am[.]exe | Triage

Resubmissions

19/07/2024, 21:04

240719-zw2zvszcrj 10

08/07/2024, 17:46

240708-wclxra1apj 10

Sharing

Copy URL Twitter E-mail

General

Target

am.exe
Size

8.6MB
MD5

e3f7e8e0d19454c6c097e05dd2b539ee
SHA1

ef80d99c2a1abf7f2f135ef9e3f024c31935631c
SHA256

0aa1b28c87e430b746fce1556336d13602afff64783a1aa189be5aeec16fbc41
SHA512

ef7cc673a50f740cb21b2d40ac6081c31e5a90f6ea33893266afc34ef44175284c9880d2b465dcb1ad0c3a4b41c639d82fade7afe4802e6e1247db2c3d352e8f
SSDEEP

196608:cC5enmUUbVExyeFRasXfCs+ZrVbE2y0XORd3AApE:cC5IKyxy8hCZVVbE2yqudwd

Score

1^/10

Malware Config

Signatures

Files

am.exe
.exe windows:4 windows x86 arch:x86

7d61e507d80805c89c900a1a5d1d884d

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:c3:e3:0f:10:1b:62:fe:0a:49:9e:b1:18:90:12:ea
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

26/01/2022, 00:00

Not After

26/02/2025, 23:59

Subject

CN=Razer USA Ltd.,O=Razer USA Ltd.,L=Irvine,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1e:e5:66:b4:c9:ca:7e:ea:07:6f:ce:2e:d7:2f:38:f3:54:85:00:a1:71:69:c2:73:8e:7b:63:cb:5c:b2:36:26
Signer

Actual PE Digest

1e:e5:66:b4:c9:ca:7e:ea:07:6f:ce:2e:d7:2f:38:f3:54:85:00:a1:71:69:c2:73:8e:7b:63:cb:5c:b2:36:26

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\sourcecode\photopad\release\PhotoPad.pdb

Imports

imm32

ImmNotifyIME
ImmGetVirtualKey
ImmGetCompositionStringW
ImmReleaseContext
ImmGetContext
ImmSetCandidateWindow

kernel32

SuspendThread
GetShortPathNameW
Process32FirstW
FindFirstChangeNotificationW
SetEnvironmentVariableW
VirtualQuery
GetCurrentProcessId
FreeResource
WaitNamedPipeW
GetProcessHeap
LoadLibraryExW
CreateThread
FileTimeToLocalFileTime
OpenFileMappingW
FindResourceW
SetUnhandledExceptionFilter
LoadResource
QueryPerformanceFrequency
ProcessIdToSessionId
LocalFree
FileTimeToSystemTime
ReleaseMutex
SetLastError
GetStartupInfoW
CreateToolhelp32Snapshot
GetDriveTypeW
CancelIo
GetCPInfo
GetPrivateProfileIntW
GetPrivateProfileSectionNamesW
FindNextChangeNotification
GetModuleFileNameW
UnmapViewOfFile
CreateMutexW
GlobalMemoryStatusEx
SizeofResource
GetModuleFileNameA
CreatePipe
GetComputerNameW
FormatMessageW
SetFilePointer
HeapAlloc
GetCurrentDirectoryA
GetPrivateProfileStringW
FindCloseChangeNotification
GetUserDefaultLCID
ExitProcess
LockResource
MapViewOfFile
GlobalHandle
SetCurrentDirectoryW
CreateNamedPipeW
SetEndOfFile
GetFileSize
ConnectNamedPipe
PeekNamedPipe
GetSystemTime
CreateProcessW
GetFileAttributesW
VerSetConditionMask
lstrlenA
CreateFileA
SetEnvironmentVariableA
InterlockedExchange
GetDiskFreeSpaceExW
HeapFree
ReadProcessMemory
GetEnvironmentVariableW
GetVersionExA
DuplicateHandle
GetStdHandle
GetACP
TerminateProcess
CreateFileMappingW
SystemTimeToTzSpecificLocalTime
RtlCaptureContext
lstrcpyW
GetTimeFormatW
GetThreadContext
GetCommandLineW
GetExitCodeProcess
ResumeThread
Process32NextW
GetEnvironmentVariableA
LocalAlloc
GetOverlappedResult
GetTimeZoneInformation
QueryPerformanceCounter
GetCurrentProcess
FindNextFileW
SetFilePointerEx
CreateEventW
MultiByteToWideChar
GetCurrentThread
CreateDirectoryW
GlobalSize
InterlockedIncrement
GetLastError
GetFileSizeEx
GlobalLock
LoadLibraryW
RemoveDirectoryW
LeaveCriticalSection
WaitForSingleObject
TryEnterCriticalSection
SetFileAttributesW
WaitForMultipleObjects
DeleteCriticalSection
MoveFileW
VerifyVersionInfoW
FreeLibrary
GetModuleHandleW
InitializeCriticalSection
InterlockedDecrement
OpenProcess
GetCurrentThreadId
InterlockedExchangeAdd
GlobalFree
EnterCriticalSection
SetThreadPriority
LoadLibraryA
GetTempPathW
DisconnectNamedPipe
GetThreadPriority
FlushFileBuffers
WideCharToMultiByte
SetEvent
CreateFileW
CopyFileW
GetProcAddress
MulDiv
GetLocaleInfoW
FindClose
ReadFile
GlobalUnlock
DeleteFileW
WriteFile
GetVersionExW
GetFileTime
ResetEvent
GetCurrentDirectoryW
FindFirstFileW
GetTickCount
Sleep
GetSystemInfo
CloseHandle
MoveFileExW
GlobalAlloc
GetSystemTimeAsFileTime
UnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
GetCommandLineA
GetStartupInfoA
GetOEMCP
IsValidCodePage
GetModuleHandleA
CompareStringW
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
RaiseException
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
LCMapStringW
LCMapStringA
HeapSize
GetStringTypeW
GetStringTypeA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale

