619e0de90e36ebfd7ac2ecfa1f061e80N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

619e0de90e36ebfd7ac2ecfa1f061e80N.exe
Size

1.3MB
MD5

619e0de90e36ebfd7ac2ecfa1f061e80
SHA1

8a425885c37cb1956134a40de6cb0669716117fe
SHA256

0d8da1ad4508a7bac58e7b8f1c58231e1fb1868b581b5fc0f117991590969ec5
SHA512

7bfa3cbbbfeeebb60152d5e0a46fd47da0491cd2ad9530d78af3cf28dcfa952e3d49d28081e5f0a4a4b2ba5aed8295141a831b6e014f538dc910773ec7fbd022
SSDEEP

24576:y1FCKisuEMfumVLFMnGC786TQkh4lZ181gCOrPdIdXh:eCRsuOsunGC7pXIZWyrPdUXh

Score

1^/10

Malware Config

Signatures

Files

619e0de90e36ebfd7ac2ecfa1f061e80N.exe
.dll windows:6 windows x64 arch:x64

15027fcca928a02026d128c2183b3129

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

02:92:61:fa:48:6b:16:10:71:3a:4c:b9:ec:7e:6c:42
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

01/03/2022, 00:00

Not After

23/04/2025, 23:59

Subject

CN=STARDOCK SYSTEMS\, INC.,O=STARDOCK SYSTEMS\, INC.,L=Plymouth,ST=Michigan,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ae:9e:c7:e8:69:88:07:5a:a4:58:d0:ad:41:52:10:34:03:e4:74:10
Signer

Actual PE Digest

ae:9e:c7:e8:69:88:07:5a:a4:58:d0:ad:41:52:10:34:03:e4:74:10

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

d:\Jenkins\SAS Redistributable\workspace\src\Binary\Release\SdAppServices_x64.pdb

Imports

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

kernel32

GetLastError
GetTickCount
GlobalFree
AddAtomA
Sleep
WaitForMultipleObjects
VerSetConditionMask
VerifyVersionInfoW
LoadLibraryW
GetProcAddress
QueryPerformanceCounter
QueryPerformanceFrequency
SetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
ReadFile
GetCurrentDirectoryW
CreateProcessA
SetHandleInformation
CreatePipe
GetCurrentProcessId
ResetEvent
SetEvent
CreateEventW
FreeLibraryAndExitThread
MultiByteToWideChar
WideCharToMultiByte
lstrlenW
ReleaseMutex
WaitForSingleObject
GetComputerNameW
CreateMutexW
lstrlenA
lstrcmpA
GetComputerNameA
FileTimeToSystemTime
FindClose
FindFirstFileW
LocalFree
LocalAlloc
GetModuleFileNameW
GetModuleHandleExA
CreateDirectoryW
SetFilePointerEx
ReadConsoleW
DeleteFileW
GetConsoleMode
GetConsoleCP
WriteFile
HeapFree
ExitProcess
SetEndOfFile
HeapReAlloc
HeapAlloc
GetModuleHandleExW
ExitThread
CreateThread
FlushFileBuffers
GetTimeZoneInformation
GetStdHandle
GetACP
CloseHandle
GetFileAttributesA
MoveFileExW
GetFullPathNameW
HeapSize
WriteConsoleW
GetModuleFileNameA
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
GetProcessHeap
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
GetCPInfo
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
WaitForSingleObjectEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetCurrentThreadId
RtlPcToFileHeader
RaiseException
InterlockedPushEntrySList
InterlockedFlushSList
RtlUnwindEx
FreeLibrary
LoadLibraryExW
CreateFileW
GetDriveTypeW
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime

user32

GetLastInputInfo
DispatchMessageW
TranslateMessage
CallMsgFilterW
PostQuitMessage
PeekMessageW
MsgWaitForMultipleObjects
EnableWindow

advapi32

RegQueryValueExW
GetNamedSecurityInfoW
CryptGenRandom
CryptAcquireContextA
CryptEncrypt
CryptDecrypt
CryptSetKeyParam
CryptImportKey
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
RegSetValueExW
RegCreateKeyExW
RegCloseKey
CreateWellKnownSid
RegOpenKeyExW
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority
IsValidSid
LookupAccountNameA
SetNamedSecurityInfoW
SetEntriesInAclW

shell32

ShellExecuteExW
SHFileOperationW
ShellExecuteW
SHGetFolderPathW

ole32

CoCreateInstance
CoUninitialize
CoInitializeEx
CoSetProxyBlanket

oleaut32

VariantChangeType
VariantClear
VariantInit
SysFreeString
SysAllocString

shlwapi

PathAppendW
PathRemoveFileSpecW
PathFileExistsW

iphlpapi

GetAdaptersInfo

crypt32

CryptStringToBinaryW
CryptBinaryToStringW

winhttp

WinHttpReadData
WinHttpQueryDataAvailable
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpAddRequestHeaders
WinHttpSetOption
WinHttpGetProxyForUrl
WinHttpOpenRequest
WinHttpConnect
WinHttpSetTimeouts
WinHttpOpen
WinHttpGetIEProxyConfigForCurrentUser
WinHttpCreateUrl
WinHttpCloseHandle
WinHttpCrackUrl

Exports

Exports

sas_AAAA
sas_AAAB
sas_AAAC
sas_AAAD
sas_AAAE

Sections

.text
Size: 938KB - Virtual size: 937KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 338KB - Virtual size: 337KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 1024B - Virtual size: 732B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

15027fcca928a02026d128c2183b3129

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

02:92:61:fa:48:6b:16:10:71:3a:4c:b9:ec:7e:6c:42Certificate

Extended Key Usages

Key Usages

ae:9e:c7:e8:69:88:07:5a:a4:58:d0:ad:41:52:10:34:03:e4:74:10Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

iphlpapi

crypt32

winhttp

Exports

Exports

Sections

.text Size: 938KB - Virtual size: 937KB

.rdata Size: 338KB - Virtual size: 337KB

.data Size: 27KB - Virtual size: 39KB

.pdata Size: 42KB - Virtual size: 42KB

.gfids Size: 1024B - Virtual size: 732B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 9KB - Virtual size: 8KB

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

02:92:61:fa:48:6b:16:10:71:3a:4c:b9:ec:7e:6c:42
Certificate

ae:9e:c7:e8:69:88:07:5a:a4:58:d0:ad:41:52:10:34:03:e4:74:10
Signer

.text
Size: 938KB - Virtual size: 937KB

.rdata
Size: 338KB - Virtual size: 337KB

.data
Size: 27KB - Virtual size: 39KB

.pdata
Size: 42KB - Virtual size: 42KB

.gfids
Size: 1024B - Virtual size: 732B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 9KB - Virtual size: 8KB