a35888fee00536f26e65e5ee9d379e9b1f495a463ebcef2070e0e55a40d1286d

Sharing

Copy URL Twitter E-mail

General

Target

a35888fee00536f26e65e5ee9d379e9b1f495a463ebcef2070e0e55a40d1286d
Size

2.8MB
MD5

2df9bf57231e647a3ed43e5d6325e24b
SHA1

572691063c3221cb03e7b41e5b64bf3e39a5a0b5
SHA256

a35888fee00536f26e65e5ee9d379e9b1f495a463ebcef2070e0e55a40d1286d
SHA512

c9653dbbfadef04c70bdfe3a03f55103736712ba6efb3637037d01c86bd279df78f7c6f033b064ac845f86d8fb9882c90a7516e6d084d35c5495685af7b34cb3
SSDEEP

49152:t4A9+z9NesRah/mvvJ/1yFWRqywtP+LMOACmB0X6T:t4A9K9jmCyMRqBYLMO

Score

1^/10

Malware Config

Signatures

Files

a35888fee00536f26e65e5ee9d379e9b1f495a463ebcef2070e0e55a40d1286d
.exe windows:6 windows x86 arch:x86

9d3dea7c2e4b1aea02dbe0497365d065

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:62:df:fe:c6:e9:33:2b:fa:93:b2:f1:87:86:36:42
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

07/06/2021, 00:00

Not After

09/07/2024, 23:59

Subject

CN=Fortinet Technologies (Canada) ULC,O=Fortinet Technologies (Canada) ULC,L=Burnaby,ST=British Columbia,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

42:eb:90:a2:b8:87:10:3a:e0:fe:ee:32:ba:39:ff:21:f3:07:6c:ca:a0:8d:36:9f:2d:de:f8:22:93:12:30:65
Signer

Actual PE Digest

42:eb:90:a2:b8:87:10:3a:e0:fe:ee:32:ba:39:ff:21:f3:07:6c:ca:a0:8d:36:9f:2d:de:f8:22:93:12:30:65

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\jenkins\FCT0\GIT_CLONE_PARENT\FortiClientHS\service\FortiClientVirusCleaner\Win32\Release\FortiClientVirusCleaner.pdb

Imports

rpcrt4

UuidCreate

comdlg32

GetSaveFileNameW
GetOpenFileNameW

crypt32

CryptMsgGetParam
CertCloseStore
CertFindCertificateInStore
CertFreeCertificateContext
CertGetCertificateContextProperty
CertNameToStrW
CertGetNameStringW
CryptQueryObject
CertGetCertificateChain
CryptUnprotectMemory
CertFreeCertificateChain
CryptProtectData
CryptUnprotectData
CryptProtectMemory
CertOpenStore
CertEnumCertificatesInStore
CertDuplicateCertificateContext
CryptMsgClose

iphlpapi

NotifyAddrChange
NotifyRouteChange
GetAdaptersInfo

msi

ord160
ord158
ord92
ord118
ord113
ord159
ord32
ord8
ord111
ord45
ord70
ord205
ord224
ord88
ord169
ord137
ord141
ord173

psapi

EnumProcessModules
GetModuleFileNameExW
EnumProcesses

shlwapi

StrStrIW
PathMatchSpecW
SHDeleteKeyW

userenv

UnloadUserProfile
CreateEnvironmentBlock
DestroyEnvironmentBlock
LoadUserProfileW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

ws2_32

accept
listen
bind
connect
htons
inet_addr
setsockopt
socket
WSAAddressToStringA
ioctlsocket
getsockopt
WSACleanup
WSAGetLastError
getnameinfo
ntohs
ntohl
WSAStartup
send
recv
getsockname
closesocket
WSASetLastError
getaddrinfo
freeaddrinfo
gethostname
gethostbyname
inet_ntoa

wtsapi32

WTSEnumerateSessionsW
WTSFreeMemory
WTSQuerySessionInformationW
WTSEnumerateProcessesW
WTSWaitSystemEvent

