Windows Analysis Report
Cleaning_Tool_for_Driver_Select1.17.exe

Overview

General Information

Sample name:	Cleaning_Tool_for_Driver_Select1.17.exe
Analysis ID:	1525990
MD5:	d8033e46e8fd5800faf43f49946e1124
SHA1:	f7f2edb906f8e2083065ffa55cabdce2f4e6fe4a
SHA256:	44130cd628112217e7c3e6026f08b1f1731997e783ea219b6cd327f48d02dc0f
Infos:

Detection

Score:	2
Range:	0 - 100
Whitelisted:	false
Confidence:	60%

Signatures

Drops PE files

Found dropped PE file which has not been started or loaded

PE file contains sections with non-standard names

Sample file is different than original file name gathered from version info

Uses 32bit PE files

Classification

Signatures

Uses 32bit PE files

Source: Cleaning_Tool_for_Driver_Select1.17.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE

Source:	Binary string: C:\work\Legacy_DriverSelect\DriverSelect\tango_setup\CleaningTool\OceCleaningTool\Release\CleaningTool.pdby source: Cleaning_Tool_for_Driver_Select1.17.exe, 00000001.00000003.1397923680.00000000047F0000.00000004.00001000.00020000.00000000.sdmp, Cleaning_Tool_for_Driver_Select1.17.exe, 00000001.00000003.1398106012.0000000004860000.00000004.00001000.00020000.00000000.sdmp, DriverSelect_CleaningTool.exe.1.dr
Source:	Binary string: C:\work\Legacy_DriverSelect\DriverSelect\tango_setup\CleaningTool\OceCleaningTool\Release\CleaningTool.pdb source: Cleaning_Tool_for_Driver_Select1.17.exe, 00000001.00000003.1397923680.00000000047F0000.00000004.00001000.00020000.00000000.sdmp, Cleaning_Tool_for_Driver_Select1.17.exe, 00000001.00000003.1398106012.0000000004860000.00000004.00001000.00020000.00000000.sdmp, DriverSelect_CleaningTool.exe.1.dr

