f54c0320310f7d1209fee18fa37d9278[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

f54c0320310f7d1209fee18fa37d9278.exe
Size

22.1MB
MD5

f54c0320310f7d1209fee18fa37d9278
SHA1

ba1a388f30bd5aa962e6c2c531129a0e8252b891
SHA256

00cee1bc34849b5f75aa1a7c8b858d0ec88b239f912a98ba75648a3449179db9
SHA512

c9130a446ff3daac3a7623b6cadeac89cc2969eb142d306356bf9e65f130e5def44ada054c4dcbe36c0ba97438adcee185205a3feee6e09e3a5458c7b315f527
SSDEEP

393216:vXg0v9HWCRoq/vibvCsOb3AWOL4yrSbejZIn1nc4xjBWRro4CjlHoz5Dj2:Y0v92dAiEbwWQ4kU1pxCrrCpIlDy

Score

1^/10

Malware Config

Signatures

Files

f54c0320310f7d1209fee18fa37d9278.exe
.exe windows:6 windows x86 arch:x86

7d8a2f2b4d9b83da02c929b87a8f060b

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

08:de:82:42:76:ee:62:da:18:13:fb:db:f1:28:a8:fb
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

10-11-2021 00:00

Not After

06-11-2024 23:59

Subject

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

50:ac:39:45:d9:a8:33:40:15:49:6f:ec:e1:ad:10:b8:3a:2a:7e:41
Signer

Actual PE Digest

50:ac:39:45:d9:a8:33:40:15:49:6f:ec:e1:ad:10:b8:3a:2a:7e:41

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\build.tc\agent\work\464efc35df4c0270\build\RelWithDebInfo\GoToResolveUnattendedUpdater.pdb

Imports

shlwapi

PathIsDirectoryEmptyW
PathIsDirectoryW

ole32

StgOpenStorage

wtsapi32

WTSEnumerateProcessesW
WTSFreeMemory

kernel32

UnmapViewOfFile
GetFileSize
CreateFileMappingW
MapViewOfFile
GetModuleHandleW
SetLastError
lstrlenW
WriteFile
GetVersionExW
FindFirstFileW
FindNextFileW
GetCurrentProcess
RemoveDirectoryW
FindClose
Sleep
DeleteFileW
LoadLibraryW
GetProcAddress
MoveFileExW
FreeLibrary
LocalAlloc
GetCurrentProcessId
ReadFile
HeapFree
TerminateProcess
InitializeCriticalSectionEx
WaitForSingleObject
GetCurrentThreadId
OpenProcess
HeapAlloc
GetCurrentDirectoryW
DecodePointer
DeleteCriticalSection
GetProcessHeap
IsWow64Process
GetExitCodeProcess
MoveFileExA
GetThreadLocale
LCIDToLocaleName
GetStdHandle
K32GetModuleFileNameExW
ProcessIdToSessionId
FlushFileBuffers
GetFileAttributesA
GetDynamicTimeZoneInformation
GetConsoleMode
WriteConsoleA
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
GetFileType
RaiseException
SetUnhandledExceptionFilter
AddVectoredExceptionHandler
SetEvent
SleepEx
CreateEventW
CreateThread
GetExitCodeThread
GetVersion
GetFileAttributesW
LockFileEx
SetEndOfFile
UnlockFileEx
RemoveVectoredExceptionHandler
InitializeCriticalSection
SetNamedPipeHandleState
TransactNamedPipe
CreateNamedPipeW
WaitNamedPipeW
GetFileSizeEx
SetFilePointerEx
CreateFileW
FindFirstFileExW
GetFileTime
GetSystemTimeAsFileTime
OutputDebugStringW
GetLocalTime
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
WriteConsoleW
lstrcpyW
GetFileAttributesExW
GetFileInformationByHandle
GetFullPathNameW
SetFileAttributesW
DeviceIoControl
AreFileApisANSI
MultiByteToWideChar
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
HeapReAlloc
GetConsoleCP
ExitProcess
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
LCMapStringEx
InitOnceComplete
InitOnceBeginInitialize
SleepConditionVariableSRW
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
TryAcquireSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
WaitForSingleObjectEx
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
ReadConsoleW
GetStringTypeW
GetTimeZoneInformation
HeapSize
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
CreateEventA
OpenEventA
FormatMessageA
VerifyVersionInfoW
WideCharToMultiByte
CreateProcessW
EncodePointer
CompareStringEx
GetCPInfo
ResetEvent
UnhandledExceptionFilter
GetDriveTypeW
SetConsoleCtrlHandler
SetStdHandle
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
GetCommandLineA
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
VerSetConditionMask
LocalFree
SetCurrentDirectoryW
FindResourceW
LoadResource
CloseHandle
LockResource
lstrcatW
GetLastError
FormatMessageW
GetModuleFileNameW
GetCommandLineW
SizeofResource
CreateDirectoryW
IsProcessorFeaturePresent
TlsAlloc
RtlUnwind
GetStartupInfoW
IsDebuggerPresent
SetFileInformationByHandle
CopyFileW
GetFileInformationByHandleEx
CreateSymbolicLinkW
GetLocaleInfoEx
QueryPerformanceCounter
QueryPerformanceFrequency
InitializeSListHead

