General

Malware Config

Signatures

Files

• McAfee_Installer_serial_EAJ2du6QN92S5ciEQRGJ3g2_key_affid_1249_akey.exe

  .exe windows x86

  bd14ba1d0bd49d765a3e6259ed016bac

  
  

  Code Sign

  77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed

  Certificate

  Issuer

  CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

  Not Before

  28-07-2020 00:00

  Not After

  28-07-2030 00:00

  Subject

  CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  7d:9e:98:88:d0:f9:7a:54:32:82:7a:5e

  Certificate

  Issuer

  CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

  Not Before

  04-10-2021 17:33

  Not After

  04-10-2024 17:33

  Subject

  SERIALNUMBER=2306741,CN=McAfee\, LLC,O=McAfee\, LLC,STREET=6220 America Ctr Dr,L=San Jose,ST=California,C=US,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1d

  Certificate

  Issuer

  CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

  Not Before

  06-04-2022 07:44

  Not After

  08-05-2033 07:44

  Subject

  CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74

  Certificate

  Issuer

  CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

  Not Before

  20-06-2018 00:00

  Not After

  10-12-2034 00:00

  Subject

  CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc

  Certificate

  Issuer

  CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

  Not Before

  20-02-2019 00:00

  Not After

  18-03-2029 10:00

  Subject

  CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  04:00:00:00:00:01:21:58:53:08:a2

  Certificate

  Issuer

  CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

  Not Before

  18-03-2009 10:00

  Not After

  18-03-2029 10:00

  Subject

  CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  13:a1:91:c0:eb:27:ae:85:ea:99:d7:29:14:b6:91:e4

  Certificate

  Issuer

  CN=McAfee Code Signing CA 2,O=McAfee\, Inc.,L=Santa Clara,ST=CA,C=US

  Not Before

  12-03-2021 00:00

  Not After

  11-03-2024 23:59

  Subject

  CN=McAfee\, LLC,OU=Engineering,O=McAfee\, LLC,POSTALCODE=95054,STREET=2821 Mission College Blvd,L=Santa Clara,ST=California,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  ca:c1:f1:dd:01:7e:80:f1:2b:4d:17:c1:69:6d:9b:a5

  Certificate

  Issuer

  CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

  Not Before

  27-10-2014 00:00

  Not After

  26-10-2024 23:59

  Subject

  CN=McAfee Code Signing CA 2,O=McAfee\, Inc.,L=Santa Clara,ST=CA,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  33:00:00:00:44:b7:3f:fc:ef:5a:cf:a2:7a:00:00:00:00:00:44

  Certificate

  Issuer

  CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  22-07-2015 21:03

  Not After

  22-07-2025 21:03

  Subject

  CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1d

  Certificate

  Issuer

  CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

  Not Before

  06-04-2022 07:44

  Not After

  08-05-2033 07:44

  Subject

  CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74

  Certificate

  Issuer

  CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

  Not Before

  20-06-2018 00:00

  Not After

  10-12-2034 00:00

  Subject

  CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc

  Certificate

  Issuer

  CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

  Not Before

  20-02-2019 00:00

  Not After

  18-03-2029 10:00

  Subject

  CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  04:00:00:00:00:01:21:58:53:08:a2

  Certificate

  Issuer

  CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

  Not Before

  18-03-2009 10:00

  Not After

  18-03-2029 10:00

  Subject

  CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  ac:b9:6e:48:11:4e:2f:e5:16:62:47:80:3b:e8:a7:f9:13:05:3c:e7:c9:7b:12:55:34:2e:01:ea:1b:3a:35:f1

  Signer

  Actual PE Digest

  ac:b9:6e:48:11:4e:2f:e5:16:62:47:80:3b:e8:a7:f9:13:05:3c:e7:c9:7b:12:55:34:2e:01:ea:1b:3a:35:f1

  Digest Algorithm

  sha256

  PE Digest Matches

  true

  Signature Validations

  Trusted

  true

  Verification

  Signing Certificate

  CN=McAfee\, LLC,OU=Engineering,O=McAfee\, LLC,POSTALCODE=95054,STREET=2821 Mission College Blvd,L=Santa Clara,ST=California,C=US

  21-07-2022 13:42

  Valid: true

  Chain 1

  CN=McAfee\, LLC,OU=Engineering,O=McAfee\, LLC,POSTALCODE=95054,STREET=2821 Mission College Blvd,L=Santa Clara,ST=California,C=US

  CN=McAfee Code Signing CA 2,O=McAfee\, Inc.,L=Santa Clara,ST=CA,C=US

  CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

  ac:b9:6e:48:11:4e:2f:e5:16:62:47:80:3b:e8:a7:f9:13:05:3c:e7:c9:7b:12:55:34:2e:01:ea:1b:3a:35:f1

  Signer

  Actual PE Digest

  ac:b9:6e:48:11:4e:2f:e5:16:62:47:80:3b:e8:a7:f9:13:05:3c:e7:c9:7b:12:55:34:2e:01:ea:1b:3a:35:f1

  Digest Algorithm

  sha256

  PE Digest Matches

  true

  Signature Validations

  Trusted

  false

  Verification

  Signing Certificate

  SERIALNUMBER=2306741,CN=McAfee\, LLC,O=McAfee\, LLC,STREET=6220 America Ctr Dr,L=San Jose,ST=California,C=US,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

