ONENOTEM[.]EXE

Sharing

Copy URL Twitter E-mail

General

Target

ONENOTEM.EXE
Size

691KB
MD5

419d0fe3d9942a5ae0f7e5172d24d562
SHA1

d96d1e865dfb8b3627e3da668bc17170faf77156
SHA256

77eadb6f065e478fde12b67101ae48b105d05845441a454db2be44e6555039ad
SHA512

35c655dacaeeb9d9a88b710b7eceb210b138e190d3ebca8ec68a59df4715d4449f3536f85448075cf55d44ba216c317ce2c9d5d3e128adf4f89128b4ddcc0051
SSDEEP

6144:AMQVFGpINpSN1ItwdEoaXdZ2RylsbkR0akuCu+tJmVpu8Ln1nfXXXXXXAWLQPh:LQ6gpMUdZ6y+bkRlCuEcpLk

Score

1^/10

Malware Config

Signatures

Files

ONENOTEM.EXE
.exe windows:6 windows x64 arch:x64

Code Sign

33:00:00:05:57:cf:90:dd:c7:d1:c0:88:8c:00:00:00:00:05:57
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2023, 19:51

Not After

16/10/2024, 19:51

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:03:a5:41:11:e8:f0:7f:be:0b:75:00:00:00:00:03:a5
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2023, 19:51

Not After

16/10/2024, 19:51

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f0:e0:08:fe:26:3f:a0:96:4a:36:c5:72:ea:eb:83:d3:a5:24:e6:01:a5:63:72:49:6b:b6:33:9d:77:6d:62:e8
Signer

Actual PE Digest

f0:e0:08:fe:26:3f:a0:96:4a:36:c5:72:ea:eb:83:d3:a5:24:e6:01:a5:63:72:49:6b:b6:33:9d:77:6d:62:e8

Digest Algorithm

sha256

PE Digest Matches

true

f0:e0:08:fe:26:3f:a0:96:4a:36:c5:72:ea:eb:83:d3:a5:24:e6:01:a5:63:72:49:6b:b6:33:9d:77:6d:62:e8
Signer

Actual PE Digest

f0:e0:08:fe:26:3f:a0:96:4a:36:c5:72:ea:eb:83:d3:a5:24:e6:01:a5:63:72:49:6b:b6:33:9d:77:6d:62:e8

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\dbs\el\omr\Target\x64\ship\postc2r\x-none\onenotem.pdb

Sections

.text
Size: 232KB - Virtual size: 231KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 303KB - Virtual size: 303KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 720B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.c2r
Size: 512B - Virtual size: 436B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 98KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

33:00:00:05:57:cf:90:dd:c7:d1:c0:88:8c:00:00:00:00:05:57Certificate

Extended Key Usages

61:0c:52:4c:00:00:00:00:00:03Certificate

Key Usages

33:00:00:03:a5:41:11:e8:f0:7f:be:0b:75:00:00:00:00:03:a5Certificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

f0:e0:08:fe:26:3f:a0:96:4a:36:c5:72:ea:eb:83:d3:a5:24:e6:01:a5:63:72:49:6b:b6:33:9d:77:6d:62:e8Signer

f0:e0:08:fe:26:3f:a0:96:4a:36:c5:72:ea:eb:83:d3:a5:24:e6:01:a5:63:72:49:6b:b6:33:9d:77:6d:62:e8Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Sections

.text Size: 232KB - Virtual size: 231KB

.rdata Size: 303KB - Virtual size: 303KB

.data Size: 10KB - Virtual size: 32KB

.pdata Size: 12KB - Virtual size: 11KB

.didat Size: 1024B - Virtual size: 720B

.c2r Size: 512B - Virtual size: 436B

.rsrc Size: 98KB - Virtual size: 97KB

.reloc Size: 14KB - Virtual size: 13KB

33:00:00:05:57:cf:90:dd:c7:d1:c0:88:8c:00:00:00:00:05:57
Certificate

61:0c:52:4c:00:00:00:00:00:03
Certificate

33:00:00:03:a5:41:11:e8:f0:7f:be:0b:75:00:00:00:00:03:a5
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

f0:e0:08:fe:26:3f:a0:96:4a:36:c5:72:ea:eb:83:d3:a5:24:e6:01:a5:63:72:49:6b:b6:33:9d:77:6d:62:e8
Signer

f0:e0:08:fe:26:3f:a0:96:4a:36:c5:72:ea:eb:83:d3:a5:24:e6:01:a5:63:72:49:6b:b6:33:9d:77:6d:62:e8
Signer

.text
Size: 232KB - Virtual size: 231KB

.rdata
Size: 303KB - Virtual size: 303KB

.data
Size: 10KB - Virtual size: 32KB

.pdata
Size: 12KB - Virtual size: 11KB

.didat
Size: 1024B - Virtual size: 720B

.c2r
Size: 512B - Virtual size: 436B

.rsrc
Size: 98KB - Virtual size: 97KB

.reloc
Size: 14KB - Virtual size: 13KB