ErrorMonitor[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

ErrorMonitor.exe
Size

3.9MB
MD5

4d11e0433c770df3b7c6c4a775c2cf6f
SHA1

1e8fafc2bd38bdbedf7d0fb6034550aa20ba80aa
SHA256

bcac98d28df583999f73e50e3b1b5afc343d826eb9fb35cdc64fb0a2aecea6a6
SHA512

3dfaeb9fa9961d2233bf43e571b95789f7eac33ab95b668bf065f65b206314a80875b029566752b4c7012993b0d2ed4df0985a779a15fdb203c370c439495915
SSDEEP

49152:NkZ3ZWjslNeMHqU65Cw+Vzikam8OGX60cWx/S9d7b641YpeTqTuNzWMHvP/d4enV:NkZ3ZLNPz65Cw+Y/m8Dklb641YUnp4k

Score

1^/10

Malware Config

Signatures

Files

ErrorMonitor.exe
.exe windows:6 windows x86 arch:x86

c63b502775ce7787b12117a8b2cb5fe4

Code Sign

54:7a:4b:d0:88:9d:3b:3a:47:cb:e4:b6
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

04/09/2023, 11:26

Not After

04/09/2024, 11:26

Subject

SERIALNUMBER=1037816024883,CN=LESTA LLC,O=LESTA LLC,STREET=Karl Faberge Square\, 8B room 40n,L=Saint Petersburg,ST=Saint Petersburg,C=RU,1.3.6.1.4.1.311.60.2.1.2=#13105361696e742050657465727362757267,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6a
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:45

Not After

08/05/2033, 07:45

Subject

CN=Globalsign TSA for CodeSign1 - R6,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

d2:3f:63:92:fe:ca:43:5a:c0:1f:aa:ce:1e:ef:a5:c7:99:97:a7:59:6b:11:a4:d9:86:cb:7d:d9:1e:4d:45:fc
Signer

Actual PE Digest

d2:3f:63:92:fe:ca:43:5a:c0:1f:aa:ce:1e:ef:a5:c7:99:97:a7:59:6b:11:a4:d9:86:cb:7d:d9:1e:4d:45:fc

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Imports

dbghelp

MiniDumpWriteDump
ImageNtHeader

powrprof

CallNtPowerInformation

ws2_32

listen
htonl
accept
select
__WSAFDIsSet
inet_ntop
inet_pton
WSAIoctl
WSASetLastError
socket
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
getaddrinfo
bind
recv
closesocket
WSAWaitForMultipleEvents
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
send
WSAStartup
WSACleanup
WSAGetLastError
freeaddrinfo
ioctlsocket
connect

advapi32

CryptEnumProvidersW
CryptSignHashW
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptAcquireContextW
ReportEventW
RegisterEventSourceW
GetUserNameW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegQueryValueExA
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
DeregisterEventSource

