db1c1f631b66252793a24005fb7c3410N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

db1c1f631b66252793a24005fb7c3410N.exe
Size

1023KB
MD5

db1c1f631b66252793a24005fb7c3410
SHA1

bcbb15b492b6fa29e1f5a20cbae668a682032c5b
SHA256

09f9a151eb6a14516d3735a3351c5d4375c7fe9b21548ddf303e51b72309c01e
SHA512

63e661bbf5b6699ce30fd612ca7c95ec84dcc0b5216c1c0a13258a6b5fa55107d6a4f447c0d8f6d96cf5cbbc5b8a56b244cd7b0aa10db633bd38e6b49f88c930
SSDEEP

24576:Q0orhTggggMY1Q/g48b8qYpiSFObXeys+kY7C:aggggM7/g48b4piSFObXfe

Score

1^/10

Malware Config

Signatures

Files

db1c1f631b66252793a24005fb7c3410N.exe
.exe windows:6 windows x86 arch:x86

2d2b4e181df237b345f1c4e26bedaa49

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:97:c5:6c:aa:59:05:53:94:d9:a9:cd:b8:be:eb:56
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

13/01/2023, 00:00

Not After

16/01/2026, 23:59

Subject

CN=NVIDIA Corporation,OU=2-J,O=NVIDIA Corporation,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

38:63:de:f8
Certificate

Issuer

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Not Before

24/12/1999, 17:50

Not After

24/07/2029, 14:15

Subject

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

58:da:13:ff:00:00:00:00:51:ce:0d:f7
Certificate

Issuer

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Not Before

22/07/2015, 19:02

Not After

22/06/2029, 19:32

Subject

CN=Entrust Timestamping CA - TS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:d7:13:53:da:25:61:b4:61:e9:90:47:8a:4c:ce:04
Certificate

Issuer

CN=Entrust Timestamping CA - TS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Not Before

19/01/2024, 16:46

Not After

01/06/2029, 00:00

Subject

CN=Entrust Timestamp Authority - TSA1,O=Entrust\, Inc.,L=Ottawa,ST=Ontario,C=CA

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

65:85:22:70:cf:94:a0:14:f2:6d:fd:89:b6:e7:c1:c3:e6:b3:30:c5:d1:4a:91:4f:45:e2:ec:56:1c:f7:14:ea
Signer

Actual PE Digest

65:85:22:70:cf:94:a0:14:f2:6d:fd:89:b6:e7:c1:c3:e6:b3:30:c5:d1:4a:91:4f:45:e2:ec:56:1c:f7:14:ea

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\dvs\p4\build\sw\dev\cm\pfw\dev_a\cm\SFX\Output\Win32\7zSfxMod.pdb

Imports

comctl32

ord17

shlwapi

PathIsDirectoryEmptyW
PathFindFileNameW

kernel32

GetProcessAffinityMask
GetVersionExW
SetEvent
ResetEvent
WaitForSingleObject
CreateEventW
ResumeThread
GetDiskFreeSpaceExW
SetFileAttributesW
SetLastError
Sleep
CreateThread
GetExitCodeThread
GetLocalTime
SystemTimeToFileTime
GetEnvironmentVariableW
ExpandEnvironmentStringsW
CreateDirectoryW
DeleteFileW
FindClose
FindFirstFileW
FindNextFileW
GetFileAttributesW
GetFileSizeEx
RemoveDirectoryW
GetTempPathW
OutputDebugStringW
QueryPerformanceCounter
QueryPerformanceFrequency
ReleaseMutex
WaitForSingleObjectEx
CreateMutexW
CreateEventA
GetProcessTimes
GetCurrentThreadId
GetSystemTimeAsFileTime
GetModuleFileNameW
LoadResource
LockResource
SizeofResource
LoadLibraryA
GlobalAlloc
GlobalFree
LocalAlloc
LocalFree
MulDiv
FormatMessageA
FormatMessageW
lstrcmpW
lstrcmpiA
lstrcmpiW
lstrlenA
lstrlenW
FindResourceExA
MultiByteToWideChar
WideCharToMultiByte
GetLocaleInfoW
SetThreadLocale
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetSystemDefaultLCID
VirtualAlloc
VirtualFree
GetCommandLineW
SetEnvironmentVariableW
SetCurrentDirectoryW
GetDriveTypeW
GetExitCodeProcess
GetSystemDirectoryW
WriteFile
GlobalMemoryStatus
GetModuleHandleA
InitializeCriticalSection
TerminateThread
SuspendThread
lstrcpyW
IsBadReadPtr
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
GetConsoleMode
GetConsoleOutputCP
GetTimeZoneInformation
GetFileType
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
HeapAlloc
HeapReAlloc
HeapFree
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InterlockedPushEntrySList
RaiseException
RtlUnwind
TerminateProcess
GetCurrentProcessId
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
WriteConsoleW
IsProcessorFeaturePresent
InitializeSListHead
InitializeCriticalSectionAndSpinCount
AreFileApisANSI
MoveFileExW
DeviceIoControl
SetFilePointerEx
FlushFileBuffers
GetCPInfo
CompareStringEx
GetProcAddress
GetModuleHandleW
GetSystemInfo
GetCurrentProcess
CompareFileTime
CloseHandle
SetFileTime
SetFilePointer
SetEndOfFile
GetFileSize
CreateFileW
WaitForMultipleObjects
LoadLibraryW
ReadFile
GetFileInformationByHandle
GetStdHandle
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetStdHandle
ReadConsoleW
HeapSize
GetLastError
FreeLibrary
GetLocaleInfoEx
LCMapStringEx
DecodePointer
EncodePointer
InitializeCriticalSectionEx
GetStringTypeW