Source: Cleaning_Tool_for_Driver_Select1.17.exe, 00000001.00000003.1398106012.0000000004B70000.00000004.00001000.00020000.00000000.sdmp, Cleaning_Tool_for_Driver_Select1.17.exe, 00000001.00000003.1397923680.00000000047F0000.00000004.00001000.00020000.00000000.sdmp, DriverSelect_CleaningTool.exe.1.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: Cleaning_Tool_for_Driver_Select1.17.exe, 00000001.00000003.1398106012.0000000004B70000.00000004.00001000.00020000.00000000.sdmp, Cleaning_Tool_for_Driver_Select1.17.exe, 00000001.00000003.1397923680.00000000047F0000.00000004.00001000.00020000.00000000.sdmp, DriverSelect_CleaningTool.exe.1.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: Cleaning_Tool_for_Driver_Select1.17.exe, 00000001.00000003.1398106012.0000000004B70000.00000004.00001000.00020000.00000000.sdmp, Cleaning_Tool_for_Driver_Select1.17.exe, 00000001.00000003.1397923680.00000000047F0000.00000004.00001000.00020000.00000000.sdmp, DriverSelect_CleaningTool.exe.1.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: Cleaning_Tool_for_Driver_Select1.17.exe, 00000001.00000003.1398106012.0000000004B70000.00000004.00001000.00020000.00000000.sdmp, Cleaning_Tool_for_Driver_Select1.17.exe, 00000001.00000003.1397923680.00000000047F0000.00000004.00001000.00020000.00000000.sdmp, DriverSelect_CleaningTool.exe.1.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: Cleaning_Tool_for_Driver_Select1.17.exe, 00000001.00000003.1398106012.0000000004B70000.00000004.00001000.00020000.00000000.sdmp, Cleaning_Tool_for_Driver_Select1.17.exe, 00000001.00000003.1397923680.00000000047F0000.00000004.00001000.00020000.00000000.sdmp, DriverSelect_CleaningTool.exe.1.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: Cleaning_Tool_for_Driver_Select1.17.exe, 00000001.00000003.1398106012.0000000004B70000.00000004.00001000.00020000.00000000.sdmp, Cleaning_Tool_for_Driver_Select1.17.exe, 00000001.00000003.1397923680.00000000047F0000.00000004.00001000.00020000.00000000.sdmp, DriverSelect_CleaningTool.exe.1.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: Cleaning_Tool_for_Driver_Select1.17.exe, 00000001.00000003.1398106012.0000000004B70000.00000004.00001000.00020000.00000000.sdmp, Cleaning_Tool_for_Driver_Select1.17.exe, 00000001.00000003.1397923680.00000000047F0000.00000004.00001000.00020000.00000000.sdmp, DriverSelect_CleaningTool.exe.1.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: DriverSelect_CleaningTool.exe.1.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: Cleaning_Tool_for_Driver_Select1.17.exe, 00000001.00000003.1398106012.0000000004B70000.00000004.00001000.00020000.00000000.sdmp, Cleaning_Tool_for_Driver_Select1.17.exe, 00000001.00000003.1397923680.00000000047F0000.00000004.00001000.00020000.00000000.sdmp, DriverSelect_CleaningTool.exe.1.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0=
Source: Cleaning_Tool_for_Driver_Select1.17.exe, 00000001.00000003.1398106012.0000000004B70000.00000004.00001000.00020000.00000000.sdmp, Cleaning_Tool_for_Driver_Select1.17.exe, 00000001.00000003.1397923680.00000000047F0000.00000004.00001000.00020000.00000000.sdmp, DriverSelect_CleaningTool.exe.1.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: Cleaning_Tool_for_Driver_Select1.17.exe, 00000001.00000003.1398106012.0000000004B70000.00000004.00001000.00020000.00000000.sdmp, Cleaning_Tool_for_Driver_Select1.17.exe, 00000001.00000003.1397923680.00000000047F0000.00000004.00001000.00020000.00000000.sdmp, DriverSelect_CleaningTool.exe.1.dr	String found in binary or memory: http://ocsp.digicert.com0A
Source: Cleaning_Tool_for_Driver_Select1.17.exe, 00000001.00000003.1398106012.0000000004B70000.00000004.00001000.00020000.00000000.sdmp, Cleaning_Tool_for_Driver_Select1.17.exe, 00000001.00000003.1397923680.00000000047F0000.00000004.00001000.00020000.00000000.sdmp, DriverSelect_CleaningTool.exe.1.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: Cleaning_Tool_for_Driver_Select1.17.exe, 00000001.00000003.1398106012.0000000004B70000.00000004.00001000.00020000.00000000.sdmp, Cleaning_Tool_for_Driver_Select1.17.exe, 00000001.00000003.1397923680.00000000047F0000.00000004.00001000.00020000.00000000.sdmp, DriverSelect_CleaningTool.exe.1.dr	String found in binary or memory: http://ocsp.digicert.com0X
Source: Cleaning_Tool_for_Driver_Select1.17.exe, 00000001.00000003.1398106012.0000000004B70000.00000004.00001000.00020000.00000000.sdmp, Cleaning_Tool_for_Driver_Select1.17.exe, 00000001.00000003.1397923680.00000000047F0000.00000004.00001000.00020000.00000000.sdmp, DriverSelect_CleaningTool.exe.1.dr	String found in binary or memory: http://www.digicert.com/CPS0

Sample file is different than original file name gathered from version info

Source: Cleaning_Tool_for_Driver_Select1.17.exe, 00000001.00000003.1398106012.0000000004B70000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameCleaningToolH vs Cleaning_Tool_for_Driver_Select1.17.exe
Source: Cleaning_Tool_for_Driver_Select1.17.exe, 00000001.00000002.1399345496.000000000043A000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilename7z.sfx.exe, vs Cleaning_Tool_for_Driver_Select1.17.exe
Source: Cleaning_Tool_for_Driver_Select1.17.exe, 00000001.00000003.1397923680.00000000047F0000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameCleaningToolH vs Cleaning_Tool_for_Driver_Select1.17.exe
Source: Cleaning_Tool_for_Driver_Select1.17.exe	Binary or memory string: OriginalFilename7z.sfx.exe, vs Cleaning_Tool_for_Driver_Select1.17.exe

Uses 32bit PE files

Source: Cleaning_Tool_for_Driver_Select1.17.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE

Source: classification engine

Classification label: clean2.winEXE@1/2@0/0

Source: C:\Users\user\Desktop\Cleaning_Tool_for_Driver_Select1.17.exe

File created: C:\Users\user\Desktop\DriverSelect_CleaningTool.pdf

Jump to behavior

Source: Cleaning_Tool_for_Driver_Select1.17.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\Cleaning_Tool_for_Driver_Select1.17.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\Desktop\Cleaning_Tool_for_Driver_Select1.17.exe

