CCXProcess[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

CCXProcess.exe
Size

126KB
MD5

d19f86525a8e5dc0bc853f7fbb5d564e
SHA1

4c48607411de8ea3635c2451d3087103bcc1ab1b
SHA256

6c4b356ba5b85961c03cdc7819e8e03e057f01f48f8214f43692c6c57b78d925
SHA512

fcb7636352cb0ae41882a51185ea51debaebee3489cd239ff5c1a6a99c4fae4463671df61d21e244bb1915f7a0290a1743018c37e0ce633b70f2d3c7c0f01aea
SSDEEP

1536:gnbDIYKUAunvMc5qgU/KMkDE7JnRlGqgU/KMkDE7JnRliH:gwHunvMbguKMkDEjguKMkDEkH

Score

1^/10

Malware Config

Signatures

Files

CCXProcess.exe
.exe windows:6 windows x86 arch:x86

0a36c95a94bebbe1d38de00fb4fc2981

Code Sign

01:95:c2:00:d3:be:b4:97:68:05:ac:d3:97:3b:b6:df
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

31/01/2019, 00:00

Not After

03/02/2021, 12:00

Subject

SERIALNUMBER=2748129,CN=Adobe Inc.,OU=CCM,O=Adobe Inc.,L=San Jose,ST=ca,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3c:d2:7d:db:ac:81:ed:c8:3e:7f:07:68:bd:d9:4a:8e:64:a9:f3:93:40:2f:57:44:a8:f6:b7:d6:18:c5:ad:4b
Signer

Actual PE Digest

3c:d2:7d:db:ac:81:ed:c8:3e:7f:07:68:bd:d9:4a:8e:64:a9:f3:93:40:2f:57:44:a8:f6:b7:d6:18:c5:ad:4b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\bhawsar\OneDrive - Adobe Systems Inc\BHAWSAR-WX-1\Desktop\ccx-process-redirect-script\Release\CCXProcessRedirect.pdb

Imports

kernel32

Wow64DisableWow64FsRedirection
GetEnvironmentVariableW
GetLastError
CreateProcessW
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
UnhandledExceptionFilter
GetModuleHandleW

msvcp140

?_Xlength_error@std@@YAXPBD@Z

vcruntime140

__current_exception
_CxxThrowException
_except_handler4_common
__std_exception_copy
__std_exception_destroy
__current_exception_context
memcpy
memset
memmove

api-ms-win-crt-string-l1-1-0

wcscpy_s
wcscat_s

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn
_register_onexit_function
_crt_atexit
_controlfp_s
terminate
exit
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
_initialize_onexit_table
_initterm_e
_initterm
_get_wide_winmain_command_line
_initialize_wide_environment
_configure_wide_argv
_exit
_set_app_type
_seh_filter_exe

api-ms-win-crt-heap-l1-1-0

_callnewh
malloc
_set_new_mode
free

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 106KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 556B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0a36c95a94bebbe1d38de00fb4fc2981

Code Sign

01:95:c2:00:d3:be:b4:97:68:05:ac:d3:97:3b:b6:dfCertificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

3c:d2:7d:db:ac:81:ed:c8:3e:7f:07:68:bd:d9:4a:8e:64:a9:f3:93:40:2f:57:44:a8:f6:b7:d6:18:c5:ad:4bSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

msvcp140

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 5KB - Virtual size: 5KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 106KB - Virtual size: 106KB

.reloc Size: 1024B - Virtual size: 556B

01:95:c2:00:d3:be:b4:97:68:05:ac:d3:97:3b:b6:df
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

3c:d2:7d:db:ac:81:ed:c8:3e:7f:07:68:bd:d9:4a:8e:64:a9:f3:93:40:2f:57:44:a8:f6:b7:d6:18:c5:ad:4b
Signer

.text
Size: 5KB - Virtual size: 5KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 106KB - Virtual size: 106KB

.reloc
Size: 1024B - Virtual size: 556B