ARCHIVO ADJUNTO TRANSACCIONAL No 1594841511894984184198198196815951[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

ARCHIVO ADJUNTO TRANSACCIONAL No 1594841511894984184198198196815951.exe
Size

2.9MB
MD5

09fb041d9b196e3461b1902814f526d5
SHA1

2fc901f62efd9652e93250bd18b3fe6553841081
SHA256

c7969e2249fc0180887315b88855ce017d4377b6550a2631b3c821f226e9e861
SHA512

e70001d84b1bc8ed3783421834a8b0e042546d36b63991d9553eb325a5d09cc02cde0fb06218bab3205b1c5206fda5275d0449abd30f7600a052ac8ad7a65b35
SSDEEP

49152:uvaC6j7iYXcTURWVyf3ZevYFOntC9aHjZxLueesGLpy1MQq97rt:BaYXBRWVy/ZevQOnF3LueesGLp2y9

Score

1^/10

Malware Config

Signatures

Files

ARCHIVO ADJUNTO TRANSACCIONAL No 1594841511894984184198198196815951.exe
.exe windows:6 windows x86 arch:x86

ae4fbdc6f28c52568d303b09d7a24d87

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:d3:76:ff:b1:89:3c:1b:b2:1c:2c:05:10:aa:6c:ec
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

24/02/2023, 00:00

Not After

24/02/2025, 23:59

Subject

CN=SAP SE,OU=SAP Production CSA,O=SAP SE,L=Walldorf,ST=Baden-Württemberg,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c3:b6:d8:be:4f:0d:27:ea:e4:5b:d4:0d:c3:26:37:af:1a:06:18:e3:72:ec:ab:93:10:52:07:00:28:7e:9d:4c
Signer

Actual PE Digest

c3:b6:d8:be:4f:0d:27:ea:e4:5b:d4:0d:c3:26:37:af:1a:06:18:e3:72:ec:ab:93:10:52:07:00:28:7e:9d:4c

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\depot\bas\753_REL\fes_800_REL\src\opt\ntintel\saplgpad.pdb

Imports

kernel32

GetSystemDefaultLocaleName
GetEnvironmentVariableA
GetLocalTime
LocalFree
FormatMessageA
GetCurrentThreadId
Sleep
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalFree
FindResourceA
GetUserDefaultLCID
TerminateProcess
OpenProcess
WideCharToMultiByte
GetACP
CreateFileMappingA
CreateSemaphoreA
FindResourceW
SizeofResource
LockResource
LoadResource
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
FindResourceExW
UnmapViewOfFile
MapViewOfFile
GetVersionExA
CreateProcessA
GetSystemInfo
DecodePointer
GetCurrentProcessId
Process32Next
Process32First
CreateToolhelp32Snapshot
CreateEventA
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
OpenFileMappingA
lstrcpynA
LoadLibraryA
EnterCriticalSection
GetProcessHeap
HeapSize
GetFileInformationByHandle
VirtualQuery
FileTimeToSystemTime
CreateDirectoryA
FreeLibrary
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
SetErrorMode
GetLastError
RaiseException
CloseHandle
WaitForSingleObject
GetFileAttributesA
OutputDebugStringW
FileTimeToLocalFileTime
SetEnvironmentVariableA
MultiByteToWideChar
MulDiv
CreateFileA
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
IsProcessorFeaturePresent
UnhandledExceptionFilter
LocalAlloc
LoadLibraryW
GetModuleHandleW
GetModuleFileNameW
InitializeCriticalSectionAndSpinCount
SetLastError
OutputDebugStringA
Module32Next
Module32First
GetModuleHandleExA
GetFinalPathNameByHandleA
RtlCaptureStackBackTrace
VirtualFree
VirtualProtect
VirtualAlloc
TlsFree
GetCurrentThread
GetCurrentProcess
InitializeCriticalSection
RemoveVectoredExceptionHandler
AddVectoredExceptionHandler
SetUnhandledExceptionFilter
GetWindowsDirectoryA
TlsSetValue
TlsGetValue
TlsAlloc
GetTempPathA
CreateMutexA
ReleaseMutex
TerminateThread
GetSystemTime
GetTickCount

