41369de512e632cf767fbeb2da527ff0N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

41369de512e632cf767fbeb2da527ff0N.exe
Size

605KB
MD5

41369de512e632cf767fbeb2da527ff0
SHA1

ef2fc92d12f94660642c7b3e39916aef6f2c04d4
SHA256

fa2eb60c98216f74e8d2da479d6eb69b814a69125c6accac7bf98a88afc65b1f
SHA512

1a77e23133fa1970d7cf3fc035675ed607e67ab2c2fc6c0f4186cab62295ea66ad095d5ed62d87a68638c07d100cf34b0eb8a2ce37409a5bda0768953839d9ee
SSDEEP

12288:QgoO2VKpidVDzyHpDJqHh3qAqfT4feCIk4frsxFp4+SL7MlROvY0CUDYO3tdBxU:/oO2VKpwDzyHpzAq0feCIk4gZ4nwlROc

Score

1^/10

Malware Config

Signatures

Files

41369de512e632cf767fbeb2da527ff0N.exe
.dll windows:5 windows x86 arch:x86

f6b6866db07b26fdc859dfa6860153f0

Code Sign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

79:c5:fa:7c:ae:b5:69:e8:72:59:45:89
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

02/08/2018, 04:27

Not After

01/08/2019, 08:52

Subject

SERIALNUMBER=110111-3513200,CN=TrueCut Security\, Inc.,OU=Sim,O=TrueCut Security\, Inc.,STREET=14fl\, Seyoung J Tower\, 525\, Gangnam-daero,L=Seocho-gu,ST=Seoul,C=KR,1.3.6.1.4.1.311.60.2.1.3=#13024b52,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

37:9b:5c:8d:c5:3c:41:c4:30:d3:ef:8f:e0:f6:51:f3:37:22:1a:0e
Signer

Actual PE Digest

37:9b:5c:8d:c5:3c:41:c4:30:d3:ef:8f:e0:f6:51:f3:37:22:1a:0e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ReadFile
GetFileSize
OpenProcess
ExitProcess
GetModuleFileNameA
GetCurrentDirectoryA
HeapFree
HeapAlloc
GetProcessHeap
ExitThread
lstrlenW
MulDiv
GetModuleHandleW
DeleteFileA
GetEnvironmentVariableA
lstrcatA
GetShortPathNameA
CreateThread
CreateEventA
FindFirstFileExW
FindFirstFileExA
FindFirstFileW
FindNextFileW
WriteConsoleA
WriteConsoleW
GetThreadContext
SetThreadContext
LoadLibraryW
WriteFile
SetFilePointer
CopyFileExW
CopyFileExA
MoveFileExA
CopyFileW
CopyFileA
MoveFileW
MoveFileA
MoveFileExW
MoveFileWithProgressW
MoveFileWithProgressA
TerminateProcess
DeleteFileW
ReplaceFileW
DuplicateHandle
VirtualQuery
GetExitCodeThread
InitializeCriticalSection
DeleteCriticalSection
ReadProcessMemory
CreateDirectoryA
InterlockedIncrement
TlsSetValue
SetUnhandledExceptionFilter
SystemTimeToFileTime
GetSystemTime
IsBadReadPtr
FlushFileBuffers
GetTempPathA
OutputDebugStringA
GetLongPathNameA
SetLastError
VirtualProtect
InterlockedCompareExchange
GetEnvironmentVariableW
VirtualProtectEx
VirtualQueryEx
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
GetConsoleOutputCP
SetStdHandle
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapSize
GetConsoleMode
GetConsoleCP
InitializeCriticalSectionAndSpinCount
HeapReAlloc
VirtualFree
HeapDestroy
HeapCreate
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
LeaveCriticalSection
EnterCriticalSection
GetTimeZoneInformation
LCMapStringW
LCMapStringA
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
InterlockedDecrement
QueryDosDeviceA
GetWindowsDirectoryA
TerminateThread
GetDriveTypeA
FindFirstFileA
FindNextFileA
FindClose
CreateFileA
GlobalFree
DeviceIoControl
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
VirtualFreeEx
CreateFileW
SetEvent
WaitForSingleObject
FreeLibrary
TlsFree
TlsAlloc
GetModuleFileNameW
FlushInstructionCache
LocalAlloc
GetLastError
FormatMessageA
LocalFree
GetProcessTimes
CompareFileTime
GetCommandLineA
GetCurrentThread
Sleep
FileTimeToLocalFileTime
FileTimeToSystemTime
GetExitCodeProcess
VirtualAlloc
Thread32First
GetCurrentProcessId
GetCurrentThreadId
OpenThread
SuspendThread
GetCPInfo
IsDebuggerPresent
UnhandledExceptionFilter
RaiseException
GetFileAttributesA
RtlUnwind
GetSystemTimeAsFileTime
GetDateFormatA
GetTimeFormatA
CreateProcessA
CreateProcessW
ResumeThread
Module32Next
Module32NextW
Thread32Next
CreateToolhelp32Snapshot
Process32First
Process32Next
LoadLibraryA
GetCurrentProcess
GetModuleHandleA
GetProcAddress
lstrcpyA
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
CloseHandle
GetFileAttributesExA
GetTickCount
GlobalAlloc
GlobalLock
GlobalUnlock
GetUserDefaultLangID

