94d750bf4a5aa36cad64a0bd5578fc3ac361881f2f71c92428a966c33ef44b5cN[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

94d750bf4a5aa36cad64a0bd5578fc3ac361881f2f71c92428a966c33ef44b5cN.exe
Size

2.2MB
MD5

93c5d921e94987a9ef78ab04d0619cf0
SHA1

b113be8e3ce3289029a931e2fe2aaac6a67a74a2
SHA256

94d750bf4a5aa36cad64a0bd5578fc3ac361881f2f71c92428a966c33ef44b5c
SHA512

aa4fd513987846703a73ca29107994cb4be8dc7f36a37bfca5b69da384a2439cf65f115fe182b434bd5cf32077e90e25d94b77caa08913cf547b913df2eac745
SSDEEP

24576:iHi28kumAEyLmmLZi6ZEff7P2jwLrxnw2k6RzZeqqZVWBMgIu6G9drFb6cyioQKG:ImLZ6ffajSJVpZYZsBf19droti21ql

Score

1^/10

Malware Config

Signatures

Files

94d750bf4a5aa36cad64a0bd5578fc3ac361881f2f71c92428a966c33ef44b5cN.exe
.dll windows:5 windows x86 arch:x86

d999d27b42e1905445cbfe1282fc7260

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:1e:e0:64:3a:4c:c3:d8:df:16:65:2d:3b:c0:69:d3
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

17-01-2022 00:00

Not After

23-03-2024 23:59

Subject

CN=SOMANSA Co.\,Ltd.,O=SOMANSA Co.\,Ltd.,L=Yeongdeungpo-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4b:0f:2e:13:a3:f8:28:ea:87:b0:e2:2f:b0:04:12:7a:3f:97:de:a9:97:b6:9b:39:69:8f:ad:a6:df:a6:2f:cd
Signer

Actual PE Digest

4b:0f:2e:13:a3:f8:28:ea:87:b0:e2:2f:b0:04:12:7a:3f:97:de:a9:97:b6:9b:39:69:8f:ad:a6:df:a6:2f:cd

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Jenkins\sharedspace\PV60_ENT_ROOT_WORKSPACE\git_solution\Release\PIProtectorAPI32.pdb

Imports

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

setupapi

SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
CM_Get_Parent
CM_Get_Device_IDW
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsW

