Cisco[.]exe[.]VIR

Sharing

Copy URL Twitter E-mail

General

Target

Cisco.exe.VIR
Size

993KB
MD5

82c0037022025152737b88e1aa9e4b23
SHA1

443b17136bde4e606e802449ae2c1be389dc6609
SHA256

95e99bea4826bdb79567947a23e3de2c3121bf9d2d3c331fb0e77f1c46f7e097
SHA512

299db9582c0f50f5f438abd9cec89bae10c6c140daa1c0bc8e2dda551b46a20f80c9eb858c2973176d3066c374f76abe90b8e52469d027dc53bc7bfd758b0c11
SSDEEP

24576:VYaoCjWdE4DNdQCYNbWusYnh7W8sUIblW/HiysHDGdf:1dgHYNbPRW2IxEgCdf

Score

1^/10

Malware Config

Signatures

Files

Cisco.exe.VIR
.exe windows:6 windows x86 arch:x86

4e1e44855b91ea51cc70b7926d2f62ce

Code Sign

2b:70:75:a7:50:5d:97:82:4e:f3:d4:aa:68:28:aa:3f
Certificate

Issuer

CN=TestCert_2019-4-20_14-38-28

Not Before

20/04/2019, 11:28

Not After

20/04/2020, 11:48

Subject

CN=TestCert_2019-4-20_14-38-28

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

35:b1:f2:52:ee:b1:aa:3d:1f:0c:3c:80:87:9b:0a:7c:11:95:26:0e:80:a7:ba:8f:6f:29:e5:d5:38:b4:29:57
Signer

Actual PE Digest

35:b1:f2:52:ee:b1:aa:3d:1f:0c:3c:80:87:9b:0a:7c:11:95:26:0e:80:a7:ba:8f:6f:29:e5:d5:38:b4:29:57

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\JobRelease\win\Release\bin\x86\intune.pdb

Imports

msi

ord94
ord8
ord74

kernel32

AttachConsole
FreeConsole
AllocConsole
GetConsoleWindow
GetModuleHandleW
DecodePointer
LocalFree
SetConsoleTitleW
GetExitCodeThread
CreateThread
WaitForSingleObject
LoadLibraryExA
InitializeCriticalSectionEx
DeleteCriticalSection
DeleteFileW
lstrcmpiW
FreeLibrary
GetPrivateProfileSectionW
GetLastError
LoadLibraryW
LoadLibraryExW
SetEndOfFile
WriteConsoleW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
SetFilePointerEx
GetFileSizeEx
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
ReadConsoleW
ReadConsoleInputW
SetConsoleMode
GetConsoleMode
GetTimeZoneInformation
GetFileType
ExitProcess
GetProcessHeap
GetConsoleCP
RtlUnwind
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
ReleaseSemaphore
GetVersionExW
GetModuleHandleA
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SignalObjectAndWait
CreateTimerQueue
GetCurrentProcessId
GetStartupInfoW
TerminateProcess
UnhandledExceptionFilter
ResetEvent
SetEvent
GetCPInfo
LCMapStringW
CompareStringW
QueryPerformanceCounter
WriteFile
CreateFileW
CloseHandle
MulDiv
SetLastError
Sleep
MultiByteToWideChar
GetEnvironmentVariableW
GetModuleFileNameW
GetTempPathW
GetWindowsDirectoryW
GetCurrentThreadId
RaiseException
LeaveCriticalSection
EnterCriticalSection
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetSystemDirectoryW
GetProcAddress
SetFilePointer
WaitForSingleObjectEx
GetTickCount
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SwitchToThread
CreateEventW
GetModuleHandleExW
TryEnterCriticalSection
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
OutputDebugStringW
IsDebuggerPresent
DuplicateHandle
MoveFileW
GetCurrentThread
GetEnvironmentStringsW
GetTempFileNameW
TerminateThread
SetConsoleTextAttribute
GetStdHandle
GetConsoleScreenBufferInfo
InitializeCriticalSection
GetExitCodeProcess
SetUnhandledExceptionFilter
GetConsoleOutputCP
SetConsoleOutputCP
GetFullPathNameW
GetModuleFileNameA
LoadLibraryA
InitializeCriticalSectionAndSpinCount
FormatMessageW
GetSystemInfo
VirtualProtect
VirtualQuery
GetFileAttributesW
SetFileAttributesW
GetStringTypeW
InterlockedDecrement
ReadFile
FindFirstFileW
FindNextFileW
FindClose
RemoveDirectoryW
CopyFileW
GetLogicalDriveStringsW
GetFileSize
WideCharToMultiByte
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
GetCurrentProcess
QueryDosDeviceW
GetDateFormatW
GetTimeFormatW
GetLocaleInfoW
CreateProcessW
FlushFileBuffers

