dbcls[.]64bit[.]incr[.]7z

Sharing

Copy URL Twitter E-mail

General

Target

dbcls.64bit.incr.7z
Size

3.8MB
MD5

d2a17a1c1523da99a9234b3992303389
SHA1

292149d60a8fd8762451de982e9df1cb52d8c24f
SHA256

3be8843b40bfd590df35da18103d13191c826496cbfee0ba58bf86b978ba107f
SHA512

f570be8cb505f5f83a56b73873d200404103f4f3e25d6b2b71485870cd99ddbc2253b1dbdcba0606958f751bb84a803e6393e86e27eefd7258dac00f9653ed60
SSDEEP

98304:R5mfGmbjf+1P/2xxebrUSyNr0VemrU7JrQIfXnTGG:R5BVFu3jX5ajU71QeCG

Score

N/A

Malware Config

Signatures

Files

dbcls.64bit.incr.7z
.7z
MBUpdate.cat
SdkDbUpdatr.dll
.dll windows x64

e0275cdf389c94a15702492ca6835fe5

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

08:a2:ec:4e:78:a0:9e:17:4b:19:2e:55:35:98:4b:59
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

03/07/2019, 00:00

Not After

20/08/2021, 12:00

Subject

CN=Malwarebytes Inc,O=Malwarebytes Inc,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:72:31:03:3a:58:68:53:bf:a7:a4:1a:d6:4b:ff:02
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

14/03/2018, 00:00

Not After

08/05/2020, 12:00

Subject

SERIALNUMBER=5430750,CN=Malwarebytes Inc,O=Malwarebytes Inc,L=Santa Clara,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8f:23:90:cc:81:57:f5:b8:19:a3:d4:f6:ee:aa:b2:c1:b5:b1:f4:3b:50:0c:8b:16:6f:0d:00:93:83:61:7b:4b
Signer

Actual PE Digest

8f:23:90:cc:81:57:f5:b8:19:a3:d4:f6:ee:aa:b2:c1:b5:b1:f4:3b:50:0c:8b:16:6f:0d:00:93:83:61:7b:4b

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=5430750,CN=Malwarebytes Inc,O=Malwarebytes Inc,L=Santa Clara,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

27/11/2019, 18:15
Valid: true

Chain 1

SERIALNUMBER=5430750,CN=Malwarebytes Inc,O=Malwarebytes Inc,L=Santa Clara,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

e9:e6:7f:bd:35:55:fa:88:46:39:04:96:8f:a4:f6:69:80:30:b5:9d
Signer

Actual PE Digest

e9:e6:7f:bd:35:55:fa:88:46:39:04:96:8f:a4:f6:69:80:30:b5:9d

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Malwarebytes Inc,O=Malwarebytes Inc,L=Santa Clara,ST=California,C=US

27/11/2019, 18:14
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

expapply64

ExaPatchApplyCloseStream
ExaPatchApplyOpen
ExaPatchApplyDoEntireFile
ExaPatchApplyClose
ExaPatchApplyOpenFileArrayAsStreamW

kernel32

GetTickCount
GetSystemTime
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
ReadFile
SetEvent
ResetEvent
ReleaseMutex
CreateMutexW
CreateEventW
WaitForMultipleObjects
SetEndOfFile
CopyFileW
InitializeCriticalSectionAndSpinCount
GetStdHandle
TerminateProcess
GetStartupInfoW
GetSystemTimeAsFileTime
GetCurrentThreadId
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetCurrentDirectoryW
FindClose
FindNextFileW
WriteFile
SetLastError
SystemTimeToFileTime
GetFileType
DeleteFiber
ConvertFiberToThread
QueryPerformanceCounter
GetEnvironmentVariableW
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
WaitForSingleObject
LeaveCriticalSection
EnterCriticalSection
GetCurrentProcess
DeleteFileW
RemoveDirectoryW
CreateDirectoryW
GetFileAttributesW
FindFirstFileW
RtlUnwind
FlushFileBuffers
CreateFileW
CloseHandle
GetModuleFileNameW
FormatMessageW
LocalFree
GetSystemInfo
VerifyVersionInfoW
VerSetConditionMask
GetVersionExW
DecodePointer
GetModuleHandleW
DeleteCriticalSection
InitializeCriticalSectionEx
RaiseException
SwitchToThread
MultiByteToWideChar
WideCharToMultiByte
GetProcAddress
FreeLibrary
LoadLibraryW
GetLastError
MoveFileExW
IsValidCodePage
FindFirstFileExW
GetFullPathNameW
HeapReAlloc
SetStdHandle
SetFilePointerEx
GetConsoleCP
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
HeapFree
HeapAlloc
FileTimeToSystemTime
PeekNamedPipe
GetFileInformationByHandle
GetDriveTypeW
SetConsoleCtrlHandler
ExitProcess
GetModuleHandleExW
LoadLibraryExW
InterlockedFlushSList
InterlockedPushEntrySList
RtlPcToFileHeader
RtlUnwindEx
OutputDebugStringW
IsDebuggerPresent
InitializeSListHead
WaitForSingleObjectEx
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCPInfo
Sleep
GetCurrentProcessId
SetEnvironmentVariableW
GetProcessHeap
HeapSize
WriteConsoleW
GetLocaleInfoW
LCMapStringW
CompareStringW
EncodePointer
GetStringTypeW
GlobalMemoryStatus

user32

MessageBoxW
GetUserObjectInformationW
GetProcessWindowStation

advapi32

RegCloseKey
RegQueryValueExW
CryptGenRandom
CryptEnumProvidersW
CryptSignHashW
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
ReportEventW
RegisterEventSourceW
DeregisterEventSource
CryptDestroyHash
CryptReleaseContext
CryptCreateHash
CryptAcquireContextW
RegSetValueExW
RegCreateKeyExW
IsTextUnicode
RegOpenKeyExW

shell32

SHGetFolderPathW

ole32

CoInitializeEx
CoUninitialize
CoCreateInstance

oleaut32

VariantChangeType
SysFreeString
SysAllocString
VariantInit
VariantClear

netapi32

NetWkstaGetInfo
NetApiBufferFree

ws2_32

WSAStartup
WSACleanup
recv
send
WSASetLastError
WSAGetLastError
closesocket

crypt32

CertEnumCertificatesInStore
CertOpenStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty
CertFindCertificateInStore
CertCloseStore

Exports

Exports

DoFullUpdate
DoIncrementalUpdate
RollbackUpdate
TestApplyDeltaUpdate

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 677KB - Virtual size: 676KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SdkDbUpdatrV4.dll
.dll windows x64

c10dbb1577c2a9d59a8881862e45d222

Code Sign

0d:36:ab:08:05:ba:94:50:22:0f:86:5c:58:91:8f:52
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/05/2020, 00:00