advapi32

GetSidSubAuthority
GetSidLengthRequired
RegSetKeySecurity
SetFileSecurityW
CryptDecrypt
CryptDeriveKey
GetUserNameW
RegSetValueExW
RegCloseKey
RegCreateKeyExW
RegOpenKeyW
OpenProcessToken
RegDeleteKeyW
CryptEncrypt
CryptCreateHash
CryptSetKeyParam
RegQueryInfoKeyW
DuplicateTokenEx
GetTokenInformation
GetAce
CryptImportKey
SetSecurityDescriptorDacl
RegOpenKeyExW
CryptGetKeyParam
InitializeSid
CryptDestroyKey
ConvertSidToStringSidW
RegEnumKeyExW
CryptHashData
CryptReleaseContext
RegEnumValueW
FreeSid
InitializeSecurityDescriptor
RegQueryValueExW
CryptDestroyHash
CryptDuplicateKey
RegDeleteValueW
InitializeAcl
RegEnumKeyW
CryptAcquireContextW
AllocateAndInitializeSid
AddAccessAllowedAce
CheckTokenMembership

comctl32

ImageList_DragLeave
PropertySheetW
InitCommonControlsEx
_TrackMouseEvent
CreatePropertySheetPageW
ImageList_GetImageInfo
ImageList_Merge
ImageList_DragEnter
ImageList_DragMove
ImageList_BeginDrag
ImageList_AddMasked
ImageList_Destroy
ImageList_Create
ImageList_Replace
ImageList_GetIcon
ImageList_DragShowNolock
ImageList_ReplaceIcon
ImageList_GetImageCount
ImageList_EndDrag
ImageList_Add
ImageList_GetIconSize
ImageList_DrawEx
ImageList_Remove
ord17

comdlg32

GetOpenFileNameW
CommDlgExtendedError
PrintDlgW
GetSaveFileNameW

gdi32

IntersectClipRect
CreateFontW
CreateFontIndirectW
SetDIBits
SetBrushOrgEx
SetBkColor
GetStockObject
CreateCompatibleBitmap
MoveToEx
ExtTextOutW
StretchDIBits
CreateDCW
EndDoc
DeleteObject
SetBkMode
SelectObject
TextOutW
CreatePatternBrush
LineTo
Polygon
StartDocW
GetTextExtentPoint32W
BitBlt
CreateCompatibleDC
CreateDIBitmap
EndPage
SetPixel
GetCurrentObject
CreatePen
FillRgn
GetWindowExtEx
CreateDIBSection
Rectangle
PolyPolyline
GetObjectW
CombineRgn
PolyTextOutW
SetViewportExtEx
Polyline
GetViewportExtEx
SetStretchBltMode
GetDeviceCaps
CreatePolygonRgn
CreateRectRgn
GetBitmapBits
GetDIBits
SetWindowExtEx
GetTextFaceW
GetGlyphIndicesW
StretchBlt
SetTextAlign
SetBitmapBits
CreateBrushIndirect
SelectClipRgn
PolyDraw
GetClipBox
CreateBitmap
GetObjectA
SetDCBrushColor
SetViewportOrgEx
GetTextCharset
EnumFontFamiliesExW
SetDIBitsToDevice
CreateRectRgnIndirect
GetTextMetricsW
CreateSolidBrush
DeleteDC
StartPage
GetDIBColorTable
GetTextMetricsA
GetBkMode
SetTextColor

