strongpity.exe - dpserver.exe - Digest Printer Server

info
MZ
PE
resources
imports
foremost
version info
signature
hexdump
disasm
log
discuss
donate

filename	strongpity.exe
size	115496 (0x1c328)
md5	a4d3b78941da8b6f4edad7cb6f35134b

type	PE32 executable (GUI) Intel 80386, for MS Windows
mimetype	application/x-dosexec

clamav	Win.Trojan.StrongPity-7124525-0 FOUND
virustotal	→ scan with virustotal.com

histogram

MZ Header

signature	MZ
bytes_in_last_block	0x90
blocks_in_file	3
num_relocs	0
header_paragraphs	4
min_extra_paragraphs	0
max_extra_paragraphs	0xffff
ss	0
sp	0xb8
checksum	0
ip	0
cs	0
reloc_table_offset	0x40
overlay_number	0
reserved0	0
oem_id	0
oem_info	0
reserved2	0
reserved3	0
reserved4	0
reserved5	0
reserved6	0
lfanew	0x108

Rich Header

lib id	version	times used
241	40116	9
243	40116	123
242	40116	24
259	24123	17
261	24123	35
260	24123	17
147	30729	9
1	0	104
265	24234	3
255	24234	1
258	24234	1

DOS stub

00000000: 0e 1f ba 0e 00 b4 09 cd  21 b8 01 4c cd 21 54 68  |........!..L.!Th|
00000010: 69 73 20 70 72 6f 67 72  61 6d 20 63 61 6e 6e 6f  |is program canno|
00000020: 74 20 62 65 20 72 75 6e  20 69 6e 20 44 4f 53 20  |t be run in DOS |
00000030: 6d 6f 64 65 2e 0d 0d 0a  24 00 00 00 00 00 00 00  |mode....$.......|

PE Header

Signature	PE
Machine	0x14c
NumberOfSections	6
TimeDateStamp	0x5ce40366
PointerToSymbolTable	0
NumberOfSymbols	0
SizeOfOptionalHeader	0xe0
Characteristics	0x102
Magic	0x10b
LinkerVersion	14.0
SizeOfCode	0x12c00
SizeOfInitializedData	0xa200
SizeOfUninitializedData	0
AddressOfEntryPoint	0x2dba
BaseOfCode	0x1000
BaseOfData	0x14000
ImageBase	0x400000
SectionAlignment	0x1000
FileAlignment	0x200
OperatingSystemVersion	5.1
ImageVersion	0.0
SubsystemVersion	5.1
Reserved1	0
SizeOfImage	0x21000
SizeOfHeaders	0x400
CheckSum	0x2800a
Subsystem	2
DllCharacteristics	0x8140
SizeOfStackReserve	0x100000
SizeOfStackCommit	0x1000
SizeOfHeapReserve	0x100000
SizeOfHeapCommit	0x1000
LoaderFlags	0
NumberOfRvaAndSizes	0x10

Packer / Compiler

MS Visual C++ v8.0

Sections

name	va	vsize	raw size	flags
.text	0x1000	0x12bcb	0x12c00	R-X CODE
.rdata	0x14000	0x6964	0x6a00	R-- IDATA
.data	0x1b000	0x1eb8	0xa00	RW- IDATA
.gfids	0x1d000	0xdc	0x200	R-- IDATA
.rsrc	0x1e000	0x360	0x400	R-- IDATA
.reloc	0x1f000	0x1094	0x1200	R-- IDATA DISCARDABLE

Data Directory

type	va	size
EXPORT	0	0
IMPORT	0x1a18c	0x64
RESOURCE	0x1e000	0x360
EXCEPTION	0	0
SECURITY	0x1bc00	0x728
BASERELOC	0x1f000	0x1094
DEBUG	0	0
ARCHITECTURE	0	0
GLOBALPTR	0	0
TLS	0	0
LOAD_CONFIG	0x19b80	0x40
Bound_IAT	0	0
IAT	0x14000	0x160
Delay_IAT	0	0
CLR_Header	0	0

