7512300ce0e2e98068f6ccdeed60b93001522a36d9dadf04a85a4c98aad6a823

Sharing

Copy URL Twitter E-mail

General

Target

7512300ce0e2e98068f6ccdeed60b93001522a36d9dadf04a85a4c98aad6a823
Size

8.8MB
MD5

f0c28c2c7ab3d0902cb776af8b8ffc67
SHA1

734a5fa38d72c40fa9a92472e270a0625912d2e3
SHA256

7512300ce0e2e98068f6ccdeed60b93001522a36d9dadf04a85a4c98aad6a823
SHA512

176bc0ebdff56b60998827d791ba9894213ec09e146a1e7398be4946499a367f25955ac0c300e85d1574bb55a6d5cc753375d6679b4933116989e1505f43fc89
SSDEEP

196608:58OFDTJlgGHPmuovQ9hwRS3Uvg9076MXL9u:GOFDTJmGHPmfQmS312Hu

Score

1^/10

Malware Config

Signatures

Files

7512300ce0e2e98068f6ccdeed60b93001522a36d9dadf04a85a4c98aad6a823
.exe windows:6 windows x64 arch:x64

1bd019851ec41e3d0658a3c7d5bd2099

Code Sign

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/03/2019, 00:00

Not After

31/12/2028, 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a6:57:f7:78:b3:1a:e5:23:d6:67:13:17:18:d1:6e:b2
Certificate

Issuer

CN=Sectigo RSA Code Signing CA 2,O=Sectigo Limited,C=GB

Not Before

23/03/2022, 00:00

Not After

16/03/2025, 23:59

Subject

CN=Malwarebytes Inc.,O=Malwarebytes Inc.,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

9e:02:b0:e9:4a:ce:b2:10:9c:a1:e9:83:6b:e0:c2:db
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

25/05/2021, 00:00

Not After

24/05/2036, 23:59

Subject

CN=Sectigo RSA Code Signing CA 2,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:05:e5:cf:0f:ff:66:2e:c9:87:00:00:00:00:00:05
Certificate

Issuer

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Not Before

19/11/2020, 20:32

Not After

19/11/2035, 20:42

Subject

CN=Microsoft Public RSA Timestamping CA 2020,O=Microsoft Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:27:af:ad:af:67:15:26:b8:e3:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Public RSA Timestamping CA 2020,O=Microsoft Corporation,C=US

Not Before

06/04/2023, 18:44

Not After

04/04/2024, 18:44

Subject

CN=Microsoft Public RSA Time Stamping Authority,OU=Microsoft America Operations+OU=nShield TSS ESN:7800-05E0-D947,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

54:98:d2:d1:d4:5b:19:95:48:13:79:c8:11:c0:87:99
Certificate

Issuer

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Not Before

16/04/2020, 18:36

Not After

16/04/2045, 18:44

Subject

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:3f:22:4a:9c:72:2c:3c:7f:ce:0c:00:00:00:00:3f:22
Certificate

Issuer

CN=Microsoft ID Verified CS EOC CA 02,O=Microsoft Corporation,C=US

Not Before

18/01/2024, 12:01

Not After

21/01/2024, 12:01

Subject

CN=Malwarebytes Inc,O=Malwarebytes Inc,L=Santa Clara,ST=CA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:00:00:3f:22:4a:9c:72:2c:3c:7f:ce:0c:00:00:00:00:3f:22
Certificate

Issuer

CN=Microsoft ID Verified CS EOC CA 02,O=Microsoft Corporation,C=US

Not Before

18/01/2024, 12:01

Not After

21/01/2024, 12:01

Subject

CN=Malwarebytes Inc,O=Malwarebytes Inc,L=Santa Clara,ST=CA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:00:00:00:05:fb:7a:5c:32:13:61:df:5d:00:00:00:00:00:05
Certificate

Issuer

CN=Microsoft ID Verified Code Signing PCA 2021,O=Microsoft Corporation,C=US

Not Before

13/04/2021, 17:31

Not After

13/04/2026, 17:31

Subject

CN=Microsoft ID Verified CS EOC CA 02,O=Microsoft Corporation,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:07:87:a3:34:a3:7b:a5:8e:1c:00:00:00:00:00:07
Certificate

Issuer

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Not Before

01/04/2021, 20:05

Not After

01/04/2036, 20:15

Subject

CN=Microsoft ID Verified Code Signing PCA 2021,O=Microsoft Corporation,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:05:e5:cf:0f:ff:66:2e:c9:87:00:00:00:00:00:05
Certificate

Issuer

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Not Before

19/11/2020, 20:32

Not After

19/11/2035, 20:42

Subject

CN=Microsoft Public RSA Timestamping CA 2020,O=Microsoft Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:28:f3:0a:03:64:5a:df:01:20:00:00:00:00:00:28
Certificate

