HostAppServiceUpdater[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

HostAppServiceUpdater.exe
Size

7.2MB
MD5

98997c23adfd3f64803cd7fbafe3f488
SHA1

d3734559a9f1f51ab998bb83f3db98d1aadfefa3
SHA256

fa2fb749e95ce6bf6116942292a99a8f43a5ce63d7d7795c40cdbbfca8383232
SHA512

9961450cec48b587e81be4932e1f98309811e8cac3c4558f062ddd35fca9cbec60316e08937b7375f88f0ab82959fb809c8d24730dc1ef485e4d7058b474f7a5
SSDEEP

98304:fsPsDfdQcZqrZ/ugnYYHd7yd2dvOyfW+t/3pWUsBHlzBtu6q8imwc8GDC:fxD1vZqt/ug5ldGyOe8i4C

Score

1^/10

Malware Config

Signatures

Files

HostAppServiceUpdater.exe
.exe windows:6 windows x64 arch:x64

af3cdd4ad79816fecc874a8ced71ead2

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:a2:05:d1:ff:66:99:e6:76:8d:ea:4d:de:28:2c:e6
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

08/03/2022, 00:00

Not After

07/03/2025, 23:59

Subject

CN=SweetLabs Inc,O=SweetLabs Inc,L=San Diego,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

58:97:e2:1b:b1:03:f9:be:68:4b:a5:4a:e6:26:71:3a:f4:99:df:21:6e:fe:0d:51:8b:ef:5d:fe:dc:cd:03:f2
Signer

Actual PE Digest

58:97:e2:1b:b1:03:f9:be:68:4b:a5:4a:e6:26:71:3a:f4:99:df:21:6e:fe:0d:51:8b:ef:5d:fe:dc:cd:03:f2

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

HostAppServiceUpdater.pdb

Imports

kernel32

GetCurrentThreadId
TerminateProcess
GetCurrentProcess
CreateWaitableTimerW
Sleep
CancelWaitableTimer
SetWaitableTimer
CreateEventW
WaitForSingleObject
ResetEvent
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
SetLastError
SetUnhandledExceptionFilter
SetDefaultDllDirectories
CreateFileW
CreateDirectoryW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
WideCharToMultiByte
FormatMessageW
FormatMessageA
LocalFree
GetProcAddress
GetModuleHandleW
ProcessIdToSessionId
GetCurrentProcessId
CreateEventA
SetEvent
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
GetLastError
SetDllDirectoryW
OOBEComplete
RegisterWaitUntilOOBECompleted
UnregisterWaitUntilOOBECompleted
DecodePointer
GetGeoInfoW
AreFileApisANSI
HeapCreate
GetDiskFreeSpaceW
LockFile
UnlockFileEx
MapViewOfFile
CreateFileMappingW
LockFileEx
UnlockFile
HeapCompact
DeleteFileA
CreateFileA
FlushViewOfFile
GetFileAttributesA
GetDiskFreeSpaceA
GetTempPathA
HeapValidate
UnmapViewOfFile
CreateMutexW
WriteConsoleW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
QueryPerformanceCounter
GetTickCount
QueryPerformanceFrequency
GetSystemDirectoryA
FreeLibrary
GetModuleHandleA
LoadLibraryA
MultiByteToWideChar
MoveFileExA
WaitForSingleObjectEx
CompareFileTime
GetSystemTimeAsFileTime
GetEnvironmentVariableA
GetStdHandle
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
SleepEx
VerSetConditionMask
VerifyVersionInfoW
GetEnvironmentVariableW
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
WriteFile
SwitchToFiber
DeleteFiber
CreateFiber
ConvertFiberToThread
ConvertThreadToFiber
LoadLibraryW
FindClose
FindFirstFileW
FindNextFileW
GetSystemTime
SystemTimeToFileTime
RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
LoadLibraryExA
GetTickCount64
CreateHardLinkW
DuplicateHandle
TerminateThread
CreateSemaphoreA
GetStringTypeExW
LCMapStringW
GetLocaleInfoW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetUserDefaultLCID
GetLocaleInfoEx
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
DeleteFileW
FindFirstFileExW
GetDiskFreeSpaceExW
GetFileAttributesExW
GetFileInformationByHandle
GetLongPathNameW
GetTempFileNameW
SetFilePointer
GetTempPathW
IsWow64Process
CopyFileW
MoveFileExW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
OpenEventW
OpenProcess
LocalAlloc
QueryFullProcessImageNameW
GetVolumeInformationW
GetSystemDirectoryW
GetComputerNameW
GetUserGeoID
GetVersionExW
GetModuleFileNameW
GetCurrentPackageFamilyName
LoadLibraryExW
EnumResourceNamesW
OutputDebugStringW
GetCurrentThread
GetThreadLocale
SetThreadLocale
GetExitCodeProcess
GetFileAttributesW
GetFileSizeEx
FreeResource
LoadResource
LockResource
SizeofResource
FindResourceW
CreateThread
SetThreadPriority
GetThreadPriority
GetExitCodeThread
InitializeCriticalSection
TryEnterCriticalSection
ReleaseMutex
CreateMutexA
FindResourceExW
GetFileSize
DosDateTimeToFileTime
CompareStringW
GlobalFree
FreeConsole
AttachConsole
GetConsoleDisplayMode
CreateDirectoryA
IsDebuggerPresent
InitializeSRWLock
TryAcquireSRWLockExclusive
GetStringTypeW
EncodePointer
LCMapStringEx
CompareStringEx
GetCPInfo
SetFileInformationByHandle
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
InitOnceExecuteOnce
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
CreateEventExW
CreateSemaphoreExW
FlushProcessWriteBuffers
GetCurrentProcessorNumber
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolWait
SetThreadpoolWait
CloseThreadpoolWait
GetFileInformationByHandleEx
CreateSymbolicLinkW
ReleaseSemaphore
WaitForMultipleObjectsEx
OpenEventA
ResumeThread
GetLogicalProcessorInformation
CreateWaitableTimerA
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
IsProcessorFeaturePresent
GetStartupInfoW
InitializeSListHead
RtlPcToFileHeader
RtlUnwindEx
InterlockedPushEntrySList
InterlockedFlushSList
RtlUnwind
ExitProcess
GetModuleHandleExW
GetDriveTypeW
ExitThread
FreeLibraryAndExitThread
SetFilePointerEx
SetConsoleCtrlHandler
GetModuleFileNameA
GetACP
GetConsoleCP
GetDateFormatW
GetTimeFormatW
IsValidLocale
EnumSystemLocalesW
FlushFileBuffers
SetStdHandle
SetEndOfFile
SetCurrentDirectoryW
GetCurrentDirectoryW
GetFullPathNameW
GetFullPathNameA
GetTimeZoneInformation
SetEnvironmentVariableA
IsValidCodePage
GetOEMCP
FindFirstFileExA
FindNextFileA
GetCommandLineA
GetCommandLineW
OutputDebugStringA
CloseHandle