show previews

type	name	size	cp
VERSION	#1	768	0

module_name	hint	function_name
KERNEL32.dll	645	GetTempPathW
KERNEL32.dll	281	ExitProcess
KERNEL32.dll	679	GetVolumeInformationW
KERNEL32.dll	831	LoadLibraryW
KERNEL32.dll	581	GetProcAddress
KERNEL32.dll	533	GetModuleHandleA
KERNEL32.dll	168	CreateProcessW
KERNEL32.dll	82	CloseHandle
KERNEL32.dll	313	FindFirstFileW
KERNEL32.dll	302	FindClose
KERNEL32.dll	490	GetFileAttributesW
KERNEL32.dll	719	HeapFree
KERNEL32.dll	586	GetProcessHeap
KERNEL32.dll	325	FindNextFileW
KERNEL32.dll	659	GetTickCount
KERNEL32.dll	715	HeapAlloc
KERNEL32.dll	143	CreateFileW
KERNEL32.dll	496	GetFileSize
KERNEL32.dll	960	ReadFile
KERNEL32.dll	1121	SetFileAttributesW
KERNEL32.dll	214	DeleteFileW
KERNEL32.dll	885	OpenEventW
KERNEL32.dll	1113	SetEvent
KERNEL32.dll	1317	WriteFile
KERNEL32.dll	158	CreateMutexW
KERNEL32.dll	514	GetLastError
KERNEL32.dll	1202	Sleep
KERNEL32.dll	1316	WriteConsoleW
KERNEL32.dll	1127	SetFilePointerEx
KERNEL32.dll	724	HeapSize
KERNEL32.dll	428	GetConsoleMode
KERNEL32.dll	410	GetConsoleCP
KERNEL32.dll	343	FlushFileBuffers
KERNEL32.dll	1235	UnhandledExceptionFilter
KERNEL32.dll	1189	SetUnhandledExceptionFilter
KERNEL32.dll	448	GetCurrentProcess
KERNEL32.dll	1216	TerminateProcess
KERNEL32.dll	772	IsProcessorFeaturePresent
KERNEL32.dll	935	QueryPerformanceCounter
KERNEL32.dll	449	GetCurrentProcessId
KERNEL32.dll	453	GetCurrentThreadId
KERNEL32.dll	633	GetSystemTimeAsFileTime
KERNEL32.dll	743	InitializeSListHead
KERNEL32.dll	768	IsDebuggerPresent
KERNEL32.dll	611	GetStartupInfoW
KERNEL32.dll	536	GetModuleHandleW
KERNEL32.dll	945	RaiseException
KERNEL32.dll	1048	RtlUnwind
KERNEL32.dll	1139	SetLastError
KERNEL32.dll	238	EnterCriticalSection
KERNEL32.dll	825	LeaveCriticalSection
KERNEL32.dll	209	DeleteCriticalSection
KERNEL32.dll	739	InitializeCriticalSectionAndSpinCount
KERNEL32.dll	1221	TlsAlloc
KERNEL32.dll	1223	TlsGetValue
KERNEL32.dll	1224	TlsSetValue
KERNEL32.dll	1222	TlsFree
KERNEL32.dll	354	FreeLibrary
KERNEL32.dll	830	LoadLibraryExW
KERNEL32.dll	535	GetModuleHandleExW
KERNEL32.dll	612	GetStdHandle
KERNEL32.dll	531	GetModuleFileNameA
KERNEL32.dll	871	MultiByteToWideChar
KERNEL32.dll	1297	WideCharToMultiByte
KERNEL32.dll	360	GetACP
KERNEL32.dll	499	GetFileType
KERNEL32.dll	813	LCMapStringW
KERNEL32.dll	722	HeapReAlloc
KERNEL32.dll	307	FindFirstFileExA
KERNEL32.dll	323	FindNextFileA
KERNEL32.dll	778	IsValidCodePage
KERNEL32.dll	567	GetOEMCP
KERNEL32.dll	370	GetCPInfo
KERNEL32.dll	390	GetCommandLineA
KERNEL32.dll	391	GetCommandLineW
KERNEL32.dll	474	GetEnvironmentStringsW
KERNEL32.dll	353	FreeEnvironmentStringsW
KERNEL32.dll	1159	SetStdHandle
KERNEL32.dll	617	GetStringTypeW
KERNEL32.dll	202	DecodePointer
USER32.dll	819	wsprintfW
SHLWAPI.dll	73	PathFindFileNameW
WINHTTP.dll	15	WinHttpOpen
WINHTTP.dll	23	WinHttpSendRequest

StringTable 040904b0

CompanyName	Digest Security
FileDescription	Digest Printer Server
FileVersion	1.0.0.6
InternalName	dpserver.exe
LegalCopyright	Copyright (C) 2019 Digest Security
OriginalFilename	dpserver.exe
ProductName	Digest Printer
ProductVersion	1.2.0.1

