photo_for_you[.]png[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

photo_for_you.png.exe
Size

61.6MB
MD5

1322ad021f0cef91c1cd526e83373704
SHA1

419d5cd3166069ade53790bf4058dd164c690a24
SHA256

0467ee83070e28023faf9b096a7710b9b58a4b3b937b80cb3406e30b9fbee853
SHA512

c9b477ef7ca55159baf63570dbfe3fd84d461f3c0dc5b4d49d7c0185603665270c8db84407fea2d18815032377a3583880f1f92c32f7d3c7a21e36aa60ec1e83
SSDEEP

1572864:VqR3quS6m171+i5OHtFdAwauGAemnCBQhRbH6wKbQtDxf5ywFO:us17155ONFdAwV6bbQfUws

Score

1^/10

Malware Config

Signatures

Files

photo_for_you.png.exe
.exe windows:6 windows x64 arch:x64

f542a4697e0c0f724f0789f5d5f51f8d

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6b:f5:6a:33:5e:58:ae:8c:94:c8:c9:9d
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

18/11/2024, 07:52

Not After

19/11/2025, 07:52

Subject

SERIALNUMBER=0314605239,CN=Pay 2 Services Company Limited,O=Pay 2 Services Company Limited,STREET=Lầu 9\, Số 68 Nguyễn Huệ\, Phường Bến Nghé\, Quận 1,L=Hồ Chí Minh,ST=Hồ Chí Minh,C=VN,1.3.6.1.4.1.311.60.2.1.2=#130b486f20436869204d696e68,1.3.6.1.4.1.311.60.2.1.3=#1302564e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:9b:ea:de:c8:4d:6b:8f:f7:6c:3a:9f:2e:01:24:16
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

07/11/2023, 17:13

Not After

09/12/2034, 17:13

Subject

CN=Globalsign TSA for CodeSign1 - R6 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

31:01:c3:02:f5:b5:e6:09:89:eb:51:bf:08:ea:92:73:72:88:b7:47:97:69:5b:c7:41:23:3e:e2:06:9e:b6:bc
Signer

Actual PE Digest

31:01:c3:02:f5:b5:e6:09:89:eb:51:bf:08:ea:92:73:72:88:b7:47:97:69:5b:c7:41:23:3e:e2:06:9e:b6:bc

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

ilverbulmpp.pdb

Imports

api-ms-win-core-synch-l1-2-0

WaitOnAddress
WakeByAddressSingle
WakeByAddressAll

bcryptprimitives

ProcessPrng

kernel32

GetProcessHeap
WaitForSingleObject
LoadLibraryExA
CloseHandle
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
GetUserDefaultLocaleName
IsDebuggerPresent
HeapFree
CreateMutexA
WaitForSingleObjectEx
GetModuleHandleA
CreateThread
WriteConsoleW
HeapAlloc
GetFullPathNameW
UnhandledExceptionFilter
LoadLibraryA
ExitProcess
GetModuleHandleW
GetConsoleMode
GetFinalPathNameByHandleW
SetThreadErrorMode
SetUnhandledExceptionFilter
FreeLibrary
GetLastError
LoadLibraryExW
FindFirstFileW
CreateDirectoryW
GetFileInformationByHandleEx
GetProcAddress
LoadLibraryW
FormatMessageW
GetFileInformationByHandle
CreateFileW
FindClose
FindNextFileW
ReleaseMutex
lstrlenW
HeapReAlloc
QueryPerformanceFrequency
GetCurrentProcessId
GetStdHandle
GlobalLock
GlobalSize
GlobalUnlock
WideCharToMultiByte
GlobalAlloc
SetFileInformationByHandle
GlobalFree
MultiByteToWideChar
GetEnvironmentVariableW
GetCurrentDirectoryW
GetSystemInfo
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
GetCurrentProcess
DuplicateHandle
VirtualProtect
SetLastError
RtlVirtualUnwind
AddVectoredExceptionHandler
SetThreadStackGuarantee
GetCurrentThread
SwitchToThread
QueryPerformanceCounter
RtlCaptureContext
RtlLookupFunctionEntry
IsProcessorFeaturePresent

user32

TranslateMessage
DispatchMessageW
IsIconic
GetWindowRect
IsProcessDPIAware
ShowCursor
ClipCursor
GetSystemMetrics
GetClipCursor
GetActiveWindow
AdjustWindowRectEx
GetMenu
GetWindowLongW
EnableMenuItem
GetSystemMenu
SetWindowLongW
SendMessageW
ShowWindow
SetWindowDisplayAffinity
ChangeDisplaySettingsExW
GetWindowPlacement
SetWindowPlacement
SetWindowPos
MonitorFromWindow
GetMonitorInfoW
GetAsyncKeyState
InvalidateRgn
OpenClipboard
PeekMessageW
ReleaseDC
SetCursor
GetClientRect
MapVirtualKeyW
GetWindowLongPtrW
ReleaseCapture
GetRawInputData
PostMessageW
RedrawWindow
GetForegroundWindow
RegisterWindowMessageA
SystemParametersInfoA
RegisterRawInputDevices
GetDC
SetTimer
GetMessageW
GetPropW
SendInput
CallWindowProcW
SetPropW
SetWindowLongPtrW
RemovePropW
CreateWindowExW
RegisterClassExW
GetClassInfoExW
GetClassNameW
LoadCursorW
ValidateRect
SetForegroundWindow
SetWindowTextW
GetClipboardData
EmptyClipboard
RegisterTouchWindow
GetKeyboardState
ToUnicodeEx
GetKeyState
MapVirtualKeyExW
CreateIcon
DestroyIcon
GetKeyboardLayout
CloseTouchInputHandle
DestroyCursor
GetTouchInputInfo
TrackMouseEvent
ScreenToClient
MonitorFromRect
SetClipboardData
SetCapture
GetCursorPos
KillTimer
DefWindowProcW
ClientToScreen
CloseClipboard
DestroyWindow

