fd6e2f33026fce1aa5aa63e32a93e8addfc7fd4b8ac705091e8abba659a3738aN[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

fd6e2f33026fce1aa5aa63e32a93e8addfc7fd4b8ac705091e8abba659a3738aN.exe
Size

526KB
MD5

9fc842a582aae3332ce75e0db2e8d7e0
SHA1

c58b11cafbed6433c2929d2cefd619cc52b6bace
SHA256

fd6e2f33026fce1aa5aa63e32a93e8addfc7fd4b8ac705091e8abba659a3738a
SHA512

a67fa786ca2c9a6033eb27633ccaf609cf061143cec1d97cada7a83006e3e418449ee0c3cbba608b3fa2545fcb12a532bbfc392112fd198673b043085115db87
SSDEEP

12288:YyDFmi9r/axbpN6e5QYJh055ohPZi2UnBjvrEH7yjujT:7FmOitpNtxh0sPZpUlrEH7/

Score

1^/10

Malware Config

Signatures

Files

fd6e2f33026fce1aa5aa63e32a93e8addfc7fd4b8ac705091e8abba659a3738aN.exe
.exe windows:6 windows x86 arch:x86

6d06d4c5a402a3ecb0abe045f9157ebe

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:69:b6:88:99:17:75:68:26:ea:21:fa:2f:c2:ca:c6
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

26-09-2023 00:00

Not After

26-09-2024 23:59

Subject

SERIALNUMBER=0108-01-003186,CN=Canon Inc.,O=Canon Inc.,L=Ota-Ku,ST=Tokyo,C=JP,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024a50

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

af:4f:b7:12:48:49:25:f5:8b:1b:b3:e2:15:fd:b0:29:e4:22:8c:ed:f8:34:f3:40:a0:26:04:f2:96:a5:be:32
Signer

Actual PE Digest

af:4f:b7:12:48:49:25:f5:8b:1b:b3:e2:15:fd:b0:29:e4:22:8c:ed:f8:34:f3:40:a0:26:04:f2:96:a5:be:32

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\ESP_src\Win\ijs_win\ESP\vc12\Release\IJPLMSVC.pdb

Imports

shlwapi

PathFileExistsW
PathQuoteSpacesW
PathIsDirectoryW
PathAppendW

kernel32

Sleep
GetVersionExW
GetSystemDefaultLCID
CreateEventW
WaitForSingleObject
GetExitCodeProcess
OpenMutexW
GetModuleFileNameW
GetFileAttributesW
GetConsoleCP
HeapSize
SetStdHandle
GetSystemDefaultLangID
SetEvent
GetLocalTime
GetSystemTimeAsFileTime
FindNextFileW
FindFirstFileW
FindClose
lstrcmpW
lstrcpyW
lstrcmpiW
FreeLibrary
WideCharToMultiByte
MultiByteToWideChar
WritePrivateProfileStringW
GetPrivateProfileStringW
GetCurrentProcess
GetProcAddress
GetModuleHandleW
GetLastError
CreateMutexW
CloseHandle
LoadLibraryW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetSystemDirectoryW
SetLastError
lstrlenW
GlobalFree
GlobalAlloc
GetConsoleMode
SetFilePointerEx
FlushFileBuffers
CreateFileW
WriteConsoleW
LocalFree
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
GetStringTypeW
EncodePointer
DecodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetCPInfo
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CompareStringW
LCMapStringW
GetLocaleInfoW
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
RaiseException
RtlUnwind
LoadLibraryExW
HeapAlloc
HeapReAlloc
HeapFree
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetACP
GetFileType
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetProcessHeap

winspool.drv

ClosePrinter
OpenPrinterW
XcvDataW
EnumPrintersW
GetPrinterDriverW

advapi32

ReportEventW
ConvertStringSecurityDescriptorToSecurityDescriptorW
DeregisterEventSource
RegisterEventSourceW
DuplicateTokenEx
CreateProcessAsUserW
RegisterServiceCtrlHandlerExW
DeleteService
QueryServiceStatus
ControlService
StartServiceW
ChangeServiceConfig2W
CreateServiceW
SetServiceStatus
UnlockServiceDatabase
CloseServiceHandle
ChangeServiceConfigW
OpenServiceW
LockServiceDatabase
OpenSCManagerW
StartServiceCtrlDispatcherW
RegOpenKeyW
RegEnumValueW
RegEnumKeyW
ImpersonateLoggedOnUser
OpenProcessToken
RegCreateKeyExW
RegOpenCurrentUser
RevertToSelf
RegSetValueExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor

shell32

SHCreateDirectoryExW
SHGetSpecialFolderPathW
SHGetFolderPathW

ole32

CoUninitialize
CoInitialize

wtsapi32

WTSQueryUserToken
WTSFreeMemory
WTSEnumerateSessionsW

Sections

.text
Size: 343KB - Virtual size: 343KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 85KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 800B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6d06d4c5a402a3ecb0abe045f9157ebe

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0a:69:b6:88:99:17:75:68:26:ea:21:fa:2f:c2:ca:c6Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

af:4f:b7:12:48:49:25:f5:8b:1b:b3:e2:15:fd:b0:29:e4:22:8c:ed:f8:34:f3:40:a0:26:04:f2:96:a5:be:32Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

kernel32

winspool.drv

advapi32

shell32

ole32

wtsapi32

Sections

.text Size: 343KB - Virtual size: 343KB

.rdata Size: 85KB - Virtual size: 85KB

.data Size: 5KB - Virtual size: 10KB

.gfids Size: 1024B - Virtual size: 800B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 2KB - Virtual size: 2KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0a:69:b6:88:99:17:75:68:26:ea:21:fa:2f:c2:ca:c6
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

af:4f:b7:12:48:49:25:f5:8b:1b:b3:e2:15:fd:b0:29:e4:22:8c:ed:f8:34:f3:40:a0:26:04:f2:96:a5:be:32
Signer

.text
Size: 343KB - Virtual size: 343KB

.rdata
Size: 85KB - Virtual size: 85KB

.data
Size: 5KB - Virtual size: 10KB

.gfids
Size: 1024B - Virtual size: 800B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 2KB - Virtual size: 2KB