Dynatrace-OneAgent-Windows-1[.]261[.]201[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

Dynatrace-OneAgent-Windows-1.261.201.exe
Size

112.7MB
MD5

e4271f267c3f39e13d58c535edb75a09
SHA1

6bb98a70fae4759da6d0983b375c7be50f626063
SHA256

5e579c320fc1aae241e855979bdda63d2f62036eac053780a03e68bc8814293e
SHA512

3c0434cd5785c279edca2a84f2cd30903e1b120d63ff7785750b1948a79a4ef1aee27dc84088d0a7155102cfe18b41c376a15569d12c16ed16337444f7b0a633
SSDEEP

1572864:p2caw0TIfvBH+9ZA7mh7CMe1JkoHr6uganwVjwFZO7L70RqIcXNMtnMlOpCg/cZs:pdXRvyAqLe1JdoPVmG4RSflQjAww0

Score

1^/10

Malware Config

Signatures

Files

Dynatrace-OneAgent-Windows-1.261.201.exe
.exe windows x64

048953fbcf002e46a67e94d66301f403

Code Sign

0f:b8:a7:40:b9:15:8d:03:51:43:bc:59:d9:f0:40:29
Certificate

Issuer

CN=DigiCert Global Root G3,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Global G3 Code Signing ECC SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:58:75:12:7f:00:e4:7a:a9:1b:54:21:7d:72:1e:8a
Certificate

Issuer

CN=DigiCert Global G3 Code Signing ECC SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

29-07-2021 00:00

Not After

17-09-2024 23:59

Subject

SERIALNUMBER=5635180,CN=Dynatrace LLC,OU=Development,O=Dynatrace LLC,L=Waltham,ST=Massachusetts,C=US,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2c:df:f2:14:ac:b2:79:bb:a8:69:08:1b:fb:2e:87:f1:e7:cc:9d:74:81:1b:fb:6c:64:89:b2:37:c1:fa:fe:42
Signer

Actual PE Digest

2c:df:f2:14:ac:b2:79:bb:a8:69:08:1b:fb:2e:87:f1:e7:cc:9d:74:81:1b:fb:6c:64:89:b2:37:c1:fa:fe:42

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

SERIALNUMBER=5635180,CN=Dynatrace LLC,OU=Development,O=Dynatrace LLC,L=Waltham,ST=Massachusetts,C=US,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