gdiplus

GdipFlush
GdipSetImageAttributesColorMatrix
GdipAlloc
GdiplusShutdown
GdipMeasureString
GdipCreateFromHWND
GdipCreateStringFormat
GdipDeletePen
GdipDeleteStringFormat
GdipDrawString
GdipDeleteFont
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdipAddPathLine
GdipClosePathFigures
GdipDeletePath
GdipCreatePath
GdipSetStringFormatFlags
GdipSetStringFormatTrimming
GdipSetCompositingQuality
GdipCreateFromHDC
GdipCreateFromHWNDICM
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipSetPixelOffsetMode
GdipBitmapSetPixel
GdipBitmapGetPixel
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromHICON
GdipCreateBitmapFromHBITMAP
GdiplusStartup
GdipSaveImageToFile
GdipDrawImageRectRectI
GdipSetInterpolationMode
GdipSetSmoothingMode
GdipSetCompositingMode
GdipDeleteGraphics
GdipSetImageAttributesWrapMode
GdipCreateFont
GdipGetGenericFontFamilySansSerif
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipSetClipRectI
GdipDrawImageRectRect
GdipDrawImage
GdipFillPath
GdipFillEllipse
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipCreateBitmapFromScan0
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdipFree
GdipFillRectangle
GdipGraphicsClear
GdipDrawRectangle
GdipDrawLines
GdipDrawLine
GdipCreatePen1
GdipSetTextRenderingHint

wldap32

ord211
ord46
ord200
ord60
ord301
ord45
ord50
ord30
ord79
ord33
ord41
ord22
ord26
ord27
ord32
ord143
ord35
ord217

normaliz

IdnToAscii

dbghelp

MiniDumpWriteDump

wtsapi32

WTSQueryUserToken
WTSFreeMemory
WTSEnumerateSessionsW
WTSRegisterSessionNotification
WTSUnRegisterSessionNotification

secur32

GetUserNameExW

netapi32

NetApiBufferFree
NetGetJoinInformation

gdi32

SelectObject
CreateDIBSection
GetObjectW
DeleteObject
CreateCompatibleDC
GetDIBits
CreateBitmap
DeleteDC

advapi32

CryptHashData
OpenProcessToken
RegQueryValueExW
RegCreateKeyExW
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegFlushKey
RegQueryInfoKeyW
RegSetValueExW
RegDeleteTreeW
RegCopyTreeW
AddAccessAllowedAceEx
AddAce
DuplicateTokenEx
GetAce
GetAclInformation
GetLengthSid
GetSecurityDescriptorSacl
GetTokenInformation
InitializeAcl
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
RegOpenKeyExW
RegCloseKey
GetUserNameW
ConvertSidToStringSidW
ConvertStringSidToSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityInfo
SetSecurityInfo
LookupAccountNameW
CryptGetHashParam
GetSidSubAuthority
OpenThreadToken
RegOpenKeyW
SetEntriesInAclW
GetNamedSecurityInfoW
SetNamedSecurityInfoW

