1aff74974fabd3b91ac4c1437b4f9cee3aee1b7eb61f8b685a3ffef705790e76[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

1aff74974fabd3b91ac4c1437b4f9cee3aee1b7eb61f8b685a3ffef705790e76.exe
Size

43.4MB
MD5

ff9fcf49a8ffd2d4ff50020c0bb0bd0d
SHA1

4e2cbf393d22b2f572e19c595a989e7c43e0b50c
SHA256

1aff74974fabd3b91ac4c1437b4f9cee3aee1b7eb61f8b685a3ffef705790e76
SHA512

8c6345f380fca992d87f7633ba87a996adb3ef6f856e498c3b4b7b6d66a046f420e100bed4eb99a107d3dfc76a75ec377f5234c7174c7cd32b32e771dd0196bd
SSDEEP

393216:F+mMlTyDCmW/ZNHlSBr1E1DjcAixuDfL:F+mzOm4NU1knwuDL

Score

1^/10

Malware Config

Signatures

Files

1aff74974fabd3b91ac4c1437b4f9cee3aee1b7eb61f8b685a3ffef705790e76.exe
.exe windows:4 windows x86 arch:x86

266474216c00f8e96ffb68396955d7ec

Code Sign

0f:d1:bb:ca:79:6b:d7:f8:dd:4c:82:e1:0a:9a:96:31
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

13/01/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:2e:e3:fd:7c:dc:52:09:7c:1d:a6:af:a8:7c:74:5e
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

04/05/2023, 00:00

Not After

06/05/2026, 23:59

Subject

CN=TeamViewer Germany GmbH,O=TeamViewer Germany GmbH,L=Göppingen,ST=Baden-Württemberg,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f3:69:d3:9c:74:01:12:0b:6b:e8:93:99:f6:b8:e5:32:1a:48:26:f0:1f:67:a6:90:c9:27:ac:62:ff:9e:df:5c
Signer

Actual PE Digest

f3:69:d3:9c:74:01:12:0b:6b:e8:93:99:f6:b8:e5:32:1a:48:26:f0:1f:67:a6:90:c9:27:ac:62:ff:9e:df:5c

Digest Algorithm

sha256

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\PS10\PS_10_Win_Release_RIBS\20070321.m.1480\photoshop\main\photoshop\Targets\Release\Photoshop.pdb

Imports

gdiplus

GdiplusShutdown
GdipCreateFontFromDC
GdipDrawString
GdipGetTextRenderingHint
GdipSetTextRenderingHint
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipDeleteFont
GdipDeleteStringFormat
GdipCreateStringFormat
GdipCloneBrush
GdiplusStartup
GdipCreateSolidFill
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromScan0
GdipDeleteBrush
GdipDrawImageRectRectI
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDeleteGraphics
GdipCloneImage
GdipCreateBitmapFromStream
GdipDisposeImage
GdipAlloc
GdipFree
GdipFillRectangleI

opengl32

glVertex2i
glDisable
glBegin
glScaled
glLoadIdentity
glTexCoord2d
glEnd
glLineWidth
glMatrixMode
glTexParameteri
glBlendFunc
glEnable
glColor4ub
glTexSubImage2D
glPixelStorei
glColor4d
glLogicOp
glPixelTransferi
glPixelMapfv
glTranslatef
glTexEnvf
glColor4f
glTexImage2D
glBindTexture
glGenTextures
glGetIntegerv
glGetError
glVertex2d
glEndList
glNewList
glCallList
glGenLists
glVertex2f
wglGetCurrentContext
wglDeleteContext
wglGetProcAddress
wglGetCurrentDC
wglCreateContext
wglShareLists
wglMakeCurrent
glFinish
glScalef
glGetString
glPushMatrix
glPopMatrix
glTexEnvi
glTexCoord2f
glFlush
glHint
glLoadMatrixd
glTranslated
glViewport
glOrtho
glClearColor
glClear
glTexCoord1d
glTexImage1D
glRecti
glPointSize
glLineStipple
glDeleteTextures

