Analyse-it_6_15_4[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Analyse-it_6_15_4.exe
Size

25.8MB
MD5

bb444097a32773eca99d7cdf44b735c3
SHA1

b9c6e001e797fa18f758d20bcb0fecb28a9a54c4
SHA256

61700e7efe6b4a60caa7da2c94572bfff62ffc4bb5b5f701fa459e070b9701ab
SHA512

39415cba825f7253f24f5765947a7c643afe6229bdae6286718a1aa5a6ffb49e77d33a0451538242183267f184808d6b0dfd4077f5699f42f35a888d5d62a6ae
SSDEEP

786432:ZropWIXjhPGUHuYqwGRhX1xZOHVWy5eSWS0D5ArxDM:mpHjNIgHz5eSWS+T

Score

1^/10

Malware Config

Signatures

Files

Analyse-it_6_15_4.exe
.exe windows:4 windows x86 arch:x86

67ec54698fc24707e632cff4c5e67a32

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

90:b8:26:c6:06:97:87:1d:b8:5b:8d:e4:e4:bf:ff:db
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

19/07/2021, 00:00

Not After

18/07/2024, 23:59

Subject

CN=Analyse-it Software\, Ltd.,O=Analyse-it Software\, Ltd.,L=Leeds,ST=West Yorkshire,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11/05/2022, 00:00

Not After

10/08/2033, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

ab:b3:18:ae:73:3c:7f:d2:c7:ba:09:ee:3e:10:d4:94:65:72:95:ee
Signer

Actual PE Digest

ab:b3:18:ae:73:3c:7f:d2:c7:ba:09:ee:3e:10:d4:94:65:72:95:ee

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\proj\MSI Factory\Bootstrap\IRBootstrapRuntime\Release\rte.pdb

Imports

winmm

mciSendCommandA
timeGetTime

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

kernel32

InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
LocalAlloc
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GlobalFlags
GetCPInfo
GetOEMCP
ExitProcess
GetTimeFormatA
GetDateFormatA
GetSystemTimeAsFileTime
VirtualProtect
VirtualAlloc
VirtualQuery
GetCommandLineA
GetStartupInfoA
RtlUnwind
HeapSize
SetStdHandle
GetFileType
GetACP
IsValidCodePage
GetStdHandle
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
VirtualFree
HeapDestroy
HeapCreate
GetTimeZoneInformation
SetHandleCount
GetConsoleCP
GetConsoleMode
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
GetFileTime
LocalFileTimeToFileTime
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
WriteFile
GetThreadLocale
MoveFileA
InterlockedDecrement
GetModuleFileNameW
WaitForSingleObject
ConvertDefaultLocale
EnumResourceLanguagesA
lstrcmpA
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpW
FreeResource
GlobalLock
GlobalUnlock
MulDiv
GetProcessHeap
HeapFree
HeapAlloc
HeapReAlloc
QueryPerformanceCounter
Sleep
DeviceIoControl
SetErrorMode
GetLogicalDriveStringsA
GetSystemInfo
GlobalMemoryStatus
GlobalAlloc
GetDriveTypeA
GetCurrentThread
GetComputerNameA
ExpandEnvironmentStringsA
FreeEnvironmentStringsA
GetEnvironmentStrings
GetCurrentProcessId
GetLocaleInfoA
SetLastError
GetTickCount
GlobalFree
OpenProcess
LocalFree
FormatMessageA
GetShortPathNameA
MoveFileExA
GetVersionExA
CopyFileA
GetPrivateProfileSectionA
GetPrivateProfileStringA
GetPrivateProfileSectionNamesA
WritePrivateProfileStringA
GetTempFileNameA
GetExitCodeProcess
CreateProcessA
GetDiskFreeSpaceA
GetModuleHandleA
CreateDirectoryA
SetCurrentDirectoryA
GetCurrentDirectoryA
SystemTimeToFileTime
RemoveDirectoryA
DeleteFileA
SetFileTime
FindNextFileA
InterlockedIncrement
CloseHandle
ReadFile
SetFilePointer
CreateFileA
lstrcpyA
GetVolumeInformationA
lstrcpynA
GetFullPathNameA
FindClose
FindFirstFileA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetProcAddress
LoadLibraryExA
GetLastError
InterlockedExchange
CompareStringA
GetVersion
CompareStringW
MultiByteToWideChar
lstrlenA
SetFileAttributesA
GetTempPathA
GetSystemDirectoryA
GetWindowsDirectoryA
FreeLibrary
GetModuleFileNameA
LoadLibraryA
GetFileAttributesA
GetSystemDefaultLangID
TerminateProcess
UnhandledExceptionFilter
GetCurrentProcess
SetUnhandledExceptionFilter
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
FindResourceA
RaiseException

