rawshark[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

rawshark.exe
Size

357KB
MD5

5a77af7a603542255934722129ef8683
SHA1

3d94a373f496143d2971bed91d25150ba9542200
SHA256

c3c2a973c47ea149802d2c4abf1690a4731e4bf85393cf781f65081fa5e616ee
SHA512

946c3ce963228a068c09a2af3d83bdadc4d95a81fc12b9ef2a17e34606b79707de0ef10e91846cfe5ae94134bb81b27a2ca81e7589b5bb828e793e654fc2695d
SSDEEP

3072:Oj38JUOZHU5f/LMWaw0V7Eyr2rFP0oBj+Uy:O7f/L/WV7EuSFP9fy

Score

1^/10

Malware Config

Signatures

Files

rawshark.exe
.exe windows:6 windows x64 arch:x64

263e3966a808f3a17379627d8e646e63

Code Sign

02:cc:d9:9f:7d:55:6c:13:ce:87:10:c6:9d:09:b3:1a
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

15-04-2019 00:00

Not After

14-04-2022 23:59

Subject

CN=Wireshark Foundation\, Inc.,O=Wireshark Foundation\, Inc.,POSTALCODE=95616,STREET=711 4th street,L=Davis,ST=CA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-11-2018 00:00

Not After

31-12-2030 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23-12-2017 00:00

Not After

22-03-2029 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

12:da:42:b8:c2:c7:7e:c4:b8:39:a3:64:b5:e5:c5:46:8a:b3:6b:4c:11:03:b0:cb:78:17:2f:32:64:72:9d:9f
Signer

Actual PE Digest

12:da:42:b8:c2:c7:7e:c4:b8:39:a3:64:b5:e5:c5:46:8a:b3:6b:4c:11:03:b0:cb:78:17:2f:32:64:72:9d:9f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\buildbot\builders\wireshark-3.4-64\windows-2019-x64\build\cmbuild\run\RelWithDebInfo\rawshark.pdb

Imports

libwireshark

prefs_apply_all
fvalue_get_sinteger
epan_dissect_run_with_taps
fvalue_get_sinteger64
find_dissector
register_tap_listener
epan_new
prefs_set_pref
epan_load_settings
epan_cleanup
rval_to_str_const
epan_dissect_prime_with_dfilter
ftype_name
string_to_name_resolve
val64_to_str_const
epan_init
dfilter_compile
dfilter_apply_edt
frame_data_init
proto_get_finfo_ptr_array
frame_data_destroy
wmem_free
gbl_resolv_flags
disable_name_resolution
build_column_format_array
timestamp_set_type
epan_free
frame_data_set_before_dissect
tfs_true_false
epan_dissect_cleanup
epan_dissect_init
proto_field_display_to_string
proto_registrar_get_byname
proto_report_dissector_bug
val_to_str_ext_const
frame_data_set_after_dissect
timestamp_set_precision
timestamp_set_seconds_type
fvalue_get_uinteger
fvalue_string_repr_len
fvalue_get_uinteger64
val_to_str_const
epan_get_compiled_version_info
tfs_get_string
epan_dissect_reset
prefs_register_string_preference
prefs_find_preference
dissector_change_payload
dissector_change_string
proto_get_protocol_filter_name
proto_registrar_get_byalias
find_dissector_table
proto_get_protocol_name
dissector_handle_get_protocol_index
proto_get_id_by_filter_name
dissector_change_uint
dissector_table_foreach_handle
get_dissector_table_selector_type
dissector_all_tables_foreach_table
proto_enable_heuristic_by_name
read_keytab_file
proto_enable_proto_by_name
proto_disable_proto_by_name
tvb_new
tvb_ws_mempbrk_pattern_guint8
wmem_epan_scope
wmem_strdup
prefs
prefs_find_module
fvalue_to_string_repr

iphlpapi

ConvertInterfaceLuidToAlias
ConvertInterfaceGuidToLuid

libwiretap

wtap_cleanup
wtap_rec_cleanup
wtap_rec_init
wtap_init
wtap_file_get_idb_info
wtap_block_get_string_option_value
wtap_seek_read
wtap_file_type_subtype_string
wtap_file_type_subtype_short_string
wtap_strerror
wtap_pcap_encap_to_wtap_encap

libwsutil

please_report_bug
utf_16to8
ws_buffer_init
optarg
init_progfile_dir
init_process_policies
create_app_running_mutex
utf_8to16
nstime_set_zero
relinquish_special_privs_perm
ws_buffer_assure_space
init_report_message
ws_buffer_free
getopt_long
ws_init_sockets
ws_init_dll_search_path
file_open_error_message
get_persconffile_path
ws_pipe_spawn_sync
ws_pipe_spawn_async
ws_pipe_close
ws_read_string_from_pipe
get_extcap_dir
file_exists
ws_pipe_wait_for_pipe
ws_strtou32
ws_add_crash_info
get_os_version_info
get_cpu_info
get_copyright_info
plugins_get_count
ws_module_open
optind