urlmon

URLDownloadToFileW

kernel32

GetLocaleInfoW
IsBadReadPtr
GetVersionExW
GetWindowsDirectoryW
GetVersion
GetTempPathW
CreateEventW
TerminateThread
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetProcessTimes
CreateThread
ExitProcess
GetCommandLineA
CreateFileA
GetFileAttributesA
GlobalSize
GlobalLock
GlobalUnlock
SearchPathW
VerifyVersionInfoW
VerSetConditionMask
TerminateProcess
GetExitCodeProcess
FileTimeToLocalFileTime
K32GetModuleFileNameExW
GetLocalTime
GetLogicalDriveStringsW
GetFileSizeEx
GetModuleHandleA
ExitThread
InterlockedIncrement
FlushInstructionCache
VirtualProtect
VirtualFree
CreateFileMappingA
VirtualQuery
VirtualAlloc
LoadLibraryA
DuplicateHandle
SetThreadPriority
CreateSemaphoreW
lstrcpyA
ReleaseSemaphore
lstrcatA
WaitForMultipleObjects
CreatePipe
VirtualAllocEx
VirtualQueryEx
VirtualFreeEx
ReadProcessMemory
GetCurrentThread
VirtualProtectEx
WriteProcessMemory
HeapAlloc
GetProcessHeap
GetLastError
CreateRemoteThread
GetExitCodeThread
QueryFullProcessImageNameW
GetThreadContext
ResumeThread
CreateProcessW
CreateProcessA
GetSystemDirectoryW
OpenMutexW
OpenFileMappingW
OpenEventW
CancelIo
GetOverlappedResult
GetStdHandle
GetCPInfo
LCMapStringW
MoveFileW
GetSystemTimeAsFileTime
FindFirstFileExW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapReAlloc
RaiseException
RtlUnwind
DecodePointer
EncodePointer
InterlockedExchange
InterlockedCompareExchange
GetStringTypeW
InterlockedDecrement
IsValidCodePage
GetFileInformationByHandle
PeekNamedPipe
GetFileType
SetCurrentDirectoryW
HeapSize
GetConsoleCP
GetConsoleMode
FlushFileBuffers
InitializeCriticalSectionAndSpinCount
FatalAppExitA
SetHandleCount
GetStartupInfoW
GetTimeZoneInformation
GetOEMCP
FreeEnvironmentStringsW
GetFileSize
CloseHandle
ReadFile
SetFilePointer
SetLastError
GetCurrentDirectoryW
GetFileAttributesW
FindFirstFileW
FindNextFileW
FindClose
EnterCriticalSection
LeaveCriticalSection
lstrcmpiW
OutputDebugStringA
OutputDebugStringW
LocalSize
GetDriveTypeW
GetTickCount
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetSystemInfo
GetModuleHandleW
GetTickCount64
DeviceIoControl
GetUserDefaultLangID
ProcessIdToSessionId
ReleaseMutex
UnmapViewOfFile
CreateMutexW
CreateFileMappingW
MapViewOfFile
GetCurrentProcess
DeleteCriticalSection
InitializeCriticalSection
FreeLibrary
LoadLibraryW
GetProcAddress
FormatMessageW
GetACP
GetFileAttributesExW
MulDiv
GetFullPathNameW
OpenProcess
LockFile
UnlockFile
WaitForSingleObject
ResetEvent
SetEvent
LocalAlloc
LocalFree
lstrcmpW
SetFileAttributesW
RemoveDirectoryW
CreateFileW
WriteFile
CopyFileW
DeleteFileW
GetCommandLineW
CreateDirectoryW
Sleep
lstrcpyW
QueryDosDeviceW
lstrcatW
lstrcpynW
GetUserDefaultLocaleName
GetCurrentThreadId
lstrlenW
WideCharToMultiByte
GetModuleFileNameA
lstrlenA
SetStdHandle
SetConsoleCtrlHandler
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
QueryPerformanceCounter
GetEnvironmentStringsW
GetSystemTime
GetCurrentProcessId
MultiByteToWideChar
IsDBCSLeadByte
FindResourceExW
LoadResource
LockResource
SizeofResource
FindResourceW
GetModuleFileNameW
SetEndOfFile
WriteConsoleW
HeapCreate
HeapDestroy
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
IsProcessorFeaturePresent
CompareStringW
SetEnvironmentVariableW
GetFullPathNameA
HeapFree
SetEnvironmentVariableA

user32

LoadImageW
GetClientRect
WindowFromDC
FillRect
GetTopWindow
UnhookWinEvent
EnumChildWindows
SetWinEventHook
DispatchMessageW
TranslateMessage
GetMessageW
RealGetWindowClassW
EnumWindows
GetSystemMetrics
UnhookWindowsHookEx
BringWindowToTop
AttachThreadInput
EmptyClipboard
GetClipboardFormatNameW
EnumClipboardFormats
WindowFromPoint
GetCursorPos
keybd_event
VkKeyScanW
GetForegroundWindow
MessageBoxW
SendMessageW
GetWindowThreadProcessId
GetParent
GetWindowTextW
IsWindow
IsWindowVisible
FindWindowW
GetClassNameW
GetWindow
MapVirtualKeyW
SendInput
GetDC
ReleaseDC
wsprintfW
PeekMessageW
MsgWaitForMultipleObjects
GetThreadDesktop
CloseDesktop
GetUserObjectInformationA
OpenInputDesktop
FindWindowExW
RegisterClipboardFormatW