Not After

20/05/2022, 12:00

Subject

SERIALNUMBER=5430750,CN=Malwarebytes Inc,O=Malwarebytes Inc,L=Santa Clara,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7a:ee:22:26:a3:17:0e:d4:67:be:e1:14:16:97:b3:ea:e1:67:31:6e:ca:4f:00:ec:14:69:50:64:21:9c:aa:65
Signer

Actual PE Digest

7a:ee:22:26:a3:17:0e:d4:67:be:e1:14:16:97:b3:ea:e1:67:31:6e:ca:4f:00:ec:14:69:50:64:21:9c:aa:65

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=5430750,CN=Malwarebytes Inc,O=Malwarebytes Inc,L=Santa Clara,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

17/03/2022, 21:14
Valid: true

Chain 1

SERIALNUMBER=5430750,CN=Malwarebytes Inc,O=Malwarebytes Inc,L=Santa Clara,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

iphlpapi

GetAdaptersInfo

expapply64

ExaPatchApplyOpen
ExaPatchApplyCloseStream
ExaPatchApplyClose
ExaPatchApplyDoEntireFile
ExaPatchApplyOpenFileArrayAsStreamW

kernel32

CreateProcessW
WaitForSingleObject
GetExitCodeProcess
ReadFile
WriteFile
GetFileInformationByHandle
GetFileSize
GetTickCount
GetLocalTime
GetSystemTime
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
FileTimeToSystemTime
SetEndOfFile
SetLastError
FindNextFileW
FindClose
GetModuleHandleA
GetStdHandle
GetCurrentDirectoryW
SetEvent
ResetEvent
ReleaseMutex
CreateMutexW
CreateEventW
WaitForMultipleObjects
InitializeCriticalSectionAndSpinCount
TerminateProcess
GetStartupInfoW
GetSystemTimeAsFileTime
GetCurrentThreadId
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetEnvironmentVariableW
SetEnvironmentVariableW
SystemTimeToFileTime
DeleteFiber
GetFileType
QueryPerformanceCounter
ConvertFiberToThread
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
WriteConsoleW
HeapSize
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCurrentProcess
GetCurrentThread
LocalAlloc
ExpandEnvironmentStringsW
GlobalFree
GlobalAlloc
DeleteFileW
SetFileAttributesW
RemoveDirectoryW
CreateDirectoryW
GetFileAttributesExW
GetFileAttributesW
FindFirstFileW
FlushFileBuffers
CreateFileW
GetLongPathNameW
GetWindowsDirectoryW
GetModuleFileNameW
GetCurrentProcessId
CloseHandle
FormatMessageW
LeaveCriticalSection
EnterCriticalSection
GetSystemInfo
VerifyVersionInfoW
VerSetConditionMask
GetVersionExW
DecodePointer
GetModuleHandleW
DeleteCriticalSection
InitializeCriticalSectionEx
RaiseException
LocalFree
MultiByteToWideChar
WideCharToMultiByte
CopyFileW
MoveFileExW
GetLastError
GetTempPathW
GetProcAddress
FreeLibrary
LoadLibraryW
Sleep
GetOEMCP
GetACP
RtlUnwind
IsValidCodePage
FindFirstFileExW
GetFullPathNameW
HeapReAlloc
SetStdHandle
SetFilePointerEx
GetConsoleCP
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
HeapFree
HeapAlloc
SetConsoleCtrlHandler
ExitProcess
PeekNamedPipe
GetDriveTypeW
GetModuleHandleExW
LoadLibraryExW
InterlockedFlushSList
InterlockedPushEntrySList
RtlPcToFileHeader
RtlUnwindEx
OutputDebugStringW
IsDebuggerPresent
InitializeSListHead
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WaitForSingleObjectEx
GetCPInfo
GetLocaleInfoW
LCMapStringW
CompareStringW
EncodePointer
GetStringTypeW
SwitchToThread

user32

GetProcessWindowStation
GetUserObjectInformationW
MessageBoxW

advapi32

RegSetValueExW
RegCloseKey
RegEnumKeyExW
RegQueryValueExW
IsTextUnicode
CryptEnumProvidersW
CryptSignHashW
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
ReportEventW
RegisterEventSourceW
DeregisterEventSource
CryptGenRandom
CryptAcquireContextA
CryptDestroyHash
CryptReleaseContext
CryptCreateHash
CryptAcquireContextW
GetSidSubAuthority
GetSidSubAuthorityCount
FreeSid
ConvertStringSidToSidW
ConvertSidToStringSidW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
OpenThreadToken
RegUnLoadKeyW
GetExplicitEntriesFromAclW
RegSaveKeyW
RegRestoreKeyW
RegQueryInfoKeyW
RegLoadAppKeyW
RegLoadKeyW
RegEnumValueW
RegEnumKeyW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
TreeSetNamedSecurityInfoW
SetSecurityInfo
GetSecurityInfo
SetNamedSecurityInfoW
GetNamedSecurityInfoW
SetEntriesInAclW
DeleteAce
AllocateAndInitializeSid
RegOpenKeyExW

shell32

SHGetFolderPathW

ole32

CoInitializeEx
CoUninitialize
CoCreateInstance

oleaut32

SysFreeString
VariantChangeType
VariantClear
VariantInit
SysAllocString

mpr

WNetGetConnectionW

netapi32

NetWkstaGetInfo
NetApiBufferFree

sfc

SfcIsFileProtected

bcrypt

BCryptDestroyKey
BCryptGetProperty
BCryptFinishHash
BCryptCreateHash
BCryptHashData
BCryptImportKeyPair
BCryptDestroyHash
BCryptCloseAlgorithmProvider
BCryptVerifySignature
BCryptGenRandom
BCryptOpenAlgorithmProvider

ws2_32

recv
WSAStartup
WSACleanup
closesocket
send
WSASetLastError
WSAGetLastError

crypt32

CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty

Exports

Exports

DoFullUpdate
DoIncrementalUpdate
RollbackUpdate
TestApplyDeltaUpdate

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 909KB - Virtual size: 909KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 91KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SdkDbUpdatrV5.dll
.dll windows x64

c10dbb1577c2a9d59a8881862e45d222

Code Sign

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/03/2019, 00:00

Not After

31/12/2028, 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a6:57:f7:78:b3:1a:e5:23:d6:67:13:17:18:d1:6e:b2
Certificate