01-01-0001 00:00
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

crypt32

CryptImportPublicKeyInfo
CryptStringToBinaryA
CryptDecodeObjectEx

kernel32

InitializeCriticalSection
VirtualFree
VirtualAlloc
GetProcessAffinityMask
GetSystemInfo
GlobalMemoryStatusEx
GetModuleHandleA
ResetEvent
GetFileAttributesW
GetFileAttributesA
FindNextFileW
FindFirstFileW
FindFirstFileA
CreateEventA
GlobalAlloc
GlobalSize
GlobalUnlock
GlobalLock
GlobalFree
MulDiv
CopyFileW
OutputDebugStringA
EncodePointer
FreeLibrary
GetModuleHandleExW
LoadLibraryExW
LoadLibraryW
GlobalDeleteAtom
lstrcmpW
GlobalAddAtomW
GlobalFindAtomW
CreateActCtxW
ActivateActCtx
DeactivateActCtx
FindActCtxSectionStringW
QueryActCtxW
CompareStringW
SetThreadPriority
SuspendThread
GetCurrentThread
GetVersionExW
lstrcmpA
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
FindClose
GlobalReAlloc
GlobalHandle
LocalAlloc
LocalReAlloc
GlobalGetAtomNameW
FileTimeToSystemTime
GlobalFlags
GetLocaleInfoW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
VirtualProtect
FlushFileBuffers
GetFullPathNameW
GetVolumeInformationW
LockFile
UnlockFile
lstrcmpiW
FindResourceExW
SearchPathW
GetProfileIntW
Sleep
SetErrorMode
FileTimeToLocalFileTime
GetFileAttributesExW
GetFileSizeEx
GetFileTime
SystemTimeToTzSpecificLocalTime
GetTempFileNameW
GetUserDefaultLCID
WaitForSingleObjectEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
VirtualQuery
LoadLibraryExA
FindFirstFileExW
SetFileInformationByHandle
SetFilePointerEx
DeviceIoControl
CreateHardLinkW
GetFileInformationByHandleEx
CreateSymbolicLinkW
GetStringTypeW
RtlPcToFileHeader
QueryPerformanceFrequency
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryEnterCriticalSection
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
LCMapStringEx
GetLocaleInfoEx
CompareStringEx
GetCPInfo
OutputDebugStringW
RtlUnwindEx
ExitProcess
CreateThread
ExitThread
FreeLibraryAndExitThread
GetCommandLineA
HeapQueryInformation
SetStdHandle
GetFileType
GetDateFormatW
GetTimeFormatW
LCMapStringW
IsValidLocale
EnumSystemLocalesW
GetConsoleOutputCP
GetConsoleMode
ReadConsoleW
GetTimeZoneInformation
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
WriteConsoleW
GetWindowsDirectoryW
GetTickCount
GetTempPathW
SetFileAttributesW
SetFileAttributesA
DeleteFileW
DeleteFileA
CreateDirectoryW
GetCurrentDirectoryW
GetFileInformationByHandle
GetStdHandle
WriteFile
SetFileTime
SetFilePointer
SetEndOfFile
GetFileSize
CreateFileW
GetModuleFileNameW
GetACP
SetDllDirectoryW
GetProcAddress
GetModuleHandleW
GetCommandLineW
ExpandEnvironmentStringsW
WideCharToMultiByte
MultiByteToWideChar
VerifyVersionInfoW
CreateNamedPipeA
FormatMessageW
FormatMessageA
LocalFree
GetSystemDirectoryW
CreateProcessW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateThread
GetCurrentThreadId
GetExitCodeProcess
TerminateProcess
GetCurrentProcessId
RtlUnwind
QueueUserAPC
WaitForMultipleObjects
SetWaitableTimer
CreateEventW
SleepEx
SetEvent
InitializeCriticalSectionAndSpinCount
PostQueuedCompletionStatus
GetQueuedCompletionStatus
CreateIoCompletionPort
SetLastError
SetHandleInformation
AreFileApisANSI
ReadFile
CreateFileA
VerSetConditionMask
FindResourceW
SizeofResource
LockResource
LoadResource
ResumeThread
GetExitCodeThread
GetCurrentProcess
WaitForSingleObject
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
GetLastError
RaiseException
DuplicateHandle
CloseHandle
DecodePointer
lstrcpyW

