87fabe3e3ea4d10c536ddedc795e7469fe4829d46413af28564b22b1d0ca5628

Sharing

Copy URL Twitter E-mail

General

Target

87fabe3e3ea4d10c536ddedc795e7469fe4829d46413af28564b22b1d0ca5628
Size

4.9MB
MD5

48ca0c20bee8a1586e1952ddbd022ccd
SHA1

a21e8feaccfe9c8b179158122fc4023a290d539e
SHA256

87fabe3e3ea4d10c536ddedc795e7469fe4829d46413af28564b22b1d0ca5628
SHA512

3a92bbbd0f40af27e7cea299688118b69b30450c78c3f00572714516ae075b4ddaf3afffb1db2588092b99fb00fce5c32327743fa5992dfd4d34609e4cac9635
SSDEEP

98304:if0ZcczBIw8jB69bHcegMIzJ6YUosJ+f47fQNqDI7NrksuK:FZccLrPEtQ7fH2

Score

1^/10

Malware Config

Signatures

Files

87fabe3e3ea4d10c536ddedc795e7469fe4829d46413af28564b22b1d0ca5628
.exe windows:6 windows x86 arch:x86

29fcdec5b7ebac008359189f7e71ee59

Code Sign

74:fa:e4:02:5a:90:b1:62:a2:d6:59:87:9b:63:9c:47
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

05/12/2018, 00:00

Not After

08/01/2022, 23:59

Subject

CN=Absolute Software Corp.,O=Absolute Software Corp.,L=Vancouver,ST=British Columbia,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c1:fd:d3:21:5d:0e:3a:b2:dd:5f:4f:6f:84:d9:5b:9c:9b:cc:1d:88:89:50:f0:1e:ef:88:c8:b8:08:86:b5:ec
Signer

Actual PE Digest

c1:fd:d3:21:5d:0e:3a:b2:dd:5f:4f:6f:84:d9:5b:9c:9b:cc:1d:88:89:50:f0:1e:ef:88:c8:b8:08:86:b5:ec

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Jenkins\workspace\es_hotfix_dev-abs-7.15-paas-A2M2SWYNE2V2LXB67P4J5ZMNWZZEFNBY3J4LSPDEKT4QOSXW7Y5Q\target\output\bin\Release\Ctes.pdb

Imports

mswsock

AcceptEx

crypt32

CertGetCertificateContextProperty
CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertOpenStore
CryptQueryObject
CertGetNameStringW
CertGetNameStringA
CertFindCertificateInStore
CertCloseStore
CryptMsgGetParam
CryptMsgClose
CryptHashPublicKeyInfo
CertFreeCertificateContext

kernel32

QueryPerformanceFrequency
SetHandleInformation
SetNamedPipeHandleState
CancelIoEx
GetSystemInfo
VirtualProtect
GetModuleFileNameW
OutputDebugStringW
AreFileApisANSI
GetSystemTime
GetTempPathA
DeleteFileW
OutputDebugStringA
GetFileAttributesExW
GetDiskFreeSpaceA
CreateFileMappingW
CreateFileMappingA
LoadLibraryA
GetDiskFreeSpaceW
LockFileEx
HeapSize
GetProcAddress
GetTempPathW
CreateFileW
GetFileAttributesW
HeapValidate
HeapCreate
GetFileAttributesA
HeapDestroy
FormatMessageW
LoadLibraryW
GetSystemTimeAsFileTime
UnlockFileEx
GetTickCount
WaitForSingleObjectEx
LockFile
FlushViewOfFile
UnlockFile
SystemTimeToFileTime
FreeLibrary
UnmapViewOfFile
MapViewOfFile
HeapCompact
CreateMutexW
GetFileSize
HeapReAlloc
GetFullPathNameA
GetFullPathNameW
TryEnterCriticalSection
GetVersionExW
GetCurrentDirectoryW
GetLogicalDriveStringsW
GetLongPathNameW
GetSystemDirectoryW
CreateDirectoryW
RemoveDirectoryW
SetFileAttributesW
CopyFileW
MoveFileExW
CreateEventW
FindClose
FindFirstFileW
FindNextFileW
LoadLibraryExW
QueryPerformanceCounter
DuplicateHandle
TerminateProcess
GetExitCodeProcess
CreateProcessW
GetStartupInfoW
OpenProcess
GetConsoleWindow
OpenFileMappingW
ReleaseMutex
GetEnvironmentVariableA
SetEnvironmentVariableA
GetComputerNameA
InitializeCriticalSectionAndSpinCount
GetCurrentThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetTimeZoneInformation
WaitForMultipleObjects
SetLastError
GetFileType
GlobalMemoryStatus
FlushConsoleInputBuffer
EncodePointer
IsDebuggerPresent
IsProcessorFeaturePresent
RtlUnwind
GetCommandLineA
lstrlenA
PeekNamedPipe
GetFileInformationByHandle
FileTimeToLocalFileTime
PostQueuedCompletionStatus
GetQueuedCompletionStatusEx
CreateIoCompletionPort
GetCurrentProcessId
InitOnceExecuteOnce
WriteConsoleW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
FindFirstFileExW
SetStdHandle
ReadConsoleW
GetCPInfo
ExitThread
SetConsoleCtrlHandler
ExitProcess
InitializeConditionVariable
GetCurrentThreadId
MultiByteToWideChar
FormatMessageA
GetModuleHandleA
WideCharToMultiByte
GetVolumePathNameA
MoveFileExA
CopyFileExA
VirtualFree
VirtualAlloc
DeviceIoControl
SetFilePointer
SetEndOfFile
DeleteFileA
CreateFileA
CreateNamedPipeA
GetOverlappedResult
DisconnectNamedPipe
ConnectNamedPipe
WriteFile
ReadFile
FlushFileBuffers
CreateProcessA
Process32Next
Process32First
CreateToolhelp32Snapshot
GetExitCodeThread
GetTickCount64
TerminateThread
ResetEvent
LocalFree
LocalAlloc
InitializeCriticalSectionEx
RaiseException
DecodePointer
SetDllDirectoryA
GetModuleFileNameA
VerifyVersionInfoW
CreateThread
GetCurrentProcess
Sleep
CreateEventA
WaitForSingleObject
SetEvent
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetProcessHeap
HeapFree
HeapAlloc
GetLastError
CloseHandle
VerSetConditionMask
SetFilePointerEx
GetConsoleCP
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
ReleaseSemaphore
FreeLibraryAndExitThread
GetThreadTimes
GetOEMCP
GetACP
IsValidCodePage
FreeEnvironmentStringsW
GetEnvironmentStringsW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
GetStringTypeW
GetStdHandle
SetThreadPriority
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SwitchToThread
SignalObjectAndWait
CreateTimerQueue
CreateSemaphoreW
GetModuleHandleW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetConsoleMode
ReadConsoleInputA
GetConsoleMode
GetModuleHandleExW