msacm32

acmStreamPrepareHeader
acmStreamConvert
acmStreamSize
acmStreamUnprepareHeader
acmStreamOpen
acmStreamClose

ole32

CoTaskMemFree
ReleaseStgMedium
RegisterDragDrop
CoSetProxyBlanket
CoInitializeSecurity
CoCreateInstance
CoInitialize
CoGetMalloc
CoAddRefServerProcess
CreateStreamOnHGlobal
CoResumeClassObjects
CoUninitialize
CoTaskMemAlloc
CoRevokeClassObject
CoRegisterClassObject

oleaut32

SysAllocStringByteLen
VariantInit
OleLoadPicturePath
SysStringByteLen
OleCreatePropertyFrame
SysAllocString
OleLoadPicture
VariantClear
SysAllocStringLen
SysFreeString

shell32

SHChangeNotify
ord680
SHGetPathFromIDListW
DragFinish
SHCreateShellItem
SHGetMalloc
ord155
Shell_NotifyIconW
DragAcceptFiles
CommandLineToArgvW
SHParseDisplayName
ShellExecuteA
SHGetDesktopFolder
SHEmptyRecycleBinW
ShellExecuteW
SHGetFolderPathW
ShellExecuteExW
DragQueryFileW
SHBrowseForFolderW
DragQueryPoint

shlwapi

SHDeleteEmptyKeyW
StrCmpLogicalW
PathCompactPathExW
SHDeleteKeyW

user32

EmptyClipboard
GetKeyState
SetWindowPos
GetScrollInfo
DestroyMenu
KillTimer
SetWindowTextW
SetWindowsHookExW
ShowWindow
DrawTextW
GetMenu
MessageBoxW
SetForegroundWindow
GetWindowTextLengthW
InsertMenuItemW
MapWindowPoints
GetDesktopWindow
GetCursorInfo
GetScrollBarInfo
SetFocus
IsClipboardFormatAvailable
IsWindowEnabled
CallWindowProcW
EnableMenuItem
GetWindowDC
CloseClipboard
GetCursor
SetWindowLongW
GetMenuItemCount
OpenClipboard
SetClassLongW
GetDC
GetFocus
GetSubMenu
SetTimer
AppendMenuW
RemoveMenu
SystemParametersInfoW
BeginPaint
CopyImage
GetWindowLongW
ReleaseCapture
GetForegroundWindow
UnhookWindowsHookEx
ClientToScreen
FrameRect
ReleaseDC
IsZoomed
GetClassNameW
CreateDialogIndirectParamW
VkKeyScanW
InsertMenuW
SetPropW
ModifyMenuW
DeleteMenu
DrawIconEx
LoadCursorW
WaitForInputIdle
OffsetRect
FindWindowW
CreateIconIndirect
TranslateMessage
CallNextHookEx
EnumWindows
MsgWaitForMultipleObjects
InvalidateRgn
CharUpperW
GetNextDlgGroupItem
keybd_event
PostQuitMessage
DrawFocusRect
DrawTextExW
EnumDisplaySettingsW
GetPriorityClipboardFormat
CountClipboardFormats
SendInput
EnumDisplayMonitors
SetWindowPlacement
MonitorFromRect
GetSysColorBrush
EndDialog
EqualRect
WindowFromDC
DefWindowProcW
ChildWindowFromPoint
AttachThreadInput
EnumDisplayDevicesW
GetWindow
ValidateRect
WindowFromPoint
GetMenuItemID
DispatchMessageW
GetDlgItemTextW
GetActiveWindow
DrawStateW
SetWindowRgn
LoadStringW
wsprintfW
GetClassNameA
GetWindowThreadProcessId
IsDialogMessageW
NotifyWinEvent
ShowScrollBar
GetComboBoxInfo
DrawEdge
MonitorFromPoint
CheckMenuItem
SetClipboardData
GetWindowTextW
InflateRect
MapVirtualKeyW
SetMenuInfo
IsDlgButtonChecked
MonitorFromWindow
AdjustWindowRectEx
DialogBoxIndirectParamW
GetMenuInfo
FindWindowExW
GetClassInfoW
EndMenu
SetDlgItemTextW
GetMenuBarInfo
GetKeyboardState
PeekMessageW
AllowSetForegroundWindow
FlashWindowEx
GetMessageW
GetMonitorInfoW
GetUpdateRect
MapDialogRect
EnumChildWindows
GetAncestor
GetIconInfo
GetKeyNameTextW
IsCharAlphaW
CheckRadioButton
GetPropW
RegisterClipboardFormatW
GetDialogBaseUnits
CreatePopupMenu
SetCursor
GetSysColor
RedrawWindow
IsWindowVisible
CreateWindowExW
GetMenuItemInfoW
PostMessageW
DestroyCursor
GetClientRect
FillRect
GetSystemMetrics
EndPaint
CreateDialogParamW
SetCapture
SetActiveWindow
SendMessageW
SetLayeredWindowAttributes
SetMenu
IsIconic
GetAsyncKeyState
GetDlgCtrlID
MoveWindow
IsWindow
GetClipboardData
CheckDlgButton
SetScrollInfo
SetMenuItemInfoW
DestroyWindow
LoadIconW
InvalidateRect
UpdateWindow
SetMenuDefaultItem
DialogBoxParamW
GetDoubleClickTime
RemovePropW
LoadImageW
GetWindowRect
ScrollWindowEx
GetDlgItem
DestroyIcon
TrackPopupMenu
GetWindowPlacement
EnableWindow
PtInRect
GetCapture
SendDlgItemMessageW
RegisterClassW
GetParent
ScreenToClient

