ContentV3[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

ContentV3.exe
Size

595KB
MD5

60db193bce83f05363c874fec9b310c5
SHA1

e1ceb44b70f37f47d92a02c113b59414ba346d81
SHA256

10fb5a7c13814e3d45fabfe448ea1fd7e3a12fbded649385310b005cfe8ab18f
SHA512

6b87de59cd3e769c2a4eb8db24f1c3c5d7eea78abd014fa326da8b4d1b119d2d7a9796ccc8d38e51ec963d9f7e13bc46c34293cae411159c83849d78a7bc81a2
SSDEEP

12288:JOLUaILIM4h22OuxwOPKhHlkz3YqJiWFTsOhZ9uGIutCXHGajnj:Y820cKhW3YqJiETfhZ9NIuIXHGSj

Score

1^/10

Malware Config

Signatures

Files

ContentV3.exe
.exe windows:5 windows x86 arch:x86

501445170a7f6f9646c1af5ae0504c8b

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

36:ec:9b:fe:7d:cd:02:84:db:79:d2:d8:5b:e6:94:cf
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

17/10/2018, 00:00

Not After

16/10/2021, 23:59

Subject

CN=TMRG\, Inc.,O=TMRG\, Inc.,POSTALCODE=20190,STREET=Suite 600+STREET=11950 Democracy Drive,L=Reston,ST=Virginia,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\src\master\Client\Confidence\Loader\Release\rkverify.pdb

Imports

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueA

psapi

GetModuleFileNameExA

kernel32

GetTempPathA
SetEvent
CreateEventA
GetCurrentProcessId
GetModuleFileNameA
GetCurrentProcess
GetVersion
InitializeSListHead
Process32Next
GetTempFileNameA
CreateToolhelp32Snapshot
InterlockedPopEntrySList
Thread32Next
Thread32First
WaitForSingleObject
InterlockedIncrement
InterlockedDecrement
InterlockedPushEntrySList
MultiByteToWideChar
WideCharToMultiByte
lstrlenW
InterlockedCompareExchange
ResetEvent
WaitForMultipleObjects
GetTickCount
Sleep
DeleteFileA
GetModuleHandleA
FindResourceA
LoadResource
LockResource
SizeofResource
LoadLibraryA
GetProcAddress
FormatMessageA
lstrlenA
LocalAlloc
FreeLibrary
CloseHandle
GetBinaryTypeA
MoveFileExA
GetWindowsDirectoryA
WritePrivateProfileStringA
GetVersionExA
OpenProcess
LocalFree
GetCurrentThreadId
SetUnhandledExceptionFilter
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
LeaveCriticalSection
EnterCriticalSection
Process32First
TryEnterCriticalSection
SetCriticalSectionSpinCount
ReleaseMutex
ReleaseSemaphore
CancelWaitableTimer
SetWaitableTimer
OpenEventA
CreateMutexA
OpenMutexA
CreateSemaphoreA
CreateWaitableTimerA
GetComputerNameA
GetSystemDirectoryA
HeapFree
HeapAlloc
GetProcessHeap
GetExitCodeThread
SetThreadPriority
QueryPerformanceFrequency
QueryPerformanceCounter
SystemTimeToFileTime
CompareFileTime
GetSystemTimeAsFileTime
FileTimeToSystemTime
GetSystemTime
GetLocalTime
GetDateFormatA
GetTimeFormatA
SetEnvironmentVariableA
LoadLibraryExA
FindClose
FindFirstFileA
FindNextFileA
FindFirstFileW
FindNextFileW
GetShortPathNameA
WritePrivateProfileSectionA
GetPrivateProfileSectionA
CreateDirectoryA
WriteFile
SetFilePointer
CreateFileA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
InterlockedExchange
InitializeCriticalSection
EncodePointer
DecodePointer
RaiseException
RtlUnwind
GetModuleHandleW
ExitProcess
GetCommandLineA
HeapSetInformation
GetStartupInfoW
ExitThread
CreateThread
LCMapStringW
GetCPInfo
IsProcessorFeaturePresent
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentThread
HeapSize
HeapCreate
HeapDestroy
UnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
SetHandleCount
GetStdHandle
GetFileType
FatalAppExitA
GetConsoleCP
GetConsoleMode
FlushFileBuffers
ReadFile
GetACP
GetOEMCP
IsValidCodePage
SetConsoleCtrlHandler
LoadLibraryW
GetLocaleInfoW
VirtualQuery
HeapQueryInformation
HeapReAlloc
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetStdHandle
GetTimeZoneInformation
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
WriteConsoleW
CreateFileW
SetEndOfFile
CompareStringW
GetModuleFileNameW

user32

LoadMenuA
LoadStringA
PostMessageA
LoadImageA
EnumWindows
EnumChildWindows
ExitWindowsEx
InvalidateRect
UnhookWindowsHookEx
GetSystemMetrics
MessageBoxA
GetWindowThreadProcessId
SetWindowsHookExA
GetClassNameA

advapi32

RegSetKeySecurity
RegSaveKeyA
RegFlushKey
RegQueryInfoKeyA
InitializeAcl
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
ConvertSidToStringSidA
GetTokenInformation
SetTokenInformation
GetLengthSid
GetSidSubAuthority
GetSidSubAuthorityCount
IsValidSid
DuplicateTokenEx
SetSecurityDescriptorDacl
AddAccessAllowedAce
RegDeleteKeyA
RegCreateKeyExA
RegEnumValueA
RegEnumKeyExA
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
InitializeSecurityDescriptor
SetFileSecurityA
RegOpenKeyExA
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegDeleteValueA
SetSecurityInfo

ole32

CoInitializeEx
CoInitializeSecurity
CoSetProxyBlanket
CoUninitialize
CoCreateInstance
CoTaskMemFree

oleaut32

SysFreeString
VariantInit
VariantClear
SysAllocString
GetErrorInfo
VariantChangeType
SetErrorInfo
CreateErrorInfo

shlwapi

SHCopyKeyA

shell32

SHGetSpecialFolderPathA

Sections

.text
Size: 355KB - Virtual size: 354KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 151KB - Virtual size: 150KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

501445170a7f6f9646c1af5ae0504c8b

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14Certificate

Extended Key Usages

Key Usages

36:ec:9b:fe:7d:cd:02:84:db:79:d2:d8:5b:e6:94:cfCertificate

Extended Key Usages

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

psapi

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

shell32

Sections

.text Size: 355KB - Virtual size: 354KB

.rdata Size: 70KB - Virtual size: 70KB

.data Size: 11KB - Virtual size: 20KB

.rsrc Size: 151KB - Virtual size: 150KB

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

36:ec:9b:fe:7d:cd:02:84:db:79:d2:d8:5b:e6:94:cf
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

.text
Size: 355KB - Virtual size: 354KB

.rdata
Size: 70KB - Virtual size: 70KB

.data
Size: 11KB - Virtual size: 20KB

.rsrc
Size: 151KB - Virtual size: 150KB