0e2ff04e8b010a61a6676a6dd26f1390N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

0e2ff04e8b010a61a6676a6dd26f1390N.exe
Size

4.4MB
MD5

0e2ff04e8b010a61a6676a6dd26f1390
SHA1

a1ac73a96890d6425211167a9c176a538493220c
SHA256

a961ef09e082044aa84a0dece2c70d3b1a53f4e927d3d8baa95bdf6fd2b304ac
SHA512

6acbaeecdf281642ccee3009522ecf8bfb92cefc4f9e86c1ba4c1eaa8c7ae060256ea9b340d7d5689f977f3423d60be49c04c0cc432170259c886828a861640d
SSDEEP

49152:iuJkpvUqUBPmp/W5OltLRpiJUj5y09P98UAWGjNIrnC3ne:iuInU5mdWeRpvjE0B981Lfe

Score

1^/10

Malware Config

Signatures

Files

0e2ff04e8b010a61a6676a6dd26f1390N.exe
.exe windows:4 windows x86 arch:x86

f3c8681d178df41452834395380e69a5

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:0f:a0:91:94:b2:2d:c5:1d:00:65:31:c9:c1:61:04
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

21/12/2021, 00:00

Not After

17/03/2025, 23:59

Subject

CN=voidtools,O=voidtools,L=Wilmington,ST=South Australia,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

48:5b:08:9d:e5:77:fa:ff:bc:1f:1d:c7:02:a9:b9:95:a9:85:66:06:e7:93:5b:67:f9:9f:29:41:64:3e:1c:42
Signer

Actual PE Digest

48:5b:08:9d:e5:77:fa:ff:bc:1f:1d:c7:02:a9:b9:95:a9:85:66:06:e7:93:5b:67:f9:9f:29:41:64:3e:1c:42

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\dev\everything\Release BETA (Unofficial)\Everything.pdb

Imports

comctl32

ord412
ord410
ord413
ImageList_GetIcon
_TrackMouseEvent
ImageList_DrawEx
ImageList_GetIconSize
InitCommonControlsEx

kernel32

FileTimeToLocalFileTime
GetCurrentProcessId
GetCurrentThread
GlobalAlloc
GetFileSize
SetErrorMode
GetFileTime
SetThreadPriority
DeviceIoControl
LocalFree
GetSystemTimeAsFileTime
GetExitCodeProcess
QueryPerformanceFrequency
FlushFileBuffers
FreeResource
LoadResource
SizeofResource
LockResource
DisconnectNamedPipe
LocalAlloc
GetTimeZoneInformation
MulDiv
CompareStringA
GetModuleHandleA
GetModuleFileNameA
SetFilePointer
GetSystemDirectoryA
InterlockedExchange
HeapSize
GetLocaleInfoA
GetStringTypeA
LCMapStringA
RtlUnwind
RaiseException
SetHandleCount
GetEnvironmentStrings
FreeEnvironmentStringsA
GetOEMCP
GetACP
HeapReAlloc
HeapCreate
HeapDestroy
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoA
GetCommandLineA
CreateThread
ExitThread
FileTimeToSystemTime
GlobalFree
WriteFile
LocalFileTimeToFileTime
DuplicateHandle
GetThreadPriority
WaitForMultipleObjects
GlobalMemoryStatus
SystemTimeToTzSpecificLocalTime
SetFileTime
GlobalLock
GetSystemInfo
GlobalUnlock
FindClose
ReadFile
VirtualLock
VirtualAlloc
GetProcessHeap
VirtualFree
HeapFree
HeapAlloc
VirtualQuery
TerminateProcess
GetCurrentProcess
LoadLibraryA
MoveFileExW
OpenProcess
GetVersionExA
GetSystemDefaultLangID
ConnectNamedPipe
InterlockedDecrement
InterlockedIncrement
SystemTimeToFileTime
FreeLibrary
SetConsoleCursorPosition
FreeConsole
SetConsoleScreenBufferSize
SetConsoleTextAttribute
AllocConsole
ExitProcess
FillConsoleOutputAttribute
GetFileType
GetConsoleScreenBufferInfo
WriteConsoleA
SetStdHandle
GetStdHandle
SetLastError
GetOverlappedResult
FindCloseChangeNotification
GetFileInformationByHandle
ResetEvent
Sleep
LeaveCriticalSection
GetLocalTime
CloseHandle
EnterCriticalSection
DeleteCriticalSection
SetEvent
InitializeCriticalSection
WaitForSingleObject
GetTickCount
QueryPerformanceCounter
GetCommandLineW
GetCurrentThreadId
GetLastError
GetWindowsDirectoryA

