130ebc6c889faf3b08b4246553442c43857d626a7a94e2e95eddb5fc542afe5c[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

130ebc6c889faf3b08b4246553442c43857d626a7a94e2e95eddb5fc542afe5c.exe
Size

4.3MB
MD5

db1a819b496c77c1c777fbea357452c0
SHA1

4a88f0bcdec917cbacd425890620a4bcb10dfaa5
SHA256

130ebc6c889faf3b08b4246553442c43857d626a7a94e2e95eddb5fc542afe5c
SHA512

b86250b78cfc2bcd12b495d1ae715a5e5470b805f25247559b583aaac861ae39ed117efebb1e7d071f00821e3644d51d7915c20e82554df77ba1443fedc9c733
SSDEEP

49152:eKATgZ2zZtN8Gv4LnJhUmvmpb3qTE1mZMZJ5su4N49S7kAz3:vSgSMmNkgRJaNsAz3

Score

1^/10

Malware Config

Signatures

Files

130ebc6c889faf3b08b4246553442c43857d626a7a94e2e95eddb5fc542afe5c.exe
.exe windows:6 windows x64 arch:x64

57e60dcaa9cd645944fb3a5cf088da72

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:01:94:cd:1e:31:42:20:51:35:d1:c6:36:e4:e9:ba
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

18/10/2022, 00:00

Not After

15/10/2025, 23:59

Subject

CN=NVIDIA Corporation,OU=1-F,O=NVIDIA Corporation,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:01:09:5e:de:a2:12:7e:92:81:cc:00:00:00:00:01:09
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

14/09/2023, 19:14

Not After

04/09/2024, 19:14

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/04/2012, 23:48

Not After

18/04/2027, 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6f:2b:a7:f6:6d:1f:7f:e6:81:46:63:11:b5:b7:8a:51:15:c3:18:5b:43:6f:90:5f:53:13:0c:84:cd:18:5d:b6
Signer

Actual PE Digest

6f:2b:a7:f6:6d:1f:7f:e6:81:46:63:11:b5:b7:8a:51:15:c3:18:5b:43:6f:90:5f:53:13:0c:84:cd:18:5d:b6

Digest Algorithm

sha256

PE Digest Matches

true

6f:2b:a7:f6:6d:1f:7f:e6:81:46:63:11:b5:b7:8a:51:15:c3:18:5b:43:6f:90:5f:53:13:0c:84:cd:18:5d:b6
Signer

Actual PE Digest

6f:2b:a7:f6:6d:1f:7f:e6:81:46:63:11:b5:b7:8a:51:15:c3:18:5b:43:6f:90:5f:53:13:0c:84:cd:18:5d:b6

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\dvs\p4\build\sw\rel\gpu_drv\r535\r535_00\drivers\nvwmi\_out\wddm2_amd64_release\nvwmi64.pdb

Imports

kernel32

TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
RtlCaptureContext
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
CreateThread
ExitThread
ResumeThread
FreeLibraryAndExitThread
GetModuleHandleExW
GetCurrentThread
HeapAlloc
HeapFree
GetStdHandle
GetFileType
GetStartupInfoW
ExitProcess
GetSystemTimeAsFileTime
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetConsoleCtrlHandler
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetStringTypeW
MultiByteToWideChar
GetProcessHeap
WideCharToMultiByte
GetFileSizeEx
SetFilePointerEx
SetStdHandle
WriteFile
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetModuleFileNameW
ReadFile
ReadConsoleW
OutputDebugStringW
HeapSize
HeapReAlloc
CreateFileW
FormatMessageW
InitializeSListHead
QueryPerformanceCounter
InitializeCriticalSectionAndSpinCount
FormatMessageA
SetCurrentDirectoryW
GetCurrentDirectoryW
CreateDirectoryW
DeleteFileW
FindClose
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
GetFileInformationByHandle
GetFullPathNameW
RemoveDirectoryW
SetEndOfFile
SetFileAttributesW
SetFileTime
GetTempPathW
AreFileApisANSI
DeviceIoControl
CreateDirectoryExW
CopyFileW
MoveFileExW
CreateHardLinkW
SwitchToThread
GetTickCount
ConnectNamedPipe
DisconnectNamedPipe
CreateNamedPipeW
GetLocalTime
FindFirstFileW
LoadLibraryW
WaitNamedPipeW
CreateFileA
DeleteFileA
FileTimeToLocalFileTime
LocalFileTimeToFileTime
SetFileInformationByHandle
SetFilePointer
GetTempPathA
GetTempFileNameA
FileTimeToDosDateTime
DosDateTimeToFileTime
GetFileInformationByHandleEx
QueryPerformanceFrequency
CreateProcessA
GetModuleFileNameA
LocalAlloc
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
PeekNamedPipe
GetDriveTypeW
RtlUnwind
EncodePointer
SetLastError
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwindEx
RtlLookupFunctionEntry
RtlPcToFileHeader
InitializeCriticalSectionEx
RaiseException
DecodePointer
LocalFree
GetTimeFormatW
K32GetProcessImageFileNameW
K32GetModuleBaseNameW
K32EnumProcessModules
K32EnumProcesses
VerifyVersionInfoW
GetProcAddress
GetDateFormatW
GetTimeZoneInformation
FileTimeToSystemTime
GetCurrentProcessId
SystemTimeToTzSpecificLocalTime
ProcessIdToSessionId
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
VerSetConditionMask
WTSGetActiveConsoleSessionId
QueryFullProcessImageNameW
GetModuleHandleW
OpenProcess
GetCurrentProcess
SignalObjectAndWait
CreateEventW
ResetEvent
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetCommandLineW
RegisterWaitForSingleObject
Sleep
OpenEventW
CreateMutexW
ReleaseMutex
SetEvent
GetSystemDirectoryW
CreateProcessW
WaitForSingleObject
GetLastError
CloseHandle
GetCurrentThreadId
WriteConsoleW
GetFileAttributesW
WaitForSingleObjectEx

