imgdrive_2[.]1[.]9[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

imgdrive_2.1.9.exe
Size

1.1MB
MD5

7c10cd3f8280638ff3ec0e9daf158757
SHA1

a7cf4743bb349b5d878ae2245985bbfaa09ac602
SHA256

2f69da04810609ef23b552e297244f1630bfc7af1113d64d3658add2e186ce62
SHA512

97519d7066668a416a023f13f676a5bde9985e7dfbdb30b2ac49bec61f93304e4316270bcb1085f84b07a17db43650b7d605a4754f01c792a3c349262989c6af
SSDEEP

24576:kfecT2+AeM/pN4pAYvBT8szFmQbHczD5mQwFCiKRqTko7r:dt0ppvZ4ic5m/kDCBr

Score

1^/10

Malware Config

Signatures

Files

imgdrive_2.1.9.exe
.exe windows:5 windows x86 arch:x86

29ab84ef164b640380ed5aa93010ca65

Code Sign

13:97:f7:a6:64:d0:a2:58:d2:fc:d6:a6:46:ad:1a:52
Certificate

Issuer

CN=SSL.com EV Code Signing Intermediate CA RSA R3,O=SSL Corp,L=Houston,ST=Texas,C=US

Not Before

19/09/2022, 14:03

Not After

29/08/2025, 14:53

Subject

SERIALNUMBER=91371300MABX6G2P0P,CN=Yubi Software (Linyi) Co.\, Ltd.,O=Yubi Software (Linyi) Co.\, Ltd.,L=Linyi,C=CN,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

42:4b:6a:53:ce:c7:66:14:1c:2a:63:b1:a5:1c:41:04
Certificate

Issuer

CN=SSL.com EV Root Certification Authority RSA R2,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

26/03/2019, 17:44

Not After

22/03/2034, 17:44

Subject

CN=SSL.com EV Code Signing Intermediate CA RSA R3,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5a:5a:ac:e8:1a:35:6e:b4:62:86:8d:57:7d:e0:3d:c7
Certificate

Issuer

CN=SSL.com Timestamping Issuing RSA CA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Not Before

19/02/2024, 16:18

Not After

16/02/2034, 16:18

Subject

CN=SSL.com Timestamping Unit 2024 E1,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56
Certificate

Issuer

CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

13/11/2019, 18:50

Not After

12/11/2034, 18:50

Subject

CN=SSL.com Timestamping Issuing RSA CA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f3:48:ca:79:5e:25:3a:bb:fc:26:24:53:3f:3c:03:e1:01:6d:74:5f:f5:54:c9:0e:87:4a:94:05:f8:84:df:b3
Signer

Actual PE Digest

f3:48:ca:79:5e:25:3a:bb:fc:26:24:53:3f:3c:03:e1:01:6d:74:5f:f5:54:c9:0e:87:4a:94:05:f8:84:df:b3

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

setupldr_lzmaS.pdb

Imports

kernel32

GetModuleFileNameW
CreateFileW
MultiByteToWideChar
OpenMutexW
GetLastError
MoveFileW
LocalAlloc
GetModuleHandleA
CloseHandle
DeleteFileW
LocalFree
ReadFile
GetNativeSystemInfo
CreateProcessW
GetCurrentProcess
GetModuleHandleW
GetExitCodeProcess
GetProcAddress
GetStartupInfoA
GetCommandLineA
HeapAlloc
GetProcessHeap
GetFileAttributesW
GetVersionExW
Sleep
LoadLibraryW
GetUserDefaultLangID
WriteFile
SetFileTime
CreateDirectoryW
MoveFileExW
SetFilePointer
GetFileSize
ExpandEnvironmentStringsW
ExitProcess

user32

TranslateMessage
MsgWaitForMultipleObjects
wvsprintfW
PeekMessageW
ShowWindow
DispatchMessageW
SetCursor
GetSystemMenu
SetTimer
ScreenToClient
GetWindowRect
KillTimer
DialogBoxParamW
LoadCursorW
FindWindowW
SetFocus
wsprintfW
InflateRect
InvalidateRect
EnableMenuItem
GetDlgItem
EndDialog
CheckDlgButton
IsDlgButtonChecked
CreateWindowExW
MessageBoxW
SetWindowTextW
GetDlgCtrlID
EnableWindow
SendMessageW
SetWindowTextA
GetDlgItemTextW
SetDlgItemTextW
LoadIconW

gdi32

CreateFontIndirectW
SetBkMode
GetObjectW
GetStockObject

comctl32

ord17

advapi32

RegSetValueExW
RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
RegQueryValueExW

shell32

SHBrowseForFolderW
SHCreateDirectoryExW
SHChangeNotify
SHGetPathFromIDListW
ord680
SHGetSpecialFolderPathW
SHGetSpecialFolderLocation
ShellExecuteW
SHGetMalloc

ole32

CoUninitialize
CoCreateInstance
CoInitialize

oleaut32

SysAllocString
SysFreeString

shlwapi

wvnsprintfW
SHAutoComplete
PathRemoveBlanksW
ord176

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 540B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

29ab84ef164b640380ed5aa93010ca65

Code Sign

13:97:f7:a6:64:d0:a2:58:d2:fc:d6:a6:46:ad:1a:52Certificate

Extended Key Usages

Key Usages

42:4b:6a:53:ce:c7:66:14:1c:2a:63:b1:a5:1c:41:04Certificate

Extended Key Usages

Key Usages

5a:5a:ac:e8:1a:35:6e:b4:62:86:8d:57:7d:e0:3d:c7Certificate

Extended Key Usages

Key Usages

6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56Certificate

Extended Key Usages

Key Usages

f3:48:ca:79:5e:25:3a:bb:fc:26:24:53:3f:3c:03:e1:01:6d:74:5f:f5:54:c9:0e:87:4a:94:05:f8:84:df:b3Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comctl32

advapi32

shell32

ole32

oleaut32

shlwapi

Sections

.text Size: 12KB - Virtual size: 11KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 512B - Virtual size: 540B

.rsrc Size: 6KB - Virtual size: 6KB

13:97:f7:a6:64:d0:a2:58:d2:fc:d6:a6:46:ad:1a:52
Certificate

42:4b:6a:53:ce:c7:66:14:1c:2a:63:b1:a5:1c:41:04
Certificate

5a:5a:ac:e8:1a:35:6e:b4:62:86:8d:57:7d:e0:3d:c7
Certificate

6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56
Certificate

f3:48:ca:79:5e:25:3a:bb:fc:26:24:53:3f:3c:03:e1:01:6d:74:5f:f5:54:c9:0e:87:4a:94:05:f8:84:df:b3
Signer

.text
Size: 12KB - Virtual size: 11KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 540B

.rsrc
Size: 6KB - Virtual size: 6KB