91f7d85775fd070fc36fa57977dd8b70N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

91f7d85775fd070fc36fa57977dd8b70N.exe
Size

603KB
MD5

91f7d85775fd070fc36fa57977dd8b70
SHA1

3a4ff4905832e15b789220489c84ce7f17a3768d
SHA256

d69c5dd558aed72d8f80afefd735d0e797a2a8ebed8a195f9c58c144a47fa2cf
SHA512

b1cbec8462f327a27d1e5a6ccc8ca005892589bbb72fe446bbaa128aacd3d42eb1d883d567f58b6f90d5698f67656ceb43781374bce839f895e710d0cf22662d
SSDEEP

12288:dfiIxH920KycbJ6kBt27Kz3RMxILhpec0lga:dfpxd20Kl5t27KiuLh0lga

Score

1^/10

Malware Config

Signatures

Files

91f7d85775fd070fc36fa57977dd8b70N.exe
.dll windows:6 windows x64 arch:x64

9c4f0376ca8adddaabf80aaafa752ea7

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c9:b2:09:3f:1c:34:89:36:43:da:a1:ad:1c:c9:78:68
Certificate

Issuer

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Not Before

07/11/2023, 00:00

Not After

06/11/2026, 23:59

Subject

SERIALNUMBER=24 010 794 359,CN=GP Software (Redbrook Pty Ltd),O=GP Software (Redbrook Pty Ltd),ST=Queensland,C=AU,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024155

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

22:80:1d:c7:da:a5:cc:40:76:26:2d:0d:e5:3c:f1:7d:17:32:74:25:59:df:a4:e3:dc:c5:9a:f1:b0:39:bc:14
Signer

Actual PE Digest

22:80:1d:c7:da:a5:cc:40:76:26:2d:0d:e5:3c:f1:7d:17:32:74:25:59:df:a4:e3:dc:c5:9a:f1:b0:39:bc:14

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

multiview.pdb

Imports

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

shlwapi

SHCreateStreamOnFileW
UrlCreateFromPathW

dopuslib

??1LibStringW@@QEAA@XZ
?Init@LibStringW@@QEAAPEB_WH_N@Z
ord126
ord125
??0LibStringW@@QEAA@XZ

kernel32

FreeLibrary
VerSetConditionMask
VerifyVersionInfoW
CloseHandle
LoadLibraryW
LoadLibraryExW
SetLastError
GetLastError
ExpandEnvironmentStringsW
lstrlenW
lstrlenA
lstrcmpiA
GetCurrentThreadId
OutputDebugStringW
Sleep
GlobalAlloc
GlobalLock
GlobalUnlock
GetFileAttributesW
CopyFileW
CopyFileExW
CreateDirectoryW
CreateFileW
DeleteFileW
FindFirstFileExW
FindClose
FindFirstFileW
GetShortPathNameW
MoveFileExW
RemoveDirectoryW
SetFileAttributesW
GetDriveTypeW
GetFileAttributesExW
GetModuleFileNameW
GetTempPathW
GetSystemTime
WaitForSingleObject
MoveFileWithProgressW
ReadFile
WriteFile
FindNextFileW
ReplaceFileW
SetFileTime
SetFilePointerEx
GetFileSizeEx
SetEndOfFile
FlushFileBuffers
MultiByteToWideChar
WideCharToMultiByte
FormatMessageW
LocalFree
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetProcessHeap
GetCurrentProcess
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetFileType
GetStdHandle
HeapAlloc
HeapFree
GetCurrentThread
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
ResumeThread
ExitThread
CreateThread
TerminateProcess
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
EncodePointer
InterlockedFlushSList
GetACP
InterlockedPushEntrySList
RaiseException
RtlPcToFileHeader
RtlUnwindEx
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetConsoleCtrlHandler
HeapReAlloc
SetEnvironmentVariableW
GlobalFree
GetProcAddress
HeapSize
SetStdHandle
GetConsoleOutputCP
GetCPInfo
GetStringTypeW
IsValidCodePage
GetConsoleMode
ReadConsoleW
WriteConsoleW
GetModuleHandleW
RtlUnwind

user32

TranslateAcceleratorW
CallWindowProcW
RemovePropW
GetPropW
FindWindowExW
IsChild
GetFocus
SetWindowPos
EndPaint
FillRect
BeginPaint
DestroyAcceleratorTable
SetPropW
LoadAcceleratorsW
DefWindowProcW
ClientToScreen
IsDialogMessageW
GetParent
GetClientRect
LoadImageW
GetDesktopWindow
RegisterClassW
GetWindow
IsDlgButtonChecked
GetDlgItemTextA
LoadCursorW
SetCursor
IsWindowEnabled
SetFocus
SendDlgItemMessageW
CheckDlgButton
SetDlgItemTextA
GetForegroundWindow
SetForegroundWindow
MessageBoxW
PostMessageW
IsWindow
SetDlgItemTextW
EnableWindow
SendMessageW
ShowWindow
GetDlgItem
PostQuitMessage
DestroyWindow
SetWindowLongPtrW
GetWindowLongPtrW
LoadStringW
GetSystemMetrics
SystemParametersInfoW
GetWindowRect
GetWindowLongW
UnregisterClassW
OffsetRect
CreateWindowExW

gdi32

DeleteDC

comdlg32

PrintDlgW

advapi32

RegEnumKeyExW
RegQueryValueExW
RegOpenKeyExW
GetTokenInformation
OpenProcessToken
CheckTokenMembership
AllocateAndInitializeSid
FreeSid
RegEnumValueW
RegCloseKey

shell32

SHGetPathFromIDListW
SHGetKnownFolderPath
SHGetFolderPathW
SHBrowseForFolderW
SHOpenFolderAndSelectItems
ord190
ord155

ole32

CreateStreamOnHGlobal
CoInitialize
CoUninitialize
CoTaskMemFree

Exports

Exports

DVP_Configure
DVP_CreateViewer
DVP_IdentifyFileStreamW
DVP_IdentifyFileW
DVP_IdentifyW
DVP_Init
DVP_InitEx
DVP_Uninit

Sections

.text
Size: 453KB - Virtual size: 453KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9c4f0376ca8adddaabf80aaafa752ea7

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6eCertificate

Extended Key Usages

Key Usages

c9:b2:09:3f:1c:34:89:36:43:da:a1:ad:1c:c9:78:68Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

22:80:1d:c7:da:a5:cc:40:76:26:2d:0d:e5:3c:f1:7d:17:32:74:25:59:df:a4:e3:dc:c5:9a:f1:b0:39:bc:14Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

shlwapi

dopuslib

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

Exports

Exports

Sections

.text Size: 453KB - Virtual size: 453KB

.rdata Size: 101KB - Virtual size: 100KB

.data Size: 3KB - Virtual size: 10KB

.pdata Size: 24KB - Virtual size: 24KB

.rsrc Size: 6KB - Virtual size: 6KB

.reloc Size: 2KB - Virtual size: 2KB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

c9:b2:09:3f:1c:34:89:36:43:da:a1:ad:1c:c9:78:68
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

22:80:1d:c7:da:a5:cc:40:76:26:2d:0d:e5:3c:f1:7d:17:32:74:25:59:df:a4:e3:dc:c5:9a:f1:b0:39:bc:14
Signer

.text
Size: 453KB - Virtual size: 453KB

.rdata
Size: 101KB - Virtual size: 100KB

.data
Size: 3KB - Virtual size: 10KB

.pdata
Size: 24KB - Virtual size: 24KB

.rsrc
Size: 6KB - Virtual size: 6KB

.reloc
Size: 2KB - Virtual size: 2KB