Issuer

CN=Sectigo RSA Code Signing CA 2,O=Sectigo Limited,C=GB

Not Before

23/03/2022, 00:00

Not After

16/03/2025, 23:59

Subject

CN=Malwarebytes Inc.,O=Malwarebytes Inc.,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

9e:02:b0:e9:4a:ce:b2:10:9c:a1:e9:83:6b:e0:c2:db
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

25/05/2021, 00:00

Not After

24/05/2036, 23:59

Subject

CN=Sectigo RSA Code Signing CA 2,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

54:98:d2:d1:d4:5b:19:95:48:13:79:c8:11:c0:87:99
Certificate

Issuer

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Not Before

16/04/2020, 18:36

Not After

16/04/2045, 18:44

Subject

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:2c:cd:3a:79:18:b9:47:89:a9:a4:00:00:00:00:2c:cd
Certificate

Issuer

CN=Microsoft ID Verified CS AOC CA 01,O=Microsoft Corporation,C=US

Not Before

07/09/2022, 14:14

Not After

10/09/2022, 14:14

Subject

CN=Malwarebytes Inc,O=Malwarebytes Inc,L=Santa Clara,ST=CA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:00:00:2c:cd:3a:79:18:b9:47:89:a9:a4:00:00:00:00:2c:cd
Certificate

Issuer

CN=Microsoft ID Verified CS AOC CA 01,O=Microsoft Corporation,C=US

Not Before

07/09/2022, 14:14

Not After

10/09/2022, 14:14

Subject

CN=Malwarebytes Inc,O=Malwarebytes Inc,L=Santa Clara,ST=CA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:00:00:00:07:37:8c:5b:a1:d9:5b:8c:d4:00:00:00:00:00:07
Certificate

Issuer

CN=Microsoft ID Verified Code Signing PCA 2021,O=Microsoft Corporation,C=US

Not Before

13/04/2021, 17:31

Not After

13/04/2026, 17:31

Subject

CN=Microsoft ID Verified CS AOC CA 01,O=Microsoft Corporation,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:07:87:a3:34:a3:7b:a5:8e:1c:00:00:00:00:00:07
Certificate

Issuer

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Not Before

01/04/2021, 20:05

Not After

01/04/2036, 20:15

Subject

CN=Microsoft ID Verified Code Signing PCA 2021,O=Microsoft Corporation,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5b:ef:1f:8c:c4:f5:b8:9b:7f:c2:77:7f:19:85:c8:e7:63:f5:b6:89:cc:64:fb:6f:d3:4e:d7:e3:d0:5c:9e:8a
Signer

Actual PE Digest

5b:ef:1f:8c:c4:f5:b8:9b:7f:c2:77:7f:19:85:c8:e7:63:f5:b6:89:cc:64:fb:6f:d3:4e:d7:e3:d0:5c:9e:8a

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Malwarebytes Inc,O=Malwarebytes Inc,L=Santa Clara,ST=CA,C=US

24/10/2022, 15:52
Valid: false

5b:ef:1f:8c:c4:f5:b8:9b:7f:c2:77:7f:19:85:c8:e7:63:f5:b6:89:cc:64:fb:6f:d3:4e:d7:e3:d0:5c:9e:8a
Signer

Actual PE Digest

5b:ef:1f:8c:c4:f5:b8:9b:7f:c2:77:7f:19:85:c8:e7:63:f5:b6:89:cc:64:fb:6f:d3:4e:d7:e3:d0:5c:9e:8a

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Malwarebytes Inc.,O=Malwarebytes Inc.,ST=California,C=US

24/10/2022, 15:52
Valid: true

Chain 1

CN=Malwarebytes Inc.,O=Malwarebytes Inc.,ST=California,C=US

CN=Sectigo RSA Code Signing CA 2,O=Sectigo Limited,C=GB

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Chain 2

CN=Malwarebytes Inc.,O=Malwarebytes Inc.,ST=California,C=US

CN=Sectigo RSA Code Signing CA 2,O=Sectigo Limited,C=GB

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

iphlpapi

GetAdaptersInfo

expapply64

ExaPatchApplyOpen
ExaPatchApplyCloseStream
ExaPatchApplyClose
ExaPatchApplyDoEntireFile
ExaPatchApplyOpenFileArrayAsStreamW

kernel32

CreateProcessW
WaitForSingleObject
GetExitCodeProcess
ReadFile
WriteFile
GetFileInformationByHandle
GetFileSize
GetTickCount
GetLocalTime
GetSystemTime
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
FileTimeToSystemTime
SetEndOfFile
SetLastError
FindNextFileW
FindClose
GetModuleHandleA
GetStdHandle
GetCurrentDirectoryW
SetEvent
ResetEvent
ReleaseMutex
CreateMutexW
CreateEventW
WaitForMultipleObjects
InitializeCriticalSectionAndSpinCount
TerminateProcess
GetStartupInfoW
GetSystemTimeAsFileTime
GetCurrentThreadId
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetEnvironmentVariableW
SetEnvironmentVariableW
SystemTimeToFileTime
DeleteFiber
GetFileType
QueryPerformanceCounter
ConvertFiberToThread
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
WriteConsoleW
HeapSize
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCurrentProcess
GetCurrentThread
LocalAlloc
ExpandEnvironmentStringsW
GlobalFree
GlobalAlloc
DeleteFileW
SetFileAttributesW
RemoveDirectoryW
CreateDirectoryW
GetFileAttributesExW
GetFileAttributesW
FindFirstFileW
FlushFileBuffers
CreateFileW
GetLongPathNameW
GetWindowsDirectoryW
GetModuleFileNameW
GetCurrentProcessId
CloseHandle
FormatMessageW
LeaveCriticalSection
EnterCriticalSection
GetSystemInfo
VerifyVersionInfoW
VerSetConditionMask
GetVersionExW
DecodePointer
GetModuleHandleW
DeleteCriticalSection
InitializeCriticalSectionEx
RaiseException
LocalFree
MultiByteToWideChar
WideCharToMultiByte
CopyFileW
MoveFileExW
GetLastError
GetTempPathW
GetProcAddress
FreeLibrary
LoadLibraryW
Sleep
GetOEMCP
GetACP
RtlUnwind
IsValidCodePage
FindFirstFileExW
GetFullPathNameW
HeapReAlloc
SetStdHandle
SetFilePointerEx
GetConsoleCP
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
HeapFree
HeapAlloc
SetConsoleCtrlHandler
ExitProcess
PeekNamedPipe
GetDriveTypeW
GetModuleHandleExW
LoadLibraryExW
InterlockedFlushSList
InterlockedPushEntrySList
RtlPcToFileHeader
RtlUnwindEx
OutputDebugStringW
IsDebuggerPresent
InitializeSListHead
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WaitForSingleObjectEx
GetCPInfo
GetLocaleInfoW
LCMapStringW
CompareStringW
EncodePointer
GetStringTypeW
SwitchToThread