VS_FIXEDFILEINFO

FileVersion	1.0.0.6
ProductVersion	1.2.0.1
StrucVersion	0x10000
FileFlagsMask	0x3f
FileFlags	0
FileOS	0x40004
FileType	1
FileSubtype	0

OpenSSL (terse)
ASN.1 (verbose)

Signers (1)

issuer: /emailAddress=contact@digestsecurity.com/C=ZD/ST=W/L=NY/O=DGS Software/OU=IT/CN=Digest

serial: 5ADF105E7F2CE39D45B3AFEABA305C59

Certificates (1)

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5a:df:10:5e:7f:2c:e3:9d:45:b3:af:ea:ba:30:5c:59
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: emailAddress=contact@digestsecurity.com, C=ZD, ST=W, L=NY, O=DGS Software, OU=IT, CN=Digest
        Validity
            Not Before: May 20 08:32:39 2019 GMT
            Not After : Dec 31 23:59:59 2039 GMT
        Subject: emailAddress=contact@digestsecurity.com, C=ZD, ST=W, L=NY, O=DGS, OU=IT, CN=Digest Security
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:76:07:05:ab:77:1f:fa:5f:2c:b8:91:ba:e2:
                    c8:20:5b:8f:51:af:ad:f6:db:6d:c6:29:1f:87:ff:
                    0b:b4:b8:0e:48:12:1f:ea:31:5f:29:cb:38:81:75:
                    51:dc:45:6c:aa:64:30:cc:97:2f:6a:15:9e:4f:e2:
                    0c:1b:b0:d0:ff:b0:97:d5:b9:95:d7:e3:11:6a:74:
                    0e:80:96:b6:e2:91:3d:3e:81:f5:f5:24:9d:67:50:
                    ac:70:7d:ea:94:26:54:e2:2a:db:ca:a2:14:0b:4f:
                    3b:1d:79:a5:38:30:e4:95:30:7a:48:8a:aa:a5:71:
                    fb:e5:dd:20:cc:07:b1:1b:18:29:94:bd:c2:6c:50:
                    4e:37:67:15:a2:cb:6f:73:1f:d8:fd:93:58:fb:34:
                    dc:8e:d2:4d:f3:66:21:f1:ed:40:19:2b:46:6f:58:
                    2f:cd:a8:8b:3f:7d:a8:1a:f8:91:03:da:dd:02:0f:
                    56:ef:b7:fb:2c:7b:e4:cd:58:49:ad:cd:c9:69:af:
                    97:b0:be:d7:ce:2f:3b:50:22:80:24:e4:06:8e:72:
                    fb:9f:e7:b4:77:07:cb:dc:bf:f5:0d:54:b5:0c:69:
                    7e:cf:40:52:d6:36:07:8b:e2:3f:d1:1c:15:aa:68:
                    bb:cd:eb:1a:36:7c:6f:ff:77:fa:e6:73:f3:10:46:
                    2d:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:FALSE
            2.5.29.1: 
                0...........w...........0..1)0'..*.H.......contact@digestsecurity.com1.0...U....ZD1
0...U....W1.0...U....NY1.0...U.
..DGS Software1.0...U....IT1.0..U....Digest...6...}..M..a9..6
    Signature Algorithm: sha256WithRSAEncryption
         ab:62:92:fb:80:8f:b2:7c:d9:e8:20:46:68:b7:10:87:e0:00:
         fd:f1:88:85:95:70:99:fb:b6:45:05:b3:cf:05:8c:65:d3:4e:
         74:dd:8c:f4:a7:00:f4:53:0c:ba:cf:fb:c4:57:49:08:12:18:
         e8:96:50:b8:73:e2:9c:09:81:48:93:c1:7c:dc:2b:76:a3:50:
         da:8c:71:16:f7:21:7a:35:a9:e0:1b:cd:3b:7e:e6:3d:75:16:
         60:ea:bd:96:57:f9:aa:5c:65:61:f2:9f:35:10:0c:95:d3:82:
         d4:94:04:3b:77:41:22:30:0d:bd:62:c8:89:38:a0:e8:89:96:
         51:49:25:a7:93:44:bb:99:3a:14:92:15:2e:22:e2:45:27:a8:
         c3:ac:8f:c2:ac:19:1a:85:d4:b6:22:f9:50:5e:aa:55:a1:9f:
         42:76:77:e6:10:15:55:75:e9:bc:55:67:71:c0:ac:f7:dd:51:
         d5:e7:1a:ea:9e:11:e0:1f:d3:ae:da:03:80:e4:32:dc:2e:29:
         b7:08:95:b2:88:3c:0c:ba:e2:c1:1a:14:e6:86:a5:ed:27:de:
         b9:15:7b:c7:18:94:b4:e7:96:34:5c:91:3c:5d:2f:01:65:26:
         f4:0c:1d:e2:4c:ef:07:ac:0a:3a:91:4b:1e:72:a6:74:a0:37:
         65:5a:c4:50