user32

EnableWindow
LoadCursorA
SendMessageA
SendMessageTimeoutA
PostMessageA
GetFocus
SetCapture
ReleaseCapture
GetDC
ReleaseDC
InvalidateRect
SetPropA
GetPropA
GetClientRect
GetWindowRect
GetCursorPos
EnumThreadWindows
OffsetRect
ClientToScreen
GetSysColor
DrawFocusRect
FillRect
CopyRect
InflateRect
PtInRect
RegisterWindowMessageA
UnregisterClassA
SetForegroundWindow
GetWindowTextA
MessageBoxA
MessageBeep
SetCursor
EnumWindows
LoadIconW
IsWindow
ShowWindow
SetWindowPos
DestroyMenu
SetRectEmpty
IsRectEmpty
GetDesktopWindow
SetParent
SetTimer
KillTimer
UpdateWindow
DrawEdge
CallWindowProcA
SetLayeredWindowAttributes
IsWindowVisible
IsIconic
IsZoomed
SetFocus
GetActiveWindow
GetKeyState
GetKeyboardState
ToAscii
MapVirtualKeyA
GetSystemMetrics
GetMenuState
GetSystemMenu
CreatePopupMenu
CheckMenuItem
EnableMenuItem
GetSubMenu
GetMenuItemID
GetMenuItemCount
InsertMenuA
AppendMenuA
DeleteMenu
DrawIcon
DrawTextA
DrawTextW
GetForegroundWindow
GetWindowDC
LockWindowUpdate
RemovePropA
SetCursorPos
GetCursor
ScreenToClient
SetRect
UnionRect
GetWindowLongA
SetWindowLongA
GetParent
GetWindow
SetWindowsHookExA
UnhookWindowsHookEx
CallNextHookEx
LoadBitmapW
DestroyIcon
DrawIconEx
SystemParametersInfoA
MonitorFromRect
GetMonitorInfoA
GetDlgCtrlID
IsWindowEnabled
SetWindowTextA
MessageBoxIndirectA
FindWindowA
AttachThreadInput
SetActiveWindow
GetWindowThreadProcessId
ShowScrollBar
GetMessagePos
GetDoubleClickTime
UpdateLayeredWindow
EndPaint
RedrawWindow
BeginPaint

gdi32

SetBkColor
CreateFontIndirectA
SetDIBColorTable
GetDeviceCaps
GetTextExtentPoint32A
SetTextColor
GetTextMetricsA
SetLayout
DeleteDC
TextOutW
CreateSolidBrush
GetTextAlign
SelectObject
GetObjectA
CreateCompatibleBitmap
CreateCompatibleDC
CreatePen
GetViewportOrgEx
GetClipBox
GetStockObject
GetCurrentObject
CreateDIBSection
DeleteObject
SetViewportOrgEx

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegSetValueA
RegDeleteValueA
RegOpenKeyA
RegCreateKeyA
OpenProcessToken
OpenThreadToken
GetTokenInformation
LookupAccountSidA
RegCreateKeyExA

shell32

Shell_NotifyIconA
DragQueryFileA
ShellExecuteA
SHGetFolderPathA
SHGetKnownFolderPath

comctl32

ImageList_Draw
ImageList_AddMasked
ImageList_ReplaceIcon

shlwapi

PathFindFileNameA
SHSetValueA
PathIsURLA
PathAppendA
PathRemoveExtensionA

ole32

GetRunningObjectTable
CreateFileMoniker
CreateStreamOnHGlobal
CoRegisterClassObject
OleDestroyMenuDescriptor
StgOpenStorage
OleRun
CoCreateInstance
CoTaskMemFree