user32

GetProcessWindowStation
GetUserObjectInformationW
MessageBoxW

advapi32

RegSetValueExW
RegCloseKey
RegEnumKeyExW
RegQueryValueExW
IsTextUnicode
CryptEnumProvidersW
CryptSignHashW
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
ReportEventW
RegisterEventSourceW
DeregisterEventSource
CryptGenRandom
CryptAcquireContextA
CryptDestroyHash
CryptReleaseContext
CryptCreateHash
CryptAcquireContextW
GetSidSubAuthority
GetSidSubAuthorityCount
FreeSid
ConvertStringSidToSidW
ConvertSidToStringSidW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
OpenThreadToken
RegUnLoadKeyW
GetExplicitEntriesFromAclW
RegSaveKeyW
RegRestoreKeyW
RegQueryInfoKeyW
RegLoadAppKeyW
RegLoadKeyW
RegEnumValueW
RegEnumKeyW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
TreeSetNamedSecurityInfoW
SetSecurityInfo
GetSecurityInfo
SetNamedSecurityInfoW
GetNamedSecurityInfoW
SetEntriesInAclW
DeleteAce
AllocateAndInitializeSid
RegOpenKeyExW

shell32

SHGetFolderPathW

ole32

CoInitializeEx
CoUninitialize
CoCreateInstance

oleaut32

SysFreeString
VariantChangeType
VariantClear
VariantInit
SysAllocString

mpr

WNetGetConnectionW

netapi32

NetWkstaGetInfo
NetApiBufferFree

sfc

SfcIsFileProtected

bcrypt

BCryptDestroyKey
BCryptGetProperty
BCryptFinishHash
BCryptCreateHash
BCryptHashData
BCryptImportKeyPair
BCryptDestroyHash
BCryptCloseAlgorithmProvider
BCryptVerifySignature
BCryptGenRandom
BCryptOpenAlgorithmProvider

ws2_32

recv
WSAStartup
WSACleanup
closesocket
send
WSASetLastError
WSAGetLastError

crypt32

CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty

Exports

Exports

DoFullUpdate
DoIncrementalUpdate
RollbackUpdate
TestApplyDeltaUpdate

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 910KB - Virtual size: 910KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 91KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TestDBUpdate.exe
.exe windows x64

bf015fa2158c5de7bbad84b4c348e628

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

LoadLibraryA
GetProcAddress
FreeLibrary
WriteConsoleW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
RtlPcToFileHeader
RaiseException
GetLastError
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
GetStdHandle
WriteFile
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
GetCommandLineA
GetCommandLineW
HeapAlloc
HeapFree
CompareStringW
LCMapStringW
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetStringTypeW
GetProcessHeap
FlushFileBuffers
GetConsoleCP
GetConsoleMode
HeapSize
HeapReAlloc
CloseHandle
SetFilePointerEx
CreateFileW

Sections

.text
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cfg.bin
dbdelta.dfc
dbdeltaV4.dfc
dbdeltaV5.dfc
dbmanifest2.dat
dynconfig.dat
exclusions.txt
expapply64.dll
.dll windows x64

00a3ad8febd896e65e8ee1d066681090

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

12:fb:e8:4b:c7:d6:af:2d:d4:2d:21:cc:82:c5:28:85
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

15/09/2016, 00:00

Not After

15/10/2017, 23:59

Subject

CN=Pocket Soft\, Inc.,O=Pocket Soft\, Inc.,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mpr

WNetGetConnectionA
WNetGetConnectionW
WNetAddConnection2A
WNetCancelConnection2A

kernel32

LoadLibraryA
IsBadReadPtr
GetFileSize
DeleteCriticalSection
GlobalMemoryStatus
GetLastError
GetDriveTypeA
lstrlenA
GetEnvironmentVariableA
GetTempPathA
SetErrorMode
MoveFileW
MoveFileA
GetFileAttributesW
GetFileAttributesA
GetFullPathNameW
GetFullPathNameA
CreateFileW
CreateFileA
ReleaseMutex
lstrcpyA
GetDiskFreeSpaceW
GetDiskFreeSpaceA
GetLogicalDrives
lstrcmpiA
SetFileAttributesW
SetFileAttributesA
SetFileTime
SetEndOfFile
SetFilePointer
CreateDirectoryW
CreateDirectoryA
RemoveDirectoryW
RemoveDirectoryA
DeviceIoControl
GetProcAddress
DeleteFileW
DeleteFileA
GetCurrentProcessId
GetVolumeInformationW
GetDriveTypeW
GetModuleHandleA
GetComputerNameW
GetComputerNameA
CreateMutexA
CopyFileW
CopyFileA
GlobalAlloc
GlobalFree
GlobalSize
GlobalReAlloc
GetLocalTime
GetProfileStringW
GetPrivateProfileStringW
LocalFree
LocalAlloc
GetCurrentThread
MoveFileExW
GetFileInformationByHandle
GetSystemDirectoryW
GetWindowsDirectoryW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
ReadFile
WriteFile
GetLocaleInfoW
WriteConsoleW
SetConsoleCtrlHandler
GetConsoleOutputCP
WriteConsoleA
FreeLibrary
GetModuleFileNameA
Sleep
InitializeCriticalSection
FindResourceA
LoadResource
LockResource
EnterCriticalSection
LeaveCriticalSection
SetEnvironmentVariableW
GetCurrentDirectoryW
SetCurrentDirectoryW
GetEnvironmentVariableW
GetStdHandle
CreateProcessW
CloseHandle
WaitForSingleObject
GetExitCodeProcess
GetVersion
WideCharToMultiByte
FindFirstFileA
MultiByteToWideChar
FindClose
FindFirstFileW
FindNextFileA
FindNextFileW
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetTimeZoneInformation
GetCurrentProcess
FlushFileBuffers
HeapAlloc
HeapFree
HeapReAlloc
GetCurrentThreadId
FlsSetValue
GetCommandLineA
GetVersionExA
GetProcessHeap
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
FlsGetValue
TlsAlloc
TlsFree
FlsFree
SetLastError
TlsSetValue
FlsAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry
ExitProcess
HeapSetInformation
HeapCreate
HeapDestroy
HeapSize
LCMapStringA
LCMapStringW
RtlUnwindEx
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
FatalAppExitA
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetStringTypeA
GetStringTypeW
GetDateFormatA
GetTimeFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetConsoleCP
GetConsoleMode
SetStdHandle

user32

CharUpperA
LoadStringA
LoadStringW
CharUpperW

advapi32

GetAclInformation
GetEffectiveRightsFromAclA
GetAce
RegCloseKey
OpenThreadToken
DuplicateToken
AllocateAndInitializeSid
GetLengthSid
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
IsValidSecurityDescriptor
AccessCheck
FreeSid
RegQueryValueExW
RegOpenKeyExW
GetTokenInformation
GetSidSubAuthorityCount
GetSidLengthRequired
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
GetSecurityDescriptorOwner
IsValidSid
GetSecurityDescriptorGroup
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
GetFileSecurityW
SetFileSecurityW
GetSecurityInfo

