09b2f3a41c6a8bfa22640826f70e9810N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

09b2f3a41c6a8bfa22640826f70e9810N.exe
Size

247KB
MD5

09b2f3a41c6a8bfa22640826f70e9810
SHA1

4c0dd612454521330b095d8514905e3b0b5364ef
SHA256

7208f1c21c166c885754918f1fdbe1a7ec5d3eaeed23eee41d0243f68b24c89c
SHA512

14d6198e144e205cd133191e9a2a2cb7eee9d7d27b7db04a07f0c8b2e89a4e4af5ce9da2486764b31917de892f607d5d27baa0f0b25357299779a46d40604e81
SSDEEP

3072:5J+wR2kzeRZW51l1Hh/DeANZgofPBVC/wayen9V2fOir1a9wxysNGqCWPTDu:5J+r8YW5nL/qANHbC/waU1aWPdTm

Score

1^/10

Malware Config

Signatures

Files

09b2f3a41c6a8bfa22640826f70e9810N.exe
.exe windows:6 windows x64 arch:x64

1cd96ff38cebcf1a9c1996b8f0362a6b

Code Sign

61:0b:bb:d8:00:00:00:00:00:05
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

09/04/2012, 20:55

Not After

09/07/2013, 20:55

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2f:65:f1:28:9b:f3:89:c0:89:dd:1a:f6:a6:0a:01:cb:8f:ca:83:1d:10:48:a8:1b:61:41:50:6e:30:72:df:ed
Signer

Actual PE Digest

2f:65:f1:28:9b:f3:89:c0:89:dd:1a:f6:a6:0a:01:cb:8f:ca:83:1d:10:48:a8:1b:61:41:50:6e:30:72:df:ed

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

AudioDG.pdb

Imports

msvcrt

_wcmdln
_exit
exit
__set_app_type
_vsnwprintf
memcpy_s
_fmode
_commode
_resetstkoflw
__wgetmainargs
_initterm
_XcptFilter
memmove_s
_wcsicmp
malloc
??_U@YAPEAX_K@Z
wcsncpy_s
??3@YAXPEAX@Z
_cexit
__C_specific_handler
_wcstoui64
_amsg_exit
_CxxThrowException
__CxxFrameHandler3
memcmp
memset
__setusermatherr
??2@YAPEAX_K@Z
_purecall
realloc
_errno
_onexit
__dllonexit
_unlock
_lock
??1type_info@@UEAA@XZ
??_V@YAXPEAX@Z
free
?terminate@@YAXXZ
memcpy

ntdll

RtlInitUnicodeStringEx
AlpcInitializeMessageAttribute
ShipAssertMsgW
NtAlpcAcceptConnectPort
NtAlpcSendWaitReceivePort
NtClose
RtlRandomEx
NtAlpcCreatePort
AlpcGetMessageAttribute
RtlSetLastWin32ErrorAndNtStatusFromNtStatus
RtlDestroyMemoryZone
RtlDestroyMemoryBlockLookaside
RtlUnlockMemoryZone
RtlAllocateMemoryBlockLookaside
RtlCreateMemoryZone
RtlNtStatusToDosError
RtlAllocateMemoryZone
RtlLockMemoryZone
RtlCreateMemoryBlockLookaside
RtlFreeMemoryBlockLookaside
RtlExtendMemoryBlockLookaside
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
NtQueryInformationProcess
EtwLogTraceEvent
ShipAssert
WinSqmIncrementDWORD
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwTraceMessage
EtwEventWrite
EtwEventRegister
NtAlpcConnectPort

api-ms-win-core-synch-l1-2-0

LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
WaitForMultipleObjectsEx
CreateEventW
SetEvent
WaitForSingleObjectEx
InitOnceBeginInitialize
Sleep
ResetEvent
WaitForSingleObject
InitOnceExecuteOnce
DeleteCriticalSection

api-ms-win-core-handle-l1-1-0

GetHandleInformation
DuplicateHandle
CloseHandle

rpcrt4

I_RpcBindingInqLocalClientPID
RpcServerUnregisterIfEx
RpcServerRegisterIf3
NdrServerCallAll
NdrServerCall2
I_RpcBindingInqTransportType
RpcImpersonateClient
RpcRevertToSelf
RpcServerUseProtseqEpW