user32

CreateMenu
UpdateWindow
EnableMenuItem
EqualRect
SetCursor
SetClipboardViewer
GetSubMenu
ChangeClipboardChain
SetMenu
EnumWindows
SetScrollInfo
RegisterHotKey
SetMenuDefaultItem
ReplyMessage
IsWindowVisible
UnregisterHotKey
OpenIcon
GetCursorPos
ClientToScreen
SetCapture
SetActiveWindow
EmptyClipboard
CheckDlgButton
GetClientRect
GetCapture
MsgWaitForMultipleObjects
SetFocus
EnumChildWindows
CopyRect
MapWindowPoints
IsZoomed
BringWindowToTop
GetMenuState
ValidateRect
GetMessagePos
GetMenu
GetLastActivePopup
GetMenuDefaultItem
GetKeyState
DestroyMenu
GetDlgItem
TrackPopupMenu
DrawFrameControl
ReleaseDC
GetDC
CreatePopupMenu
AdjustWindowRectEx
DeferWindowPos
MessageBeep
CloseClipboard
GetWindowPlacement
BeginPaint
IsDlgButtonChecked
IsIconic
SetForegroundWindow
RedrawWindow
ReleaseCapture
PtInRect
FillRect
EndDeferWindowPos
GetMenuItemCount
BeginDeferWindowPos
GetNextDlgTabItem
TrackPopupMenuEx
RemoveMenu
ScreenToClient
SetWindowPos
EndPaint
GetDlgItemInt
OffsetRect
SetCursorPos
InvalidateRgn
GetSysColorBrush
DrawIconEx
PostQuitMessage
AdjustWindowRect
GetWindowDC
InflateRect
SetDlgItemInt
DrawEdge
SetClipboardData
GetDesktopWindow
GetSysColor
EndDialog
KillTimer
SetTimer
ShowWindow
DestroyIcon
DeleteMenu
GetSystemMenu
DrawMenuBar
DestroyWindow
GetWindowThreadProcessId
IsWindow
GetKeyboardLayout
GetDoubleClickTime
WindowFromPoint
IsWindowEnabled
GetSystemMetrics
CallNextHookEx
ScrollWindowEx
GetDlgCtrlID
GetMenuItemID
GetActiveWindow
MenuItemFromPoint
GetAsyncKeyState
OpenClipboard
ActivateKeyboardLayout
GetWindowRect
CreateIconIndirect
IntersectRect
GetKeyboardLayoutList
GetScrollInfo
WaitMessage
TranslateMessage
GetForegroundWindow
GetFocus
GetParent
AttachThreadInput
InvalidateRect

gdi32

GetNearestColor
CombineRgn
CreateDIBSection
PatBlt
GetDeviceCaps
ExcludeClipRect
GetClipRgn
GetStockObject
SetTextAlign
GetTextColor
GetBkColor
SetViewportOrgEx
GetRandomRgn
GetDCOrgEx
OffsetRgn
SelectClipRgn
FillRgn
IntersectClipRect
RectVisible
StretchDIBits
CreateSolidBrush
SetBrushOrgEx
GetTextAlign
GetCurrentObject
SetBkColor
SetStretchBltMode
CreatePatternBrush
SetTextColor
UnrealizeObject
GetRegionData
SetBkMode
ExtCreateRegion
CreateBitmapIndirect
CreateRectRgn
BitBlt
DeleteDC
GetDIBits
DeleteObject
SelectObject
CreateCompatibleDC
GdiFlush
CreateCompatibleBitmap

comdlg32

CommDlgExtendedError

advapi32

StartServiceW
SetServiceStatus
RegisterServiceCtrlHandlerW
ControlService
CreateServiceW
CloseServiceHandle
DeleteService
OpenSCManagerW
StartServiceCtrlDispatcherW
RegCloseKey
RegOpenKeyA
ReportEventW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
DeregisterEventSource
RegisterEventSourceW
SetServiceObjectSecurity
QueryServiceConfigW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenServiceW

shell32

DragAcceptFiles
ord62
SHAddToRecentDocs
ord18
DragFinish
ord16
ord19
ord153
SHGetSpecialFolderLocation
SHGetDesktopFolder
ord25
ord155
ord190

ole32

RegisterDragDrop
ReleaseStgMedium
OleSetClipboard
OleIsCurrentClipboard
OleFlushClipboard
CoTaskMemAlloc
PropVariantClear
RevokeDragDrop
CreateStreamOnHGlobal
CLSIDFromString
CoInitializeEx
DoDragDrop
OleInitialize
CoUninitialize
CoCreateInstance
CreateBindCtx
CoTaskMemFree

oleaut32

SysFreeString
VariantChangeType
VariantInit
VariantTimeToSystemTime
VariantClear
VarDateFromStr
SysAllocString

Sections

.text
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 440KB - Virtual size: 440KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 200KB - Virtual size: 205KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 164KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f3c8681d178df41452834395380e69a5

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

03:0f:a0:91:94:b2:2d:c5:1d:00:65:31:c9:c1:61:04Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

48:5b:08:9d:e5:77:fa:ff:bc:1f:1d:c7:02:a9:b9:95:a9:85:66:06:e7:93:5b:67:f9:9f:29:41:64:3e:1c:42Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

comctl32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 3.5MB - Virtual size: 3.5MB

.rdata Size: 440KB - Virtual size: 440KB

.data Size: 200KB - Virtual size: 205KB

.rsrc Size: 36KB - Virtual size: 35KB

.reloc Size: 164KB - Virtual size: 164KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

03:0f:a0:91:94:b2:2d:c5:1d:00:65:31:c9:c1:61:04
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

48:5b:08:9d:e5:77:fa:ff:bc:1f:1d:c7:02:a9:b9:95:a9:85:66:06:e7:93:5b:67:f9:9f:29:41:64:3e:1c:42
Signer

.text
Size: 3.5MB - Virtual size: 3.5MB

.rdata
Size: 440KB - Virtual size: 440KB

.data
Size: 200KB - Virtual size: 205KB

.rsrc
Size: 36KB - Virtual size: 35KB

.reloc
Size: 164KB - Virtual size: 164KB