user32

TranslateMessage
GetCursorPos
GetWindowThreadProcessId
DrawStateW
InvalidateRect
PostQuitMessage
ShowOwnedPopups
SetCursor
GetSysColorBrush
LoadCursorW
InflateRect
IntersectRect
RealChildWindowFromPoint
DestroyMenu
GetMenuItemInfoW
SystemParametersInfoW
CopyImage
SendDlgItemMessageA
SetRectEmpty
OffsetRect
GetAsyncKeyState
MapDialogRect
TrackMouseEvent
IsZoomed
SetCapture
ReleaseCapture
SetTimer
KillTimer
LoadMenuW
GetSystemMenu
DeleteMenu
SetWindowRgn
MessageBeep
WindowFromPoint
NotifyWinEvent
CreatePopupMenu
GetMenuDefaultItem
SetMenuDefaultItem
IsRectEmpty
UpdateLayeredWindow
EnableScrollBar
UnionRect
MonitorFromPoint
SetLayeredWindowAttributes
EnumDisplayMonitors
DestroyIcon
LoadImageW
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
DrawIconEx
SetRect
RegisterClipboardFormatW
DrawEdge
DrawFrameControl
DrawFocusRect
SetClassLongPtrW
SetParent
CharUpperBuffW
LockWindowUpdate
ModifyMenuW
ToUnicodeEx
GetKeyboardLayout
GetKeyboardState
MapVirtualKeyW
LoadAcceleratorsW
CreateAcceleratorTableW
DestroyAcceleratorTable
CopyAcceleratorTableW
BringWindowToTop
TranslateAcceleratorW
InsertMenuItemW
UnpackDDElParam
ReuseDDElParam
SetCursorPos
CopyIcon
FrameRect
PostThreadMessageW
WaitMessage
GetNextDlgGroupItem
GetIconInfo
HideCaret
InvertRect
GetKeyNameTextW
IsClipboardFormatAvailable
GetDoubleClickTime
DestroyCursor
DrawMenuBar
DefFrameProcW
DefMDIChildProcW
TranslateMDISysAccel
IsCharLowerW
MapVirtualKeyExW
GetComboBoxInfo
GetUpdateRect
CreateMenu
SubtractRect
GetWindowRgn
GetDesktopWindow
SetScrollInfo
CallNextHookEx
SetWindowsHookExW
GetWindow
GetLastActivePopup
GetTopWindow
GetClassNameW
GetClassLongPtrW
SetWindowLongPtrW
GetWindowLongPtrW
SetWindowLongW
GetWindowLongW
PtInRect
EqualRect
CopyRect
MapWindowPoints
MessageBoxW
AdjustWindowRectEx
GetWindowRect
GetWindowTextLengthW
GetWindowTextW
RemovePropW
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
RedrawWindow
ValidateRect
SetForegroundWindow
GetForegroundWindow
SetActiveWindow
UpdateWindow
TrackPopupMenu
SetMenu
GetMenu
GetCapture
SetFocus
GetDlgCtrlID
GetDlgItem
IsWindowVisible
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
SetWindowPos
DestroyWindow
IsChild
IsMenu
IsWindow
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
CallWindowProcW
DefWindowProcW
GetMessageTime
GetMessagePos
PeekMessageW
DispatchMessageW
RegisterWindowMessageW
LoadBitmapW
GetParent
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
GetFocus
FillRect
GetSysColor
ScreenToClient
ClientToScreen
EndPaint
BeginPaint
ReleaseDC
GetWindowDC
GetDC
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
UnhookWindowsHookEx
RemoveMenu
AppendMenuW
InsertMenuW
GetMenuItemCount
GetMenuItemID
GetSubMenu
GetMenuState
GetMenuStringW
GetActiveWindow
SendMessageW
PostMessageW
UnregisterClassW
IsIconic
EnableWindow
GetSystemMetrics
DrawIcon
GetClientRect
LoadIconW
MessageBoxA
CharUpperA
CharUpperW
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamW
IsDialogMessageW
SetWindowTextW
IsWindowEnabled
CheckDlgButton
MoveWindow
ShowWindow
GetMonitorInfoW
GetMessageW
MonitorFromWindow
WinHelpW
GetScrollInfo
GetKeyState

gdi32

PtVisible
RectVisible
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectObject
SelectPalette
SetBkColor
SetBkMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetTextColor
SetTextAlign
GetObjectW
MoveToEx
TextOutW
ExtTextOutW
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
LineTo
CreateFontIndirectW
CreateRectRgnIndirect
PatBlt
SetRectRgn
DPtoLP
GetTextExtentPoint32W
GetTextMetricsW
CreateRoundRectRgn
CreateCompatibleBitmap
CreateDIBSection
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
EnumFontFamiliesExW
RealizePalette
SetPixel
StretchBlt
SetDIBColorTable
GetTextColor
CopyMetaFileW
GetRgnBox
OffsetRgn
CreateEllipticRgn
Ellipse
GetBkColor
CreatePolygonRgn
Polygon
Polyline
Rectangle
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
LPtoDP
ExtFloodFill
SetPaletteEntries
RoundRect
FillRgn
FrameRgn
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetStockObject
GetPixel
GetObjectType
GetClipBox
ExcludeClipRect
Escape
DeleteObject
CreateSolidBrush
CreateRectRgn
DeleteDC
GetBoundsRect
GetTextFaceW
CreatePatternBrush
CreatePen
CreateHatchBrush
CreateCompatibleDC
CreateBitmap
BitBlt
GetDeviceCaps
CreateDCW
CombineRgn
SetPixelV
GetWindowOrgEx
GetViewportOrgEx
PtInRegion