user32

CharUpperW
wsprintfW
GetMessageW
DispatchMessageW
CreateWindowExW
DestroyWindow
SetWindowPos
KillTimer
GetMenu
GetWindowDC
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
SendMessageW
ReleaseDC
SetTimer
GetDC
EndDialog
GetWindowRect
SystemParametersInfoW
DrawIconEx
LoadImageW
LoadIconW
GetWindow
SetWindowLongW
ClientToScreen
MessageBeep
GetClientRect
EnableMenuItem
GetSystemMenu
GetSystemMetrics
EnableWindow
SetFocus
GetDlgItem
DialogBoxIndirectParamW
ShowWindow
IsWindow
CallWindowProcW
DefWindowProcW
wvsprintfW
MessageBoxA
GetKeyState
wsprintfA
CopyImage
GetClassNameA
GetParent
GetWindowLongW
GetSysColor
ScreenToClient
DrawTextW

gdi32

DeleteObject
CreateFontIndirectW
GetObjectW
SetStretchBltMode
StretchBlt
SelectObject
GetDeviceCaps
GetCurrentObject
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap

advapi32

RegCreateKeyExW
SetEntriesInAclW
RegQueryValueExW
RegOpenKeyExW
RegEnumValueW
AllocateAndInitializeSid
RegCloseKey
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
FreeSid

shell32

SHGetMalloc
ShellExecuteExW
ShellExecuteW
SHGetFileInfoW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetSpecialFolderPathW

ole32

CoCreateInstance
CreateStreamOnHGlobal
CoInitialize

oleaut32

VariantClear
SysAllocStringLen
OleLoadPicture

Sections

.text
Size: 627KB - Virtual size: 627KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 158KB - Virtual size: 158KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 31KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 194KB - Virtual size: 194KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2d2b4e181df237b345f1c4e26bedaa49

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

09:97:c5:6c:aa:59:05:53:94:d9:a9:cd:b8:be:eb:56Certificate

Extended Key Usages

Key Usages

38:63:de:f8Certificate

Key Usages

58:da:13:ff:00:00:00:00:51:ce:0d:f7Certificate

Extended Key Usages

Key Usages

07:d7:13:53:da:25:61:b4:61:e9:90:47:8a:4c:ce:04Certificate

Extended Key Usages

Key Usages

65:85:22:70:cf:94:a0:14:f2:6d:fd:89:b6:e7:c1:c3:e6:b3:30:c5:d1:4a:91:4f:45:e2:ec:56:1c:f7:14:eaSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

comctl32

shlwapi

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 627KB - Virtual size: 627KB

.rdata Size: 158KB - Virtual size: 158KB

.data Size: 31KB - Virtual size: 43KB

.rsrc Size: 194KB - Virtual size: 194KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

09:97:c5:6c:aa:59:05:53:94:d9:a9:cd:b8:be:eb:56
Certificate

38:63:de:f8
Certificate

58:da:13:ff:00:00:00:00:51:ce:0d:f7
Certificate

07:d7:13:53:da:25:61:b4:61:e9:90:47:8a:4c:ce:04
Certificate

65:85:22:70:cf:94:a0:14:f2:6d:fd:89:b6:e7:c1:c3:e6:b3:30:c5:d1:4a:91:4f:45:e2:ec:56:1c:f7:14:ea
Signer

.text
Size: 627KB - Virtual size: 627KB

.rdata
Size: 158KB - Virtual size: 158KB

.data
Size: 31KB - Virtual size: 43KB

.rsrc
Size: 194KB - Virtual size: 194KB