kernel32

OpenMutexW
GetCurrentProcess
GetCurrentProcessId
OpenProcess
FreeLibrary
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
LoadLibraryExW
LoadResource
SizeofResource
FindResourceW
LoadLibraryW
lstrcmpiW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
K32EnumProcessModules
K32GetModuleFileNameExW
DeleteFileW
FindClose
FindFirstFileW
FindNextFileW
GetFileAttributesW
SetFileAttributesW
GetEnvironmentVariableW
CreateFileW
GetVolumeInformationW
DeviceIoControl
WaitForSingleObject
GetTickCount
GetVersionExW
LocalAlloc
LocalFree
ExpandEnvironmentStringsW
SetCurrentDirectoryW
GetCurrentDirectoryW
SearchPathW
GetDriveTypeW
GetFileAttributesExW
GetFileSize
GetFileSizeEx
GetFullPathNameW
TlsFree
GetLogicalDriveStringsW
Sleep
TlsAlloc
TlsGetValue
TlsSetValue
GetSystemDirectoryW
GetWindowsDirectoryW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
ReadFile
WriteFile
SetNamedPipeHandleState
WaitNamedPipeW
GetOverlappedResult
SetEvent
ResetEvent
ReleaseMutex
CreateEventW
WaitForMultipleObjects
CopyFileW
VerSetConditionMask
GetSystemInfo
VerifyVersionInfoW
HeapAlloc
HeapFree
GetProcessHeap
TerminateProcess
GetCurrentThread
GlobalAlloc
GlobalFree
GetComputerNameW
FindFirstVolumeW
FindNextVolumeW
FindVolumeClose
GetLogicalDrives
GetLongPathNameW
GetVolumePathNameW
QueryDosDeviceW
GetVolumeNameForVolumeMountPointW
HeapDestroy
SetLastError
HeapSize
OpenThread
ReadProcessMemory
lstrlenW
FindFirstVolumeMountPointW
FindNextVolumeMountPointW
FindVolumeMountPointClose
K32EnumProcesses
GetCommandLineW
QueryPerformanceCounter
OpenEventW
CreateThread
TerminateThread
CreateProcessW
ProcessIdToSessionId
WTSGetActiveConsoleSessionId
FileTimeToSystemTime
CreateDirectoryW
GetTempPathW
CancelIo
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetWaitableTimer
CancelWaitableTimer
CreateWaitableTimerW
GetExitCodeProcess
GetCurrentThreadId
GetUserDefaultLCID
GetACP
SetThreadLocale
GetUserDefaultUILanguage
GetModuleHandleExW
CompareStringW
GetFileType
SwitchToFiber
DeleteFiber
CreateFiber
GetSystemTimeAsFileTime
FormatMessageW
ConvertFiberToThread
ConvertThreadToFiber
LoadLibraryA
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
SetEndOfFile
IsDebuggerPresent
OutputDebugStringW
EncodePointer
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
IsProcessorFeaturePresent
VirtualAlloc
VirtualFree
LoadLibraryExA
LCMapStringW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
WaitForSingleObjectEx
GetStartupInfoW
RtlUnwind
InterlockedFlushSList
WriteConsoleW
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
ExitProcess
SetConsoleCtrlHandler
SetFilePointerEx
GetConsoleCP
GetDateFormatW
GetTimeFormatW
IsValidLocale
EnumSystemLocalesW
FlushFileBuffers
SetStdHandle
IsValidCodePage
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
CreateMutexW
CloseHandle
GetLocaleInfoW
MultiByteToWideChar
WideCharToMultiByte
GetTimeZoneInformation
GetSystemDirectoryA
DeleteCriticalSection
InitializeCriticalSectionEx
GetLastError
RaiseException
DecodePointer
SwitchToThread
InitializeCriticalSectionAndSpinCount
CreateHardLinkW
MoveFileExW
CreateDirectoryExW
AreFileApisANSI
SetFileTime
RemoveDirectoryW
GetFileInformationByHandle
FindFirstFileExW
GetDiskFreeSpaceExW
GetStringTypeW
HeapReAlloc
GetFullPathNameA
GetStdHandle

user32

GetWindowTextW
SetWindowTextW
InvalidateRect
SetForegroundWindow
TrackPopupMenu
GetSubMenu
EnableMenuItem
DestroyMenu
EnableWindow
GetDlgItem
CreateDialogParamW
IsWindowVisible
SetWindowPos
ShowWindow
PostQuitMessage
SetWindowLongW
PostMessageW
GetClientRect
RegisterWindowMessageW
LoadStringW
GetWindowThreadProcessId
FindWindowW
MessageBoxW
GetSystemMetrics
CopyIcon
CharNextW
DestroyWindow
ExitWindowsEx
DispatchMessageW
GetMessageW
UnregisterClassW
GetParent
GetWindow
MonitorFromWindow
GetMonitorInfoW
OpenInputDesktop
GetWindowRect
GetCursorPos
MapWindowPoints
SendMessageW
CloseDesktop
GetWindowLongW
GetThreadDesktop
GetUserObjectInformationW
GetProcessWindowStation
DefWindowProcW