Exports

Exports

ExaPatchApplyClose
ExaPatchApplyCloseStream
ExaPatchApplyDoEntireFile
ExaPatchApplyDoEntry
ExaPatchApplyDoEntryRaw
ExaPatchApplyFinishEntry
ExaPatchApplyFinishFile
ExaPatchApplyFreeParsedEntry
ExaPatchApplyFreeParsedHeader
ExaPatchApplyGetVersion
ExaPatchApplyOpen
ExaPatchApplyOpenFileArrayAsStreamA
ExaPatchApplyOpenFileArrayAsStreamW
ExaPatchApplyParseEntryInfo
ExaPatchApplySelectPatch
ExaPatchApplySetBuffering
ExaPatchApplySetTempDir
ExaPatchApplyStartEntry
ExaPatchApplyStartFile
ExaPatchApplyVerifyFile

Sections

.text
Size: 290KB - Virtual size: 289KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mbdigsig2.dat
mbupdatr.exe
.exe windows x64

3effdfecf27b951f3bec6e943555cc58

Code Sign

0d:36:ab:08:05:ba:94:50:22:0f:86:5c:58:91:8f:52
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/05/2020, 00:00

Not After

20/05/2022, 12:00

Subject

SERIALNUMBER=5430750,CN=Malwarebytes Inc,O=Malwarebytes Inc,L=Santa Clara,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

27:ea:61:7c:17:65:fd:c5:c6:db:b2:4c:7c:33:f2:05:79:c3:d3:8d:57:4a:10:c0:5c:4c:6c:a4:71:f3:10:ac
Signer

Actual PE Digest

27:ea:61:7c:17:65:fd:c5:c6:db:b2:4c:7c:33:f2:05:79:c3:d3:8d:57:4a:10:c0:5c:4c:6c:a4:71:f3:10:ac

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=5430750,CN=Malwarebytes Inc,O=Malwarebytes Inc,L=Santa Clara,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

21/03/2022, 14:55
Valid: true

Chain 1

SERIALNUMBER=5430750,CN=Malwarebytes Inc,O=Malwarebytes Inc,L=Santa Clara,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

iphlpapi

GetAdaptersInfo

crypt32

CertEnumCertificatesInStore
CertOpenSystemStoreW
CertGetCertificateContextProperty
CertFreeCertificateChain
CertVerifyCertificateChainPolicy
CertGetCertificateChain
CertGetIssuerCertificateFromStore
CertCreateCertificateContext
CertFreeCertificateContext
CertCompareCertificateName
CertDuplicateCertificateContext
CertAddCertificateContextToStore
CertOpenStore
CertCloseStore
CertFindCertificateInStore

kernel32

GetSystemTime
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
FileTimeToSystemTime
SetFilePointer
GetFileInformationByHandle
FindNextFileW
FindClose
DeviceIoControl
GetFileSize
FindFirstFileW
GetFileAttributesW
GetFileAttributesExW
CreateDirectoryW
SetFileAttributesW
DeleteFileW
GetDriveTypeW
GetSystemWindowsDirectoryW
ExpandEnvironmentStringsW
OutputDebugStringW
QueryPerformanceFrequency
QueryPerformanceCounter
SetLastError
GetModuleHandleA
GetStdHandle
GetCurrentDirectoryW
GetVersionExA
GetSystemTimeAsFileTime
ResetEvent
ReleaseMutex
CreateMutexW
InitializeCriticalSectionAndSpinCount
GetStartupInfoW
SetThreadPriority
GetExitCodeThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
GetEnvironmentVariableW
SetEnvironmentVariableW
SystemTimeToFileTime
SwitchToFiber
DeleteFiber
CreateFiber
GetFileType
ConvertFiberToThread
ConvertThreadToFiber
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
WriteConsoleW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
SetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GlobalFree
GlobalAlloc
GetCurrentThread
GetLogicalDriveStringsW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetCurrentProcessId
LeaveCriticalSection
EnterCriticalSection
GetLongPathNameW
GetWindowsDirectoryW
FlushFileBuffers
QueryDosDeviceW
RemoveDirectoryW
GetSystemInfo
GetVersionExW
GetModuleHandleW
MultiByteToWideChar
WideCharToMultiByte
WriteFile
ReadFile
SetEndOfFile
SetFilePointerEx
CopyFileW
GetTempPathW
ProcessIdToSessionId
GetCurrentProcess
MoveFileW
CreateThread
SetEvent
GetModuleFileNameW
CreateEventW
GetExitCodeProcess
CreateProcessW
GetProcessId
CallNamedPipeW
VerifyVersionInfoW
VerSetConditionMask
GetProcessHeap
FormatMessageW
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetCurrentThreadId
DecodePointer
DeleteCriticalSection
InitializeCriticalSectionEx
RaiseException
LocalFree
LocalAlloc
CreateFileW
FreeLibrary
GetProcAddress
LoadLibraryW
CloseHandle
WaitForSingleObject
TerminateProcess
WaitForMultipleObjects
OpenProcess
GetSystemDirectoryW
MoveFileExW
GetLastError
GetTickCount
Sleep
RtlUnwind
GetDateFormatW
GetConsoleCP
GetCommandLineW
GetCommandLineA
SetConsoleCtrlHandler
ExitProcess
PeekNamedPipe
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
RtlPcToFileHeader
InterlockedPushEntrySList
RtlUnwindEx
IsDebuggerPresent
InitializeSListHead
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WaitForSingleObjectEx
GetCPInfo
GetLocaleInfoW
LCMapStringW
CompareStringW
EncodePointer
GetFullPathNameW
FindFirstFileExW
GetStringTypeW
GetLocalTime
SwitchToThread

user32

GetProcessWindowStation
CloseWindowStation
OpenWindowStationW
wsprintfW
OpenInputDesktop
SetProcessWindowStation
MessageBoxW
GetUserObjectInformationW
CloseDesktop

