f8fe34f981cd6607e31fb3841ea28330N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

f8fe34f981cd6607e31fb3841ea28330N.exe
Size

310KB
MD5

f8fe34f981cd6607e31fb3841ea28330
SHA1

4d93571481301636fa7ef0209491f6d8d4984179
SHA256

c4eba003393cb72689b9e8b7e644cdbe59fd9e04126fb412cdf029cc373525da
SHA512

6da2cf9fb1c4a98294ff4d7614641d4a9d0ebfcde0edcc50810beaaa63f500c859300d7d9b7851dd35e68fc0f74b1e15c443e262b88fdefd95b2fab343d566fc
SSDEEP

6144:JTfFDmiHJOyrQpqqDL6YXOtIh4QPTzD0BV+UdvrEFp7hKDFrw:HiiHJJBqn6YdhfD0BjvrEH7kFs

Score

1^/10

Malware Config

Signatures

Files

f8fe34f981cd6607e31fb3841ea28330N.exe
.dll windows:5 windows x86 arch:x86

9fba57375080eb3fb4d0a488b7707c98

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:75:60:f5:9a:a0:ea:7c:1e:57:2b:49:4c:b5:c0:bd
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

01/09/2023, 00:00

Not After

31/08/2024, 00:00

Subject

SERIALNUMBER=110111-1138985,CN=AhnLab\, Inc.,O=AhnLab\, Inc.,L=Seongnam-si,ST=Gyeonggi-do,C=KR,2.5.4.15=#131450726976617465206f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#130b53656f6e676e616d2d7369,1.3.6.1.4.1.311.60.2.1.2=#130b4779656f6e6767692d646f,1.3.6.1.4.1.311.60.2.1.3=#13024b52

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

14:50:11:41:d7:73:c9:1a:46:dd:b1:83:f8:d7:7a:37:7e:f7:2e:a3:bf:6c:62:0b:95:e0:fd:c1:1b:8e:f6:9d
Signer

Actual PE Digest

14:50:11:41:d7:73:c9:1a:46:dd:b1:83:f8:d7:7a:37:7e:f7:2e:a3:bf:6c:62:0b:95:e0:fd:c1:1b:8e:f6:9d

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

u:\Product\AOS\SafeTransaction\1.0\Trunk\Build\X64Release\ScrMon32.pdb

Imports

mfc90u

ord6035
ord4179
ord1048
ord2206
ord2251
ord4747
ord6803
ord6801
ord4423
ord4448
ord1603
ord265
ord266
ord6171
ord5548
ord6741
ord5830
ord4213
ord2087
ord3217
ord5674
ord5676
ord4347
ord4996
ord5680
ord5663
ord6018
ord2771
ord2983
ord3112
ord4728
ord2966
ord3115
ord2774
ord2893
ord2764
ord4080
ord4081
ord4071
ord2891
ord4348
ord4905
ord4681
ord3670
ord6137
ord3658
ord5851
ord2447
ord4211
ord782
ord580
ord794
ord589
ord4043
ord2694
ord813
ord1254
ord2537
ord799
ord4405
ord6514
ord6170
ord811
ord296
ord1248
ord286
ord280
ord600
ord6013
ord6693
ord6699
ord2478
ord801
ord4173
ord605
ord1274
ord321
ord1241
ord1239
ord1264
ord1180
ord1233
ord2084
ord391
ord1152
ord1273
ord1271
ord1145
ord1076
ord1137
ord322
ord802
ord1088

msvcr90

_onexit
_lock
_encode_pointer
__dllonexit
_unlock
__CxxFrameHandler3
memcpy
memset
_time64
strrchr
srand
rand
_wcslwr_s
_wmakepath_s
wcscpy_s
_vsnprintf
_decode_pointer
_malloc_crt
_vsnwprintf_s
_waccess
_wsplitpath_s
realloc
memmove
_snwprintf_s
malloc
_vsnwprintf
free
_wcsnicmp
_purecall
_wcsicmp
_stricmp
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_except_handler4_common
?terminate@@YAXXZ
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
wcsrchr
__clean_type_info_names_internal