user32

ClientToScreen
UnregisterClassW
GetClientRect
GetActiveWindow
PostMessageW
SendMessageW
GetSystemMenu
DialogBoxIndirectParamW
IsRectEmpty
IsWindow
LoadStringW
SetWindowLongW
GetPropW
PostQuitMessage
RegisterWindowMessageW
SetPropW
RemovePropW
KillTimer
MessageBeep
SetTimer
PtInRect
CallWindowProcW
SetDlgItemTextW
DefWindowProcW
CharNextW
keybd_event
LoadImageW
SetFocus
MoveWindow
GetWindowTextLengthW
GetWindowTextW
ScreenToClient
GetComboBoxInfo
EnableWindow
ReleaseDC
GetDC
InvalidateRect
RedrawWindow
IsWindowVisible
ShowWindow
DialogBoxParamW
EndDialog
CreateWindowExW
DestroyWindow
SetWindowTextW
GetDlgItem
GetWindow
MonitorFromWindow
GetMonitorInfoW
GetWindowRect
GetParent
MapWindowPoints
GetWindowLongW
SetWindowPos
ModifyMenuW
GetSystemMetrics

gdi32

CreateFontIndirectW
CreateFontW
GetObjectW
GetDeviceCaps
SelectObject
CreateCompatibleDC
DeleteDC
CreateCompatibleBitmap
DeleteObject

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

CryptDeriveKey
CryptDestroyHash
CryptHashData
CryptReleaseContext
CryptCreateHash
CryptAcquireContextW
RegCloseKey
IsTextUnicode
CryptDecrypt
CryptDestroyKey
CryptEncrypt
RegCreateKeyExW
RegOpenKeyExW
RegDeleteValueW
RegEnumKeyExW
RegDeleteKeyW
RegQueryInfoKeyW
RegSetValueExW
RegQueryValueExW

shell32

SHGetFolderPathW
SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListW

ole32

CoInitializeEx
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoUninitialize

oleaut32

VarUI4FromStr
SysFreeString
SysStringLen

dbghelp

SymFunctionTableAccess
SymGetModuleBase
SymSetOptions
StackWalk
SymGetLineFromAddr
SymSetSearchPath
SymCleanup
SymInitialize

shlwapi

PathIsDirectoryW
PathFileExistsW

comctl32

CreatePropertySheetPageW
DestroyPropertySheetPage
PropertySheetW
InitCommonControlsEx

psapi

GetMappedFileNameW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Sections

.text
Size: 756KB - Virtual size: 755KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 168KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4e1e44855b91ea51cc70b7926d2f62ce

Code Sign

2b:70:75:a7:50:5d:97:82:4e:f3:d4:aa:68:28:aa:3fCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

35:b1:f2:52:ee:b1:aa:3d:1f:0c:3c:80:87:9b:0a:7c:11:95:26:0e:80:a7:ba:8f:6f:29:e5:d5:38:b4:29:57Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msi

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

dbghelp

shlwapi

comctl32

psapi

version

Sections

.text Size: 756KB - Virtual size: 755KB

.rdata Size: 168KB - Virtual size: 168KB

.data Size: 15KB - Virtual size: 22KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 43KB - Virtual size: 42KB

2b:70:75:a7:50:5d:97:82:4e:f3:d4:aa:68:28:aa:3f
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

35:b1:f2:52:ee:b1:aa:3d:1f:0c:3c:80:87:9b:0a:7c:11:95:26:0e:80:a7:ba:8f:6f:29:e5:d5:38:b4:29:57
Signer

.text
Size: 756KB - Virtual size: 755KB

.rdata
Size: 168KB - Virtual size: 168KB

.data
Size: 15KB - Virtual size: 22KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 43KB - Virtual size: 42KB