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

dxgi

CreateDXGIFactory1

bcrypt

BCryptOpenAlgorithmProvider
BCryptGenRandom
BCryptCloseAlgorithmProvider

kernel32

RaiseException
SetUnhandledExceptionFilter
RemoveVectoredExceptionHandler
AddVectoredContinueHandler
WaitForSingleObject
FindClose
FindFirstFileW
RtlCaptureStackBackTrace
VerSetConditionMask
GetEnvironmentVariableW
SetEnvironmentVariableW
GetDiskFreeSpaceExW
CloseHandle
SetLastError
CreateProcessW
GetProcessId
GlobalMemoryStatusEx
GetComputerNameExW
ReadProcessMemory
GetModuleHandleA
GetModuleHandleExW
GetProcAddress
LoadLibraryW
K32EnumProcessModules
K32GetProcessMemoryInfo
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
DeleteFileW
FindNextFileW
FlushFileBuffers
GetFileSize
GetFileSizeEx
GetFileTime
ReadFile
RemoveDirectoryW
WriteFile
K32GetModuleFileNameExW
GetProcessTimes
InitializeCriticalSectionEx
DecodePointer
DeleteCriticalSection
DuplicateHandle
ConnectNamedPipe
DisconnectNamedPipe
CreateNamedPipeW
GetOverlappedResult
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
ResetEvent
ReleaseMutex
CreateMutexW
CreateEventW
Sleep
GetExitCodeProcess
UnregisterWaitEx
RegisterWaitForSingleObject
UnregisterWait
SetNamedPipeHandleState
TransactNamedPipe
WaitNamedPipeW
WaitForMultipleObjects
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
InitializeCriticalSectionAndSpinCount
SleepEx
TlsGetValue
TlsSetValue
OpenFileMappingA
VerifyVersionInfoW
IsDebuggerPresent
GetVersion
GetSystemInfo
VirtualQueryEx
SuspendThread
ResumeThread
GetThreadContext
IsProcessorFeaturePresent
GetTimeZoneInformation
GetStdHandle
GetFileType
SetEndOfFile
SetFilePointerEx
GetThreadLocale
GetSystemDefaultLCID
GetUserDefaultLCID
GetFileInformationByHandle
FileTimeToSystemTime
CreateFileA
SetFilePointer
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
QueryPerformanceFrequency
GetSystemDirectoryA
FreeLibrary
LoadLibraryA
MultiByteToWideChar
QueryPerformanceCounter
GetTickCount
MoveFileExA
WaitForSingleObjectEx
GetEnvironmentVariableA
GetCurrentDirectoryW
CreateDirectoryW
GetFileAttributesW
GetFileAttributesExW
GetFullPathNameW
SetFileAttributesW
DeviceIoControl
GetWindowsDirectoryW
CreateDirectoryExW
CopyFileExW
MoveFileExW
AreFileApisANSI
DeleteFiber
ConvertFiberToThread
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
GetExitCodeThread
CloseThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolWork
FreeLibraryWhenCallbackReturns
GetStringTypeW
InitOnceComplete
InitOnceBeginInitialize
SleepConditionVariableSRW
SleepConditionVariableCS
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
TryEnterCriticalSection
InitializeSRWLock
RtlCaptureContext
WideCharToMultiByte
FormatMessageW
FormatMessageA
TlsFree
TlsAlloc
GetCurrentThreadId
MulDiv
LocalFree
LocalUnlock
LocalLock
LocalAlloc
GetModuleHandleW
GetLocalTime
OpenProcess
GetLastError
TerminateProcess
GetCurrentProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
CreateFileW
GetCommandLineW
OpenEventW
SetEvent
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesW
HeapSize
EncodePointer
CompareStringEx
GetCPInfo
GetDateFormatW
SetStdHandle
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
WriteConsoleW
OutputDebugStringW
CreateMutexA
LCMapStringEx
GetLocaleInfoEx
InitializeSListHead
UnhandledExceptionFilter
GetStartupInfoW
InterlockedPushEntrySList
RtlUnwind
HeapAlloc
HeapReAlloc
HeapFree
GetConsoleOutputCP
GetModuleFileNameW
LoadLibraryExW
CreateThread
ExitThread
FreeLibraryAndExitThread
SetConsoleCtrlHandler
GetDriveTypeW
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
ExitProcess

user32

EnumDisplaySettingsW
GetWindowThreadProcessId
EnumWindows
SystemParametersInfoW
IsDialogMessageW
DestroyIcon
LoadIconW
LoadCursorW
GetLastActivePopup
GetParent
SetWindowLongW
GetWindowLongW
PtInRect
SetRect
FillRect
EnumDisplayDevicesW
ClientToScreen
SetCursor
GetClientRect
GetWindowTextW
GetProcessWindowStation
InvalidateRect
EndPaint
BeginPaint
GetDC
DrawTextW
DrawIcon
EnableMenuItem
GetSystemMenu
EnableWindow
KillTimer
SetTimer
GetActiveWindow
SetFocus
GetDialogBaseUnits
GetDlgItem
CreateDialogIndirectParamW
MoveWindow
DestroyWindow
WaitMessage
SendMessageW
PeekMessageW
LoadStringW
GetDesktopWindow
GetWindowRect
SetForegroundWindow
IsWindowVisible
IsWindow
LoadImageW
GetSystemMetrics
SetWindowPos
PostQuitMessage
DispatchMessageW
TranslateMessage
GetMessageW
IsHungAppWindow
GetUserObjectInformationW
MessageBoxW
SetWindowTextW
GetSysColor

