07be0e6eac3a84a10945087dfc1b16d1cefd3c9a1d5c83c770e0e7191e56f7d7[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

07be0e6eac3a84a10945087dfc1b16d1cefd3c9a1d5c83c770e0e7191e56f7d7.exe
Size

833KB
MD5

f72197f716ffea4d0a605b181d5543e0
SHA1

1251f31e5aa4c1e3fad6e46273d28fb428e1e822
SHA256

07be0e6eac3a84a10945087dfc1b16d1cefd3c9a1d5c83c770e0e7191e56f7d7
SHA512

5df1b58d9b7f0a9785e9249504fe9245c0cb7a09b9257147d5c96433cefa2e069fa500a4e0ba72ba85122352e9b2f449a4afd4ef70260332d61b3fa226ad93da
SSDEEP

12288:zKYnHshJQE0Wt7+GQrp3K2PIv/HWWTTWIPc45BjvrEH7O:eYHI0MRcIvfxTTWIPc4nrEH7O

Score

1^/10

Malware Config

Signatures

Files

07be0e6eac3a84a10945087dfc1b16d1cefd3c9a1d5c83c770e0e7191e56f7d7.exe
.dll regsvr32 windows:5 windows x86 arch:x86

cadf2bba27f17e468b5567dabf525638

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

19/09/2018, 00:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2e:64:ef:4d:75:be:a7:6b:99:f1:1f:c3
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

25/07/2017, 11:49

Not After

25/07/2020, 11:49

Subject

SERIALNUMBER=CHE-113.666.835,CN=Acronis International GmbH,O=Acronis International GmbH,STREET=Rheinweg 9,L=Schaffhausen,ST=Schaffhausen,C=CH,1.3.6.1.4.1.311.60.2.1.2=#130c53636861666668617573656e,1.3.6.1.4.1.311.60.2.1.3=#13024348,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

19/09/2018, 00:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2e:64:ef:4d:75:be:a7:6b:99:f1:1f:c3
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

25/07/2017, 11:49

Not After

25/07/2020, 11:49

Subject

SERIALNUMBER=CHE-113.666.835,CN=Acronis International GmbH,O=Acronis International GmbH,STREET=Rheinweg 9,L=Schaffhausen,ST=Schaffhausen,C=CH,1.3.6.1.4.1.311.60.2.1.2=#130c53636861666668617573656e,1.3.6.1.4.1.311.60.2.1.3=#13024348,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

11:21:b4:55:35:1e:bb:1a:b2:4f:97:ef:07:fe:2a:b3:0b:8a
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for Standard - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

dc:34:0e:2c:d1:9c:18:25:5f:72:1b:af:8f:c5:41:1a:08:66:c6:b0:9f:3f:f9:02:02:78:d9:5f:50:50:25:3a
Signer

Actual PE Digest

dc:34:0e:2c:d1:9c:18:25:5f:72:1b:af:8f:c5:41:1a:08:66:c6:b0:9f:3f:f9:02:02:78:d9:5f:50:50:25:3a

Digest Algorithm

sha256

PE Digest Matches

false

27:b8:50:d9:12:a3:2e:55:46:b9:8e:4c:34:5b:8a:c5:cf:c0:60:b9
Signer

Actual PE Digest

27:b8:50:d9:12:a3:2e:55:46:b9:8e:4c:34:5b:8a:c5:cf:c0:60:b9

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\bs_hudson\workspace\23\exe\vs\release\multi\ti_managers_proxy.pdb