user32

RegisterClipboardFormatA
UnregisterClassA
GetNextDlgGroupItem
ReleaseCapture
SetCapture
InvalidateRgn
InvalidateRect
SetRect
IsRectEmpty
CopyAcceleratorTableA
CharNextA
LoadCursorA
GetSysColorBrush
DestroyMenu
GetMessageA
GetCursorPos
ValidateRect
SetWindowContextHelpId
MapDialogRect
EndPaint
BeginPaint
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
EnableMenuItem
CheckMenuItem
RegisterWindowMessageA
WinHelpA
IsChild
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetLastActivePopup
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
GetKeyState
IsWindowVisible
GetMenu
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
ScreenToClient
EqualRect
CopyRect
PtInRect
DefWindowProcA
CallWindowProcA
IntersectRect
SystemParametersInfoA
GetWindowPlacement
MoveWindow
GetDlgCtrlID
SetWindowTextA
IsDialogMessageA
SendDlgItemMessageA
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
IsWindowEnabled
EndDialog
GetWindowTextLengthA
SetFocus
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
ExitWindowsEx
ShowWindow
GetWindowDC
GetFocus
GetAsyncKeyState
GetNextDlgTabItem
GetParent
SetWindowPos
SetForegroundWindow
GetForegroundWindow
GetWindowThreadProcessId
GetWindowTextA
GetWindowLongA
GetWindow
EnumWindows
MsgWaitForMultipleObjects
PostThreadMessageA
wsprintfA
DispatchMessageA
UpdateWindow
TranslateMessage
CharUpperA
MessageBeep
IsWindow
GetDesktopWindow
MessageBoxA
IsIconic
PostMessageA
AppendMenuA
RedrawWindow
GetSystemMenu
PostQuitMessage
PeekMessageA
DrawIcon
GetClientRect
GetSystemMetrics
GetDC
ReleaseDC
EnableWindow
OffsetRect
SendMessageA
LoadIconA
SetWindowLongA
GetWindowRect
GetSysColor
SetCursor

gdi32

GetRgnBox
GetTextColor
DeleteObject
GetBkColor
GetMapMode
CreateRectRgnIndirect
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetWindowExtEx
RemoveFontResourceA
AddFontResourceA
GetTextExtentPoint32A
GetObjectA
GetStockObject
CreateFontA
SetMapMode
RestoreDC
SaveDC
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
DeleteDC
GetDeviceCaps
GetViewportExtEx

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegQueryValueA
AdjustTokenPrivileges
LookupPrivilegeValueA
FreeSid
EqualSid
AllocateAndInitializeSid
RegEnumKeyA
LookupAccountSidA
GetTokenInformation
OpenProcessToken
OpenThreadToken
GetUserNameA
UnlockServiceDatabase
OpenSCManagerA
GetServiceDisplayNameA
QueryServiceStatus
RegOpenKeyExA
ControlService
StartServiceA
DeleteService
CloseServiceHandle
CreateServiceA
OpenServiceA
RegEnumValueA
RegEnumKeyExA
RegQueryInfoKeyA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegConnectRegistryA
EnumServicesStatusA
RegOpenKeyA
RegCloseKey
RegSetValueExA
RegQueryValueExA

shell32

SHGetPathFromIDListA
SHGetMalloc
SHGetSpecialFolderLocation
SHGetFileInfoA
ShellExecuteA
SHBrowseForFolderA
ShellExecuteExA

comctl32

InitCommonControlsEx

shlwapi

PathFindFileNameA
PathStripToRootA
PathIsUNCA
PathFindExtensionA
UrlUnescapeA

oledlg

ord8

ole32

CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CoRevokeClassObject
OleInitialize
CoTaskMemFree
CoCreateInstance
CoTaskMemAlloc
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter

oleaut32

VariantCopy
SafeArrayDestroy
SysAllocStringLen
VariantInit
VariantChangeType
VariantClear
SysAllocStringByteLen
SysFreeString
SysStringLen
RegisterTypeLi
LoadTypeLi
SystemTimeToVariantTime
VariantTimeToSystemTime
OleCreateFontIndirect
SysAllocString

urlmon

URLDownloadToFileA

netapi32

Netbios

wininet

InternetSetOptionExA
InternetQueryDataAvailable
InternetErrorDlg
HttpQueryInfoA
InternetQueryOptionA
InternetOpenA
InternetSetStatusCallback
InternetSetFilePointer
InternetWriteFile
InternetReadFile
HttpSendRequestA
InternetConnectA
InternetGetConnectedState
InternetCrackUrlA
InternetGetLastResponseInfoA
InternetCloseHandle
HttpOpenRequestA
InternetCanonicalizeUrlA

Sections

.text
Size: 824KB - Virtual size: 822KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 164KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

67ec54698fc24707e632cff4c5e67a32

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

90:b8:26:c6:06:97:87:1d:b8:5b:8d:e4:e4:bf:ff:dbCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43Certificate

Extended Key Usages

Key Usages

ab:b3:18:ae:73:3c:7f:d2:c7:ba:09:ee:3e:10:d4:94:65:72:95:eeSigner

Headers

File Characteristics

PDB Paths

Imports

winmm

version

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

urlmon

netapi32

wininet

Sections

.text Size: 824KB - Virtual size: 822KB

.rdata Size: 164KB - Virtual size: 162KB

.data Size: 28KB - Virtual size: 40KB

.rsrc Size: 44KB - Virtual size: 43KB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

90:b8:26:c6:06:97:87:1d:b8:5b:8d:e4:e4:bf:ff:db
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

ab:b3:18:ae:73:3c:7f:d2:c7:ba:09:ee:3e:10:d4:94:65:72:95:ee
Signer

.text
Size: 824KB - Virtual size: 822KB

.rdata
Size: 164KB - Virtual size: 162KB

.data
Size: 28KB - Virtual size: 40KB

.rsrc
Size: 44KB - Virtual size: 43KB