e071ae116c9efa1fb1306e4db6484ef5a932c57eb201d43f8fbc79fe109790bbN[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

e071ae116c9efa1fb1306e4db6484ef5a932c57eb201d43f8fbc79fe109790bbN.exe
Size

2.8MB
MD5

d9a6a81d09443f5981dd257c9dc05c40
SHA1

faee56668debe526f475d63c75e11e119521eeea
SHA256

e071ae116c9efa1fb1306e4db6484ef5a932c57eb201d43f8fbc79fe109790bb
SHA512

f2e9b6d25a142826b9dd836cf979b1cbfa775ce65e3e7655d9c461c03b4aaa67da7d2890f1e08a021e2898210a71294e1cbbdb3cc1aa80e19e771e46013c153e
SSDEEP

49152:f2+mHZCK3fxkLpj7RvQDfm3FUbpejGsyL+TDx95z2W6B4GrTwMzsz0QD7JflS7uF:f21EKzRsY+TDx9Q4sTpzTQ5D

Score

1^/10

Malware Config

Signatures

Files

e071ae116c9efa1fb1306e4db6484ef5a932c57eb201d43f8fbc79fe109790bbN.exe
.dll windows:5 windows x86 arch:x86

aed18281cec0ad4043c7892cc1731108

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:75:60:f5:9a:a0:ea:7c:1e:57:2b:49:4c:b5:c0:bd
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

01-09-2023 00:00

Not After

31-08-2024 00:00

Subject

SERIALNUMBER=110111-1138985,CN=AhnLab\, Inc.,O=AhnLab\, Inc.,L=Seongnam-si,ST=Gyeonggi-do,C=KR,2.5.4.15=#131450726976617465206f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#130b53656f6e676e616d2d7369,1.3.6.1.4.1.311.60.2.1.2=#130b4779656f6e6767692d646f,1.3.6.1.4.1.311.60.2.1.3=#13024b52

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

86:6f:d3:76:5d:a2:12:d2:e8:69:49:5e:c4:19:ff:ec:58:bc:83:91:ed:2e:99:de:ee:42:8d:03:3e:5b:05:4e
Signer

Actual PE Digest

86:6f:d3:76:5d:a2:12:d2:e8:69:49:5e:c4:19:ff:ec:58:bc:83:91:ed:2e:99:de:ee:42:8d:03:3e:5b:05:4e

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

u:\Product\ASPack\V3ES\9.0\Trunk\Build\NT32Release\esmgmt.pdb

Imports

ws2_32

ntohs
inet_ntoa
WSASetLastError
htonl
shutdown
send
recv
closesocket
setsockopt
connect
socket
select
ioctlsocket
WSACleanup
WSAStartup
getsockopt
getservbyport
gethostbyaddr
gethostbyname
WSAGetLastError
inet_addr
htons
getservbyname

