EmptyStandbyList[.]exe

Resubmissions

14/06/2024, 14:55

240614-sae5msyhkl 1

Sharing

Copy URL

Twitter E-mail

General

Target

EmptyStandbyList.exe
Size

136KB
MD5

3555e25964bf8e983e863daaf1e4d0d6
SHA1

de5133bdbb40cfb0119dec5ac54dfbbff21b47d0
SHA256

6d2b18f8a8ba787d3fa4c6e36ed6c7af66b10083ce555a21ec24b2ada3821cbe
SHA512

c0c9d78ea79ca4e06716dab2497843c730e53101872f855671423b5feff0ce06e1db0519fe7710f673b21ae6cd51e6eba443697ef8798e755868f39282c2ac54
SSDEEP

3072:iOXQAmidaOUNM18K6QgNjgO+SkNn6P7Q2k/9KORSGhY+HlnrLNX2z4Yb15qDxG1:1vzUN12gNk8kNXD4

Score

1^/10

Malware Config

Signatures

Files

EmptyStandbyList.exe
.exe windows:6 windows x86 arch:x86

ede74345354aaddd93e9ce5d8e8b1431

Code Sign

04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2f
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2013, 00:00

Not After

04/01/2017, 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e2:6c:75:f3:b8:e8:f8:7e:b4:72:02:66:a5:5e:d6:e0:8d:ea:9d:74
Signer

Actual PE Digest

e2:6c:75:f3:b8:e8:f8:7e:b4:72:02:66:a5:5e:d6:e0:8d:ea:9d:74

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\projects\TestPh\Release\TestPh.pdb

Imports

ntdll

RtlNtStatusToDosError
RtlFindMessage
RtlInterlockedPopEntrySList
RtlMultiByteToUnicodeSize
RtlMultiByteToUnicodeN
RtlInitializeSListHead
RtlInterlockedPushEntrySList
RtlRaiseStatus
NtReleaseSemaphore
NtCreateKeyedEvent
NtWaitForKeyedEvent
NtReleaseKeyedEvent
RtlCreateHeap
RtlGetVersion
RtlReleasePrivilege
RtlAcquirePrivilege
RtlLengthSecurityDescriptor
RtlAllocateHeap
RtlUpcaseUnicodeChar
NtSetInformationFile
RtlUnwind
NtWaitForSingleObject
NtFreeVirtualMemory
NtSetSystemInformation
NtQuerySystemInformation
NtCreateSemaphore
NtQueryInformationToken
NtOpenProcessToken
RtlFreeHeap
NtWriteFile
NtDeviceIoControlFile
NtClose

kernel32

IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
IsProcessorFeaturePresent
TerminateProcess
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetModuleFileNameW
FindFirstFileExW
FindNextFileW
GetEnvironmentStringsW
FreeEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
TlsFree
FreeLibrary
LoadLibraryExW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetStringTypeW
MultiByteToWideChar
GetACP
RaiseException
GetStdHandle
WideCharToMultiByte
GetModuleHandleExW
GetCommandLineA
GetCommandLineW
CompareStringW
LCMapStringW
GetFileType
DecodePointer
GetCPInfo
IsValidCodePage
GetOEMCP
CloseHandle
FindClose
GetCurrentProcess
SetLastError
TlsGetValue
TlsAlloc
TlsSetValue
GetSystemDefaultLangID
GetUserDefaultLangID
LocalAlloc
GetTickCount
HeapFree
HeapAlloc
QueryPerformanceCounter
GetProcAddress
GetModuleHandleW
ExitProcess
GetLastError
WriteFile
CreateFileW
SetEnvironmentVariableW
SetStdHandle
GetProcessHeap
FlushFileBuffers
GetConsoleCP
GetConsoleMode
HeapSize
HeapReAlloc
SetFilePointerEx
WriteConsoleW

advapi32

SystemFunction036

Sections

.text
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

ede74345354aaddd93e9ce5d8e8b1431

Code Sign

04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2fCertificate

Extended Key Usages

Key Usages

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9Certificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

e2:6c:75:f3:b8:e8:f8:7e:b4:72:02:66:a5:5e:d6:e0:8d:ea:9d:74Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntdll

kernel32

advapi32

Sections

.text Size: 76KB - Virtual size: 76KB

.rdata Size: 36KB - Virtual size: 36KB

.data Size: 9KB - Virtual size: 17KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 5KB - Virtual size: 5KB

04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2f
Certificate

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

e2:6c:75:f3:b8:e8:f8:7e:b4:72:02:66:a5:5e:d6:e0:8d:ea:9d:74
Signer

.text
Size: 76KB - Virtual size: 76KB

.rdata
Size: 36KB - Virtual size: 36KB

.data
Size: 9KB - Virtual size: 17KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 5KB - Virtual size: 5KB