capinfos[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

capinfos.exe
Size

332KB
MD5

7408aaf88e9b0ef2fb408abfcade2c54
SHA1

f2cb63bc9b7a0c4b921000d8424240ad3bb65fc8
SHA256

9a67d3ed88ac01c85b732cad6e1cd97c33c30bcf9a9c0f9da695e07a044d11d2
SHA512

2d805b8617e3d31a9b2918f123996226e07f3c27cab02c5742dc2863edd2432c6a8e5b642487e5236af07fd5dca01a5a61172fe532ca905b9132761df57bafdc
SSDEEP

3072:atUopHpa6A1qBFUf/LDnYyYtyr2rFP0oBjOIn:C36f/LrZYtuSFP93n

Score

1^/10

Malware Config

Signatures

Files

capinfos.exe
.exe windows:6 windows x64 arch:x64

f792f566a6812ecb62e8937bdc8d3172

Code Sign

02:cc:d9:9f:7d:55:6c:13:ce:87:10:c6:9d:09:b3:1a
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

15-04-2019 00:00

Not After

14-04-2022 23:59

Subject

CN=Wireshark Foundation\, Inc.,O=Wireshark Foundation\, Inc.,POSTALCODE=95616,STREET=711 4th street,L=Davis,ST=CA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-11-2018 00:00

Not After

31-12-2030 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23-12-2017 00:00

Not After

22-03-2029 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3b:7b:e5:e3:8a:d5:ae:c4:fc:98:19:42:d4:fb:b5:60:f0:b4:33:81:a8:e3:e4:3d:be:22:64:64:f3:db:3a:55
Signer

Actual PE Digest

3b:7b:e5:e3:8a:d5:ae:c4:fc:98:19:42:d4:fb:b5:60:f0:b4:33:81:a8:e3:e4:3d:be:22:64:64:f3:db:3a:55

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\buildbot\builders\wireshark-3.4-64\windows-2019-x64\build\cmbuild\run\RelWithDebInfo\capinfos.pdb

Imports

libwiretap

wtap_file_encap
wtap_file_get_idb_info
wtap_file_type_subtype_string
wtap_block_get_nth_string_option_value
wtap_tsprec_string
wtap_file_get_shb
wtap_set_cb_new_ipv6
wtap_open_offline
wtap_file_size
wtap_snapshot_length
wtap_file_type_subtype
wtap_block_get_string_option_value
wtap_set_cb_new_ipv4
wtap_get_debug_if_descr
wtap_cleanup
wtap_file_tsprec
wtap_rec_cleanup
wtap_get_compression_type
wtap_read
wtap_compression_type_description
wtap_rec_init
wtap_set_cb_new_secrets
wtap_close
wtap_strerror
wtap_file_type_subtype_short_string
wtap_get_num_encap_types
wtap_file_get_num_shbs
wtap_init
wtap_encap_description

libgcrypt-20

gcry_check_version
gcry_md_close
gcry_md_ctl
gcry_md_enable
gcry_md_open
gcry_md_read
gcry_md_reset
gcry_md_write

libwsutil

ws_buffer_init
nstime_to_sec
free_progdirs
init_progfile_dir
init_process_policies
ws_stdio_fopen
create_app_running_mutex
nstime_set_zero
optind
format_size
nstime_delta
ws_buffer_free
getopt_long
nstime_cmp
ws_add_crash_info
get_os_version_info
get_cpu_info
get_copyright_info
plugins_get_count
file_open_error_message
init_report_message

gmodule-2

g_module_supported

glib-2

g_string_append
g_string_append_printf
g_array_free
g_string_free
g_strdup_printf
g_array_append_vals
g_array_set_size
g_string_new
g_free
g_strjoinv
g_strdup
g_strerror
g_array_sized_new
g_snprintf
g_malloc0_n
g_strfreev
g_assertion_message_expr
g_strlcpy
g_strsplit
g_malloc

kernel32

GetModuleHandleW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WideCharToMultiByte
GlobalMemoryStatusEx

vcruntime140

strchr
__C_specific_handler
__std_type_info_destroy_list
__current_exception
__current_exception_context
memset

api-ms-win-crt-locale-l1-1-0

setlocale
localeconv
_configthreadlocale

api-ms-win-crt-stdio-l1-1-0

fclose
fread
__acrt_iob_func
putchar
__p__commode
_set_fmode
__stdio_common_vfprintf

api-ms-win-crt-time-l1-1-0

_localtime64

api-ms-win-crt-heap-l1-1-0

_set_new_mode
malloc

api-ms-win-crt-runtime-l1-1-0

terminate
_crt_at_quick_exit
_configure_narrow_argv
_initialize_narrow_environment
_seh_filter_exe
_seh_filter_dll
_set_app_type
_initialize_onexit_table
_register_onexit_function
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
__p___wargv
__p___argc
_crt_atexit
_exit
exit
_initterm_e
_initterm
_get_initial_wide_environment
_initialize_wide_environment
_configure_wide_argv
_execute_onexit_table

api-ms-win-crt-math-l1-1-0

__setusermatherr

Sections

.text
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 283KB - Virtual size: 282KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f792f566a6812ecb62e8937bdc8d3172

Code Sign

02:cc:d9:9f:7d:55:6c:13:ce:87:10:c6:9d:09:b3:1aCertificate

Extended Key Usages

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

3b:7b:e5:e3:8a:d5:ae:c4:fc:98:19:42:d4:fb:b5:60:f0:b4:33:81:a8:e3:e4:3d:be:22:64:64:f3:db:3a:55Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

libwiretap

libgcrypt-20

libwsutil

gmodule-2

glib-2

kernel32

vcruntime140

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

Sections

.text Size: 21KB - Virtual size: 20KB

.rdata Size: 17KB - Virtual size: 17KB

.data Size: 512B - Virtual size: 2KB

.pdata Size: 1KB - Virtual size: 1KB

.rsrc Size: 283KB - Virtual size: 282KB

.reloc Size: 512B - Virtual size: 64B

02:cc:d9:9f:7d:55:6c:13:ce:87:10:c6:9d:09:b3:1a
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

3b:7b:e5:e3:8a:d5:ae:c4:fc:98:19:42:d4:fb:b5:60:f0:b4:33:81:a8:e3:e4:3d:be:22:64:64:f3:db:3a:55
Signer

.text
Size: 21KB - Virtual size: 20KB

.rdata
Size: 17KB - Virtual size: 17KB

.data
Size: 512B - Virtual size: 2KB

.pdata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 283KB - Virtual size: 282KB

.reloc
Size: 512B - Virtual size: 64B