Issuer

CN=Microsoft Public RSA Timestamping CA 2020,O=Microsoft Corporation,C=US

Not Before

06/04/2023, 18:44

Not After

04/04/2024, 18:44

Subject

CN=Microsoft Public RSA Time Stamping Authority,OU=Microsoft America Operations+OU=nShield TSS ESN:7A00-05E0-D947,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3e:fe:d2:90:68:28:37:07:29:e4:b3:f4:51:dc:c6:cf:15:81:7d:27:a1:48:a2:54:75:70:83:64:0f:46:da:2e
Signer

Actual PE Digest

3e:fe:d2:90:68:28:37:07:29:e4:b3:f4:51:dc:c6:cf:15:81:7d:27:a1:48:a2:54:75:70:83:64:0f:46:da:2e

Digest Algorithm

sha256

PE Digest Matches

true

3e:fe:d2:90:68:28:37:07:29:e4:b3:f4:51:dc:c6:cf:15:81:7d:27:a1:48:a2:54:75:70:83:64:0f:46:da:2e
Signer

Actual PE Digest

3e:fe:d2:90:68:28:37:07:29:e4:b3:f4:51:dc:c6:cf:15:81:7d:27:a1:48:a2:54:75:70:83:64:0f:46:da:2e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

d:\jenkins\workspace\N_MB4_InstallerService\bin\x64\Release\MBAMIService.pdb

Imports

kernel32

GetEnvironmentVariableW
DeleteFileW
ReadFile
RemoveDirectoryW
SetEndOfFile
SetFilePointer
GetTempPathW
PeekNamedPipe
CreateNamedPipeW
CallNamedPipeW
HeapAlloc
HeapFree
GetProcessHeap
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObject
Sleep
GetProcessTimes
GetCurrentProcessId
TerminateProcess
GetExitCodeProcess
SwitchToThread
ResumeThread
CreateProcessW
InitializeProcThreadAttributeList
DeleteProcThreadAttributeList
UpdateProcThreadAttribute
OpenProcess
GetTickCount64
GetSystemDirectoryW
GetWindowsDirectoryW
CreateFileMappingW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
FreeLibrary
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
LoadLibraryW
LocalAlloc
FormatMessageW
GetNamedPipeServerProcessId
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
DeviceIoControl
SetEvent
CreateEventW
CreateThread
MoveFileExW
MultiByteToWideChar
VerSetConditionMask
WriteFile
DebugBreak
OpenEventW
WaitForMultipleObjects
CreateRemoteThread
VerifyVersionInfoW
DecodePointer
RaiseException
InitializeCriticalSectionEx
DeleteCriticalSection
GetLongPathNameW
CopyFileW
WideCharToMultiByte
CreateToolhelp32Snapshot
Module32FirstW
VirtualQueryEx
GetTickCount
QueryDosDeviceW
GetFileInformationByHandle
FlushFileBuffers
GlobalAlloc
GlobalFree
IsWow64Process
GetNativeSystemInfo
LocalFree
Process32FirstW
Process32NextW
GetLogicalDriveStringsW
GetCurrentThread
GetVersionExW
FindResourceW
SizeofResource
LoadResource
LockResource
GetFileSizeEx
GetFileSize
SetThreadPriority
GetCurrentThreadId
SetFileInformationByHandle
DuplicateHandle
SetSearchPathMode
ExpandEnvironmentStringsW
GetFileAttributesExW
SetFileAttributesW
FileTimeToSystemTime
lstrcmpA
SetFileTime
SetLastError
GetFileAttributesW
GetModuleHandleA
GetStdHandle
GetDriveTypeW
GetSystemWindowsDirectoryW
GetLocalTime
GetSystemTime
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
OutputDebugStringW
QueryPerformanceFrequency
QueryPerformanceCounter
GetCurrentDirectoryW
FindResourceExW
GetVersionExA
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
TryEnterCriticalSection
ResetEvent
ReleaseMutex
CreateMutexW
GetStartupInfoW
GetExitCodeThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
SetEnvironmentVariableW
SystemTimeToFileTime
SwitchToFiber
DeleteFiber
CreateFiber
GetFileType
ConvertFiberToThread
ConvertThreadToFiber
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
CreateFileW
CreateDirectoryW
GetCurrentProcess
GetLastError
GetSystemInfo
CloseHandle
VirtualProtect
VirtualQuery
LoadLibraryExA
GetStringTypeW
GetFullPathNameW
AreFileApisANSI
WaitForSingleObjectEx
EncodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
IsDebuggerPresent
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
CreateTimerQueue
SignalObjectAndWait
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
FreeLibraryAndExitThread
VirtualAlloc
VirtualFree
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
RtlPcToFileHeader
RtlUnwindEx
ExitProcess
GetModuleHandleExW
ExitThread
SetConsoleCtrlHandler
GetCommandLineA
GetCommandLineW
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetConsoleCP
SetFilePointerEx
HeapReAlloc
SetStdHandle
HeapSize
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteConsoleW
RtlUnwind

authz

AuthzFreeResourceManager
AuthzAccessCheck
AuthzInitializeContextFromSid
AuthzInitializeResourceManager
AuthzFreeContext