kernel32

VerSetConditionMask
GetSystemWindowsDirectoryW
GetModuleHandleW
GetTickCount
GetFileAttributesW
WriteConsoleW
VerifyVersionInfoW
GetStdHandle
SetLastError
ExpandEnvironmentStringsW
GetLogicalDrives
lstrcmpW
QueryDosDeviceW
LoadLibraryExW
GetSystemDirectoryW
RaiseException
GetLocalTime
CreateProcessW
SystemTimeToFileTime
GetVersionExW
GetExitCodeProcess
FileTimeToSystemTime
GetModuleFileNameW
GetTimeZoneInformation
MultiByteToWideChar
GetPrivateProfileIntW
GetUserDefaultUILanguage
GetCurrentProcessId
SetEvent
Sleep
CreateFileW
OpenEventW
CompareStringW
LocalFree
LocalAlloc
DuplicateHandle
ReadFile
GetFileSize
SetEndOfFile
WriteFile
SetFilePointer
GetDriveTypeW
FindClose
FindFirstFileW
CreateDirectoryW
MoveFileW
RemoveDirectoryW
FindNextFileW
DeleteFileW
SetFileAttributesW
GetLogicalDriveStringsW
GetFileSizeEx
GetFullPathNameW
GetFullPathNameA
LoadLibraryW
FindFirstFileA
MoveFileExW
MoveFileExA
GetFileAttributesA
DeleteFileA
CreateMutexW
CreateMutexA
EnterCriticalSection
ReleaseMutex
LeaveCriticalSection
HeapFree
HeapAlloc
GetProcessHeap
GetModuleHandleA
GetSystemDirectoryA
GetCurrentThreadId
DeleteCriticalSection
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
InterlockedCompareExchange
VirtualAlloc
VirtualFree
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedExchangeAdd
FormatMessageA
SetEnvironmentVariableA
GetVersion
GetFileType
GetACP
GetEnvironmentVariableW
QueryPerformanceCounter
ReadConsoleA
ReadConsoleW
GetConsoleMode
SetConsoleMode
InterlockedIncrement
GetCPInfo
HeapCreate
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetDriveTypeA
SetConsoleCtrlHandler
ExitProcess
PeekNamedPipe
GetFileInformationByHandle
FileTimeToLocalFileTime
FlushFileBuffers
SetStdHandle
GetConsoleCP
RtlUnwind
GetCommandLineA
GetWindowsDirectoryW
lstrcmpiW
lstrcpynW
GetCurrentProcess
OpenProcess
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetPrivateProfileStringW
OpenMutexW
FreeLibrary
GetProcAddress
WaitForSingleObject
CloseHandle
FindResourceExW
FindResourceW
SizeofResource
LockResource
LoadResource
GetLastError
lstrlenW
WideCharToMultiByte
InterlockedDecrement
GetOEMCP
IsValidCodePage
GetModuleFileNameA
SetHandleCount
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
LCMapStringW
LCMapStringA
WriteConsoleA
GetConsoleOutputCP
GetCurrentDirectoryA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
CompareStringA
CreateFileA
LoadLibraryA
HeapSize
HeapReAlloc
HeapDestroy
InitializeCriticalSection

user32

GetParent
MessageBoxW
GetProcessWindowStation
GetUserObjectInformationW
IsCharAlphaW
CharNextA
CharPrevA
CopyRect
GetDesktopWindow
GetShellWindow
GetForegroundWindow
GetWindowRect
MonitorFromWindow
GetMonitorInfoW
GetSystemMetrics
GetWindowThreadProcessId

advapi32

CryptGenRandom
CryptReleaseContext
RegisterEventSourceW
ReportEventW
DeregisterEventSource
RegOpenKeyExA
RegQueryValueExA
LookupAccountNameA
GetFileSecurityA
SetFileSecurityA
LookupAccountNameW
GetFileSecurityW
GetAclInformation
GetLengthSid
InitializeAcl
GetAce
AddAce
AddAccessAllowedAce
SetFileSecurityW
LookupAccountSidW
GetTokenInformation
EqualSid
OpenSCManagerW
CloseServiceHandle
GetSecurityDescriptorDacl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetSecurityDescriptorControl
CheckTokenMembership
FreeSid
AllocateAndInitializeSid
CreateProcessAsUserW
RegSetValueExW
RegCreateKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
CryptAcquireContextW

shell32

SHGetFolderPathW
SHGetFileInfoW
ShellExecuteExW

shlwapi

PathAppendW
PathFileExistsW
PathRemoveBackslashW

Exports

Exports

APC_GetProductInfo
GetCheckStatus

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 516KB - Virtual size: 516KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 78KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

aed18281cec0ad4043c7892cc1731108

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

06:75:60:f5:9a:a0:ea:7c:1e:57:2b:49:4c:b5:c0:bdCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

86:6f:d3:76:5d:a2:12:d2:e8:69:49:5e:c4:19:ff:ec:58:bc:83:91:ed:2e:99:de:ee:42:8d:03:3e:5b:05:4eSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

kernel32

user32

advapi32

shell32

shlwapi

Exports

Exports

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.rdata Size: 516KB - Virtual size: 516KB

.data Size: 78KB - Virtual size: 114KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 99KB - Virtual size: 98KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

06:75:60:f5:9a:a0:ea:7c:1e:57:2b:49:4c:b5:c0:bd
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

86:6f:d3:76:5d:a2:12:d2:e8:69:49:5e:c4:19:ff:ec:58:bc:83:91:ed:2e:99:de:ee:42:8d:03:3e:5b:05:4e
Signer

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 516KB - Virtual size: 516KB

.data
Size: 78KB - Virtual size: 114KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 99KB - Virtual size: 98KB