Imports

advapi32

RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegSetValueExW
SystemFunction036
EncryptFileW
DecryptFileW
GetSecurityDescriptorOwner
SetFileSecurityW
GetFileSecurityW
RevertToSelf
SetThreadToken
OpenThreadToken
ImpersonateLoggedOnUser
OpenEncryptedFileRawW
ReadEncryptedFileRaw
WriteEncryptedFileRaw
CloseEncryptedFileRaw
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA
RegQueryValueExW
RegSetKeySecurity
CloseServiceHandle
OpenSCManagerW
OpenServiceW
QueryServiceStatus
SetSecurityInfo
GetTokenInformation
IsValidSid
AllocateAndInitializeSid
FreeSid
GetSidIdentifierAuthority
GetSidSubAuthority
GetSidSubAuthorityCount
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegEnumValueW
RegQueryInfoKeyA

kernel32

DecodePointer
InterlockedIncrement
InterlockedDecrement
FreeLibrary
GetProcAddress
RaiseException
GetLastError
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LoadResource
SizeofResource
lstrcmpiW
LoadLibraryExW
GetModuleFileNameW
GetModuleHandleW
FindResourceW
MultiByteToWideChar
CreateDirectoryW
GetFileAttributesW
GetComputerNameW
EncodePointer
GetThreadLocale
SetThreadLocale
SetErrorMode
GetVersion
LocalFree
FormatMessageA
FormatMessageW
GetModuleHandleA
SetEvent
ResetEvent
WaitForSingleObject
WaitForMultipleObjects
CloseHandle
CreateEventA
InitializeCriticalSection
Sleep
GetCurrentProcessId
GetCurrentProcess
SetUnhandledExceptionFilter
GetCurrentThreadId
CreateFileW
GetLogicalDrives
FindClose
GetDriveTypeA
GetWindowsDirectoryW
GetCurrentDirectoryW
GetProcessWorkingSetSize
SetProcessWorkingSetSize
SetLastError
LockFileEx
UnlockFileEx
WriteFile
ReadFile
FlushFileBuffers
DeviceIoControl
SetEndOfFile
SetFilePointer
SetFileTime
GetFileInformationByHandle
GetDriveTypeW
GetTempPathW
GetDiskFreeSpaceW
GetDiskFreeSpaceExW
RemoveDirectoryW
SetFileAttributesW
GetCompressedFileSizeW
DeleteFileW
FindFirstFileW
FindNextFileW
MoveFileW
MoveFileExW
CreateHardLinkW
GetVolumeInformationW
FindFirstChangeNotificationW
GetVolumeNameForVolumeMountPointW
GetVolumePathNameW
CompareStringW
FindNextChangeNotification
FindCloseChangeNotification
LockResource
GetCurrentThread
ExitThread
LoadLibraryA
ExpandEnvironmentStringsW
FindResourceExW
EnumResourceNamesW
EnumResourceLanguagesW
QueryDosDeviceA
GetSystemDefaultLangID
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetFileTime
BackupRead
BackupSeek
BackupWrite
GetFileAttributesExW
GetLocaleInfoA
GetUserDefaultUILanguage
LocalAlloc
InterlockedExchange
LoadLibraryW
LoadLibraryExA
OutputDebugStringA
WideCharToMultiByte
GetDateFormatW
GetTimeFormatW
GetLocaleInfoW
FileTimeToSystemTime
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
GetSystemTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
CreateSemaphoreA
ReleaseSemaphore
LCMapStringW
LCMapStringA
OutputDebugStringW
QueryPerformanceCounter
IsProcessorFeaturePresent
IsDebuggerPresent

user32

IsCharAlphaNumericW
IsCharAlphaW
CharNextW
wsprintfW
CreateWindowExA
RegisterClassExA
DefWindowProcA
DispatchMessageA
TranslateMessage
GetMessageA
CharUpperBuffW

shell32

ShellExecuteExW
SHFileOperationW
SHGetMalloc
SHGetPathFromIDListW
SHGetFolderPathW
SHGetDesktopFolder

mpr

WNetGetUniversalNameW
WNetAddConnection3W
WNetCancelConnection2W
WNetOpenEnumW
WNetEnumResourceW
WNetCloseEnum

ole32

CoCreateInstance
StringFromGUID2
CoInitialize
CoUninitialize
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateFreeThreadedMarshaler
CoInitializeEx
CoTaskMemFree

oleaut32

VariantChangeType
VariantClear
VariantInit
SafeArrayUnaccessData
SafeArrayAccessData
UnRegisterTypeLi
RegisterTypeLi
SafeArrayUnlock
SafeArrayLock
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayDestroy
SafeArrayCreate
SysAllocString
LoadRegTypeLi
LoadTypeLi
VarUI4FromStr
SysStringLen
SysFreeString
SysAllocStringLen