user32

MessageBoxA
FindWindowExA
PeekMessageA
GetWindowTextA
GetActiveWindow
TranslateMessage
DispatchMessageA
FindWindowA
PostMessageA
GetWindowPlacement
WindowFromPoint
SetWindowsHookExA
CallNextHookEx
EnumWindows
EnumChildWindows
SendMessageTimeoutA
LoadStringA
UnhookWindowsHookEx
SetDlgItemTextA
GetDlgItem
PostQuitMessage
GetFocus
LoadImageA
DrawTextA
FillRect
EnumDisplaySettingsW
UnhookWinEvent
MsgWaitForMultipleObjects
SetWinEventHook
PostMessageW
EnableWindow
GetClassNameA
IsWindow
IsWindowVisible
GetParent
GetWindowLongA
GetCursorPos
GetWindowTextW
GetWindowRect
GetWindowThreadProcessId
GetForegroundWindow
ExitWindowsEx
MoveWindow
ShowWindow
SendMessageW
SendMessageA
SetWindowTextA
SetWindowTextW

advapi32

OpenSCManagerA
LookupPrivilegeValueA
OpenProcessToken
CloseServiceHandle
QueryServiceStatusEx
ControlService
OpenServiceA
EnumDependentServicesA
RegFlushKey
RegEnumValueW
RegOpenKeyExW
LogonUserW
LogonUserA
CreateProcessAsUserW
RegCreateKeyExW
RegSetValueW
RegSetValueExW
RegDeleteKeyW
RegDeleteValueW
InitiateSystemShutdownW
InitiateSystemShutdownExW
GetTokenInformation
RegCloseKey
RegSaveKeyA
RegCreateKeyA
RegSetValueExA
RegOpenKeyA
RegQueryValueExA
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptDeriveKey
CryptEncrypt
CryptDecrypt
CryptDestroyKey
CryptReleaseContext
AdjustTokenPrivileges

ole32

CoCreateInstance
CoInitialize

shell32

ShellExecuteExA
SHGetFolderPathA
SHGetSpecialFolderPathA
SHGetDesktopFolder
SHGetPathFromIDListA
DragQueryFileW
SHFileOperationW
SHFileOperationA
ShellExecuteA

oleaut32

SysFreeString

shlwapi

StrStrIA
StrStrIW
SHDeleteValueW
SHDeleteKeyW
StrStrA

ws2_32

WSARecv
WSARecvFrom
inet_ntoa
WSASendTo
sendto
WSASend
send
closesocket
ntohs
recv
recvfrom
WSAStartup
socket
inet_addr
htonl
getsockopt
getpeername
htons
bind
WSAConnect
gethostbyname
connect

iphlpapi

GetAdaptersInfo

winspool.drv

SetJobA
FindFirstPrinterChangeNotification
EnumPrintersA
OpenPrinterW
StartDocPrinterW
FindNextPrinterChangeNotification
EnumJobsA
EndDocPrinter
ClosePrinter
StartPagePrinter

gdi32

EndPage
StartPage
EndDoc
StartDocW
StretchDIBits
CreateDCW
GetDeviceCaps
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
GetStockObject
CreateFontA
SetTextAlign
SetTextColor
SetBkMode
GetTextExtentPoint32A
TextOutA
BitBlt
StretchBlt
DeleteObject
GetObjectA

mpr

WNetGetConnectionA
WNetGetUniversalNameA

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

setupapi

SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsA
CM_Get_Device_IDA
CM_Get_Parent
SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInterfaces

Exports

Exports

FDrv
TC_OL_M_B
TC_OL_M_F
isUSB

Sections

.text
Size: 420KB - Virtual size: 419KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.TCSHARE
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourd
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f6b6866db07b26fdc859dfa6860153f0

Code Sign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0fCertificate

Extended Key Usages

Key Usages

79:c5:fa:7c:ae:b5:69:e8:72:59:45:89Certificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

37:9b:5c:8d:c5:3c:41:c4:30:d3:ef:8f:e0:f6:51:f3:37:22:1a:0eSigner

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

shell32

oleaut32

shlwapi

ws2_32

iphlpapi

winspool.drv

gdi32

mpr

version

setupapi

Exports

Exports

Sections

.text Size: 420KB - Virtual size: 419KB

.rdata Size: 100KB - Virtual size: 99KB

.data Size: 8KB - Virtual size: 2.1MB

.TCSHARE Size: 4KB - Virtual size: 4KB

.detourd Size: 512B - Virtual size: 12B

.detourc Size: 4KB - Virtual size: 4KB

.rsrc Size: 17KB - Virtual size: 16KB

.reloc Size: 43KB - Virtual size: 42KB

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

79:c5:fa:7c:ae:b5:69:e8:72:59:45:89
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

37:9b:5c:8d:c5:3c:41:c4:30:d3:ef:8f:e0:f6:51:f3:37:22:1a:0e
Signer

.text
Size: 420KB - Virtual size: 419KB

.rdata
Size: 100KB - Virtual size: 99KB

.data
Size: 8KB - Virtual size: 2.1MB

.TCSHARE
Size: 4KB - Virtual size: 4KB

.detourd
Size: 512B - Virtual size: 12B

.detourc
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 17KB - Virtual size: 16KB

.reloc
Size: 43KB - Virtual size: 42KB