06092024_0558_KYCPDF[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

06092024_0558_KYCPDF.exe
Size

1.8MB
MD5

761ef022f7ce436dbe2107a77b4d5cc0
SHA1

1db40d012f5366bb918d2b34e669e4a7b37e812b
SHA256

537f733f9051e1b629c9696e4b839bc6bda34f539f36bce3e69704818c2d149a
SHA512

61111b425ebbf83c041e27e30a02c3ff1f8b86b5b08cb701155586af8842a9d2fbde2ff744fc77b680d6d82963923d4fd440be548a893b9b5ede9a8094bbf9eb
SSDEEP

24576:rnU3YAePnprB3CZAoAUjyBkg6JwtBa7rtYPoklQn652AOcOc7GGb+R+:rU3YLaZA2jKkg6x7rtYPRgGFKA

Score

1^/10

Malware Config

Signatures

Files

06092024_0558_KYCPDF.exe
.exe windows:6 windows x64 arch:x64

Password: infected

93912eb079f3f6164213035e919f7c3d

Code Sign

01
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01/01/2004, 00:00

Not After

31/12/2028, 23:59

Subject

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a4:cc:21:6f:dd:5c:15:71:e0:18:25:89:d6:be:6b:69
Certificate

Issuer

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Not Before

22/01/2024, 00:00

Not After

21/01/2025, 23:59

Subject

SERIALNUMBER=559265-2506,CN=VLD Riv & Sanering AB,O=VLD Riv & Sanering AB,ST=Stockholms län,C=SE,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13025345

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

c2:e5:78:49:56:b9:7f:b7:d3:72:3d:62:c9:d0:ac:5f:6f:d0:c7:b1
Signer

Actual PE Digest

c2:e5:78:49:56:b9:7f:b7:d3:72:3d:62:c9:d0:ac:5f:6f:d0:c7:b1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

downloader.pdb

Imports

api-ms-win-core-synch-l1-2-0

WakeByAddressAll
WaitOnAddress
WakeByAddressSingle

bcryptprimitives

ProcessPrng

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey

kernel32

GetSystemTimeAsFileTime
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
SetUnhandledExceptionFilter
CloseHandle
GetConsoleWindow
MoveFileExW
CreateWaitableTimerExW
SetWaitableTimer
WaitForSingleObject
Sleep
lstrlenW
GetLastError
GetExitCodeProcess
AddVectoredExceptionHandler
SetThreadStackGuarantee
GetCurrentThread
HeapFree
HeapReAlloc
SwitchToThread
SetLastError
GetFinalPathNameByHandleW
GetQueuedCompletionStatusEx
CreateIoCompletionPort
SetFileCompletionNotificationModes
SetHandleInformation
GetStdHandle
GetConsoleMode
MultiByteToWideChar
WriteConsoleW
GetModuleHandleA
GetProcAddress
GetModuleHandleW
FormatMessageW
GetCurrentDirectoryW
GetEnvironmentVariableW
GetModuleFileNameW
CreateFileW
SetFileInformationByHandle
GetFullPathNameW
CreateDirectoryW
GetFileInformationByHandle
GetFileInformationByHandleEx
FindFirstFileW
FindClose
GetEnvironmentStringsW
FreeEnvironmentStringsW
CompareStringOrdinal
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
GetCurrentProcess
DuplicateHandle
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
DeleteProcThreadAttributeList
GetCurrentProcessId
CreateNamedPipeW
CreateThread
ReadFileEx
SleepEx
WriteFileEx
QueryPerformanceCounter
QueryPerformanceFrequency
HeapAlloc
GetProcessHeap
RtlCaptureContext
RtlLookupFunctionEntry
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
ReleaseMutex
WideCharToMultiByte
RtlVirtualUnwind
PostQueuedCompletionStatus
TerminateProcess
GetCurrentThreadId
IsProcessorFeaturePresent

ole32

CoTaskMemFree

shell32

SHGetKnownFolderPath

user32

ShowWindow

ws2_32

closesocket
shutdown
send
recv
WSACleanup
WSAStartup
freeaddrinfo
getaddrinfo
setsockopt
bind
getsockopt
getsockname
WSAGetLastError
getpeername
connect
ioctlsocket
WSASocketW
WSASend
WSAIoctl

ntdll

NtCreateFile
NtWriteFile
NtDeviceIoControlFile
RtlNtStatusToDosError
NtCancelIoFileEx

secur32

FreeCredentialsHandle
ApplyControlToken
QueryContextAttributesW
AcceptSecurityContext
AcquireCredentialsHandleA
EncryptMessage
InitializeSecurityContextW
DecryptMessage
FreeContextBuffer
DeleteSecurityContext

crypt32

CertVerifyCertificateChainPolicy
CertFreeCertificateChain
CertGetCertificateChain
CertDuplicateCertificateChain
CertDuplicateCertificateContext
CertOpenStore
CertFreeCertificateContext
CertDuplicateStore
CertCloseStore
CertEnumCertificatesInStore
CertAddCertificateContextToStore

vcruntime140

memcpy
memset
memmove
__current_exception_context
__current_exception
__C_specific_handler
memcmp
__CxxFrameHandler3

api-ms-win-crt-string-l1-1-0

strlen

api-ms-win-crt-heap-l1-1-0

malloc
_set_new_mode
free

api-ms-win-crt-utility-l1-1-0

_rotl64

api-ms-win-crt-runtime-l1-1-0

exit
_initterm_e
_exit
_initterm
_c_exit
_cexit
_configure_narrow_argv
__p___argv
_set_app_type
_seh_filter_exe
_register_thread_local_exe_atexit_callback
__p___argc
_initialize_onexit_table
_initialize_narrow_environment
_register_onexit_function
_get_initial_narrow_environment
_crt_atexit
terminate

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 864KB - Virtual size: 864KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 451KB - Virtual size: 450KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 495KB - Virtual size: 495KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

93912eb079f3f6164213035e919f7c3d

Code Sign

01Certificate

Key Usages

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6eCertificate

Extended Key Usages

Key Usages

a4:cc:21:6f:dd:5c:15:71:e0:18:25:89:d6:be:6b:69Certificate

Extended Key Usages

Key Usages

c2:e5:78:49:56:b9:7f:b7:d3:72:3d:62:c9:d0:ac:5f:6f:d0:c7:b1Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-core-synch-l1-2-0

bcryptprimitives

advapi32

kernel32

ole32

shell32

user32

ws2_32

ntdll

secur32

crypt32

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 864KB - Virtual size: 864KB

.rdata Size: 451KB - Virtual size: 450KB

.data Size: 4KB - Virtual size: 5KB

.pdata Size: 30KB - Virtual size: 29KB

.rsrc Size: 495KB - Virtual size: 495KB

.reloc Size: 6KB - Virtual size: 5KB

01
Certificate

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

a4:cc:21:6f:dd:5c:15:71:e0:18:25:89:d6:be:6b:69
Certificate

c2:e5:78:49:56:b9:7f:b7:d3:72:3d:62:c9:d0:ac:5f:6f:d0:c7:b1
Signer

.text
Size: 864KB - Virtual size: 864KB

.rdata
Size: 451KB - Virtual size: 450KB

.data
Size: 4KB - Virtual size: 5KB

.pdata
Size: 30KB - Virtual size: 29KB

.rsrc
Size: 495KB - Virtual size: 495KB

.reloc
Size: 6KB - Virtual size: 5KB