FortiClientVPNSetup_6[.]4[.]6[.]1658_x64[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

FortiClientVPNSetup_6.4.6.1658_x64.exe
Size

117.5MB
MD5

39ff03bd5446c9f98185dc8d6b181221
SHA1

1bc79603a8823cb143ef0844aa12077fadcb7ec0
SHA256

42d0edbb6ad47bbf8333c7b146836b3f3a18ecf27f89ddb0b2462f09b3f89c3a
SHA512

b0a977ecd9de7ae27ddce94f874603d0955b4bcc1a35a2af645caef89d9b58273c35585ea23d56eb49762b8b0b62896dcbefc2b79b4d7fb947e0680b1fa18e8a
SSDEEP

1572864:GzLxQnPG+pRTDQwNRQU9jsq61rn4ONuN7ec57IWL8eT3SsVnWHU84vhpL:GzFmr/NdjsH4ONvc57IWIWS0nW+3

Score

N/A

Malware Config

Signatures

Files

FortiClientVPNSetup_6.4.6.1658_x64.exe
.exe windows x86

911d4873eb3b3b3fed9117a6a522800e

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:62:df:fe:c6:e9:33:2b:fa:93:b2:f1:87:86:36:42
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

07-06-2021 00:00

Not After

09-07-2024 23:59

Subject

CN=Fortinet Technologies (Canada) ULC,O=Fortinet Technologies (Canada) ULC,L=Burnaby,ST=British Columbia,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-01-2021 00:00

Not After

06-01-2031 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1f:50:5c:bd:54:98:bd:d3:9e:19:6d:7e:72:59:1d:46:d7:b0:22:d8:55:e9:8c:62:57:d7:49:40:e6:f7:01:38
Signer

Actual PE Digest

1f:50:5c:bd:54:98:bd:d3:9e:19:6d:7e:72:59:1d:46:d7:b0:22:d8:55:e9:8c:62:57:d7:49:40:e6:f7:01:38

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Fortinet Technologies (Canada) ULC,O=Fortinet Technologies (Canada) ULC,L=Burnaby,ST=British Columbia,C=CA

13-07-2021 21:15
Valid: true

Chain 1

CN=Fortinet Technologies (Canada) ULC,O=Fortinet Technologies (Canada) ULC,L=Burnaby,ST=British Columbia,C=CA

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

ntohs
ioctlsocket
getsockname
getsockopt
gethostbyname
WSAStartup
WSAAddressToStringA
WSAGetLastError
getnameinfo
recv
send
WSASetLastError
accept
bind
closesocket
connect
listen
setsockopt
socket
getaddrinfo
WSACleanup
freeaddrinfo
ntohl

rpcrt4

UuidCreate

crypt32

CertGetCertificateContextProperty
CertNameToStrW
CertGetNameStringW
CryptQueryObject
CertGetCertificateChain
CertFindCertificateInStore
CryptProtectData
CryptUnprotectData
CryptProtectMemory
CertOpenStore
CertEnumCertificatesInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertCloseStore
CertFreeCertificateChain
CryptUnprotectMemory
CryptMsgClose
CryptMsgGetParam

userenv

LoadUserProfileW
UnloadUserProfile
CreateEnvironmentBlock
DestroyEnvironmentBlock

wtsapi32

WTSEnumerateSessionsW
WTSEnumerateProcessesW
WTSQuerySessionInformationW
WTSFreeMemory

msi

ord137
ord141
ord205
ord173
ord113
ord118
ord169
ord158
ord160
ord159
ord32
ord70
ord8
ord111
ord88
ord190
ord175
ord43
ord78
ord151
ord150
ord92