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-com-l1-1-0

CoTaskMemRealloc
CoTaskMemFree
StringFromCLSID
CoImpersonateClient
PropVariantClear
CoTaskMemAlloc
CoRevokeClassObject
CoRegisterClassObject
CoResumeClassObjects
CoCreateInstance
CoInitializeSecurity
CoUninitialize
CLSIDFromString
CoInitializeEx
CoRevertToSelf

api-ms-win-core-errorhandling-l1-1-1

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError
SetLastError
RaiseException

api-ms-win-core-processthreads-l1-1-1

GetCurrentThreadId
GetCurrentProcess
GetCurrentProcessId
CreateThread
TerminateProcess
OpenProcess
GetStartupInfoW

api-ms-win-security-base-l1-2-0

MakeAbsoluteSD

api-ms-win-core-heap-l1-2-0

HeapDestroy
HeapSize
HeapAlloc
HeapReAlloc
HeapFree
GetProcessHeap
HeapSetInformation

api-ms-win-core-libraryloader-l1-1-1

GetModuleFileNameW
FreeLibrary
SizeofResource
LockResource
GetProcAddress
LoadLibraryExW
GetModuleHandleW
LoadResource
FindResourceExW

api-ms-win-core-processenvironment-l1-2-0

GetCommandLineW

api-ms-win-core-memory-l1-1-1

VirtualUnlock
UnmapViewOfFile
MapViewOfFile
VirtualLock
GetProcessWorkingSetSizeEx
SetProcessWorkingSetSizeEx
CreateFileMappingW

api-ms-win-core-sysinfo-l1-2-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-debug-l1-1-1

OutputDebugStringA

api-ms-win-core-windowserrorreporting-l1-1-0

WerRegisterMemoryBlock

api-ms-win-core-heap-obsolete-l1-1-0

LocalAlloc
LocalFree

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

mmdevapi

ord2
ord8
ord9

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegEnumKeyExW
RegCloseKey
RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegDeleteValueW
RegCreateKeyExW

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage
TraceEvent

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI
DelayLoadFailureHook

Sections

.text
Size: 204KB - Virtual size: 203KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_CODE
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_BSS
Size: - Virtual size: 48B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

RT_DATA
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

RT_CONST
Size: 1024B - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1cd96ff38cebcf1a9c1996b8f0362a6b

Code Sign

61:0b:bb:d8:00:00:00:00:00:05Certificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

2f:65:f1:28:9b:f3:89:c0:89:dd:1a:f6:a6:0a:01:cb:8f:ca:83:1d:10:48:a8:1b:61:41:50:6e:30:72:df:edSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

api-ms-win-core-synch-l1-2-0

api-ms-win-core-handle-l1-1-0

rpcrt4

api-ms-win-core-profile-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-processthreads-l1-1-1

api-ms-win-security-base-l1-2-0

api-ms-win-core-heap-l1-2-0

api-ms-win-core-libraryloader-l1-1-1

api-ms-win-core-processenvironment-l1-2-0

api-ms-win-core-memory-l1-1-1

api-ms-win-core-sysinfo-l1-2-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-debug-l1-1-1

api-ms-win-core-windowserrorreporting-l1-1-0

api-ms-win-core-heap-obsolete-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

mmdevapi

api-ms-win-core-registry-l1-1-0

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-delayload-l1-1-1

Sections

.text Size: 204KB - Virtual size: 203KB

RT_CODE Size: 1KB - Virtual size: 1KB

RT_BSS Size: - Virtual size: 48B

.data Size: 3KB - Virtual size: 3KB

.pdata Size: 12KB - Virtual size: 12KB

.idata Size: 8KB - Virtual size: 7KB

RT_DATA Size: 512B - Virtual size: 176B

RT_CONST Size: 1024B - Virtual size: 944B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 2KB - Virtual size: 2KB

61:0b:bb:d8:00:00:00:00:00:05
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

2f:65:f1:28:9b:f3:89:c0:89:dd:1a:f6:a6:0a:01:cb:8f:ca:83:1d:10:48:a8:1b:61:41:50:6e:30:72:df:ed
Signer

.text
Size: 204KB - Virtual size: 203KB

RT_CODE
Size: 1KB - Virtual size: 1KB

RT_BSS
Size: - Virtual size: 48B

.data
Size: 3KB - Virtual size: 3KB

.pdata
Size: 12KB - Virtual size: 12KB

.idata
Size: 8KB - Virtual size: 7KB

RT_DATA
Size: 512B - Virtual size: 176B

RT_CONST
Size: 1024B - Virtual size: 944B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 2KB - Virtual size: 2KB