f4cc824d409ca77e12e2f88e5091c7aff7dca5cd6eff3796f7f64481902c181c

Sharing

Copy URL Twitter E-mail

General

Target

f4cc824d409ca77e12e2f88e5091c7aff7dca5cd6eff3796f7f64481902c181c
Size

9.0MB
MD5

948239c8f35b1f11d7d4225481fad92d
SHA1

23eae2cb0bdec868b7a5ed6e881d1238577c2213
SHA256

f4cc824d409ca77e12e2f88e5091c7aff7dca5cd6eff3796f7f64481902c181c
SHA512

d490b72047c5fb34e48c03a004403cde3fbdea04d696dc0cfdc35b52c3c34560afde9dcbfbee13ec9ccd6b1c1653606ac02636242964a5d1d9b1b19b72304684
SSDEEP

98304:fw/KeE+tyC/kmdwH6cFDnSCqRi1eT007kxNQr1kOke1IYk:fw/KeE+tyC/kmdwHJF2Cqi19076cXL9k

Score

1^/10

Malware Config

Signatures

Files

f4cc824d409ca77e12e2f88e5091c7aff7dca5cd6eff3796f7f64481902c181c
.exe windows:6 windows x64 arch:x64

1d8bfbd382ef198f5cb0513e7190e116

Code Sign

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/03/2019, 00:00

Not After

31/12/2028, 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a6:57:f7:78:b3:1a:e5:23:d6:67:13:17:18:d1:6e:b2
Certificate

Issuer

CN=Sectigo RSA Code Signing CA 2,O=Sectigo Limited,C=GB

Not Before

23/03/2022, 00:00

Not After

16/03/2025, 23:59

Subject

CN=Malwarebytes Inc.,O=Malwarebytes Inc.,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

9e:02:b0:e9:4a:ce:b2:10:9c:a1:e9:83:6b:e0:c2:db
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

25/05/2021, 00:00

Not After

24/05/2036, 23:59

Subject

CN=Sectigo RSA Code Signing CA 2,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:05:e5:cf:0f:ff:66:2e:c9:87:00:00:00:00:00:05
Certificate

Issuer

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Not Before

19/11/2020, 20:32

Not After

19/11/2035, 20:42

Subject

CN=Microsoft Public RSA Timestamping CA 2020,O=Microsoft Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:2a:24:bf:e5:49:49:11:b6:eb:00:00:00:00:00:2a
Certificate

Issuer

CN=Microsoft Public RSA Timestamping CA 2020,O=Microsoft Corporation,C=US

Not Before

18/05/2023, 19:38

Not After

16/05/2024, 19:38

Subject

CN=Microsoft Public RSA Time Stamping Authority,OU=Microsoft America Operations+OU=Thales TSS ESN:3DA5-963B-E1F4,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

54:98:d2:d1:d4:5b:19:95:48:13:79:c8:11:c0:87:99
Certificate

Issuer

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Not Before

16/04/2020, 18:36

Not After

16/04/2045, 18:44

Subject

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:47:18:c7:fc:67:c8:fe:4c:4e:36:00:00:00:00:47:18
Certificate

Issuer

CN=Microsoft ID Verified CS EOC CA 02,O=Microsoft Corporation,C=US

Not Before

07/02/2024, 10:20

Not After

10/02/2024, 10:20

Subject

CN=Malwarebytes Inc,O=Malwarebytes Inc,L=Santa Clara,ST=CA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:00:00:47:18:c7:fc:67:c8:fe:4c:4e:36:00:00:00:00:47:18
Certificate

Issuer

CN=Microsoft ID Verified CS EOC CA 02,O=Microsoft Corporation,C=US

Not Before

07/02/2024, 10:20

Not After

10/02/2024, 10:20

Subject

CN=Malwarebytes Inc,O=Malwarebytes Inc,L=Santa Clara,ST=CA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:00:00:00:05:fb:7a:5c:32:13:61:df:5d:00:00:00:00:00:05
Certificate

Issuer

CN=Microsoft ID Verified Code Signing PCA 2021,O=Microsoft Corporation,C=US

Not Before

13/04/2021, 17:31

Not After

13/04/2026, 17:31

Subject

CN=Microsoft ID Verified CS EOC CA 02,O=Microsoft Corporation,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:07:87:a3:34:a3:7b:a5:8e:1c:00:00:00:00:00:07
Certificate

Issuer

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Not Before

01/04/2021, 20:05

Not After

01/04/2036, 20:15

Subject

CN=Microsoft ID Verified Code Signing PCA 2021,O=Microsoft Corporation,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:05:e5:cf:0f:ff:66:2e:c9:87:00:00:00:00:00:05
Certificate

Issuer

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Not Before

19/11/2020, 20:32

Not After

19/11/2035, 20:42

Subject

CN=Microsoft Public RSA Timestamping CA 2020,O=Microsoft Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:28:f3:0a:03:64:5a:df:01:20:00:00:00:00:00:28
Certificate