pkcs7-signedData

SHA1: nil

1.3.6.1.4.1.311.2.1.4

1.3.6.1.4.1.311.2.1.15

00 3c 00 3c 00 3c 00 4f  00 62 00 73 00 6f 00 6c  |.<.<.<.O.b.s.o.l|
00 65 00 74 00 65 00 3e  00 3e 00 3e              |.e.t.e.>.>.>    |

SHA1

0e 19 9b 4d ac d0 94 04 19 1b e4 29 c4 6a d1 71 |...M.......).j.q| 3a 13 f2 10 |:... |

2
- 5A:DF:10:5E:7F:2C:E3:9D:45:B3:AF:EA:BA:30:5C:59
- RSA-SHA256: nil
- #2
  - emailAddress: contact@digestsecurity.com
  - C: ZD
  - ST: W
  - L: NY
  - O: DGS Software
  - OU: IT
  - CN: Digest
- 2019-05-20 08:32:39 UTC: 2039-12-31 23:59:59 UTC
- #4
  - emailAddress: contact@digestsecurity.com
  - C: ZD
  - ST: W
  - L: NY
  - O: DGS
  - OU: IT
  - CN: Digest Security
- #5
  - rsaEncryption: nil
  - B0:76:07:05:AB:77:1F:FA:5F:2C:B8:91:BA:E2:C8:20:
    5B:8F:51:AF:AD:F6:DB:6D:C6:29:1F:87:FF:0B:B4:B8:
    0E:48:12:1F:EA:31:5F:29:CB:38:81:75:51:DC:45:6C:
    AA:64:30:CC:97:2F:6A:15:9E:4F:E2:0C:1B:B0:D0:FF:
    B0:97:D5:B9:95:D7:E3:11:6A:74:0E:80:96:B6:E2:91:
    3D:3E:81:F5:F5:24:9D:67:50:AC:70:7D:EA:94:26:54:
    E2:2A:DB:CA:A2:14:0B:4F:3B:1D:79:A5:38:30:E4:95:
    30:7A:48:8A:AA:A5:71:FB:E5:DD:20:CC:07:B1:1B:18:
    29:94:BD:C2:6C:50:4E:37:67:15:A2:CB:6F:73:1F:D8:
    FD:93:58:FB:34:DC:8E:D2:4D:F3:66:21:F1:ED:40:19:
    2B:46:6F:58:2F:CD:A8:8B:3F:7D:A8:1A:F8:91:03:DA:
    DD:02:0F:56:EF:B7:FB:2C:7B:E4:CD:58:49:AD:CD:C9:
    69:AF:97:B0:BE:D7:CE:2F:3B:50:22:80:24:E4:06:8E:
    72:FB:9F:E7:B4:77:07:CB:DC:BF:F5:0D:54:B5:0C:69:
    7E:CF:40:52:D6:36:07:8B:E2:3F:D1:1C:15:AA:68:BB:
    CD:EB:1A:36:7C:6F:FF:77:FA:E6:73:F3:10:46:2D:CD: 0x010001
- X509v3 extensions
  - basicConstraints
    - true
    - nil
  - 2.5.29.1
    - f8 ef ea e5 a0 1b 08 77 ca dc cf f0 17 b6 d2 a4 |.......w........|
      - #0
        emailAddress: contact@digestsecurity.com
        C: ZD
        ST: W
        L: NY
        O: DGS Software
        OU: IT
        CN: Digest
      - 88 36 d7 a3 9d 7d fa 9c 4d bf 85 61 39 c5 fc 36 |.6...}..M..a9..6|