user32

MessageBoxA
GetUserObjectInformationW
PostThreadMessageA
GetProcessWindowStation
GetMessageA
DispatchMessageA
TranslateMessage

shell32

SHGetFolderPathA

ole32

CoInitializeSecurity
CoCreateInstance
CoInitializeEx
CoSetProxyBlanket
CoUninitialize

oleaut32

SysFreeString
VariantClear
SysStringLen
SysAllocString

advapi32

AllocateAndInitializeSid
EqualSid
FreeSid
GetTokenInformation
ChangeServiceConfigA
ChangeServiceConfig2A
CloseServiceHandle
ControlService
CreateServiceA
DeleteService
OpenSCManagerA
OpenServiceA
QueryServiceStatus
RegisterServiceCtrlHandlerA
SetServiceStatus
CryptEnumProvidersA
CryptSignHashA
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptAcquireContextA
ReportEventA
RegisterEventSourceA
DeregisterEventSource
CryptGenRandom
CryptReleaseContext
CryptAcquireContextW
RegQueryValueExW
RegOpenKeyExW
SystemFunction036
ImpersonateLoggedOnUser
RegGetValueA
StartServiceCtrlDispatcherA
RegQueryValueExA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
SetNamedSecurityInfoA
GetNamedSecurityInfoA
CreateProcessAsUserA
RevertToSelf
DuplicateTokenEx
SetEntriesInAclA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CreateWellKnownSid
AdjustTokenPrivileges
StartServiceA
OpenProcessToken

shlwapi

PathFileExistsW
ord219

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

wtsapi32

WTSQueryUserToken
WTSFreeMemory
WTSEnumerateSessionsA

winhttp

WinHttpQueryDataAvailable
WinHttpQueryOption
WinHttpSetOption
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpSetCredentials
WinHttpConnect
WinHttpCloseHandle
WinHttpOpen
WinHttpReadData
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpQueryAuthSchemes

rpcrt4

UuidCreate
UuidToStringA
RpcStringFreeA

iphlpapi

GetAdaptersAddresses

ws2_32

__WSAFDIsSet
select
WSAGetLastError
htons
WSACleanup
bind
closesocket
connect
ioctlsocket
accept
WSAStartup
WSASetLastError
shutdown
getsockname
htonl
listen
recv
send
setsockopt
socket
ntohl
inet_addr
inet_pton
freeaddrinfo
getaddrinfo
WSASend
WSAPoll
WSAIoctl
WSARecv

wintrust

WinVerifyTrust

Sections

.text
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 919KB - Virtual size: 919KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 132KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 199KB - Virtual size: 199KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

29fcdec5b7ebac008359189f7e71ee59

Code Sign

74:fa:e4:02:5a:90:b1:62:a2:d6:59:87:9b:63:9c:47Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

c1:fd:d3:21:5d:0e:3a:b2:dd:5f:4f:6f:84:d9:5b:9c:9b:cc:1d:88:89:50:f0:1e:ef:88:c8:b8:08:86:b5:ecSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mswsock

crypt32

kernel32

user32

shell32

ole32

oleaut32

advapi32

shlwapi

version

wtsapi32

winhttp

rpcrt4

iphlpapi

ws2_32

wintrust

Sections

.text Size: 3.6MB - Virtual size: 3.6MB

.rdata Size: 919KB - Virtual size: 919KB

.data Size: 132KB - Virtual size: 163KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 199KB - Virtual size: 199KB

74:fa:e4:02:5a:90:b1:62:a2:d6:59:87:9b:63:9c:47
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

c1:fd:d3:21:5d:0e:3a:b2:dd:5f:4f:6f:84:d9:5b:9c:9b:cc:1d:88:89:50:f0:1e:ef:88:c8:b8:08:86:b5:ec
Signer

.text
Size: 3.6MB - Virtual size: 3.6MB

.rdata
Size: 919KB - Virtual size: 919KB

.data
Size: 132KB - Virtual size: 163KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 199KB - Virtual size: 199KB