advapi32

AllocateAndInitializeSid
RegCloseKey
CloseServiceHandle
OpenSCManagerW
OpenServiceW
QueryServiceStatusEx
StartServiceW
QueryServiceStatus
CreateServiceW
DeleteService
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerExW
SetServiceStatus
RegQueryValueExW
RegEnumKeyExW
RegOpenKeyW
RegCreateKeyExW
RegSetValueExW
CryptEnumProvidersW
CryptSignHashW
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
ReportEventW
RegisterEventSourceW
DeregisterEventSource
CryptGenRandom
CryptAcquireContextA
GetSidSubAuthority
GetSidSubAuthorityCount
ConvertStringSidToSidW
ConvertSidToStringSidW
RegUnLoadKeyW
RegSaveKeyW
RegRestoreKeyW
RegQueryInfoKeyW
RegLoadAppKeyW
RegLoadKeyW
RegEnumValueW
RegEnumKeyW
RegDeleteValueW
RegDeleteKeyW
TreeSetNamedSecurityInfoW
SetSecurityInfo
GetSecurityInfo
SetNamedSecurityInfoW
GetNamedSecurityInfoW
SetEntriesInAclW
DeleteAce
GetExplicitEntriesFromAclW
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptReleaseContext
CryptCreateHash
CryptAcquireContextW
IsTextUnicode
FreeSid
ControlService
OpenThreadToken
CreateProcessAsUserW
DuplicateTokenEx
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
ChangeServiceConfigA
RegOpenKeyExW

shell32

SHGetFolderPathW

ole32

CoUninitialize
CoInitializeEx
CoGetClassObject
CoCreateInstance
CoInitializeSecurity
CoSetProxyBlanket

oleaut32

SysStringLen
VariantClear
SysFreeString
SysAllocString
SystemTimeToVariantTime
VariantTimeToSystemTime
VariantInit

mpr

WNetGetConnectionW

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW
WTSEnumerateSessionsW
WTSQueryUserToken

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

netapi32

NetApiBufferFree
NetWkstaGetInfo

setupapi

SetupFindNextLine
SetupGetIntField
SetupGetStringFieldW
SetupFindFirstLineW
SetupGetMultiSzFieldW
SetupGetLineTextW
SetupOpenInfFileW
SetupCloseInfFile

wintrust

CryptCATAdminRemoveCatalog
CryptCATAdminReleaseContext
CryptCATAdminReleaseCatalogContext
CryptCATAdminAddCatalog
CryptCATAdminAcquireContext

sfc

SfcIsFileProtected

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

psapi

GetProcessImageFileNameW

bcrypt

BCryptCloseAlgorithmProvider
BCryptDestroyHash
BCryptImportKeyPair
BCryptHashData
BCryptDestroyKey
BCryptGetProperty
BCryptVerifySignature
BCryptOpenAlgorithmProvider
BCryptGenRandom
BCryptCreateHash
BCryptFinishHash

ws2_32

WSARecvFrom
WSASend
WSASendTo
WSAPoll
inet_addr
WSARecv
getaddrinfo
freeaddrinfo
WSASetLastError
shutdown
setsockopt
sendto
send
recvfrom
recv
listen
socket
getsockopt
getsockname
getpeername
ioctlsocket
connect
closesocket
bind
accept
ntohs
htons
WSACleanup
WSAStartup
WSAGetLastError
ntohl

Sections

.text
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 65KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 139KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mbupdatrV5.exe
.exe windows x64

d457018a5477764de3fc0b0b366cbcd8

Code Sign

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/03/2019, 00:00

Not After

31/12/2028, 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a6:57:f7:78:b3:1a:e5:23:d6:67:13:17:18:d1:6e:b2
Certificate

Issuer

CN=Sectigo RSA Code Signing CA 2,O=Sectigo Limited,C=GB

Not Before

23/03/2022, 00:00

Not After

16/03/2025, 23:59

Subject

CN=Malwarebytes Inc.,O=Malwarebytes Inc.,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

9e:02:b0:e9:4a:ce:b2:10:9c:a1:e9:83:6b:e0:c2:db
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

25/05/2021, 00:00

Not After

24/05/2036, 23:59

Subject

CN=Sectigo RSA Code Signing CA 2,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

54:98:d2:d1:d4:5b:19:95:48:13:79:c8:11:c0:87:99
Certificate

Issuer

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Not Before

16/04/2020, 18:36

Not After

16/04/2045, 18:44

Subject

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:33:8b:62:05:4a:6f:5f:25:21:c8:00:00:00:00:33:8b
Certificate

Issuer

CN=Microsoft ID Verified CS AOC CA 02,O=Microsoft Corporation,C=US

Not Before

21/09/2022, 13:03

Not After

24/09/2022, 13:03

Subject

CN=Malwarebytes Inc,O=Malwarebytes Inc,L=Santa Clara,ST=CA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:00:00:33:8b:62:05:4a:6f:5f:25:21:c8:00:00:00:00:33:8b
Certificate

Issuer

CN=Microsoft ID Verified CS AOC CA 02,O=Microsoft Corporation,C=US

Not Before

21/09/2022, 13:03

Not After

24/09/2022, 13:03

Subject

CN=Malwarebytes Inc,O=Malwarebytes Inc,L=Santa Clara,ST=CA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:00:00:00:04:96:50:4b:d2:db:ee:cb:88:00:00:00:00:00:04
Certificate

Issuer

CN=Microsoft ID Verified Code Signing PCA 2021,O=Microsoft Corporation,C=US

Not Before

13/04/2021, 17:31

Not After

13/04/2026, 17:31

Subject

CN=Microsoft ID Verified CS AOC CA 02,O=Microsoft Corporation,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:07:87:a3:34:a3:7b:a5:8e:1c:00:00:00:00:00:07
Certificate

Issuer

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Not Before

01/04/2021, 20:05

Not After

01/04/2036, 20:15

Subject

CN=Microsoft ID Verified Code Signing PCA 2021,O=Microsoft Corporation,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

54:d8:51:80:72:ad:ae:4d:80:93:dc:0e:0c:72:18:0c:40:19:a9:f1:53:61:19:30:d9:82:61:f2:53:75:47:8f
Signer

Actual PE Digest

54:d8:51:80:72:ad:ae:4d:80:93:dc:0e:0c:72:18:0c:40:19:a9:f1:53:61:19:30:d9:82:61:f2:53:75:47:8f

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Malwarebytes Inc,O=Malwarebytes Inc,L=Santa Clara,ST=CA,C=US