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

shlwapi

SHCopyKeyW
SHDeleteKeyW
PathIsDirectoryW
PathBuildRootW
PathGetDriveNumberW
PathMatchSpecW

psapi

GetModuleFileNameExW
EnumProcesses

kernel32

DeviceIoControl
Sleep
TlsAlloc
TlsGetValue
TlsSetValue
GetSystemDirectoryW
GetWindowsDirectoryW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetModuleFileNameW
WideCharToMultiByte
SetEvent
GetCurrentProcessId
WriteFile
SetNamedPipeHandleState
WaitNamedPipeW
GetOverlappedResult
ResetEvent
ReleaseMutex
WaitForSingleObject
CreateMutexW
CreateEventW
WaitForMultipleObjects
CopyFileW
VerSetConditionMask
GetSystemInfo
VerifyVersionInfoW
OpenProcess
FindFirstVolumeW
FindNextVolumeW
FindVolumeClose
GetLogicalDrives
GetLongPathNameW
GetVolumePathNameW
QueryDosDeviceW
GetVolumeNameForVolumeMountPointW
SetLastError
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
TerminateProcess
OpenThread
ReadProcessMemory
lstrlenW
FindFirstVolumeMountPointW
FindNextVolumeMountPointW
FindVolumeMountPointClose
FreeLibrary
Process32FirstW
Process32NextW
GetCurrentThread
QueryPerformanceCounter
MultiByteToWideChar
OpenEventW
CreateProcessW
ProcessIdToSessionId
WTSGetActiveConsoleSessionId
GetACP
SetThreadLocale
GetUserDefaultUILanguage
GetSystemDirectoryA
CreateDirectoryW
RemoveDirectoryW
SetFileAttributesW
GetTempPathW
CreateFileA
SetFilePointer
DebugBreak
OutputDebugStringA
OutputDebugStringW
GetModuleFileNameA
lstrlenA
GetFileInformationByHandle
GetFileTime
SetFileTime
GlobalAlloc
GlobalFree
GetTempPathA
LoadLibraryExW
LoadResource
LockResource
SizeofResource
FindResourceExA
EnumResourceLanguagesW
CreateDirectoryA
GetFullPathNameW
FindFirstFileA
FindNextFileA
GetFileAttributesA
LocalFileTimeToFileTime
SetFileAttributesA
FileTimeToDosDateTime
DosDateTimeToFileTime
LoadLibraryA
GetCommandLineW
ExitProcess
GetExitCodeProcess
CreateThread
FormatMessageW
FindResourceA
FindResourceW
GlobalFindAtomW
MoveFileW
CompareStringW
SetEnvironmentVariableW
lstrcmpW
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
SetWaitableTimer
TerminateThread
CreateWaitableTimerW
GetModuleHandleExW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
TlsFree
GetStdHandle
GetFileType
SwitchToFiber
DeleteFiber
CreateFiber
GetSystemTimeAsFileTime
ConvertFiberToThread
ConvertThreadToFiber
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
GetVersionExW
GetTickCount
DeleteCriticalSection
InitializeCriticalSectionEx
GetLastError
RaiseException
CloseHandle
DecodePointer
CreateFileW
GetProcAddress
GetModuleHandleW
GetCurrentProcess
GetFullPathNameA
GetFileSizeEx
GetVolumeInformationW
SetEndOfFile
GetStringTypeW
FindFirstFileExW
GetDiskFreeSpaceExW
AreFileApisANSI
CreateDirectoryExW
CreateHardLinkW
GetCPInfo
GetFileSize
GetFileAttributesExW
GetFileAttributesW
EncodePointer
SwitchToThread
LCMapStringW
GetLocaleInfoW
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
WaitForSingleObjectEx
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
RtlUnwind
InterlockedPushEntrySList
InterlockedFlushSList
PeekNamedPipe
FileTimeToSystemTime
SetFilePointerEx
GetConsoleCP
SetConsoleCtrlHandler
WriteConsoleW
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
SetStdHandle
GetLogicalDriveStringsW
GetDriveTypeW
SearchPathW
GetCurrentDirectoryW
SetCurrentDirectoryW
ExpandEnvironmentStringsW
GetEnvironmentVariableW
MoveFileExW
GetCurrentThreadId
ReadFile
FindNextFileW
FindFirstFileW
FindClose
DeleteFileW
LoadLibraryW
LocalFree
FileTimeToLocalFileTime
LocalAlloc
FindFirstFileExA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
CreateToolhelp32Snapshot
GetSystemTime

user32

GetSystemMetrics
MoveWindow
EndDialog
MessageBoxW
SetDlgItemTextW
CheckDlgButton
LoadStringW
ExitWindowsEx
FindWindowW
GetWindowThreadProcessId
MessageBoxA
LoadStringA
GetDlgItem
IsDlgButtonChecked
EnableWindow
SetWindowTextW
GetUserObjectInformationW
GetWindowRect
MessageBoxExW
GetProcessWindowStation
UnregisterClassW