gdi32

CreateRectRgn
CreateCompatibleDC
DeleteDC
SelectObject
CreateDIBSection
SetPixelFormat
DeleteObject
BitBlt
SwapBuffers
ChoosePixelFormat
DescribePixelFormat
GetDeviceCaps

opengl32

wglCreateContext
wglShareLists
wglDeleteContext
wglMakeCurrent
wglGetProcAddress
wglGetCurrentContext

uiautomationcore

UiaHostProviderFromHwnd
UiaLookupId
UiaReturnRawElementProvider
UiaGetReservedNotSupportedValue
UiaRaiseAutomationPropertyChangedEvent
UiaRaiseAutomationEvent

oleaut32

VariantClear
SysStringLen
SafeArrayPutElement
SetErrorInfo
SysAllocStringLen
SysFreeString
GetErrorInfo
SafeArrayCreateVector

ole32

RegisterDragDrop
OleInitialize
CoCreateInstance
CoInitializeEx
CoUninitialize
RevokeDragDrop

uxtheme

SetWindowTheme

imm32

ImmGetCompositionStringW
ImmGetContext
ImmAssociateContextEx
ImmSetCandidateWindow
ImmSetCompositionWindow
ImmReleaseContext

dwmapi

DwmSetWindowAttribute
DwmEnableBlurBehindWindow

shell32

DragQueryFileW
DragFinish

ntdll

RtlNtStatusToDosError
NtWriteFile

vcruntime140

__current_exception_context
memcpy
memcmp
memmove
__current_exception
__C_specific_handler
_CxxThrowException
memset
__CxxFrameHandler3

api-ms-win-crt-string-l1-1-0

wcslen
strlen

api-ms-win-crt-math-l1-1-0

exp2f
ceil
powf
cosf
trunc
floorf
fmodf
tanf
ceilf
expf
roundf
truncf
sinf
pow
floor
acosf
acos
sin
cos
round
atan2f
_hypotf
__setusermatherr

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode

api-ms-win-crt-runtime-l1-1-0

_seh_filter_exe
_initialize_narrow_environment
_get_initial_narrow_environment
_initterm
_initterm_e
exit
_exit
__p___argv
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_initialize_onexit_table
_register_onexit_function
_crt_atexit
terminate
_set_app_type
__p___argc
_configure_narrow_argv

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 58.4MB - Virtual size: 58.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 115KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f542a4697e0c0f724f0789f5d5f51f8d

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54Certificate

Extended Key Usages

Key Usages

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

6b:f5:6a:33:5e:58:ae:8c:94:c8:c9:9dCertificate

Extended Key Usages

Key Usages

01:9b:ea:de:c8:4d:6b:8f:f7:6c:3a:9f:2e:01:24:16Certificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51Certificate

Key Usages

31:01:c3:02:f5:b5:e6:09:89:eb:51:bf:08:ea:92:73:72:88:b7:47:97:69:5b:c7:41:23:3e:e2:06:9e:b6:bcSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-core-synch-l1-2-0

bcryptprimitives

kernel32

user32

gdi32

opengl32

uiautomationcore

oleaut32

ole32

uxtheme

imm32

dwmapi

shell32

ntdll

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 3.0MB - Virtual size: 3.0MB

.rdata Size: 58.4MB - Virtual size: 58.4MB

.data Size: 4KB - Virtual size: 5KB

.pdata Size: 115KB - Virtual size: 114KB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 17KB - Virtual size: 16KB

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

6b:f5:6a:33:5e:58:ae:8c:94:c8:c9:9d
Certificate

01:9b:ea:de:c8:4d:6b:8f:f7:6c:3a:9f:2e:01:24:16
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

31:01:c3:02:f5:b5:e6:09:89:eb:51:bf:08:ea:92:73:72:88:b7:47:97:69:5b:c7:41:23:3e:e2:06:9e:b6:bc
Signer

.text
Size: 3.0MB - Virtual size: 3.0MB

.rdata
Size: 58.4MB - Virtual size: 58.4MB

.data
Size: 4KB - Virtual size: 5KB

.pdata
Size: 115KB - Virtual size: 114KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 17KB - Virtual size: 16KB