Acmpwd[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Acmpwd.exe
Size

207KB
MD5

8f01e75ff228524e8bde6188fb94a371
SHA1

e73bedb976be9d5c030ddcabadc712093c544790
SHA256

82d4b3b31f6d211278ee67e99cc7c2c1e8c4ce3a13c70b04c6d9cea55358c6bd
SHA512

bedfbd1d4f24ea743b45bfca2c6bfd9f60eda17e3d49fbb5625590222db5a099f11b0eb7ee04d8e1e2ea9b57f39a7cf519009f8c1aa8504e5c86f68895e7fae3
SSDEEP

6144:xta8ip7WLJG6EgJyw0Oc2kyVVbKlNpvIGWYz/AUj82fKUZ:xta8ip7WLJG6pht2l

Score

1^/10

Malware Config

Signatures

Files

Acmpwd.exe
.exe windows:4 windows x86 arch:x86

96d9c7c2fce44d87fca66d1de9994938

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

20:43:56:18:56:76:6d:52:66:5c:39:b4:fe:1c:5e:a6
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

01/03/2016, 00:00

Not After

01/03/2019, 23:59

Subject

SERIALNUMBER=80303961,CN=Howyar Technologies Inc.,O=Howyar Technologies Inc.,L=Taipei City,ST=Taiwan,C=TW,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13025457

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

20:43:56:18:56:76:6d:52:66:5c:39:b4:fe:1c:5e:a6
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

01/03/2016, 00:00

Not After

01/03/2019, 23:59

Subject

SERIALNUMBER=80303961,CN=Howyar Technologies Inc.,O=Howyar Technologies Inc.,L=Taipei City,ST=Taiwan,C=TW,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13025457

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

aa:4a:91:db:b8:aa:b4:45:b2:37:b5:44:30:41:7f:b8:78:35:5c:4e:b9:72:3b:1f:f6:20:03:3c:6a:03:9c:9b
Signer

Actual PE Digest

aa:4a:91:db:b8:aa:b4:45:b2:37:b5:44:30:41:7f:b8:78:35:5c:4e:b9:72:3b:1f:f6:20:03:3c:6a:03:9c:9b

Digest Algorithm

sha256

PE Digest Matches

true

5a:a6:c0:17:98:96:d0:8c:d9:d1:86:0a:97:a1:ca:12:96:fb:1b:a5
Signer

Actual PE Digest

5a:a6:c0:17:98:96:d0:8c:d9:d1:86:0a:97:a1:ca:12:96:fb:1b:a5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryExA
lstrlenW
lstrcatA
lstrcpyA
GetModuleFileNameA
lstrlenA
GetModuleHandleA
GetCommandLineA
CloseHandle
CreateFileA
lstrcmpW
lstrcmpA
MultiByteToWideChar
GetProcAddress
FindClose
GetLastError
FindNextFileA
DeleteFileA
FindFirstFileA
SetCurrentDirectoryA
GetCurrentDirectoryA
GetSystemTimeAsFileTime
CopyFileA
lstrcmpiW
lstrcpyW
lstrcpynW
GlobalMemoryStatus
FreeLibrary
WideCharToMultiByte
OutputDebugStringA
HeapCompact
HeapSize
HeapFree
GetTickCount
DebugBreak
GetACP
HeapCreate
HeapDestroy
HeapAlloc
GetLocalTime

user32

PostQuitMessage
MessageBoxA
PeekMessageA
wsprintfA
GetActiveWindow
GetSystemMetrics
GetLastActivePopup

advapi32

RegCloseKey
RegOpenKeyA

oleaut32

SysAllocStringLen
SysFreeString

mfc42

ord2818
ord537
ord1575
ord535
ord941
ord860
ord772
ord665
ord500
ord354
ord4277
ord4129
ord5683
ord5856
ord6283
ord6282
ord539
ord654
ord823
ord341
ord5858
ord5606
ord5860
ord6142
ord5651
ord3127
ord3616
ord350
ord3126
ord3613
ord3663
ord5450
ord6394
ord5440
ord6383
ord815
ord561
ord825
ord540
ord2827
ord800
ord6877

msvcrt

memmove
strcmp
strncpy
atol
fopen
strrchr
exit
__dllonexit
_onexit
_exit
_XcptFilter
_mbsicmp
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_mbsrchr
_mbscmp
memcmp
memcpy
malloc
rand
time
srand
sprintf
_vsnprintf
__p___initenv
strlen
strcat
_access
strcpy
free
memset
__CxxFrameHandler
_getch
_memicmp

msvcp60

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??1_Winit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@J@Z
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z

ole32

CoCreateGuid

Sections

.text
Size: 160KB - Virtual size: 157KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

96d9c7c2fce44d87fca66d1de9994938

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78Certificate

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49Certificate

Extended Key Usages

Key Usages

20:43:56:18:56:76:6d:52:66:5c:39:b4:fe:1c:5e:a6Certificate

Extended Key Usages

Key Usages

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78Certificate

Key Usages

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49Certificate

Extended Key Usages

Key Usages

20:43:56:18:56:76:6d:52:66:5c:39:b4:fe:1c:5e:a6Certificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

aa:4a:91:db:b8:aa:b4:45:b2:37:b5:44:30:41:7f:b8:78:35:5c:4e:b9:72:3b:1f:f6:20:03:3c:6a:03:9c:9bSigner

5a:a6:c0:17:98:96:d0:8c:d9:d1:86:0a:97:a1:ca:12:96:fb:1b:a5Signer

Headers

File Characteristics

Imports

kernel32

user32

advapi32

oleaut32

mfc42

msvcrt

msvcp60

ole32

Sections

.text Size: 160KB - Virtual size: 157KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 16KB - Virtual size: 14KB

.rsrc Size: 4KB - Virtual size: 1KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

20:43:56:18:56:76:6d:52:66:5c:39:b4:fe:1c:5e:a6
Certificate

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

20:43:56:18:56:76:6d:52:66:5c:39:b4:fe:1c:5e:a6
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

aa:4a:91:db:b8:aa:b4:45:b2:37:b5:44:30:41:7f:b8:78:35:5c:4e:b9:72:3b:1f:f6:20:03:3c:6a:03:9c:9b
Signer

5a:a6:c0:17:98:96:d0:8c:d9:d1:86:0a:97:a1:ca:12:96:fb:1b:a5
Signer

.text
Size: 160KB - Virtual size: 157KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 16KB - Virtual size: 14KB

.rsrc
Size: 4KB - Virtual size: 1KB