gdi32

GetObjectA
CreateFontW
SetTextAlign
BeginPath
TextOutW
EndPath
SetROP2
CreateSolidBrush
FillPath
CreateBitmap
DPtoLP
SetBkColor
StretchBlt
SetTextColor
GetObjectW
GetEnhMetaFileBits
CreateFontIndirectW
GetFontLanguageInfo
GetCharacterPlacementW
GetTextExtentPoint32W
SetEnhMetaFileBits
GetCurrentObject
GetBkMode
SetBkMode
GetStretchBltMode
SetStretchBltMode
GetColorSpace
SetColorSpace
GetGraphicsMode
SetGraphicsMode
GetViewportExtEx
GetWindowExtEx
GetWindowOrgEx
GetViewportOrgEx
SetViewportOrgEx
ExtEscape
AbortDoc
GetMapMode
SetMapMode
CloseEnhMetaFile
CopyEnhMetaFileA
CopyEnhMetaFileW
GetEnhMetaFileW
GetEnhMetaFileHeader
DeleteEnhMetaFile
GetDeviceCaps
CreateCompatibleDC
CreateCompatibleBitmap
DeleteDC
PlayEnhMetaFile
DeleteObject
SelectObject
GetClipBox
PatBlt
GetObjectType

winspool.drv

DocumentPropertiesW
EnumJobsW
SetJobW
ClosePrinter
SetPrinterW
GetPrinterW
AbortPrinter

advapi32

QueryServiceStatus
StartServiceW
CloseServiceHandle
GetKernelObjectSecurity
AllocateAndInitializeSid
FreeSid
ConvertStringSidToSidA
GetLengthSid
SetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
DuplicateTokenEx
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
ConvertSidToStringSidW
GetTokenInformation
RegEnumValueW
LookupPrivilegeValueW
OpenProcessToken
AdjustTokenPrivileges
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
QueryServiceConfigW
OpenServiceW
OpenSCManagerW
CreateServiceW
DeleteService
RegDeleteKeyW
RegEnumKeyW
RegSetValueExW
RegCreateKeyExW
ControlService
RegSetValueExA
RegDeleteValueA
RegQueryValueExA
RegOpenKeyExA
ChangeServiceConfigW

shell32

DragQueryFileW
SHCreateDirectoryExW
SHGetSpecialFolderPathW
SHGetPathFromIDListEx
CommandLineToArgvW
SHGetFolderPathW

ole32

CoCreateInstance
CLSIDFromProgID
CoTaskMemFree
StringFromGUID2
CoUninitialize
CoInitialize
CoCreateGuid
ReleaseStgMedium
StringFromCLSID

oleaut32

SysAllocStringLen
VariantInit
SysAllocString
SysFreeString
VariantCopy
VariantClear
SysStringByteLen
SysAllocStringByteLen
SysStringLen

ws2_32

GetNameInfoW
WSAGetLastError
ntohs
WSASetLastError

shlwapi

UrlUnescapeW
PathRemoveFileSpecW
StrStrIA
wnsprintfW
StrCmpNW
StrStrNIW
StrCpyW
PathCombineW
StrChrW
PathSearchAndQualifyW
PathFileExistsW
StrStrW
StrCmpW
StrStrIW

oleacc

AccessibleChildren
AccessibleObjectFromWindow
AccessibleObjectFromEvent
WindowFromAccessibleObject
GetRoleTextW

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 370KB - Virtual size: 369KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 93KB - Virtual size: 352KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d999d27b42e1905445cbfe1282fc7260

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

02:1e:e0:64:3a:4c:c3:d8:df:16:65:2d:3b:c0:69:d3Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

4b:0f:2e:13:a3:f8:28:ea:87:b0:e2:2f:b0:04:12:7a:3f:97:de:a9:97:b6:9b:39:69:8f:ad:a6:df:a6:2f:cdSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

setupapi

urlmon

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

ws2_32

shlwapi

oleacc

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 370KB - Virtual size: 369KB

.data Size: 93KB - Virtual size: 352KB

.rsrc Size: 1024B - Virtual size: 936B

.reloc Size: 71KB - Virtual size: 70KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

02:1e:e0:64:3a:4c:c3:d8:df:16:65:2d:3b:c0:69:d3
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

4b:0f:2e:13:a3:f8:28:ea:87:b0:e2:2f:b0:04:12:7a:3f:97:de:a9:97:b6:9b:39:69:8f:ad:a6:df:a6:2f:cd
Signer

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 370KB - Virtual size: 369KB

.data
Size: 93KB - Virtual size: 352KB

.rsrc
Size: 1024B - Virtual size: 936B

.reloc
Size: 71KB - Virtual size: 70KB