  21-07-2022 13:42

  Valid: false

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_GUARD_CF

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  wintrust

  WinVerifyTrust

  crypt32

  CryptProtectData

  CryptBinaryToStringW

  CertVerifyCertificateChainPolicy

  CertFreeCertificateChain

  CertGetCertificateChain

  CryptQueryObject

  CryptDecodeObject

  CryptMsgOpenToDecode

  CryptMsgClose

  CryptMsgUpdate

  CryptMsgGetParam

  CertCloseStore

  CertGetSubjectCertificateFromStore

  CertFreeCertificateContext

  CertGetCertificateContextProperty

  CertGetNameStringW

  kernel32

  WritePrivateProfileStringW

  WritePrivateProfileStructW

  FormatMessageW

  ReadFile

  SizeofResource

  HeapFree

  GetCurrentProcess

  CreatePipe

  PeekNamedPipe

  InitializeCriticalSectionEx

  CreateFileW

  HeapSize

  MultiByteToWideChar

  Sleep

  GetLastError

  LockResource

  HeapReAlloc

  CloseHandle

  RaiseException

  FindResourceExW

  LoadResource

  FindResourceW

  HeapAlloc

  DecodePointer

  HeapDestroy

  DeleteCriticalSection

  GetProcessHeap

  CreateProcessW

  VirtualQuery

  GetCurrentProcessId

  SetLastError

  GetModuleFileNameW

  LoadLibraryExW

  QueryFullProcessImageNameW

  InitializeSRWLock

  ReleaseSRWLockExclusive

  ReleaseSRWLockShared

  AcquireSRWLockExclusive

  lstrlenW

  WaitForSingleObject

  CreateThread

  OpenProcess

  GetWindowsDirectoryW

  GlobalFindAtomW

  SystemTimeToFileTime

  CreateToolhelp32Snapshot

  Process32FirstW

  Process32NextW

  GetFullPathNameW

  EnterCriticalSection

  LeaveCriticalSection

  GetProcAddress

  LoadLibraryW

  WideCharToMultiByte

  GetCurrentDirectoryW

  OutputDebugStringW

  FreeLibrary

  LocalAlloc

  FormatMessageA

  LockFileEx

  UnlockFileEx

  GlobalAddAtomW

  CopyFileW

  MoveFileW

  MoveFileExW

  ReplaceFileW

  DeleteFileA

  SetFileAttributesA

  GetTempPathA

  GetTempFileNameA

  GetModuleHandleW

  GetModuleHandleExW

  DeleteFileW

  FindClose

  FindFirstFileW

  GetFileAttributesW

  RemoveDirectoryW

  SetFilePointer

  WriteFile

  ReleaseMutex

  CreateMutexW

  GetCurrentThreadId

  GetLocalTime

  InitializeCriticalSectionAndSpinCount

  FreeEnvironmentStringsW

  GetEnvironmentStringsW

  GetCommandLineW

  GetCommandLineA

  GetOEMCP

  GetACP

  IsValidCodePage

  SetStdHandle

  AcquireSRWLockShared

  VerifyVersionInfoW

  FlushFileBuffers

  EnumSystemLocalesW

  GetUserDefaultLCID

  IsValidLocale

  GetLocaleInfoW

  LCMapStringW

  GetSystemInfo

  VirtualProtect

  LoadLibraryExA

  FindNextFileW

  SetFileAttributesW

  VerSetConditionMask

  GetExitCodeProcess

  K32GetModuleFileNameExW

  ExpandEnvironmentStringsW

  CreateDirectoryW

  GetFileSizeEx

  lstrcmpW

  GetLongPathNameW

  LocalFree

  TerminateProcess

  TlsSetValue

  OutputDebugStringA

  SetFileTime

  LocalFileTimeToFileTime

  TlsAlloc

  TlsGetValue

  TlsFree

  DosDateTimeToFileTime

  SetHandleInformation

  IsDebuggerPresent

  GetStringTypeW

  InitOnceBeginInitialize

  InitOnceComplete

  FindFirstFileExW

  GetFileAttributesExW

  SetEndOfFile

  SetFilePointerEx

  GetTempPathW

  AreFileApisANSI

  GetFileInformationByHandleEx

  WaitForSingleObjectEx

  GetExitCodeThread

  EncodePointer

  LCMapStringEx

  GetCPInfo

  QueryPerformanceCounter

  GetSystemTimeAsFileTime

  SetEvent

  ResetEvent

  CreateEventW

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  IsProcessorFeaturePresent

  GetStartupInfoW

  InitializeSListHead

  RtlUnwind

  VirtualAlloc

  GetConsoleMode

  ReadConsoleW

  GetConsoleOutputCP

  GetFileType

  GetStdHandle

  WriteConsoleW

  ExitThread

  FreeLibraryAndExitThread

  ExitProcess

  ole32

  CLSIDFromString

  CoTaskMemFree

  StringFromGUID2

  oleaut32

  SysFreeString

  SysAllocString

  shlwapi

  PathFileExistsW

  PathFindExtensionW

  PathStripToRootW

  PathRemoveFileSpecW

  PathAddExtensionA

  SHDeleteKeyW

  PathRemoveFileSpecA

  PathFileExistsA

  PathFindFileNameA

  PathRemoveExtensionA

  PathAppendW

  Sections

  .text

  Size: 324KB - Virtual size: 324KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 104KB - Virtual size: 103KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 8KB - Virtual size: 11KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .didat

  Size: 512B - Virtual size: 168B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 77.8MB - Virtual size: 77.8MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 17KB - Virtual size: 17KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