YAIXZ
_Thrd_join
_Thrd_equal
_Thrd_current
?_Throw_Cpp_error@std@@YAXH@Z
??0_Pad@std@@QEAA@XZ
??1_Pad@std@@QEAA@XZ
?_Launch@_Pad@std@@QEAAXPEAU_Thrd_imp_t@@@Z
?_Release@_Pad@std@@QEAAXXZ
_Mtx_init
_Mtx_destroy
_Mtx_lock
_Mtx_unlock
?_Throw_C_error@std@@YAXH@Z
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ

msvcr120

isdigit
_clearfp
_control87
isalpha
isupper
fclose
feof
fgets
fread
_fseeki64
fwrite
_close
_read
_write
_waccess
memchr
atan2
acos
atol
floor
ceil
sqrt
ftell
fseek
fopen
qsort
puts
sin
pow
cos
asin
floorf
_wchmod
_get_osfhandle
_mktime64
_localtime64_s
_fileno
_wgetdcwd
_open_osfhandle
_getdrive
strerror
_tzset
_get_tzname
_get_timezone
rand_s
_lseeki64
_ftelli64
_endthreadex
_beginthreadex
log10
_HUGE
calloc
sscanf_s
printf
strcmp
strstr
toupper
longjmp
_setjmp
frexp
modf
_gmtime64
atof
sprintf
cosf
sinf
getenv
sscanf
log
wcsrchr
atan
tan
strtol
??8type_info@@QEBA_NAEBV0@@Z
signal
__C_specific_handler
roundf
atan2f
sqrtf
_aligned_free
_aligned_malloc
_recalloc
memmove_s
_lock
_unlock
_calloc_crt
__dllonexit
_onexit
_XcptFilter
__crtGetShowWindowMode
_amsg_exit
__getmainargs
__set_app_type
_exit
_cexit
_ismbblead
_configthreadlocale
__setusermatherr
_initterm_e
_initterm
_acmdln
_fmode
_commode
__crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
__crtCaptureCurrentContext
__crtCapturePreviousContext
_vsnprintf_s
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__crtSetUnhandledExceptionFilter
acosf
??3@YAXPEAX@Z
??2@YAPEAX_K@Z
free
memmove
_CxxThrowException
__CxxFrameHandler3
memcpy
??0exception@std@@QEAA@AEBV01@@Z
??1exception@std@@UEAA@XZ
?what@exception@std@@UEBAPEBDXZ
memset
__RTDynamicCast
vsprintf_s
memcmp
_hypot
_purecall
??_V@YAXPEAX@Z
??0exception@std@@QEAA@AEBQEBD@Z
??0bad_cast@std@@QEAA@PEBD@Z
??0bad_cast@std@@QEAA@AEBV01@@Z
??1bad_cast@std@@UEAA@XZ
_vsnwprintf
malloc
strchr
strncmp
realloc
strrchr
strcpy_s
strncpy_s
isspace
getenv_s
rand
srand
_putenv_s
?terminate@@YAXXZ
??0exception@std@@QEAA@AEBQEBDH@Z
exit
__iob_func
fflush
fprintf
strncpy
_errno

ws2_32

WSASendTo
WSASend
WSASocketW
WSAStringToAddressW
WSARecvFrom
WSAGetLastError
WSASetLastError
WSACleanup
WSAStartup
setsockopt
select
ntohl
htons
htonl
ioctlsocket
closesocket
bind
WSAAsyncSelect

imm32

ImmGetDefaultIMEWnd
ImmGetContext
ImmReleaseContext
ImmGetCompositionStringW
ImmNotifyIME
ImmSetCompositionWindow
ImmSetCandidateWindow

winmm

PlaySoundW

Exports

Exports

z_adler32
z_adler32_combine
z_adler32_combine64
z_compress
z_compress2
z_compressBound
z_crc32
z_crc32_combine
z_crc32_combine64
z_deflate
z_deflateBound
z_deflateCopy
z_deflateEnd
z_deflateInit2_
z_deflateInit_
z_deflateParams
z_deflatePrime
z_deflateReset
z_deflateSetDictionary
z_deflateSetHeader
z_deflateTune
z_get_crc_table
z_inflate
z_inflateCopy
z_inflateEnd
z_inflateGetHeader
z_inflateInit2_
z_inflateInit_
z_inflateMark
z_inflatePrime
z_inflateReset
z_inflateReset2
z_inflateSetDictionary
z_inflateSync
z_inflateSyncPoint
z_inflateUndermine
z_uncompress
z_zError
z_zlibCompileFlags
z_zlibVersion

Sections

.text
Size: 11.8MB - Virtual size: 11.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6.7MB - Virtual size: 6.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 93KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 632KB - Virtual size: 632KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 771B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qtmetad
Size: 1024B - Virtual size: 947B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 1024B - Virtual size: 582B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 181KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 105KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6335e7bedeee65fc4497c365d58039af

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0bCertificate

Extended Key Usages

Key Usages

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2Certificate

Extended Key Usages

Key Usages

31:30:97:16:3b:bd:aa:25:9d:94:29:54:01:ba:4e:53Certificate

Extended Key Usages

Key Usages

0c:12:24:b7:f9:7e:d7:38:22:d2:69:1f:c9:70:84:23:55:69:b9:1fSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

d3d9

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

msvcp120

msvcr120

ws2_32

imm32

winmm

Exports

Exports

Sections

.text Size: 11.8MB - Virtual size: 11.8MB

.rdata Size: 6.7MB - Virtual size: 6.7MB

.data Size: 93KB - Virtual size: 111KB

.pdata Size: 632KB - Virtual size: 632KB

.idata Size: 26KB - Virtual size: 25KB

.tls Size: 1024B - Virtual size: 771B

.qtmetad Size: 1024B - Virtual size: 947B

_RDATA Size: 1024B - Virtual size: 582B

.rsrc Size: 181KB - Virtual size: 180KB

.reloc Size: 105KB - Virtual size: 104KB

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2
Certificate

31:30:97:16:3b:bd:aa:25:9d:94:29:54:01:ba:4e:53
Certificate

0c:12:24:b7:f9:7e:d7:38:22:d2:69:1f:c9:70:84:23:55:69:b9:1f
Signer

.text
Size: 11.8MB - Virtual size: 11.8MB

.rdata
Size: 6.7MB - Virtual size: 6.7MB

.data
Size: 93KB - Virtual size: 111KB

.pdata
Size: 632KB - Virtual size: 632KB

.idata
Size: 26KB - Virtual size: 25KB

.tls
Size: 1024B - Virtual size: 771B

.qtmetad
Size: 1024B - Virtual size: 947B

_RDATA
Size: 1024B - Virtual size: 582B

.rsrc
Size: 181KB - Virtual size: 180KB

.reloc
Size: 105KB - Virtual size: 104KB