Issuer

CN=Microsoft Public RSA Timestamping CA 2020,O=Microsoft Corporation,C=US

Not Before

06/04/2023, 18:44

Not After

04/04/2024, 18:44

Subject

CN=Microsoft Public RSA Time Stamping Authority,OU=Microsoft America Operations+OU=nShield TSS ESN:7A00-05E0-D947,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

00:15:0f:5b:02:5e:8a:0d:4d:41:15:f8:36:a7:c6:8f:a6:b9:55:78:23:1d:db:77:ca:7a:5e:ae:f5:f9:c1:93
Signer

Actual PE Digest

00:15:0f:5b:02:5e:8a:0d:4d:41:15:f8:36:a7:c6:8f:a6:b9:55:78:23:1d:db:77:ca:7a:5e:ae:f5:f9:c1:93

Digest Algorithm

sha256

PE Digest Matches

true

00:15:0f:5b:02:5e:8a:0d:4d:41:15:f8:36:a7:c6:8f:a6:b9:55:78:23:1d:db:77:ca:7a:5e:ae:f5:f9:c1:93
Signer

Actual PE Digest

00:15:0f:5b:02:5e:8a:0d:4d:41:15:f8:36:a7:c6:8f:a6:b9:55:78:23:1d:db:77:ca:7a:5e:ae:f5:f9:c1:93

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

d:\jenkins\workspace\N_MB5_InstallerService\bin\x64\Release\MBAMIService.pdb

Imports

kernel32

DeleteCriticalSection
CreateFileW
Sleep
CreateDirectoryW
LocalFree
FormatMessageW
LocalAlloc
HeapAlloc
GetProcessHeap
HeapFree
CallNamedPipeW
LeaveCriticalSection
EnterCriticalSection
SwitchToThread
GetExitCodeProcess
ReadFile
PeekNamedPipe
TerminateProcess
WaitForSingleObject
ResumeThread
UnmapViewOfFile
MapViewOfFile
OpenFileMappingW
CreateFileMappingW
GetProcessTimes
OpenProcess
CreateProcessW
DeleteProcThreadAttributeList
UpdateProcThreadAttribute
InitializeProcThreadAttributeList
GetCurrentProcessId
CreateNamedPipeW
GetTickCount64
SetEndOfFile
SetFilePointer
GetWindowsDirectoryW
GetEnvironmentVariableW
GetTempPathW
RemoveDirectoryW
DeleteFileW
GetModuleHandleW
GetModuleFileNameW
GetNamedPipeServerProcessId
GetSystemDirectoryW
LoadLibraryW
GetProcAddress
FreeLibrary
CreateEventW
SetEvent
CreateThread
MoveFileExW
DeviceIoControl
MultiByteToWideChar
FindFirstFileW
FindNextFileW
FindClose
FindFirstFileExW
CreateHardLinkW
WriteFile
WaitForMultipleObjects
OpenEventW
DebugBreak
CreateRemoteThread
VerifyVersionInfoW
VerSetConditionMask
GetLongPathNameW
WideCharToMultiByte
CopyFileW
GetVersionExW
GetSystemInfo
CreateToolhelp32Snapshot
Module32FirstW
VirtualQueryEx
IsWow64Process
GetNativeSystemInfo
Process32FirstW
Process32NextW
GetLogicalDriveStringsW
QueryDosDeviceW
GetCurrentThread
FindResourceW
SizeofResource
DecodePointer
LockResource
GetFileInformationByHandle
FlushFileBuffers
GetTickCount
GlobalAlloc
GlobalFree
GetFileSize
GetFileSizeEx
DuplicateHandle
SetThreadPriority
GetCurrentThreadId
SetFileInformationByHandle
SetSearchPathMode
ExpandEnvironmentStringsW
GetFileAttributesExW
SetFileAttributesW
GetFileAttributesW
GetLocalTime
GetSystemTime
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
FileTimeToSystemTime
lstrcmpA
SetFileTime
SetLastError
GetModuleHandleA
GetStdHandle
GetDriveTypeW
GetSystemWindowsDirectoryW
OutputDebugStringW
QueryPerformanceFrequency
QueryPerformanceCounter
GetCurrentDirectoryW
CreateFileA
FindResourceExW
GetVersionExA
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
TryEnterCriticalSection
ResetEvent
ReleaseMutex
CreateMutexW
GetStartupInfoW
GetExitCodeThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
SetEnvironmentVariableW
SystemTimeToFileTime
SwitchToFiber
DeleteFiber
CreateFiber
GetFileType
ConvertFiberToThread
ConvertThreadToFiber
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
RaiseException
InitializeCriticalSectionEx
CloseHandle
GetLastError
LoadResource
GetCurrentProcess
VirtualProtect
VirtualQuery
LoadLibraryExA
GetStringTypeW
GetFullPathNameW
AreFileApisANSI
WaitForSingleObjectEx
EncodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
IsDebuggerPresent
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
CreateTimerQueue
SignalObjectAndWait
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
FreeLibraryAndExitThread
VirtualAlloc
VirtualFree
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
RtlUnwindEx
RtlPcToFileHeader
ExitProcess
GetModuleHandleExW
ExitThread
SetConsoleCtrlHandler
GetCommandLineA
GetCommandLineW
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetConsoleCP
SetFilePointerEx
HeapReAlloc
SetStdHandle
HeapSize
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteConsoleW
RtlUnwind

authz

AuthzFreeResourceManager
AuthzAccessCheck
AuthzInitializeContextFromSid
AuthzInitializeResourceManager
AuthzFreeContext

