pmAdRe[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

pmAdRe.exe
Size

46KB
MD5

4cfa2580d4b2f0170a4a4d45a6fc545e
SHA1

3b0d5f7456367a227947f1ee2d329f0bb66842a8
SHA256

c0ef1b0e900a9300a7ba57f7fd9850c1287e129b86a800d8b09c9dd952a0f249
SHA512

ca1b407c572dcd4a7561b3e26ee557148c75a1fe46205dccde021ae1bce286d88e9198a76d2deaa8557c21817507616451ea1ce3f84b1b61bd5bb2f79cb2cdfb
SSDEEP

768:JmCgon/kuaiayz8kH+4TYCh4ZxEKAMUpOAJuOUSKy5VwEkN9NDGSw3hOv:JzzjapyzvH+4TVhqSKBqO5WwEkzC3hOv

Score

1^/10

Malware Config

Signatures

Files

pmAdRe.exe
.exe windows:5 windows x86 arch:x86

ede366f4502fe6e8107970ddd118d870

Code Sign

0b:f3:36:ce:bf:f3:54:36:96:f6:81:63:43:a9:f7:43
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

27/01/2021, 00:00

Not After

01/04/2024, 23:59

Subject

CN=Mediaweb\, Inc.,O=Mediaweb\, Inc.,L=Geumcheon-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0f:61:e0:22:1a:59:e6:70:f5:6a:66:4b:d1:df:f5:88:1f:27:5d:01:23:2f:bf:4f:37:c6:87:9e:80:5a:a9:b6
Signer

Actual PE Digest

0f:61:e0:22:1a:59:e6:70:f5:6a:66:4b:d1:df:f5:88:1f:27:5d:01:23:2f:bf:4f:37:c6:87:9e:80:5a:a9:b6

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mfc90

ord2691
ord300
ord3178
ord265
ord910
ord316
ord1611
ord305
ord1603
ord1258
ord1254
ord820
ord817
ord4392
ord5963
ord2539
ord941
ord798
ord945
ord1137
ord793
ord4434
ord4409
ord6783
ord4159
ord6781
ord4733
ord2251
ord2206
ord6018
ord4165
ord1046
ord5533
ord6721
ord5813
ord4199
ord2087
ord3209
ord5657
ord5659
ord2447
ord4333
ord4981
ord5663
ord5646
ord6001
ord2766
ord2978
ord3107
ord4714
ord2961
ord3110
ord2769
ord2888
ord2759
ord4066
ord4067
ord4057
ord2886
ord4334
ord4890
ord4667
ord3659
ord589
ord4952
ord4029
ord1607
ord310
ord601
ord3213
ord800
ord1276

msvcr90

_setmbcp
_controlfp_s
_invoke_watson
_except_handler4_common
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
_time64
_access
_localtime64_s
_strdup
_strlwr
isdigit
atoi
atol
memcpy
sprintf
memset
__CxxFrameHandler3
_stricmp

kernel32

WriteFile
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoA
InterlockedCompareExchange
InterlockedExchange
GetModuleHandleW
SetFileAttributesA
lstrcmpiA
GetModuleFileNameA
OutputDebugStringA
GetLastError
GetSystemDirectoryA
GetVersionExA
GetSystemInfo
lstrcpyA
GetPrivateProfileStringA
CreateFileA
ReadFile
SetFilePointer
CreateToolhelp32Snapshot
Process32First
Process32Next
Module32First
OpenProcess
TerminateProcess
Sleep
DeleteFileA
GetModuleHandleA
GetCurrentProcess
DuplicateHandle
GetExitCodeProcess
GetProcAddress
CreateRemoteThread
WaitForSingleObject
CloseHandle
SetLastError

user32

PostMessageA
IsWindow
GetWindowThreadProcessId
FindWindowA

advapi32

RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyA
AdjustTokenPrivileges
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA

shell32

SHGetSpecialFolderPathA
ShellExecuteA

shlwapi

PathStripPathA

oleaut32

VariantTimeToSystemTime
SystemTimeToVariantTime

wininet

InternetQueryDataAvailable
HttpQueryInfoA
InternetCloseHandle
InternetOpenUrlA
InternetReadFile
InternetOpenA

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ede366f4502fe6e8107970ddd118d870

Code Sign

0b:f3:36:ce:bf:f3:54:36:96:f6:81:63:43:a9:f7:43Certificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

0f:61:e0:22:1a:59:e6:70:f5:6a:66:4b:d1:df:f5:88:1f:27:5d:01:23:2f:bf:4f:37:c6:87:9e:80:5a:a9:b6Signer

Headers

DLL Characteristics

File Characteristics

Imports

mfc90

msvcr90

kernel32

user32

advapi32

shell32

shlwapi

oleaut32

wininet

Sections

.text Size: 20KB - Virtual size: 19KB

.rdata Size: 7KB - Virtual size: 7KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 10KB - Virtual size: 10KB

0b:f3:36:ce:bf:f3:54:36:96:f6:81:63:43:a9:f7:43
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

0f:61:e0:22:1a:59:e6:70:f5:6a:66:4b:d1:df:f5:88:1f:27:5d:01:23:2f:bf:4f:37:c6:87:9e:80:5a:a9:b6
Signer

.text
Size: 20KB - Virtual size: 19KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 10KB - Virtual size: 10KB