shell32

DragFinish
DragQueryFileW
SHAppBarMessage
ShellExecuteW
SHGetFileInfoW
SHGetKnownFolderPath
SHGetMalloc
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHBrowseForFolderW
SHGetDesktopFolder

ole32

CoUninitialize
CoCreateGuid
CoCreateInstance
CoInitialize
CoDisconnectObject
DoDragDrop
CreateStreamOnHGlobal
CoInitializeEx
OleGetClipboard
CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
OleLockRunning
ReleaseStgMedium
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
OleDuplicateData
CoTaskMemAlloc
CoTaskMemFree

advapi32

RegCloseKey
RegEnumKeyExW
RegEnumValueW
RegQueryValueW
ConvertStringSidToSidW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
SetEntriesInAclW
CryptVerifySignatureA
CryptHashData
CryptCreateHash
CryptAcquireContextA
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegSetValueExW
RegEnumKeyW

comctl32

InitCommonControlsEx

shlwapi

PathFindFileNameW
PathRemoveFileSpecW
StrFormatKBSizeW
PathIsUNCW
PathFindExtensionW
PathStripToRootW

gdiplus

GdipAlloc
GdipFree
GdiplusStartup
GdipCloneImage
GdipDisposeImage
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePalette
GdipGetImagePaletteSize
GdipCreateBitmapFromStream
GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipDrawImageRectI
GdiplusShutdown

ws2_32

WSAStartup
WSACleanup

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 695KB - Virtual size: 694KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 50KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

048953fbcf002e46a67e94d66301f403

Code Sign

0f:b8:a7:40:b9:15:8d:03:51:43:bc:59:d9:f0:40:29Certificate

Extended Key Usages

Key Usages

06:58:75:12:7f:00:e4:7a:a9:1b:54:21:7d:72:1e:8aCertificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

2c:df:f2:14:ac:b2:79:bb:a8:69:08:1b:fb:2e:87:f1:e7:cc:9d:74:81:1b:fb:6c:64:89:b2:37:c1:fa:fe:42Signer

Signature Validations

Verification

01-01-0001 00:00 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

crypt32

kernel32

user32

gdi32

shell32

ole32

advapi32

comctl32

shlwapi

gdiplus

ws2_32

imm32

Sections

.text Size: 2.4MB - Virtual size: 2.4MB

.rdata Size: 695KB - Virtual size: 694KB

.data Size: 50KB - Virtual size: 92KB

.pdata Size: 114KB - Virtual size: 114KB

_RDATA Size: 512B - Virtual size: 244B

.rsrc Size: 43KB - Virtual size: 43KB

.reloc Size: 63KB - Virtual size: 63KB

0f:b8:a7:40:b9:15:8d:03:51:43:bc:59:d9:f0:40:29
Certificate

06:58:75:12:7f:00:e4:7a:a9:1b:54:21:7d:72:1e:8a
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

2c:df:f2:14:ac:b2:79:bb:a8:69:08:1b:fb:2e:87:f1:e7:cc:9d:74:81:1b:fb:6c:64:89:b2:37:c1:fa:fe:42
Signer

01-01-0001 00:00
Valid: false

.text
Size: 2.4MB - Virtual size: 2.4MB

.rdata
Size: 695KB - Virtual size: 694KB

.data
Size: 50KB - Virtual size: 92KB

.pdata
Size: 114KB - Virtual size: 114KB

_RDATA
Size: 512B - Virtual size: 244B

.rsrc
Size: 43KB - Virtual size: 43KB

.reloc
Size: 63KB - Virtual size: 63KB