mergecap[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

mergecap.exe
Size

39KB
MD5

23ba27d352305f29d201ac5e43fc4583
SHA1

7c7720604bb82351dfba857837d64b360cd715b2
SHA256

ac7a321a7b00b4adb5863b9a7e91e69afe9ce1953317234a2bd1bee97de744da
SHA512

4c96ea8b6e21415f8004bc1ce037e406f3086991e9d401d14986602905616a6ad962fa71673f914327cae6a4f8381365330a94467e0d5be1d287f2bea175b599
SSDEEP

768:sIforb1++HtKCD4RciTZMfNX2VzAG80ovIILDqnk:sIforB++HRTl2VzAfj3z

Score

1^/10

Malware Config

Signatures

Files

mergecap.exe
.exe windows:5 windows x64

7c3c630882a1da5e55e28c24a8a86180

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0c:8f:0a:ff:bf:03:3f:f6:39:e0:a2:88:e2:0a:65:19
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

24/07/2012, 00:00

Not After

24/07/2013, 23:59

Subject

CN=Wireshark Foundation,O=Wireshark Foundation,POSTALCODE=94105,STREET=199 Fremont,L=San Francisco,ST=CA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3e:ef:97:02:f9:45:d6:bb:89:94:bb:db:55:64:38:49:1c:1c:87:85
Signer

Actual PE Digest

3e:ef:97:02:f9:45:d6:bb:89:94:bb:db:55:64:38:49:1c:1c:87:85

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

wiretap-1.8.0

wtap_read
wtap_snapshot_length
wtap_open_offline
wtap_close
wtap_file_size
wtap_get_num_encap_types
wtap_get_num_file_types
wtap_dump_can_open
wtap_file_type_short_string
wtap_short_string_to_encap
wtap_short_string_to_file_type
wtap_strerror
wtap_file_type
wtap_file_type_string
wtap_file_encap
wtap_encap_short_string
wtap_encap_string
wtap_dump_fdopen_ng
wtap_dump_fdopen
wtap_phdr
wtap_buf_ptr
wtap_pseudoheader
wtap_dump
wtap_dump_close

libwsutil

arg_list_utf_16to8
getopt
optarg
optopt
optind
ws_stdio_open

libglib-2.0-0

g_malloc
g_slist_insert_sorted
g_slist_foreach
g_slist_free
g_free
g_strerror
g_malloc_n
g_string_new
g_string_append_printf
g_string_free

msvcr100

_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
__crt_debugger_hook
__set_app_type
_fmode
_commode
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
__initenv
_cexit
_exit
_XcptFilter
__C_specific_handler
__getmainargs
_amsg_exit
strcmp
strtol
__iob_func
fprintf
exit
_errno
strncmp

kernel32

GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DecodePointer
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
EncodePointer
Sleep

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 396B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7c3c630882a1da5e55e28c24a8a86180

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:edCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate

Extended Key Usages

Key Usages

0c:8f:0a:ff:bf:03:3f:f6:39:e0:a2:88:e2:0a:65:19Certificate

Extended Key Usages

Key Usages

3e:ef:97:02:f9:45:d6:bb:89:94:bb:db:55:64:38:49:1c:1c:87:85Signer

Headers

DLL Characteristics

File Characteristics

Imports

wiretap-1.8.0

libwsutil

libglib-2.0-0

msvcr100

kernel32

Sections

.text Size: 9KB - Virtual size: 9KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 2KB - Virtual size: 3KB

.pdata Size: 512B - Virtual size: 396B

.rsrc Size: 16KB - Virtual size: 15KB

.reloc Size: 512B - Virtual size: 60B

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

0c:8f:0a:ff:bf:03:3f:f6:39:e0:a2:88:e2:0a:65:19
Certificate

3e:ef:97:02:f9:45:d6:bb:89:94:bb:db:55:64:38:49:1c:1c:87:85
Signer

.text
Size: 9KB - Virtual size: 9KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 2KB - Virtual size: 3KB

.pdata
Size: 512B - Virtual size: 396B

.rsrc
Size: 16KB - Virtual size: 15KB

.reloc
Size: 512B - Virtual size: 60B