RSA-SHA256:

ab 62 92 fb 80 8f b2 7c  d9 e8 20 46 68 b7 10 87  |.b.....|.. Fh...|
e0 00 fd f1 88 85 95 70  99 fb b6 45 05 b3 cf 05  |.......p...E....|
8c 65 d3 4e 74 dd 8c f4  a7 00 f4 53 0c ba cf fb  |.e.Nt......S....|
c4 57 49 08 12 18 e8 96  50 b8 73 e2 9c 09 81 48  |.WI.....P.s....H|
93 c1 7c dc 2b 76 a3 50  da 8c 71 16 f7 21 7a 35  |..|.+v.P..q..!z5|
a9 e0 1b cd 3b 7e e6 3d  75 16 60 ea bd 96 57 f9  |....;~.=u.`...W.|
aa 5c 65 61 f2 9f 35 10  0c 95 d3 82 d4 94 04 3b  |.\ea..5........;|
77 41 22 30 0d bd 62 c8  89 38 a0 e8 89 96 51 49  |wA"0..b..8....QI|
25 a7 93 44 bb 99 3a 14  92 15 2e 22 e2 45 27 a8  |%..D..:....".E'.|
c3 ac 8f c2 ac 19 1a 85  d4 b6 22 f9 50 5e aa 55  |..........".P^.U|
a1 9f 42 76 77 e6 10 15  55 75 e9 bc 55 67 71 c0  |..Bvw...Uu..Ugq.|
ac f7 dd 51 d5 e7 1a ea  9e 11 e0 1f d3 ae da 03  |...Q............|
80 e4 32 dc 2e 29 b7 08  95 b2 88 3c 0c ba e2 c1  |..2..).....<....|
1a 14 e6 86 a5 ed 27 de  b9 15 7b c7 18 94 b4 e7  |......'...{.....|
96 34 5c 91 3c 5d 2f 01  65 26 f4 0c 1d e2 4c ef  |.4\.<]/.e&....L.|
07 ac 0a 3a 91 4b 1e 72  a6 74 a0 37 65 5a c4 50  |...:.K.r.t.7eZ.P|

unnamed
- #0
  - emailAddress: contact@digestsecurity.com
  - C: ZD
  - ST: W
  - L: NY
  - O: DGS Software
  - OU: IT
  - CN: Digest
- 5A:DF:10:5E:7F:2C:E3:9D:45:B3:AF:EA:BA:30:5C:59
SHA1: nil

1.3.6.1.4.1.311.2.1.12
- nil
contentType: 1.3.6.1.4.1.311.2.1.4

messageDigest:

a9 46 f6 76 14 b7 b6 b0  8a 22 30 be b9 3a 22 50  |.F.v....."0..:"P|
db 22 7d 00                                       |."}.            |

rsaEncryption:

3c 4a af e8 c5 f8 fe b8  6d f0 37 1e 1a 09 51 2f  ||
6e 15 12 99 1b bd 0d 48  c7 b5 28 9e c8 75 d5 7c  |n......H..(..u.||
4b 31 23 05 f7 32 88 57  49 bb eb cd 1a 9c 1b f6  |K1#..2.WI.......|
2a 2e 40 b3 d3 8e c9 94  84 f8 93 6f 95 44 07 5c  |*.@........o.D.\|
be d8 17 1c b6 bf 28 38  95 24 2d ed cc 30 57 76  |......(8.$-..0Wv|
7c f6 bb e0 20 d4 e6 61  05 4d 6c ab 09 40 94 11  ||... ..a.Ml..@..|
92 c8 da 5e 6b 2f 62 b2  d5 ef d0 7e 5c 4c e1 3d  |...^k/b....~\L.=|
21 da e6 e5 95 45 15 9f  05 9f 95 6f 3e 31 47 45  |!....E.....o>1GE|
62 b5 50 cd 61 12 11 f8  cc 91 ba ac 0c 3a aa c2  |b.P.a........:..|
dd fe f8 8d 10 af ac 20  83 26 b2 19 aa a6 99 0a  |....... .&......|
14 34 f2 6f a4 27 0c 5c  cc a7 dc ff 35 5e 89 db  |.4.o.'.\....5^..|
07 e3 8d d9 9a 1f ec 5f  84 4e b9 e9 64 94 a5 39  |......._.N..d..9|
41 ff f9 a4 6b 12 a3 83  99 9c 1e 4c 61 e3 51 50  |A...k......La.QP|
ed f3 72 12 7f 67 3f 8c  a2 ba 27 6d 03 74 d8 97  |..r..g?...'m.t..|