sigm[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

sigm.exe
Size

365KB
MD5

e2fec8d5acc5e7df77ddd299333db8f4
SHA1

c2ef2547339057eb0eaa4178273a632730d61620
SHA256

10b7a346cc951bbb97ea15bbb8fe88636a1fcfe3df96de21882028a50e540cd1
SHA512

102a597a1e4b3f62dc160756f055ca2f17565ca415c6a30f0f9efaa3dc680b78f45f2ab6ee9edaebdebab3faacdecb2d578fba4f6b3a5d140379c282de7a6846
SSDEEP

6144:wpf8anutY9xJUv/QyQyvCS1VH0jwSh2zM2llt8podAKNKsu/sWKUApzYEuTvQDIR:wpftu69VyQ0bH0jwSh2zM2lnETKNKsut

Score

1^/10

Malware Config

Signatures

Files

sigm.exe
.exe windows:6 windows x86 arch:x86

2b5e0037ab6b1351a1a9364c5c898159

Code Sign

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3a:10:10:87:8e:d6:f7:dd:d4:ec:8e:8f
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

18/09/2019, 12:58

Not After

11/12/2022, 11:53

Subject

CN=Adersoft,O=Adersoft,L=Paris,C=FR,1.2.840.113549.1.9.1=#0c14737570706f72744061646572736f66742e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:90:20:77:61:c4:26:dd:94:50:03:0d
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

14/06/2018, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign TSA for Advanced - G3 - 003-01,O=GMO GlobalSign K.K.,C=JP

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

29/03/2029, 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ef:f2:b0:ba:bc:2f:d8:84:82:19:61:07:71:73:26:c9:03:54:b0:3b
Signer

Actual PE Digest

ef:f2:b0:ba:bc:2f:d8:84:82:19:61:07:71:73:26:c9:03:54:b0:3b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetModuleHandleW
lstrcmpiW
MultiByteToWideChar
LoadLibraryExW
ExitProcess
LocalAlloc
LocalFree
FormatMessageW
WaitForSingleObject
GetExitCodeProcess
CreateThread
SetLastError
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
FindResourceExW
GetACP
WideCharToMultiByte
FreeResource
SetFilePointer
ReadFile
CreateFileW
CreateFileMappingW
MapViewOfFile
IsBadReadPtr
UnmapViewOfFile
EnumResourceNamesW
WriteFile
GetFileAttributesW
Sleep
GetFileSize
ExpandEnvironmentStringsW
FlushFileBuffers
GetFileType
IsProcessorFeaturePresent
FlushInstructionCache
GetCurrentProcess
WriteConsoleW
GetStringTypeW
SetStdHandle
CloseHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetFileSizeEx
GetConsoleCP
ReadConsoleW
GetConsoleMode
SetFilePointerEx
LCMapStringW
GetStdHandle
GetModuleHandleExW
GetCommandLineW
GetCommandLineA
GetModuleFileNameW
SizeofResource
LockResource
LoadResource
FindResourceW
GetProcessHeap
DeleteCriticalSection
HeapDestroy
DecodePointer
HeapAlloc
RaiseException
TlsFree
TlsSetValue
InterlockedPushEntrySList
TlsGetValue
TlsAlloc
RtlUnwind
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
OutputDebugStringW
IsDebuggerPresent
VirtualFree
LoadLibraryExA
InitializeCriticalSectionAndSpinCount
SetEvent
FreeLibrary
HeapReAlloc
GetLastError
HeapSize
InitializeCriticalSectionEx
CreateEventW
WaitForSingleObjectEx
ResetEvent
HeapFree
VirtualAlloc

user32

KillTimer
UnregisterClassW
MessageBoxW
SendMessageW
wsprintfA
SetWindowTextW
SetTimer
SetWindowPos
MapWindowPoints
GetClientRect
GetParent
GetWindowRect
GetMonitorInfoW
MonitorFromWindow
GetWindowLongW
GetDlgItem
CreateWindowExW
GetWindow
DispatchMessageW
TranslateMessage
PeekMessageW
MsgWaitForMultipleObjects
DestroyWindow
CallWindowProcW
CharNextW
SetWindowLongW
DefWindowProcW
LoadCursorW
GetClassInfoExW
RegisterClassExW
DialogBoxParamW
EndDialog
GetActiveWindow

advapi32

RegDeleteValueW
RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryValueExW
CreateProcessWithLogonW
RegDeleteKeyW
RegCreateKeyExW

shell32

ShellExecuteW

ole32

CoCreateInstance
CoInitialize
CoUninitialize
CoTaskMemAlloc
CLSIDFromString
StringFromGUID2
CoGetObject
CoGetInstanceFromFile
CLSIDFromProgID
CoTaskMemRealloc
CoTaskMemFree

oleaut32

VariantChangeType
SafeArrayAccessData
LoadTypeLibEx
SysAllocStringByteLen
SysAllocStringLen
LoadTypeLi
LoadRegTypeLi
SafeArrayUnaccessData
VarUI4FromStr
VariantInit
SysFreeString
SysAllocString
VariantCopy
SysStringLen
VariantClear

wintrust

WinVerifyTrust

crypt32

CertCloseStore
CertFreeCertificateContext
CertFindCertificateInStore
CryptQueryObject
CryptMsgClose
CryptMsgGetParam

version

GetFileVersionInfoW
VerQueryValueA
GetFileVersionInfoSizeW

Sections

.text
Size: 212KB - Virtual size: 212KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2b5e0037ab6b1351a1a9364c5c898159

Code Sign

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cdCertificate

Extended Key Usages

Key Usages

3a:10:10:87:8e:d6:f7:dd:d4:ec:8e:8fCertificate

Extended Key Usages

Key Usages

33:90:20:77:61:c4:26:dd:94:50:03:0dCertificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:31:89:c6:50:04Certificate

Key Usages

04:00:00:00:00:01:21:58:53:08:a2Certificate

Key Usages

ef:f2:b0:ba:bc:2f:d8:84:82:19:61:07:71:73:26:c9:03:54:b0:3bSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

wintrust

crypt32

version

Sections

.text Size: 212KB - Virtual size: 212KB

.rdata Size: 67KB - Virtual size: 66KB

.data Size: 8KB - Virtual size: 13KB

.rsrc Size: 58KB - Virtual size: 57KB

.reloc Size: 11KB - Virtual size: 10KB

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

3a:10:10:87:8e:d6:f7:dd:d4:ec:8e:8f
Certificate

33:90:20:77:61:c4:26:dd:94:50:03:0d
Certificate

04:00:00:00:00:01:31:89:c6:50:04
Certificate

04:00:00:00:00:01:21:58:53:08:a2
Certificate

ef:f2:b0:ba:bc:2f:d8:84:82:19:61:07:71:73:26:c9:03:54:b0:3b
Signer

.text
Size: 212KB - Virtual size: 212KB

.rdata
Size: 67KB - Virtual size: 66KB

.data
Size: 8KB - Virtual size: 13KB

.rsrc
Size: 58KB - Virtual size: 57KB

.reloc
Size: 11KB - Virtual size: 10KB