24/10/2022, 15:52
Valid: false

54:d8:51:80:72:ad:ae:4d:80:93:dc:0e:0c:72:18:0c:40:19:a9:f1:53:61:19:30:d9:82:61:f2:53:75:47:8f
Signer

Actual PE Digest

54:d8:51:80:72:ad:ae:4d:80:93:dc:0e:0c:72:18:0c:40:19:a9:f1:53:61:19:30:d9:82:61:f2:53:75:47:8f

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Malwarebytes Inc.,O=Malwarebytes Inc.,ST=California,C=US

24/10/2022, 15:52
Valid: true

Chain 1

CN=Malwarebytes Inc.,O=Malwarebytes Inc.,ST=California,C=US

CN=Sectigo RSA Code Signing CA 2,O=Sectigo Limited,C=GB

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Chain 2

CN=Malwarebytes Inc.,O=Malwarebytes Inc.,ST=California,C=US

CN=Sectigo RSA Code Signing CA 2,O=Sectigo Limited,C=GB

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

crypt32

CertVerifyCertificateChainPolicy
CertGetCertificateChain
CertGetIssuerCertificateFromStore
CertCreateCertificateContext
CertFreeCertificateChain
CertCompareCertificateName
CertDuplicateCertificateContext
CertAddCertificateContextToStore
CertOpenStore
CertFindCertificateInStore
CertFreeCertificateContext
CertCloseStore
CertGetCertificateContextProperty
CertEnumCertificatesInStore
CertOpenSystemStoreW

iphlpapi

GetAdaptersInfo

kernel32

QueryDosDeviceW
FlushFileBuffers
GetLongPathNameW
CreateToolhelp32Snapshot
Module32FirstW
VirtualQueryEx
Process32FirstW
Process32NextW
GetLogicalDriveStringsW
GetCurrentThread
GlobalAlloc
GlobalFree
GetLocalTime
GetSystemTime
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
FileTimeToSystemTime
GetFileSizeEx
GetFileInformationByHandle
FindNextFileW
FindClose
DeviceIoControl
SetFileInformationByHandle
FindResourceW
SizeofResource
LoadResource
LockResource
FindFirstFileW
GetFileAttributesW
GetFileAttributesExW
SetFileAttributesW
GetDriveTypeW
GetSystemWindowsDirectoryW
GetFileSize
ExpandEnvironmentStringsW
OutputDebugStringW
QueryPerformanceFrequency
QueryPerformanceCounter
SetFileTime
SetLastError
GetModuleHandleA
GetStdHandle
GetCurrentDirectoryW
GetVersionExA
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
ResetEvent
ReleaseMutex
CreateMutexW
GetStartupInfoW
SetThreadPriority
GetExitCodeThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
SetEnvironmentVariableW
SystemTimeToFileTime
SwitchToFiber
DeleteFiber
CreateFiber
GetFileType
ConvertFiberToThread
ConvertThreadToFiber
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
WriteConsoleW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
SetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetSystemInfo
VerifyVersionInfoW
VerSetConditionMask
GetVersionExW
MultiByteToWideChar
WideCharToMultiByte
SetFilePointer
CreateDirectoryW
RemoveDirectoryW
DeleteFileW
CreateNamedPipeW
GetNamedPipeServerProcessId
GetTickCount64
OpenEventW
GetWindowsDirectoryW
GetEnvironmentVariableW
GetModuleHandleW
PeekNamedPipe
ResumeThread
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
DeleteProcThreadAttributeList
MapViewOfFile
OpenFileMappingW
CreateFileMappingW
GetProcessTimes
UnmapViewOfFile
EnterCriticalSection
LeaveCriticalSection
GetCurrentProcessId
WriteFile
SetEndOfFile
SetFilePointerEx
CopyFileW
GetTempPathW
ReadFile
ProcessIdToSessionId
GetCurrentProcess
MoveFileW
CreateThread
SetEvent
GetModuleFileNameW
CreateEventW
GetExitCodeProcess
CreateProcessW
GetProcessId
CallNamedPipeW
GetProcessHeap
FormatMessageW
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetCurrentThreadId
FreeLibrary
CreateFileW
LoadLibraryW
GetProcAddress
LocalFree
LocalAlloc
TerminateProcess
OpenProcess
MoveFileExW
GetTickCount
WaitForMultipleObjects
WaitForSingleObject
CloseHandle
GetSystemDirectoryW
DecodePointer
DeleteCriticalSection
InitializeCriticalSectionEx
GetLastError
RaiseException
Sleep
SwitchToThread
GetDateFormatW
GetConsoleCP
GetCommandLineW
GetCommandLineA
SetConsoleCtrlHandler
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
RtlPcToFileHeader
InterlockedPushEntrySList
RtlUnwindEx
IsDebuggerPresent
InitializeSListHead
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WaitForSingleObjectEx
GetCPInfo
GetLocaleInfoW
LCMapStringW
CompareStringW
EncodePointer
GetFullPathNameW
FindFirstFileExW
GetStringTypeW
RtlUnwind

user32

CloseDesktop
CharUpperW
OpenInputDesktop
MessageBoxW
CloseWindowStation
SetProcessWindowStation
GetProcessWindowStation
OpenWindowStationW
GetUserObjectInformationW
wsprintfW

advapi32

RegCloseKey
CloseServiceHandle
OpenSCManagerW
OpenServiceW
QueryServiceStatusEx
StartServiceW
QueryServiceStatus
CreateServiceW
DeleteService
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerExW
SetServiceStatus
RegQueryValueExW
RegEnumKeyExW
RegOpenKeyW
RegCreateKeyExW
CryptEnumProvidersW
CryptSignHashW
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
ReportEventW
RegisterEventSourceW
DeregisterEventSource
CryptGenRandom
CryptAcquireContextA
GetSidSubAuthority
GetSidSubAuthorityCount
ConvertStringSidToSidW
ConvertSidToStringSidW
RegUnLoadKeyW
RegSaveKeyW
RegRestoreKeyW
RegQueryInfoKeyW
RegLoadAppKeyW
RegLoadKeyW
RegEnumValueW
RegEnumKeyW
RegDeleteValueW
RegDeleteKeyW
TreeSetNamedSecurityInfoW
SetSecurityInfo
GetSecurityInfo
SetNamedSecurityInfoW
GetNamedSecurityInfoW
SetEntriesInAclW
DeleteAce
GetExplicitEntriesFromAclW
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptReleaseContext
CryptCreateHash
CryptAcquireContextW
IsTextUnicode
FreeSid
AllocateAndInitializeSid
OpenThreadToken
ChangeServiceConfig2A
RegSetValueExW
CreateProcessAsUserW
DuplicateTokenEx
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
ChangeServiceConfigA
ControlService
RegOpenKeyExW

shell32

SHGetFolderPathW

ole32

CoUninitialize
CoInitializeEx
CoGetClassObject
CoCreateInstance
CoInitializeSecurity
CoSetProxyBlanket
PropVariantClear

oleaut32

SystemTimeToVariantTime
VariantTimeToSystemTime
VariantInit
VariantClear
SysStringLen
SysAllocStringLen
SysAllocString
SysFreeString

mpr

WNetGetConnectionW

shlwapi

StrDupW

wtsapi32

WTSEnumerateSessionsW
WTSQuerySessionInformationW
WTSQueryUserToken
WTSFreeMemory