msvcr120

_strnicmp
__clean_type_info_names_internal
_except_handler4_common
_initterm_e
_initterm
_malloc_crt
_amsg_exit
__CppXcptFilter
__lconv_init
??1type_info@@UAE@XZ
__crtTerminateProcess
__crtUnhandledException
_crt_debugger_hook
_onexit
__dllonexit
_calloc_crt
_unlock
_lock
?terminate@@YAXXZ
strtoul
??3@YAXPAX@Z
_purecall
??2@YAPAXI@Z
free
malloc
_recalloc
memcpy_s
memmove
wcsncpy_s
wcsstr
??_V@YAXPAX@Z
??_U@YAPAXI@Z
_time64
_CxxThrowException
__CxxFrameHandler3
memcpy
memset
??0exception@std@@QAE@XZ
??0exception@std@@QAE@ABV01@@Z
??1exception@std@@UAE@XZ
wcscat_s
wcscpy_s
_set_invalid_parameter_handler
_get_invalid_parameter_handler
sscanf
sprintf
_wtoi
rand
srand
_beginthreadex
_wcstoui64
wcschr
strncpy
wcstol
swscanf

msvcp120

?_Xlength_error@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPBD@Z
?_Syserror_map@std@@YAPBDH@Z
?_Winerror_map@std@@YAPBDH@Z
?_Xbad_function_call@std@@YAXXZ

dbghelp

MiniDumpWriteDump

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 339KB - Virtual size: 339KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 299KB - Virtual size: 298KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cadf2bba27f17e468b5567dabf525638

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6aCertificate

Key Usages

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14Certificate

Extended Key Usages

Key Usages

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0fCertificate

Extended Key Usages

Key Usages

2e:64:ef:4d:75:be:a7:6b:99:f1:1f:c3Certificate

Extended Key Usages

Key Usages

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6aCertificate

Key Usages

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0fCertificate

Extended Key Usages

Key Usages

2e:64:ef:4d:75:be:a7:6b:99:f1:1f:c3Certificate

Extended Key Usages

Key Usages

11:21:b4:55:35:1e:bb:1a:b2:4f:97:ef:07:fe:2a:b3:0b:8aCertificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

dc:34:0e:2c:d1:9c:18:25:5f:72:1b:af:8f:c5:41:1a:08:66:c6:b0:9f:3f:f9:02:02:78:d9:5f:50:50:25:3aSigner

27:b8:50:d9:12:a3:2e:55:46:b9:8e:4c:34:5b:8a:c5:cf:c0:60:b9Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

user32

shell32

mpr

ole32

oleaut32

msvcr120

msvcp120

dbghelp

Exports

Exports

Sections

.text Size: 339KB - Virtual size: 339KB

.rdata Size: 299KB - Virtual size: 298KB

.data Size: 9KB - Virtual size: 11KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 17KB - Virtual size: 17KB

.reloc Size: 23KB - Virtual size: 22KB

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

2e:64:ef:4d:75:be:a7:6b:99:f1:1f:c3
Certificate

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

2e:64:ef:4d:75:be:a7:6b:99:f1:1f:c3
Certificate

11:21:b4:55:35:1e:bb:1a:b2:4f:97:ef:07:fe:2a:b3:0b:8a
Certificate

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

dc:34:0e:2c:d1:9c:18:25:5f:72:1b:af:8f:c5:41:1a:08:66:c6:b0:9f:3f:f9:02:02:78:d9:5f:50:50:25:3a
Signer

27:b8:50:d9:12:a3:2e:55:46:b9:8e:4c:34:5b:8a:c5:cf:c0:60:b9
Signer

.text
Size: 339KB - Virtual size: 339KB

.rdata
Size: 299KB - Virtual size: 298KB

.data
Size: 9KB - Virtual size: 11KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 17KB - Virtual size: 17KB

.reloc
Size: 23KB - Virtual size: 22KB