advapi32

EqualSid
AddAce
RegQueryValueExW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
GetAce
GetAclInformation
GetFileSecurityW
GetLengthSid
GetSecurityDescriptorControl
GetSecurityDescriptorDacl
InitializeAcl
SetFileSecurityW
LookupAccountNameW
OpenThreadToken
GetTokenInformation
LookupAccountSidW
GetSidIdentifierAuthority
GetSidSubAuthority
GetSidSubAuthorityCount
ImpersonateLoggedOnUser
IsValidSid
RegOpenKeyW
AllocateAndInitializeSid
CheckTokenMembership
DuplicateToken
AddAccessAllowedAce
FreeSid
GetUserNameW
RevertToSelf
RegOpenCurrentUser
RegEnumKeyW
RegEnumValueW
RegRestoreKeyW
RegSaveKeyW
ChangeServiceConfig2W
CloseServiceHandle
ControlService
CreateServiceW
DeleteService
OpenSCManagerW
OpenServiceW
QueryServiceStatusEx
RegisterServiceCtrlHandlerW
SetServiceStatus
StartServiceCtrlDispatcherW
CreateProcessAsUserW
DuplicateTokenEx
LsaFreeMemory
LsaClose
LsaOpenPolicy
LsaQueryInformationPolicy
AccessCheck
AdjustTokenPrivileges
InitializeSecurityDescriptor
OpenProcessToken
ImpersonateSelf
MapGenericMask
SetEntriesInAclW
GetNamedSecurityInfoW
SetNamedSecurityInfoW
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptSetHashParam
RegSetValueExW
RegQueryInfoKeyW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
LookupPrivilegeValueW
SetSecurityDescriptorDacl
CryptGetProvParam
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey

ole32

CoUninitialize
CoCreateInstance
CoInitializeEx
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
IIDFromString
StringFromCLSID
StringFromGUID2
CoCreateGuid
CoSetProxyBlanket
CoInitialize

shell32

SHGetFolderPathW
CommandLineToArgvW
Shell_NotifyIconW
ShellExecuteExW

oleaut32

SysAllocString
SysFreeString
VariantInit
VariantClear
CreateErrorInfo
VariantChangeType
VarUI4FromStr
GetErrorInfo
SetErrorInfo
VariantCopy

bcrypt

BCryptGenRandom

Exports

Exports

BeginHttpRequest
BeginHttpResponse
FCP_add_param
FCP_append_objdata_ff
FCP_break_obj_header
FCP_breakup_data_item
FCP_calculate_obj_head_chksum
FCP_chk_partial_obj_files
FCP_cleanup
FCP_clear_object_storage
FCP_clear_package
FCP_clear_params
FCP_clear_request
FCP_clear_response
FCP_combine_params
FCP_create_package_hdr
FCP_del_param
FCP_delete_file
FCP_get_file_size
FCP_get_obj_resume_info
FCP_get_object_desc
FCP_get_param
FCP_init_object_storage
FCP_init_package
FCP_init_params
FCP_init_request
FCP_init_request_for_sending
FCP_init_response
FCP_init_response_for_sending
FCP_initialize
FCP_load_object
FCP_load_package
FCP_pack_obj
FCP_parse_params
FCP_recv_request
FCP_recv_response
FCP_send_n_recv
FCP_send_object
FCP_send_request
FCP_send_response
FCP_set_param
FCP_unpack_obj
FCP_unpack_obj_ff
FCP_unpack_obj_fnfn
FCP_verify_object_hdr
FCP_verify_package_hdr
FR_cleanup
FR_close
FR_connect
FR_connected
FR_get_local_addr
FR_initialize
FR_read
FR_write

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 578KB - Virtual size: 578KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9d3dea7c2e4b1aea02dbe0497365d065

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

08:62:df:fe:c6:e9:33:2b:fa:93:b2:f1:87:86:36:42Certificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

42:eb:90:a2:b8:87:10:3a:e0:fe:ee:32:ba:39:ff:21:f3:07:6c:ca:a0:8d:36:9f:2d:de:f8:22:93:12:30:65Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

rpcrt4

comdlg32

crypt32

iphlpapi

msi

psapi

shlwapi

userenv

version

ws2_32

wtsapi32

kernel32

user32

advapi32

ole32

shell32

oleaut32

bcrypt

Exports

Exports

Sections

.text Size: 2.1MB - Virtual size: 2.1MB

.rdata Size: 578KB - Virtual size: 578KB

.data Size: 14KB - Virtual size: 44KB

.rsrc Size: 44KB - Virtual size: 43KB

.reloc Size: 87KB - Virtual size: 87KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

08:62:df:fe:c6:e9:33:2b:fa:93:b2:f1:87:86:36:42
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

42:eb:90:a2:b8:87:10:3a:e0:fe:ee:32:ba:39:ff:21:f3:07:6c:ca:a0:8d:36:9f:2d:de:f8:22:93:12:30:65
Signer

.text
Size: 2.1MB - Virtual size: 2.1MB

.rdata
Size: 578KB - Virtual size: 578KB

.data
Size: 14KB - Virtual size: 44KB

.rsrc
Size: 44KB - Virtual size: 43KB

.reloc
Size: 87KB - Virtual size: 87KB