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

rpcrt4

UuidCreate

netapi32

NetApiBufferFree
NetWkstaGetInfo

setupapi

SetupGetLineTextW
SetupFindFirstLineW
SetupGetStringFieldW
SetupOpenInfFileW
SetupGetIntField
SetupGetMultiSzFieldW
SetupFindNextLine
SetupCloseInfFile

wintrust

CryptCATAdminReleaseCatalogContext
CryptCATAdminReleaseContext
CryptCATAdminAcquireContext
CryptCATAdminAddCatalog
CryptCATAdminRemoveCatalog

sfc

SfcIsFileProtected

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

psapi

GetProcessImageFileNameW

bcrypt

BCryptDestroyHash
BCryptImportKeyPair
BCryptOpenAlgorithmProvider
BCryptVerifySignature
BCryptGetProperty
BCryptCloseAlgorithmProvider
BCryptFinishHash
BCryptDestroyKey
BCryptCreateHash
BCryptGenRandom
BCryptHashData

ws2_32

socket
WSARecv
getsockname
WSASend
WSASendTo
WSAPoll
inet_addr
ntohl
getaddrinfo
freeaddrinfo
recvfrom
shutdown
getpeername
ioctlsocket
connect
closesocket
bind
accept
ntohs
htons
setsockopt
sendto
WSACleanup
getsockopt
recv
WSASetLastError
listen
WSAStartup
WSAGetLastError
WSARecvFrom
send

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 74KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 146KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 922KB - Virtual size: 922KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
starfieldclass2.cer
starfieldrootcag2_new.cer
version.dat

Sharing

General

Malware Config

Signatures

Files

e0275cdf389c94a15702492ca6835fe5

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

08:a2:ec:4e:78:a0:9e:17:4b:19:2e:55:35:98:4b:59Certificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

0b:72:31:03:3a:58:68:53:bf:a7:a4:1a:d6:4b:ff:02Certificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

8f:23:90:cc:81:57:f5:b8:19:a3:d4:f6:ee:aa:b2:c1:b5:b1:f4:3b:50:0c:8b:16:6f:0d:00:93:83:61:7b:4bSigner

Signature Validations

Verification

27/11/2019, 18:15 Valid: true

Chain 1

e9:e6:7f:bd:35:55:fa:88:46:39:04:96:8f:a4:f6:69:80:30:b5:9dSigner

Signature Validations

Verification

27/11/2019, 18:14 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

expapply64

kernel32

user32

advapi32

shell32

ole32

oleaut32

netapi32

ws2_32

crypt32

Exports

Exports

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 677KB - Virtual size: 676KB

.data Size: 64KB - Virtual size: 81KB

.pdata Size: 72KB - Virtual size: 71KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 24KB - Virtual size: 24KB

c10dbb1577c2a9d59a8881862e45d222

Code Sign

0d:36:ab:08:05:ba:94:50:22:0f:86:5c:58:91:8f:52Certificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

7a:ee:22:26:a3:17:0e:d4:67:be:e1:14:16:97:b3:ea:e1:67:31:6e:ca:4f:00:ec:14:69:50:64:21:9c:aa:65Signer

Signature Validations

Verification

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

08:a2:ec:4e:78:a0:9e:17:4b:19:2e:55:35:98:4b:59
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

0b:72:31:03:3a:58:68:53:bf:a7:a4:1a:d6:4b:ff:02
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

8f:23:90:cc:81:57:f5:b8:19:a3:d4:f6:ee:aa:b2:c1:b5:b1:f4:3b:50:0c:8b:16:6f:0d:00:93:83:61:7b:4b
Signer

27/11/2019, 18:15
Valid: true

e9:e6:7f:bd:35:55:fa:88:46:39:04:96:8f:a4:f6:69:80:30:b5:9d
Signer

27/11/2019, 18:14
Valid: false

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 677KB - Virtual size: 676KB

.data
Size: 64KB - Virtual size: 81KB

.pdata
Size: 72KB - Virtual size: 71KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 24KB - Virtual size: 24KB

0d:36:ab:08:05:ba:94:50:22:0f:86:5c:58:91:8f:52
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

7a:ee:22:26:a3:17:0e:d4:67:be:e1:14:16:97:b3:ea:e1:67:31:6e:ca:4f:00:ec:14:69:50:64:21:9c:aa:65
Signer

17/03/2022, 21:14
Valid: true

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 909KB - Virtual size: 909KB

.data
Size: 35KB - Virtual size: 57KB

.pdata
Size: 91KB - Virtual size: 91KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 29KB - Virtual size: 29KB

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

a6:57:f7:78:b3:1a:e5:23:d6:67:13:17:18:d1:6e:b2
Certificate

9e:02:b0:e9:4a:ce:b2:10:9c:a1:e9:83:6b:e0:c2:db
Certificate

54:98:d2:d1:d4:5b:19:95:48:13:79:c8:11:c0:87:99
Certificate

33:00:00:2c:cd:3a:79:18:b9:47:89:a9:a4:00:00:00:00:2c:cd
Certificate

33:00:00:2c:cd:3a:79:18:b9:47:89:a9:a4:00:00:00:00:2c:cd
Certificate

33:00:00:00:07:37:8c:5b:a1:d9:5b:8c:d4:00:00:00:00:00:07
Certificate

33:00:00:00:07:87:a3:34:a3:7b:a5:8e:1c:00:00:00:00:00:07
Certificate

5b:ef:1f:8c:c4:f5:b8:9b:7f:c2:77:7f:19:85:c8:e7:63:f5:b6:89:cc:64:fb:6f:d3:4e:d7:e3:d0:5c:9e:8a
Signer

24/10/2022, 15:52
Valid: false

5b:ef:1f:8c:c4:f5:b8:9b:7f:c2:77:7f:19:85:c8:e7:63:f5:b6:89:cc:64:fb:6f:d3:4e:d7:e3:d0:5c:9e:8a
Signer

24/10/2022, 15:52
Valid: true