fpCSEvtSvc[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

fpCSEvtSvc.exe
Size

21KB
MD5

7d69a11349acc0d0b18a3953950d3720
SHA1

8b28ac91570073f26e35faa4d475d91e23c3767a
SHA256

3419d56691ddfe1cc91d09b2aa97a35e50a2faaedd5eebe2dab86245b27bded4
SHA512

284ae6b3f9a26764a43c53e610f9a9361db4b453b556f2b72bbdf9420bcb5e8628902edc6544d1c77cd95d41a14e9b2c1bbfba71c00046fcef358320defd3e9f
SSDEEP

384:0kCHcdd0DVVve0vy2x9t1mXonx7nNqFReltfgv:hKQave0FHxjNMeg

Score

N/A

Malware Config

Signatures

Files

fpCSEvtSvc.exe
.exe windows x64

4e5b997beb1c55ee5a62764fa49cd98d

Code Sign

33:00:00:00:58:4c:08:4c:80:a1:c8:d5:61:00:00:00:00:00:58
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

01/11/2017, 19:18

Not After

01/11/2018, 19:18

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/04/2012, 23:48

Not After

18/04/2027, 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6d:c6:2b:f4:b7:37:cd:37:97:bf:95:29:08:76:92:72:90:b4:92:5e:a2:38:8e:59:ea:ab:1b:9b:10:f1:a8:8a
Signer

Actual PE Digest

6d:c6:2b:f4:b7:37:cd:37:97:bf:95:29:08:76:92:72:90:b4:92:5e:a2:38:8e:59:ea:ab:1b:9b:10:f1:a8:8a

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

26/08/2022, 16:48
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

CreateThread
CloseHandle
GetModuleFileNameA
SetConsoleCtrlHandler
lstrcmpiA
GetLastError
ExitThread
CreateEventA
SetEvent
WaitForSingleObject
DecodePointer
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
IsDebuggerPresent
EncodePointer

advapi32

StartServiceCtrlDispatcherA
OpenTraceW
FreeSid
OpenSCManagerA
SetServiceStatus
AllocateAndInitializeSid
ReportEventA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
DeregisterEventSource
CreateServiceA
ProcessTrace
CloseServiceHandle
RegisterEventSourceA
SetEntriesInAclA
RegisterServiceCtrlHandlerA
CloseTrace

ole32

CoTaskMemFree
StringFromCLSID

tdh

TdhGetEventInformation

msvcr120

_XcptFilter
_amsg_exit
__getmainargs
__set_app_type
exit
_exit
_cexit
_configthreadlocale
__setusermatherr
_initterm_e
_initterm
__C_specific_handler
__initenv
_fmode
_commode
__crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
__crtCapturePreviousContext
?terminate@@YAXXZ
__crtSetUnhandledExceptionFilter
_lock
_unlock
_calloc_crt
__dllonexit
_onexit
_vsnprintf
malloc
free
memset

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 600B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4e5b997beb1c55ee5a62764fa49cd98d

Code Sign

33:00:00:00:58:4c:08:4c:80:a1:c8:d5:61:00:00:00:00:00:58Certificate

Extended Key Usages

61:0b:aa:c1:00:00:00:00:00:09Certificate

Key Usages

6d:c6:2b:f4:b7:37:cd:37:97:bf:95:29:08:76:92:72:90:b4:92:5e:a2:38:8e:59:ea:ab:1b:9b:10:f1:a8:8aSigner

Signature Validations

Verification

26/08/2022, 16:48 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

ole32

tdh

msvcr120

Sections

.text Size: 5KB - Virtual size: 5KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 1024B - Virtual size: 600B

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 512B - Virtual size: 24B

33:00:00:00:58:4c:08:4c:80:a1:c8:d5:61:00:00:00:00:00:58
Certificate

61:0b:aa:c1:00:00:00:00:00:09
Certificate

6d:c6:2b:f4:b7:37:cd:37:97:bf:95:29:08:76:92:72:90:b4:92:5e:a2:38:8e:59:ea:ab:1b:9b:10:f1:a8:8a
Signer

26/08/2022, 16:48
Valid: false

.text
Size: 5KB - Virtual size: 5KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 1024B - Virtual size: 600B

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 512B - Virtual size: 24B