winmm

waveOutPrepareHeader
waveOutReset
waveOutClose
waveOutPause
waveOutUnprepareHeader
waveOutGetPosition
waveOutOpen
waveOutRestart
waveOutWrite
waveOutGetNumDevs

ws2_32

WSAStartup
recv
send
gethostname
WSAGetLastError
htons
__WSAFDIsSet
ioctlsocket
connect
closesocket
gethostbyaddr
setsockopt
socket
ntohs
select
inet_addr
gethostbyname

winspool.drv

EnumPrintersW
ClosePrinter
OpenPrinterW
ord203
DocumentPropertiesW

rpcrt4

UuidFromStringW
UuidToStringW
UuidCreate
RpcStringFreeW

netapi32

NetUserGetInfo
NetApiBufferFree

usp10

ScriptLayout
ScriptApplyDigitSubstitution
ScriptRecordDigitSubstitution
ScriptItemize

msimg32

GradientFill
AlphaBlend

iphlpapi

GetIpAddrTable
GetAdaptersAddresses

wininet

InternetAutodial
InternetAutodialHangup
InternetQueryOptionA
InternetGetConnectedState

dnsapi

DnsRecordListFree
DnsQuery_W

secur32

DecryptMessage
ApplyControlToken
AcquireCredentialsHandleW
QueryContextAttributesW
EncryptMessage
InitializeSecurityContextW
DeleteSecurityContext
FreeCredentialsHandle
FreeContextBuffer

crypt32

CertFindCertificateInStore
CertVerifySubjectCertificateContext
CryptQueryObject
CertFreeCertificateContext
CertCloseStore

wintrust

WinVerifyTrust

Exports

Exports

NvOptimusEnablement

Sections

.text
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 633KB - Virtual size: 633KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 165KB - Virtual size: 446KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 3B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 226KB - Virtual size: 226KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

7d61e507d80805c89c900a1a5d1d884d

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

06:c3:e3:0f:10:1b:62:fe:0a:49:9e:b1:18:90:12:eaCertificate

Extended Key Usages

Key Usages

1e:e5:66:b4:c9:ca:7e:ea:07:6f:ce:2e:d7:2f:38:f3:54:85:00:a1:71:69:c2:73:8e:7b:63:cb:5c:b2:36:26Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

imm32

kernel32

advapi32

comctl32

comdlg32

gdi32

msacm32

ole32

oleaut32

shell32

shlwapi

user32

winmm

ws2_32

winspool.drv

rpcrt4

netapi32

usp10

msimg32

iphlpapi

wininet

dnsapi

secur32

crypt32

wintrust

Exports

Exports

Sections

.text Size: 3.5MB - Virtual size: 3.5MB

.rdata Size: 633KB - Virtual size: 633KB

.data Size: 165KB - Virtual size: 446KB

.tls Size: 512B - Virtual size: 3B

.rsrc Size: 3.7MB - Virtual size: 3.7MB

.reloc Size: 226KB - Virtual size: 226KB

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

06:c3:e3:0f:10:1b:62:fe:0a:49:9e:b1:18:90:12:ea
Certificate

1e:e5:66:b4:c9:ca:7e:ea:07:6f:ce:2e:d7:2f:38:f3:54:85:00:a1:71:69:c2:73:8e:7b:63:cb:5c:b2:36:26
Signer

.text
Size: 3.5MB - Virtual size: 3.5MB

.rdata
Size: 633KB - Virtual size: 633KB

.data
Size: 165KB - Virtual size: 446KB

.tls
Size: 512B - Virtual size: 3B

.rsrc
Size: 3.7MB - Virtual size: 3.7MB

.reloc
Size: 226KB - Virtual size: 226KB