kernel32

SetFilePointer
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
InterlockedExchange
SuspendThread
GetThreadContext
SetThreadContext
ResumeThread
InterlockedCompareExchange
VirtualAlloc
FlushInstructionCache
VirtualProtect
VirtualQuery
DeleteFileA
GetCurrentThreadId
GetLocalTime
OpenMutexW
FindFirstFileA
GetSystemDirectoryA
GetFileAttributesA
MoveFileExA
GetFileSize
CreateFileA
GetFullPathNameW
LoadLibraryA
GetModuleHandleA
GetCurrentThread
GetVersionExW
GetSystemInfo
GetCurrentProcess
OutputDebugStringW
WideCharToMultiByte
HeapFree
GetProcessHeap
HeapAlloc
IsBadReadPtr
WaitNamedPipeW
WriteFile
SetNamedPipeHandleState
Sleep
GetSystemDirectoryW
QueryDosDeviceW
GetLogicalDriveStringsW
GetFileAttributesW
MoveFileExW
LocalAlloc
OpenProcess
InitializeCriticalSection
RaiseException
DeleteFileW
ReadFile
CreateFileW
GetWindowsDirectoryW
FindClose
FindFirstFileW
GetModuleHandleW
LocalFree
ReleaseMutex
CreateMutexW
InitializeCriticalSectionAndSpinCount
GetLastError
WaitForSingleObject
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
CloseHandle
SetLastError
LoadLibraryW
FreeLibrary
GetProcAddress
GetTickCount
GetCurrentProcessId
GetModuleFileNameW

user32

GetDC
GetWindowThreadProcessId
CallNextHookEx
UnhookWindowsHookEx
GetSystemMetrics
WindowFromDC
SetWindowsHookExW
PostMessageW

advapi32

RegOpenKeyExW
RegQueryValueExW
LookupAccountNameW
GetLengthSid
GetSecurityDescriptorDacl
GetFileSecurityA
SetFileSecurityA
SetFileSecurityW
RegOpenKeyExA
GetFileSecurityW
RegQueryValueExA
GetSecurityDescriptorControl
LookupAccountNameA
AddAccessAllowedAce
AddAce
InitializeAcl
RegCloseKey
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
EqualSid
GetAce
GetAclInformation

crypt32

CertGetNameStringW
CryptQueryObject
CryptMsgGetParam
CertFindCertificateInStore
CertFreeCertificateContext
CertCloseStore
CryptMsgClose

psapi

GetModuleFileNameExW
GetModuleBaseNameW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Exports

Exports

ScrMon_Activate
ScrMon_Deactivate
ScrMon_IsActivated
ScrMon_SetExtraOption

Sections

.text
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ScrmonS
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9fba57375080eb3fb4d0a488b7707c98

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

06:75:60:f5:9a:a0:ea:7c:1e:57:2b:49:4c:b5:c0:bdCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

14:50:11:41:d7:73:c9:1a:46:dd:b1:83:f8:d7:7a:37:7e:f7:2e:a3:bf:6c:62:0b:95:e0:fd:c1:1b:8e:f6:9dSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mfc90u

msvcr90

kernel32

user32

advapi32

crypt32

psapi

version

Exports

Exports

Sections

.text Size: 51KB - Virtual size: 51KB

.rdata Size: 40KB - Virtual size: 40KB

.data Size: 40KB - Virtual size: 42KB

.ScrmonS Size: 80KB - Virtual size: 80KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 8KB - Virtual size: 7KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

06:75:60:f5:9a:a0:ea:7c:1e:57:2b:49:4c:b5:c0:bd
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

14:50:11:41:d7:73:c9:1a:46:dd:b1:83:f8:d7:7a:37:7e:f7:2e:a3:bf:6c:62:0b:95:e0:fd:c1:1b:8e:f6:9d
Signer

.text
Size: 51KB - Virtual size: 51KB

.rdata
Size: 40KB - Virtual size: 40KB

.data
Size: 40KB - Virtual size: 42KB

.ScrmonS
Size: 80KB - Virtual size: 80KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 8KB - Virtual size: 7KB