Sections

.text
Size: 4.1MB - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 104KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 178KB - Virtual size: 178KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1d8bfbd382ef198f5cb0513e7190e116

Code Sign

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95Certificate

Key Usages

a6:57:f7:78:b3:1a:e5:23:d6:67:13:17:18:d1:6e:b2Certificate

Extended Key Usages

Key Usages

9e:02:b0:e9:4a:ce:b2:10:9c:a1:e9:83:6b:e0:c2:dbCertificate

Extended Key Usages

Key Usages

33:00:00:00:05:e5:cf:0f:ff:66:2e:c9:87:00:00:00:00:00:05Certificate

Extended Key Usages

Key Usages

33:00:00:00:2a:24:bf:e5:49:49:11:b6:eb:00:00:00:00:00:2aCertificate

Extended Key Usages

Key Usages

54:98:d2:d1:d4:5b:19:95:48:13:79:c8:11:c0:87:99Certificate

Key Usages

33:00:00:47:18:c7:fc:67:c8:fe:4c:4e:36:00:00:00:00:47:18Certificate

Extended Key Usages

Key Usages

33:00:00:47:18:c7:fc:67:c8:fe:4c:4e:36:00:00:00:00:47:18Certificate

Extended Key Usages

Key Usages

33:00:00:00:05:fb:7a:5c:32:13:61:df:5d:00:00:00:00:00:05Certificate

Key Usages

33:00:00:00:07:87:a3:34:a3:7b:a5:8e:1c:00:00:00:00:00:07Certificate

Key Usages

33:00:00:00:05:e5:cf:0f:ff:66:2e:c9:87:00:00:00:00:00:05Certificate

Extended Key Usages

Key Usages

33:00:00:00:28:f3:0a:03:64:5a:df:01:20:00:00:00:00:00:28Certificate

Extended Key Usages

Key Usages

00:15:0f:5b:02:5e:8a:0d:4d:41:15:f8:36:a7:c6:8f:a6:b9:55:78:23:1d:db:77:ca:7a:5e:ae:f5:f9:c1:93Signer

00:15:0f:5b:02:5e:8a:0d:4d:41:15:f8:36:a7:c6:8f:a6:b9:55:78:23:1d:db:77:ca:7a:5e:ae:f5:f9:c1:93Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

authz

Sections

.text Size: 4.1MB - Virtual size: 4.1MB

.rdata Size: 1.6MB - Virtual size: 1.6MB

.data Size: 104KB - Virtual size: 132KB

.pdata Size: 178KB - Virtual size: 178KB

.rsrc Size: 2.8MB - Virtual size: 2.8MB

.reloc Size: 41KB - Virtual size: 40KB

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

a6:57:f7:78:b3:1a:e5:23:d6:67:13:17:18:d1:6e:b2
Certificate

9e:02:b0:e9:4a:ce:b2:10:9c:a1:e9:83:6b:e0:c2:db
Certificate

33:00:00:00:05:e5:cf:0f:ff:66:2e:c9:87:00:00:00:00:00:05
Certificate

33:00:00:00:2a:24:bf:e5:49:49:11:b6:eb:00:00:00:00:00:2a
Certificate

54:98:d2:d1:d4:5b:19:95:48:13:79:c8:11:c0:87:99
Certificate

33:00:00:47:18:c7:fc:67:c8:fe:4c:4e:36:00:00:00:00:47:18
Certificate

33:00:00:47:18:c7:fc:67:c8:fe:4c:4e:36:00:00:00:00:47:18
Certificate

33:00:00:00:05:fb:7a:5c:32:13:61:df:5d:00:00:00:00:00:05
Certificate

33:00:00:00:07:87:a3:34:a3:7b:a5:8e:1c:00:00:00:00:00:07
Certificate

33:00:00:00:05:e5:cf:0f:ff:66:2e:c9:87:00:00:00:00:00:05
Certificate

33:00:00:00:28:f3:0a:03:64:5a:df:01:20:00:00:00:00:00:28
Certificate

00:15:0f:5b:02:5e:8a:0d:4d:41:15:f8:36:a7:c6:8f:a6:b9:55:78:23:1d:db:77:ca:7a:5e:ae:f5:f9:c1:93
Signer

00:15:0f:5b:02:5e:8a:0d:4d:41:15:f8:36:a7:c6:8f:a6:b9:55:78:23:1d:db:77:ca:7a:5e:ae:f5:f9:c1:93
Signer

.text
Size: 4.1MB - Virtual size: 4.1MB

.rdata
Size: 1.6MB - Virtual size: 1.6MB

.data
Size: 104KB - Virtual size: 132KB

.pdata
Size: 178KB - Virtual size: 178KB

.rsrc
Size: 2.8MB - Virtual size: 2.8MB

.reloc
Size: 41KB - Virtual size: 40KB