user32

FindWindowW
wsprintfW
BringWindowToTop
AttachThreadInput
ShowWindow
GetWindowThreadProcessId

shell32

ShellExecuteW
ShellExecuteExW
CommandLineToArgvW

oleaut32

VariantClear

advapi32

RegSetValueExA
RegCreateKeyExA
SystemFunction036
ConvertStringSecurityDescriptorToSecurityDescriptorW
BuildExplicitAccessWithNameW
BuildSecurityDescriptorW
RegDeleteTreeA
SetEntriesInAclW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
ConvertStringSidToSidW
RegDeleteKeyExA
QueryServiceStatus
CloseServiceHandle
OpenSCManagerW
RegDeleteKeyW
ChangeServiceConfig2W
RegCreateKeyExW
DeleteService
ControlService
StartServiceW
QueryServiceConfigW
OpenServiceW
EnumServicesStatusW
RegQueryInfoKeyW
RegEnumValueW
RegQueryValueExW
RegCloseKey
RegQueryValueExA
RegOpenKeyExA

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

ws2_32

WSAStartup
gethostname
WSAGetLastError
WSACleanup

crypt32

CryptProtectData
CertOpenStore
CertGetNameStringW
CertFindCertificateInStore
CertCloseStore
CertFreeCertificateContext
CertDeleteCertificateFromStore

comctl32

ord345

Sections

.text
Size: 828KB - Virtual size: 828KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 198KB - Virtual size: 198KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21.0MB - Virtual size: 21.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7d8a2f2b4d9b83da02c929b87a8f060b

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

08:de:82:42:76:ee:62:da:18:13:fb:db:f1:28:a8:fbCertificate

Extended Key Usages

Key Usages

50:ac:39:45:d9:a8:33:40:15:49:6f:ec:e1:ad:10:b8:3a:2a:7e:41Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

ole32

wtsapi32

kernel32

user32

shell32

oleaut32

advapi32

version

ws2_32

crypt32

comctl32

Sections

.text Size: 828KB - Virtual size: 828KB

.rdata Size: 198KB - Virtual size: 198KB

.data Size: 21KB - Virtual size: 26KB

.rsrc Size: 21.0MB - Virtual size: 21.0MB

.reloc Size: 36KB - Virtual size: 35KB

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

08:de:82:42:76:ee:62:da:18:13:fb:db:f1:28:a8:fb
Certificate

50:ac:39:45:d9:a8:33:40:15:49:6f:ec:e1:ad:10:b8:3a:2a:7e:41
Signer

.text
Size: 828KB - Virtual size: 828KB

.rdata
Size: 198KB - Virtual size: 198KB

.data
Size: 21KB - Virtual size: 26KB

.rsrc
Size: 21.0MB - Virtual size: 21.0MB

.reloc
Size: 36KB - Virtual size: 35KB