user32

ChangeDisplaySettingsExA
GetMessageW
TranslateMessage
DispatchMessageW
GetThreadDesktop
GetUserObjectInformationW
UnregisterClassW
SendMessageW
EnumDisplayDevicesW
OpenInputDesktop
RegisterDeviceNotificationW
UnregisterDeviceNotification
PostMessageW
DefWindowProcW
RegisterClassW
CreateWindowExW
DestroyWindow
CloseDesktop
SetThreadDesktop
LoadIconW
OpenDesktopW
LoadStringW
LoadCursorW

gdi32

DeleteDC
GetDeviceGammaRamp
SetDeviceGammaRamp
CreateDCA

advapi32

RegDisablePredefinedCacheEx
ImpersonateLoggedOnUser
PerfSetULongCounterValue
PerfDeleteInstance
PerfCreateInstance
PerfSetCounterSetInfo
PerfStopProvider
PerfStartProvider
CreateProcessWithTokenW
LookupAccountSidW
GetTokenInformation
StartServiceCtrlDispatcherW
SetServiceStatus
RegisterServiceCtrlHandlerExW
QueryServiceStatus
OpenServiceW
OpenSCManagerW
DeleteService
CreateServiceW
ControlService
CloseServiceHandle
ChangeServiceConfig2W
ChangeServiceConfigW
RegGetValueW
RegSetKeyValueW
RegSetValueExW
RegOpenKeyExW
SetTokenInformation
DuplicateTokenEx
OpenProcessToken
CreateProcessAsUserW
RegCloseKey
RegCreateKeyExW
DeregisterEventSource
RegisterEventSourceW
ReportEventW
RegQueryValueExW
RevertToSelf

shell32

CommandLineToArgvW
SHGetFolderPathA
SHGetFolderPathW

ole32

CoUninitialize
CoInitializeEx
CoInitializeSecurity
CoCreateInstance

oleaut32

CreateErrorInfo
SetErrorInfo
GetErrorInfo
SafeArrayCreateVector
SafeArrayPutElement
SafeArrayDestroy
SafeArrayCreate
SafeArrayUnaccessData
SafeArrayAccessData
SysStringByteLen
VariantChangeType
VariantCopy
VariantClear
VariantInit
SysAllocString
SysFreeString
SysStringLen

shlwapi

PathFindExtensionW
PathFindFileNameW
StrStrIW
PathAddBackslashW
PathAppendA
PathIsFileSpecW
PathAddExtensionW
PathAppendW
PathFindExtensionA
PathFileExistsW

wtsapi32

WTSFreeMemory
WTSEnumerateSessionsW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

cabinet

ord23
ord10
ord11
ord13
ord14
ord20
ord22

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

cfgmgr32

CM_Register_Notification
CM_Unregister_Notification

Sections

.text
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 53KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 215KB - Virtual size: 215KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 180KB - Virtual size: 179KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

57e60dcaa9cd645944fb3a5cf088da72

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0d:01:94:cd:1e:31:42:20:51:35:d1:c6:36:e4:e9:baCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

33:00:00:01:09:5e:de:a2:12:7e:92:81:cc:00:00:00:00:01:09Certificate

Extended Key Usages

61:0b:aa:c1:00:00:00:00:00:09Certificate

Key Usages

6f:2b:a7:f6:6d:1f:7f:e6:81:46:63:11:b5:b7:8a:51:15:c3:18:5b:43:6f:90:5f:53:13:0c:84:cd:18:5d:b6Signer

6f:2b:a7:f6:6d:1f:7f:e6:81:46:63:11:b5:b7:8a:51:15:c3:18:5b:43:6f:90:5f:53:13:0c:84:cd:18:5d:b6Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

wtsapi32

version

cabinet

userenv

cfgmgr32

Sections

.text Size: 2.8MB - Virtual size: 2.8MB

.rdata Size: 1.0MB - Virtual size: 1.0MB

.data Size: 53KB - Virtual size: 101KB

.pdata Size: 215KB - Virtual size: 215KB

_RDATA Size: 512B - Virtual size: 148B

.rsrc Size: 180KB - Virtual size: 179KB

.reloc Size: 13KB - Virtual size: 12KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0d:01:94:cd:1e:31:42:20:51:35:d1:c6:36:e4:e9:ba
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

33:00:00:01:09:5e:de:a2:12:7e:92:81:cc:00:00:00:00:01:09
Certificate

61:0b:aa:c1:00:00:00:00:00:09
Certificate

6f:2b:a7:f6:6d:1f:7f:e6:81:46:63:11:b5:b7:8a:51:15:c3:18:5b:43:6f:90:5f:53:13:0c:84:cd:18:5d:b6
Signer

6f:2b:a7:f6:6d:1f:7f:e6:81:46:63:11:b5:b7:8a:51:15:c3:18:5b:43:6f:90:5f:53:13:0c:84:cd:18:5d:b6
Signer

.text
Size: 2.8MB - Virtual size: 2.8MB

.rdata
Size: 1.0MB - Virtual size: 1.0MB

.data
Size: 53KB - Virtual size: 101KB

.pdata
Size: 215KB - Virtual size: 215KB

_RDATA
Size: 512B - Virtual size: 148B

.rsrc
Size: 180KB - Virtual size: 179KB

.reloc
Size: 13KB - Virtual size: 12KB