File read: C:\Users\user\Desktop\Cleaning_Tool_for_Driver_Select1.17.exe

Jump to behavior

Source: C:\Users\user\Desktop\Cleaning_Tool_for_Driver_Select1.17.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\Cleaning_Tool_for_Driver_Select1.17.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\Cleaning_Tool_for_Driver_Select1.17.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\Cleaning_Tool_for_Driver_Select1.17.exe	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\Cleaning_Tool_for_Driver_Select1.17.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\Cleaning_Tool_for_Driver_Select1.17.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\Cleaning_Tool_for_Driver_Select1.17.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\Cleaning_Tool_for_Driver_Select1.17.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\Cleaning_Tool_for_Driver_Select1.17.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\Cleaning_Tool_for_Driver_Select1.17.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\Cleaning_Tool_for_Driver_Select1.17.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\Cleaning_Tool_for_Driver_Select1.17.exe	Section loaded: wintypes.dll	Jump to behavior

Source: C:\Users\user\Desktop\Cleaning_Tool_for_Driver_Select1.17.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InProcServer32

Jump to behavior

Source: Cleaning_Tool_for_Driver_Select1.17.exe

Static file information: File size 3557750 > 1048576

Source:	Binary string: C:\work\Legacy_DriverSelect\DriverSelect\tango_setup\CleaningTool\OceCleaningTool\Release\CleaningTool.pdby source: Cleaning_Tool_for_Driver_Select1.17.exe, 00000001.00000003.1397923680.00000000047F0000.00000004.00001000.00020000.00000000.sdmp, Cleaning_Tool_for_Driver_Select1.17.exe, 00000001.00000003.1398106012.0000000004860000.00000004.00001000.00020000.00000000.sdmp, DriverSelect_CleaningTool.exe.1.dr
Source:	Binary string: C:\work\Legacy_DriverSelect\DriverSelect\tango_setup\CleaningTool\OceCleaningTool\Release\CleaningTool.pdb source: Cleaning_Tool_for_Driver_Select1.17.exe, 00000001.00000003.1397923680.00000000047F0000.00000004.00001000.00020000.00000000.sdmp, Cleaning_Tool_for_Driver_Select1.17.exe, 00000001.00000003.1398106012.0000000004860000.00000004.00001000.00020000.00000000.sdmp, DriverSelect_CleaningTool.exe.1.dr

PE file contains sections with non-standard names

Source: Cleaning_Tool_for_Driver_Select1.17.exe

Static PE information: section name: .sxdata

Drops PE files

Source: C:\Users\user\Desktop\Cleaning_Tool_for_Driver_Select1.17.exe

File created: C:\Users\user\Desktop\DriverSelect_CleaningTool.exe

Jump to dropped file

Found dropped PE file which has not been started or loaded

Source: C:\Users\user\Desktop\Cleaning_Tool_for_Driver_Select1.17.exe

Dropped PE file which has not been started: C:\Users\user\Desktop\DriverSelect_CleaningTool.exe

Jump to dropped file

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

⊘No contacted IP infos

ID:	1525990
Product:	CloudBasic
Start time:	16:30:46
Start date:	04.10.2024
Sample:	Cleaning_Tool_for_Driver_Select1.17.exe
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	d8033e46e8fd5800faf43f49946e1124
SHA1:	f7f2edb906f8e2083065ffa55cabdce2f4e6fe4a
SHA256:	44130cd628112217e7c3e6026f08b1f1731997e783ea219b6cd327f48d02dc0f
Filetype:	Win32 Executable (generic) a (10002005/4) 99.96%

Name	Type	MD5	SHA1	SHA256
C:\Users\user\Desktop\DriverSelect_CleaningTool.exe	PE32 executable (GUI) Intel 80386, for MS Windows	C6440B4E4195CDC5B9CDEA7D1BF96781	7413029647EB003651F0F3452C95CEB4582F4B6E	F66F7E9E42431C32DD0CAC121705D4C234A4DDF7DABCEC5F73F99D689E7D8689
C:\Users\user\Desktop\DriverSelect_CleaningTool.pdf	PDF document, version 1.5 (zip deflate encoded)	B0CF6BC884394BA1B3CDDEA99B6356B9	0D82ABE2E8690AAC107E5351D7680D8BF294F0BF	D10F360383D83ACE7DCFF827F84CA7E30131CDD011BB05CA85BF51EAE3506DF5

Windows Analysis Report
Cleaning_Tool_for_Driver_Select1.17.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Malware Analysis System Evasion

Screenshots

Behavior Graph

Network Map

Windows Analysis Report Cleaning_Tool_for_Driver_Select1.17.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Malware Analysis System Evasion

Screenshots

Behavior Graph

Network Map

Windows Analysis Report
Cleaning_Tool_for_Driver_Select1.17.exe