kernel32

SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoA
InterlockedCompareExchange
InterlockedExchange
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentProcess
FreeResource
ResetEvent
GetExitCodeThread
ResumeThread
GetACP
GetVersionExA
GetProfileStringA
CreateEventW
GetCommandLineW
CreateMutexW
CreateMutexA
FormatMessageA
GlobalAddAtomW
GetProfileStringW
IsDebuggerPresent
GetLogicalDriveStringsA
HeapReAlloc
HeapSize
GetProcessHeap
HeapFree
HeapDestroy
HeapCreate
HeapAlloc
Sleep
GetLocaleInfoA
SleepEx
GetProfileIntW
FindResourceA
EnumResourceNamesA
lstrcmpW
GlobalSize
FindFirstFileA
GetWindowsDirectoryW
GetFileTime
GetModuleFileNameA
InitializeCriticalSection
CreateThread
DeleteCriticalSection
GetTempFileNameW
EnterCriticalSection
SetEndOfFile
LeaveCriticalSection
GetLogicalDrives
WriteFile
SetFilePointerEx
GetFileSizeEx
FlushFileBuffers
lstrcmpiW
GetFileAttributesA
GetDiskFreeSpaceW
GetDiskFreeSpaceExW
GetDiskFreeSpaceA
GetDiskFreeSpaceExA
GetCurrentDirectoryW
GetCurrentThreadId
MulDiv
OpenEventW
SetEvent
GlobalGetAtomNameW
GlobalDeleteAtom
DebugBreak
GetComputerNameA
GetSystemTimeAsFileTime
SizeofResource
FindResourceW
LoadResource
LockResource
GetWindowsDirectoryA
OpenFile
_lopen
_llseek
_lwrite
_lclose
GetSystemInfo
GlobalMemoryStatus
GlobalMemoryStatusEx
GetTempPathA
SystemTimeToFileTime
lstrcmpiA
GetFullPathNameA
lstrlenA
GlobalReAlloc
FormatMessageW
LocalFree
CreateProcessW
GetDriveTypeA
GetVersionExW
GetDateFormatW
GetTimeFormatW
GetStdHandle
CreateProcessA
FileTimeToLocalFileTime
GetDateFormatA
GetTimeFormatA
CreateDirectoryW
FreeLibrary
LoadLibraryA
CopyFileExW
WaitForSingleObject
CopyFileW
DeleteFileW
RemoveDirectoryW
lstrcpyW
GetVolumePathNameW
OpenSemaphoreA
CreateSemaphoreA
SearchPathA
GetFileSize
DeviceIoControl
GetPrivateProfileIntA
GetPrivateProfileStringA
FindNextFileA
GetProcessTimes
GetEnvironmentVariableW
GetVolumeInformationA
SetHandleInformation
CreateEventA
WaitForMultipleObjects
SwitchToThread
TerminateThread
GetEnvironmentVariableA
RaiseException
LocalAlloc
ExitThread
SuspendThread
GetSystemDefaultLangID
TlsFree
CreateFileA
IsProcessorFeaturePresent
EnumResourceNamesW
LoadLibraryExA
TlsSetValue
TlsAlloc
ReleaseSemaphore
ReleaseMutex
CreateSemaphoreW
TlsGetValue
FatalAppExitA
IsDBCSLeadByteEx
GetUserDefaultLangID
GetLogicalDriveStringsW
GetVolumeInformationW
GetDriveTypeW
GetFileAttributesExW
GetFileAttributesExA
CompareFileTime
MoveFileW
SetErrorMode
SetCurrentDirectoryW
FindNextFileW
lstrcatA
SetCurrentDirectoryA
GetCurrentDirectoryA
FindFirstFileW
FindClose
FileTimeToSystemTime
SetFilePointer
ReadFile
OutputDebugStringA
SetLastError
LoadLibraryW
lstrcpyA
GetTempFileNameA
GetVersion
GetFileAttributesW
GetProcAddress
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameW
GetSystemTime
lstrlenW
CompareStringW
GetCPInfo
IsValidCodePage
WideCharToMultiByte
MultiByteToWideChar
GetLastError
CreateFileW
lstrcmpA
CloseHandle
GetShortPathNameW
GetCurrentProcessId
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
QueryPerformanceFrequency
QueryPerformanceCounter
GetTickCount
GetLocalTime
VirtualFree
VirtualAlloc

winspool.drv

GetPrinterW
OpenPrinterW
ClosePrinter
EnumPrintersW
DocumentPropertiesW
DeviceCapabilitiesW

ws2_32

closesocket
getsockopt
ntohl
htonl
gethostname
gethostbyname
gethostbyaddr
inet_addr
WSACleanup
WSAGetLastError
WSAStartup
__WSAFDIsSet
select
connect
socket
htons
getprotobyname
recv
send
ioctlsocket
setsockopt
ntohs
inet_ntoa

comctl32

ord17

comdlg32

GetOpenFileNameA

Exports

Exports

??4ExifTagList@@QAEAAV0@ABV0@@Z

Sections

.text
Size: 16.1MB - Virtual size: 16.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.textidx
Size: 700KB - Virtual size: 696KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CONST
Size: 4KB - Virtual size: 80B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 416KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fnp_dir
Size: 4KB - Virtual size: 116B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fnp_mar
Size: 4KB - Virtual size: 1B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23.3MB - Virtual size: 23.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

266474216c00f8e96ffb68396955d7ec

Code Sign

0f:d1:bb:ca:79:6b:d7:f8:dd:4c:82:e1:0a:9a:96:31Certificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

06:2e:e3:fd:7c:dc:52:09:7c:1d:a6:af:a8:7c:74:5eCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

f3:69:d3:9c:74:01:12:0b:6b:e8:93:99:f6:b8:e5:32:1a:48:26:f0:1f:67:a6:90:c9:27:ac:62:ff:9e:df:5cSigner

Headers

File Characteristics

PDB Paths

Imports

gdiplus

opengl32

kernel32

winspool.drv

ws2_32

comctl32

comdlg32

Exports

Exports

Sections

.text Size: 16.1MB - Virtual size: 16.1MB

.textidx Size: 700KB - Virtual size: 696KB

CONST Size: 4KB - Virtual size: 80B

.rdata Size: 2.9MB - Virtual size: 2.9MB

.data Size: 416KB - Virtual size: 1.3MB

.fnp_dir Size: 4KB - Virtual size: 116B

.fnp_mar Size: 4KB - Virtual size: 1B

.rsrc Size: 23.3MB - Virtual size: 23.3MB

0f:d1:bb:ca:79:6b:d7:f8:dd:4c:82:e1:0a:9a:96:31
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

06:2e:e3:fd:7c:dc:52:09:7c:1d:a6:af:a8:7c:74:5e
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

f3:69:d3:9c:74:01:12:0b:6b:e8:93:99:f6:b8:e5:32:1a:48:26:f0:1f:67:a6:90:c9:27:ac:62:ff:9e:df:5c
Signer

.text
Size: 16.1MB - Virtual size: 16.1MB

.textidx
Size: 700KB - Virtual size: 696KB

CONST
Size: 4KB - Virtual size: 80B

.rdata
Size: 2.9MB - Virtual size: 2.9MB

.data
Size: 416KB - Virtual size: 1.3MB

.fnp_dir
Size: 4KB - Virtual size: 116B

.fnp_mar
Size: 4KB - Virtual size: 1B

.rsrc
Size: 23.3MB - Virtual size: 23.3MB