Sections

.text
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 103KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 169KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1bd019851ec41e3d0658a3c7d5bd2099

Code Sign

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95Certificate

Key Usages

a6:57:f7:78:b3:1a:e5:23:d6:67:13:17:18:d1:6e:b2Certificate

Extended Key Usages

Key Usages

9e:02:b0:e9:4a:ce:b2:10:9c:a1:e9:83:6b:e0:c2:dbCertificate

Extended Key Usages

Key Usages

33:00:00:00:05:e5:cf:0f:ff:66:2e:c9:87:00:00:00:00:00:05Certificate

Extended Key Usages

Key Usages

33:00:00:00:27:af:ad:af:67:15:26:b8:e3:00:00:00:00:00:27Certificate

Extended Key Usages

Key Usages

54:98:d2:d1:d4:5b:19:95:48:13:79:c8:11:c0:87:99Certificate

Key Usages

33:00:00:3f:22:4a:9c:72:2c:3c:7f:ce:0c:00:00:00:00:3f:22Certificate

Extended Key Usages

Key Usages

33:00:00:3f:22:4a:9c:72:2c:3c:7f:ce:0c:00:00:00:00:3f:22Certificate

Extended Key Usages

Key Usages

33:00:00:00:05:fb:7a:5c:32:13:61:df:5d:00:00:00:00:00:05Certificate

Key Usages

33:00:00:00:07:87:a3:34:a3:7b:a5:8e:1c:00:00:00:00:00:07Certificate

Key Usages

33:00:00:00:05:e5:cf:0f:ff:66:2e:c9:87:00:00:00:00:00:05Certificate

Extended Key Usages

Key Usages

33:00:00:00:28:f3:0a:03:64:5a:df:01:20:00:00:00:00:00:28Certificate

Extended Key Usages

Key Usages

3e:fe:d2:90:68:28:37:07:29:e4:b3:f4:51:dc:c6:cf:15:81:7d:27:a1:48:a2:54:75:70:83:64:0f:46:da:2eSigner

3e:fe:d2:90:68:28:37:07:29:e4:b3:f4:51:dc:c6:cf:15:81:7d:27:a1:48:a2:54:75:70:83:64:0f:46:da:2eSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

authz

Sections

.text Size: 3.9MB - Virtual size: 3.9MB

.rdata Size: 1.6MB - Virtual size: 1.6MB

.data Size: 103KB - Virtual size: 130KB

.pdata Size: 169KB - Virtual size: 168KB

.rsrc Size: 2.8MB - Virtual size: 2.8MB

.reloc Size: 41KB - Virtual size: 40KB

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

a6:57:f7:78:b3:1a:e5:23:d6:67:13:17:18:d1:6e:b2
Certificate

9e:02:b0:e9:4a:ce:b2:10:9c:a1:e9:83:6b:e0:c2:db
Certificate

33:00:00:00:05:e5:cf:0f:ff:66:2e:c9:87:00:00:00:00:00:05
Certificate

33:00:00:00:27:af:ad:af:67:15:26:b8:e3:00:00:00:00:00:27
Certificate

54:98:d2:d1:d4:5b:19:95:48:13:79:c8:11:c0:87:99
Certificate

33:00:00:3f:22:4a:9c:72:2c:3c:7f:ce:0c:00:00:00:00:3f:22
Certificate

33:00:00:3f:22:4a:9c:72:2c:3c:7f:ce:0c:00:00:00:00:3f:22
Certificate

33:00:00:00:05:fb:7a:5c:32:13:61:df:5d:00:00:00:00:00:05
Certificate

33:00:00:00:07:87:a3:34:a3:7b:a5:8e:1c:00:00:00:00:00:07
Certificate

33:00:00:00:05:e5:cf:0f:ff:66:2e:c9:87:00:00:00:00:00:05
Certificate

33:00:00:00:28:f3:0a:03:64:5a:df:01:20:00:00:00:00:00:28
Certificate

3e:fe:d2:90:68:28:37:07:29:e4:b3:f4:51:dc:c6:cf:15:81:7d:27:a1:48:a2:54:75:70:83:64:0f:46:da:2e
Signer

3e:fe:d2:90:68:28:37:07:29:e4:b3:f4:51:dc:c6:cf:15:81:7d:27:a1:48:a2:54:75:70:83:64:0f:46:da:2e
Signer

.text
Size: 3.9MB - Virtual size: 3.9MB

.rdata
Size: 1.6MB - Virtual size: 1.6MB

.data
Size: 103KB - Virtual size: 130KB

.pdata
Size: 169KB - Virtual size: 168KB

.rsrc
Size: 2.8MB - Virtual size: 2.8MB

.reloc
Size: 41KB - Virtual size: 40KB