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

LsaQueryInformationPolicy
LsaClose
LsaFreeMemory
LookupAccountSidW
DuplicateTokenEx
CreateProcessAsUserW
RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyW
RegDeleteKeyW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
SetEntriesInAclW
RevertToSelf
MapGenericMask
ImpersonateSelf
AccessCheck
OpenThreadToken
RegOpenKeyW
ImpersonateLoggedOnUser
GetSidSubAuthorityCount
GetSidSubAuthority
GetSidIdentifierAuthority
GetUserNameW
IsValidSid
GetTokenInformation
FreeSid
DuplicateToken
CheckTokenMembership
AllocateAndInitializeSid
LookupPrivilegeValueW
LookupAccountNameW
SetSecurityDescriptorDacl
SetFileSecurityW
InitializeSecurityDescriptor
InitializeAcl
GetSecurityDescriptorDacl
GetSecurityDescriptorControl
GetLengthSid
GetFileSecurityW
GetAclInformation
GetAce
EqualSid
AdjustTokenPrivileges
AddAce
AddAccessAllowedAce
OpenProcessToken
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegDeleteValueW
RegCreateKeyExW
RegCloseKey
ChangeServiceConfigW
CloseServiceHandle
ControlService
CreateServiceW
DeleteService
OpenSCManagerW
OpenServiceW
QueryServiceConfigW
QueryServiceStatus
StartServiceW
RegQueryValueExA
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
RegOpenCurrentUser
InitiateSystemShutdownW
ChangeServiceConfig2W
RegisterServiceCtrlHandlerW
SetServiceStatus
StartServiceCtrlDispatcherW
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
LsaOpenPolicy

shell32

ShellExecuteExW
CommandLineToArgvW
SHGetFolderPathW

ole32

CoCreateGuid
StringFromGUID2
CoInitialize
CoUninitialize
CoTaskMemFree
StringFromCLSID
CoCreateInstance
IIDFromString

oleaut32

SysAllocString
SysFreeString

bcrypt

BCryptGenRandom

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 580KB - Virtual size: 579KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 114.6MB - Virtual size: 114.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

911d4873eb3b3b3fed9117a6a522800e

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

08:62:df:fe:c6:e9:33:2b:fa:93:b2:f1:87:86:36:42Certificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

1f:50:5c:bd:54:98:bd:d3:9e:19:6d:7e:72:59:1d:46:d7:b0:22:d8:55:e9:8c:62:57:d7:49:40:e6:f7:01:38Signer

Signature Validations

Verification

13-07-2021 21:15 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

rpcrt4

crypt32

userenv

wtsapi32

msi

version

shlwapi

psapi

kernel32

user32

comdlg32

advapi32

shell32

ole32

oleaut32

bcrypt

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.rdata Size: 580KB - Virtual size: 579KB

.data Size: 17KB - Virtual size: 48KB

.rsrc Size: 114.6MB - Virtual size: 114.6MB

.reloc Size: 93KB - Virtual size: 93KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

08:62:df:fe:c6:e9:33:2b:fa:93:b2:f1:87:86:36:42
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

1f:50:5c:bd:54:98:bd:d3:9e:19:6d:7e:72:59:1d:46:d7:b0:22:d8:55:e9:8c:62:57:d7:49:40:e6:f7:01:38
Signer

13-07-2021 21:15
Valid: true

.text
Size: 2.2MB - Virtual size: 2.2MB

.rdata
Size: 580KB - Virtual size: 579KB

.data
Size: 17KB - Virtual size: 48KB

.rsrc
Size: 114.6MB - Virtual size: 114.6MB

.reloc
Size: 93KB - Virtual size: 93KB