gdi32

DeleteDC
CreateCompatibleDC
GetDeviceCaps
CreateDCW
CreateFontIndirectW
CreateSolidBrush
DeleteObject
GetStockObject
GetTextExtentPoint32W
SelectObject
SetBkColor
SetBkMode
SetTextColor
GetTextMetricsW

shell32

ShellExecuteExW
ShellExecuteW
CommandLineToArgvW
ord190
ord155
SHOpenFolderAndSelectItems
SHGetSpecialFolderPathW

ole32

CoInitializeEx
CoSetProxyBlanket
CoInitialize
CoCreateInstance
CoUninitialize

oleaut32

SysStringLen
SysAllocString
VariantClear
VariantInit
SysFreeString

crypt32

CertGetCertificateContextProperty
CertDuplicateCertificateContext
CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptStringToBinaryA
PFXImportCertStore
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringA
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain

Exports

Exports

?$TSS0@?1??create@?$StaticObject@UVersions@detail@cereal@@@detail@cereal@@CAAAUVersions@34@XZ@4HA
?$TSS0@?1??lock@?$StaticObject@UVersions@detail@cereal@@@detail@cereal@@SA?AVLockGuard@234@XZ@4HA
??4?$StaticObject@UVersions@detail@cereal@@@detail@cereal@@QAEAAV012@ABV012@@Z
?create@?$StaticObject@UVersions@detail@cereal@@@detail@cereal@@CAAAUVersions@23@XZ
?getInstance@?$StaticObject@UVersions@detail@cereal@@@detail@cereal@@SAAAUVersions@23@XZ
?instance@?$StaticObject@UVersions@detail@cereal@@@detail@cereal@@0AAUVersions@23@A
?instanceMutex@?1??lock@?$StaticObject@UVersions@detail@cereal@@@detail@cereal@@SA?AVLockGuard@234@XZ@4Vmutex@std@@A
?lock@?$StaticObject@UVersions@detail@cereal@@@detail@cereal@@SA?AVLockGuard@123@XZ
?t@?1??create@?$StaticObject@UVersions@detail@cereal@@@detail@cereal@@CAAAUVersions@34@XZ@4U534@A

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 774KB - Virtual size: 774KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 92KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 131KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c63b502775ce7787b12117a8b2cb5fe4

Code Sign

54:7a:4b:d0:88:9d:3b:3a:47:cb:e4:b6Certificate

Extended Key Usages

Key Usages

01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6aCertificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51Certificate

Key Usages

d2:3f:63:92:fe:ca:43:5a:c0:1f:aa:ce:1e:ef:a5:c7:99:97:a7:59:6b:11:a4:d9:86:cb:7d:d9:1e:4d:45:fcSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

dbghelp

powrprof

ws2_32

advapi32

version

dxgi

bcrypt

kernel32

user32

gdi32

shell32

ole32

oleaut32

crypt32

Exports

Exports

Sections

.text Size: 2.9MB - Virtual size: 2.9MB

.rdata Size: 774KB - Virtual size: 774KB

.data Size: 92KB - Virtual size: 111KB

.rsrc Size: 46KB - Virtual size: 46KB

.reloc Size: 131KB - Virtual size: 130KB

54:7a:4b:d0:88:9d:3b:3a:47:cb:e4:b6
Certificate

01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6a
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

d2:3f:63:92:fe:ca:43:5a:c0:1f:aa:ce:1e:ef:a5:c7:99:97:a7:59:6b:11:a4:d9:86:cb:7d:d9:1e:4d:45:fc
Signer

.text
Size: 2.9MB - Virtual size: 2.9MB

.rdata
Size: 774KB - Virtual size: 774KB

.data
Size: 92KB - Virtual size: 111KB

.rsrc
Size: 46KB - Virtual size: 46KB

.reloc
Size: 131KB - Virtual size: 130KB