gmodule-2

g_module_supported
g_module_symbol

glib-2

g_ascii_table
g_strlcat
g_string_printf
g_slist_reverse
g_slist_prepend
g_list_prepend
g_slist_free_full
g_utf16_to_utf8
g_strjoinv
g_ptr_array_remove_index
g_ptr_array_sized_new
g_tree_new_full
g_tree_replace
g_tree_lookup
g_match_info_free
g_log
g_ptr_array_new
g_string_free
g_ptr_array_add
g_string_new
g_string_truncate
g_malloc
g_strlcpy
g_string_append
g_log_set_handler
g_string_insert_c
g_ptr_array_free
g_string_append_printf
g_free
g_snprintf
g_ptr_array_set_size
g_strerror
g_strdup_printf
g_ascii_strncasecmp
g_strdup
g_ptr_array_foreach
g_thread_pool_free
g_dir_close
g_regex_replace
g_spawn_close_pid
g_hash_table_get_values
g_hash_table_foreach_remove
g_list_free_full
g_list_delete_link
g_malloc_n
g_list_find
g_cond_init
g_list_foreach
g_list_first
g_mutex_unlock
g_mutex_clear
g_dir_open_utf8
g_thread_pool_push
g_path_get_basename
g_mutex_lock
g_hash_table_destroy
g_slist_free
g_ascii_strdown
g_hash_table_remove_all
g_child_watch_add
g_regex_new
g_cond_clear
g_file_test_utf8
g_slist_length
g_list_append
g_str_hash
g_strdupv
g_hash_table_new_full
g_mutex_init
g_list_sort
g_get_num_processors
g_hash_table_lookup_extended
g_assertion_message_expr
g_hash_table_get_keys
g_hash_table_insert
g_malloc0_n
g_strcmp0
g_source_remove
g_get_monotonic_time
g_list_length
g_strconcat
g_cond_wait
g_strfreev
g_malloc0
g_cond_signal
g_list_find_custom
g_thread_pool_new
g_ptr_array_sort
g_regex_unref
g_strv_length
g_hash_table_size
g_dir_read_name_utf8
g_slist_append
g_str_equal
g_hash_table_lookup
g_list_free
g_strstr_len
g_match_info_fetch
g_match_info_matches
g_utf8_validate
g_regex_match_full
g_direct_equal
g_ascii_strtoll
g_regex_match
g_direct_hash
g_strtod
g_match_info_next
g_ascii_strcasecmp
g_strsplit
g_ascii_strtoull
g_regex_match_simple

kernel32

GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetSystemTimeAsFileTime
CreateFileW
FormatMessageW
GetLastError
LocalFree
WaitNamedPipeW
WideCharToMultiByte
CreateNamedPipeW
DisconnectNamedPipe
CloseHandle
FlushFileBuffers
GlobalMemoryStatusEx
MultiByteToWideChar
GetCurrentThreadId
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
GetStdHandle
GetHandleInformation

user32

GetSystemMetrics

advapi32

QueryServiceStatus
OpenSCManagerW
OpenServiceW
CloseServiceHandle

vcruntime140

__std_type_info_destroy_list
strchr
__current_exception_context
memset
strstr
memchr
__current_exception
__C_specific_handler
memcpy

api-ms-win-crt-runtime-l1-1-0

_crt_atexit
_crt_at_quick_exit
_initialize_wide_environment
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_get_initial_wide_environment
_initterm
_initterm_e
_seh_filter_dll
_seh_filter_exe
_set_app_type
exit
terminate
_exit
_errno
__p___argc
__p___wargv
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_configure_wide_argv

api-ms-win-crt-locale-l1-1-0

setlocale
_configthreadlocale

api-ms-win-crt-stdio-l1-1-0

__p__commode
__acrt_iob_func
fflush
_read
ferror
_setmode
_write
_open_osfhandle
_get_osfhandle
_set_fmode
__stdio_common_vfprintf
_close
__stdio_common_vsscanf

api-ms-win-crt-string-l1-1-0

strncmp

api-ms-win-crt-convert-l1-1-0

strtol

api-ms-win-crt-heap-l1-1-0

_set_new_mode
malloc

api-ms-win-crt-time-l1-1-0

strftime
_localtime64
_time64

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-math-l1-1-0

__setusermatherr

Sections

.text
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 283KB - Virtual size: 282KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 280B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

263e3966a808f3a17379627d8e646e63

Code Sign

02:cc:d9:9f:7d:55:6c:13:ce:87:10:c6:9d:09:b3:1aCertificate

Extended Key Usages

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

12:da:42:b8:c2:c7:7e:c4:b8:39:a3:64:b5:e5:c5:46:8a:b3:6b:4c:11:03:b0:cb:78:17:2f:32:64:72:9d:9fSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

libwireshark

iphlpapi

libwiretap

libwsutil

gmodule-2

glib-2

kernel32

user32

advapi32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-math-l1-1-0

Sections

.text Size: 30KB - Virtual size: 29KB

.rdata Size: 32KB - Virtual size: 32KB

.data Size: 512B - Virtual size: 6KB

.pdata Size: 2KB - Virtual size: 2KB

.rsrc Size: 283KB - Virtual size: 282KB

.reloc Size: 512B - Virtual size: 280B

02:cc:d9:9f:7d:55:6c:13:ce:87:10:c6:9d:09:b3:1a
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

12:da:42:b8:c2:c7:7e:c4:b8:39:a3:64:b5:e5:c5:46:8a:b3:6b:4c:11:03:b0:cb:78:17:2f:32:64:72:9d:9f
Signer

.text
Size: 30KB - Virtual size: 29KB

.rdata
Size: 32KB - Virtual size: 32KB

.data
Size: 512B - Virtual size: 6KB

.pdata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 283KB - Virtual size: 282KB

.reloc
Size: 512B - Virtual size: 280B