shell32

SHEvaluateSystemCommandTemplate
SHQueryUserNotificationState
ShellExecuteExW
SHGetSettings
SHGetDesktopFolder
SHGetKnownFolderPath
SHGetFolderPathW
SHCreateDirectoryExW
SHGetMalloc
SHGetFileInfoW
SHFileOperationW
ShellExecuteW
SHAppBarMessage
CommandLineToArgvW
SHBindToParent

ole32

PropVariantClear
StringFromGUID2
CoUninitialize
CoInitializeEx
CoTaskMemAlloc
CoTaskMemFree
CoCreateGuid
CoSetProxyBlanket
CoCreateInstance
CoInitializeSecurity

oleaut32

SysFreeString
SysAllocString
VariantClear
VariantInit
CreateErrorInfo
SetErrorInfo
VariantChangeType
GetErrorInfo
SysStringLen
VariantCopy
SysAllocStringLen

bcrypt

BCryptGenRandom

msi

ord173
ord217

rpcrt4

UuidCreateSequential
UuidToStringW
RpcStringFreeW

wininet

InternetQueryOptionW
DeleteUrlCacheEntryW

winhttp

WinHttpCloseHandle
WinHttpOpen
WinHttpGetProxyForUrl

wintrust

WinVerifyTrust
WTHelperGetProvSignerFromChain
WTHelperGetProvCertFromChain
WTHelperProvDataFromStateData

crypt32

CryptQueryObject
CryptVerifyMessageSignature
CertGetNameStringW
CryptMsgGetParam
CryptMsgClose
CertGetCertificateContextProperty
CertDuplicateCertificateContext
CertFindCertificateInStore
CertOpenStore
CertCloseStore
CertGetIntendedKeyUsage
CertGetEnhancedKeyUsage
CertFreeCertificateContext
CertEnumCertificatesInStore
CertOpenSystemStoreA

userenv

ExpandEnvironmentStringsForUserW
GetUserProfileDirectoryW

shlwapi

StrChrIW
AssocQueryStringW
PathGetArgsW
ord487
SHRegDuplicateHKey
ord176
PathFileExistsW
StrRetToBufW

ws2_32

ntohs
WSASetLastError
WSAStartup
WSACleanup
setsockopt
WSAIoctl
htons
socket
__WSAFDIsSet
select
accept
bind
connect
getsockname
htonl
listen
recv
getaddrinfo
freeaddrinfo
recvfrom
sendto
WSAGetLastError
ioctlsocket
gethostname
gethostbyname
getnameinfo
getpeername
getsockopt
send
WSACloseEvent
closesocket
WSAWaitForMultipleEvents
WSACreateEvent
WSAEnumNetworkEvents
WSASetEvent
WSAResetEvent
WSAEventSelect

version

VerQueryValueW

comdlg32

GetSaveFileNameW

Sections

.text
Size: 5.3MB - Virtual size: 5.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 49KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 289KB - Virtual size: 288KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 188KB - Virtual size: 187KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

af3cdd4ad79816fecc874a8ced71ead2

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0a:a2:05:d1:ff:66:99:e6:76:8d:ea:4d:de:28:2c:e6Certificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

58:97:e2:1b:b1:03:f9:be:68:4b:a5:4a:e6:26:71:3a:f4:99:df:21:6e:fe:0d:51:8b:ef:5d:fe:dc:cd:03:f2Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

gdiplus

wldap32

normaliz

dbghelp

wtsapi32

secur32

netapi32

gdi32

advapi32

shell32

ole32

oleaut32

bcrypt

msi

rpcrt4

wininet

winhttp

wintrust

crypt32

userenv

shlwapi

ws2_32

version

comdlg32

Sections

.text Size: 5.3MB - Virtual size: 5.3MB

.rdata Size: 1.4MB - Virtual size: 1.4MB

.data Size: 49KB - Virtual size: 84KB

.pdata Size: 289KB - Virtual size: 288KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 188KB - Virtual size: 187KB

.reloc Size: 34KB - Virtual size: 34KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0a:a2:05:d1:ff:66:99:e6:76:8d:ea:4d:de:28:2c:e6
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

58:97:e2:1b:b1:03:f9:be:68:4b:a5:4a:e6:26:71:3a:f4:99:df:21:6e:fe:0d:51:8b:ef:5d:fe:dc:cd:03:f2
Signer

.text
Size: 5.3MB - Virtual size: 5.3MB

.rdata
Size: 1.4MB - Virtual size: 1.4MB

.data
Size: 49KB - Virtual size: 84KB

.pdata
Size: 289KB - Virtual size: 288KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 188KB - Virtual size: 187KB

.reloc
Size: 34KB - Virtual size: 34KB