oleaut32

RevokeActiveObject
SysAllocString
SysAllocStringLen
VariantInit
SysFreeString
VariantCopy
LoadRegTypeLi
SysStringLen
SysStringByteLen
VariantClear
GetErrorInfo
VariantChangeType
SetErrorInfo
CreateErrorInfo
SysAllocStringByteLen

psapi

EnumProcessModules
GetModuleFileNameExA
GetModuleInformation

Exports

Exports

??0CLanguageFallbackInformation@@QAE@$$QAV0@@Z
??0CLanguageFallbackInformation@@QAE@ABV0@@Z
??0CLanguageFallbackInformation@@QAE@XZ
??0CSplashWindow@@QAE@I@Z
??1CLanguageFallbackInformation@@QAE@XZ
??1CSplashWindow@@UAE@XZ
??4CLanguageFallbackInformation@@QAEAAV0@$$QAV0@@Z
??4CLanguageFallbackInformation@@QAEAAV0@ABV0@@Z
??_7CSplashWindow@@6B@
??_FCSplashWindow@@QAEXXZ
?Create@CSplashWindow@@QAEHXZ
?GetMessageMap@CSplashWindow@@MBEPBUAFX_MSGMAP@@XZ
?GetThisMessageMap@CSplashWindow@@KGPBUAFX_MSGMAP@@XZ
?GetTraceText@CLanguageFallbackInformation@@QBE?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@XZ
?OnPaint@CSplashWindow@@IAEXXZ
?OnTimer@CSplashWindow@@IAEXI@Z
?PreTranslateMessage@CSplashWindow@@UAEHPAUtagMSG@@@Z
?charset@CLanguageFallbackInformation@@QBEEXZ
?codePage@CLanguageFallbackInformation@@QBEIXZ
?language@CLanguageFallbackInformation@@QBE?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@XZ
?needsFallbackToEnglish@CLanguageFallbackInformation@@QBE_NXZ

Sections

.text
Size: 594KB - Virtual size: 596KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 179KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 34KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.giats
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

SapLogon
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ae4fbdc6f28c52568d303b09d7a24d87

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

01:d3:76:ff:b1:89:3c:1b:b2:1c:2c:05:10:aa:6c:ecCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

c3:b6:d8:be:4f:0d:27:ea:e4:5b:d4:0d:c3:26:37:af:1a:06:18:e3:72:ec:ab:93:10:52:07:00:28:7e:9d:4cSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

psapi

Exports

Exports

Sections

.text Size: 594KB - Virtual size: 596KB

.rdata Size: 179KB - Virtual size: 180KB

.data Size: 11KB - Virtual size: 24KB

.idata Size: 34KB - Virtual size: 36KB

.gfids Size: 6KB - Virtual size: 8KB

.giats Size: 512B - Virtual size: 4KB

SapLogon Size: 512B - Virtual size: 4KB

.00cfg Size: 512B - Virtual size: 4KB

.tls Size: 1024B - Virtual size: 4KB

.rsrc Size: 2.1MB - Virtual size: 2.1MB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

01:d3:76:ff:b1:89:3c:1b:b2:1c:2c:05:10:aa:6c:ec
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

c3:b6:d8:be:4f:0d:27:ea:e4:5b:d4:0d:c3:26:37:af:1a:06:18:e3:72:ec:ab:93:10:52:07:00:28:7e:9d:4c
Signer

.text
Size: 594KB - Virtual size: 596KB

.rdata
Size: 179KB - Virtual size: 180KB

.data
Size: 11KB - Virtual size: 24KB

.idata
Size: 34KB - Virtual size: 36KB

.gfids
Size: 6KB - Virtual size: 8KB

.giats
Size: 512B - Virtual size: 4KB

SapLogon
Size: 512B - Virtual size: 4KB

.00cfg
Size: 512B - Virtual size: 4KB

.tls
Size: 1024B - Virtual size: 4KB

.rsrc
Size: 2.1MB - Virtual size: 2.1MB