GearUP-2[.]3[.]0-win[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

GearUP-2.3.0-win.exe
Size

58.1MB
MD5

6087e8a5f12e1a6ab612a9f07565ffaf
SHA1

e8cea6b3efa2713d0b3c04d1b9c00d5e43b6db89
SHA256

5ec01eb4511185582f3d34af1edd093a86d3f920602df198127dc826745bb4ec
SHA512

8624d17a90d9e0a0ec29e54a8cd9bcc3f874704b888a55bf25b7167a9b30d6dfe2ebbabcd4551eb0b9ae78de78358082e79bb39a4c2a49d2dc76df3f59585b45
SSDEEP

1572864:eEKNLIzoQe7J5zmeCungo+kfhURMcklGtSoC:SK0QgGTF9SF

Score

1^/10

Malware Config

Signatures

Files

GearUP-2.3.0-win.exe
.exe windows:5 windows x86 arch:x86

0d96bccf9a8346b90c3639fb88143deb

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:7f:76:dd:c2:e3:c5:f6:77:6f:1f:7c:b3:64:d8:ec
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

27-11-2023 00:00

Not After

25-11-2025 23:59

Subject

SERIALNUMBER=202237112N,CN=GearUP Portal Pte. Ltd.,O=GearUP Portal Pte. Ltd.,L=Singapore,C=SG,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13025347

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:7f:76:dd:c2:e3:c5:f6:77:6f:1f:7c:b3:64:d8:ec
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

27-11-2023 00:00

Not After

25-11-2025 23:59

Subject

SERIALNUMBER=202237112N,CN=GearUP Portal Pte. Ltd.,O=GearUP Portal Pte. Ltd.,L=Singapore,C=SG,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13025347

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1c:10:b9:b8:b7:70:89:ae:af:da:f1:32:67:4a:5a:25:1b:0d:d2:88:ab:6c:37:3e:d5:b7:ac:78:81:e4:64:48
Signer

Actual PE Digest

1c:10:b9:b8:b7:70:89:ae:af:da:f1:32:67:4a:5a:25:1b:0d:d2:88:ab:6c:37:3e:d5:b7:ac:78:81:e4:64:48

Digest Algorithm

sha256

PE Digest Matches

true

c2:17:e0:4c:60:12:3e:8f:ab:48:c7:37:ec:97:16:e3:55:75:aa:28
Signer

Actual PE Digest

c2:17:e0:4c:60:12:3e:8f:ab:48:c7:37:ec:97:16:e3:55:75:aa:28

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\jenkins\jobs\CHANNEL_GEARUP\workspace\gearup-booster\install\install.pdb

Imports

iphlpapi

GetAdaptersInfo

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

kernel32

InterlockedExchangeAdd
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
FlushFileBuffers
GetTimeZoneInformation
GetFullPathNameA
SetStdHandle
WriteConsoleW
GetStringTypeW
SetHandleCount
CreateThread
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetCurrentThreadId
GetModuleHandleA
GetVersion
GetFileAttributesA
TlsGetValue
TlsSetValue
TlsAlloc
TlsFree
TerminateThread
SetThreadPriority
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
QueryPerformanceCounter
GetSystemTimeAsFileTime
FileTimeToSystemTime
QueryPerformanceFrequency
FileTimeToLocalFileTime
HeapCreate
InterlockedExchange
IsValidCodePage
GetOEMCP
GetLocaleInfoW
GetSystemDirectoryW
IsProcessorFeaturePresent
HeapSize
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LCMapStringW
SleepEx
GetCPInfo
SetConsoleMode
ReadConsoleInputA
GetFileInformationByHandle
FindFirstFileExA
GetDriveTypeA
SetConsoleCtrlHandler
GetConsoleMode
GetConsoleCP
HeapReAlloc
HeapAlloc
RtlUnwind
GetStartupInfoW
HeapSetInformation
GetCommandLineW
HeapFree
ExitThread
DecodePointer
EncodePointer
InterlockedDecrement
PeekNamedPipe
InterlockedIncrement
RaiseException
ExpandEnvironmentStringsA
InterlockedCompareExchange
InitializeCriticalSectionAndSpinCount
GetLocalTime
GlobalAlloc
SetLastError
FormatMessageA
GlobalLock
GlobalUnlock
GetFileSize
SetFileTime
DosDateTimeToFileTime
SystemTimeToFileTime
ReadFile
GetFileSizeEx
DuplicateHandle
GetFileType
SetFilePointer
FormatMessageW
LocalFree
GlobalMemoryStatus
LoadLibraryA
ExitProcess
GetACP
GetCurrentDirectoryW
FlushConsoleInputBuffer
GetCurrentProcessId
LoadLibraryW
FreeLibrary
MulDiv
GetDiskFreeSpaceExW
GetUserDefaultUILanguage
OpenMutexW
CreateMutexW
CreateFileW
WriteFile
CreateFileA
GetFileAttributesW
CreateProcessW
GetStdHandle
GetModuleFileNameA
GetVersionExW
GetModuleFileNameW
GetCurrentProcess
WideCharToMultiByte
MultiByteToWideChar
VerifyVersionInfoW
VerSetConditionMask
OutputDebugStringW
TerminateProcess
Sleep
Process32NextW
OpenProcess
lstrcmpiW
Process32FirstW
CreateToolhelp32Snapshot
WaitForMultipleObjects
FindClose
FindNextFileW
FindFirstFileW
CreateDirectoryW
DeleteFileW
GetTempFileNameW
GetTempPathW
GetTickCount
MoveFileExW
CopyFileW
WinExec
SetEnvironmentVariableA
GetExitCodeProcess
ResetEvent
InitializeCriticalSection
FreeResource
LockResource
SizeofResource
CreateEventW
WaitForSingleObject
SetEvent
GetProcAddress
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
CloseHandle
GetLastError
LoadResource
FindResourceW
OutputDebugStringA
GetModuleHandleW
SetEndOfFile
GetProcessHeap
GetDriveTypeW
CompareStringW

ws2_32

socket
WSACleanup
WSAStartup
WSAIoctl
setsockopt
getsockname
select
getsockopt
getpeername
connect
sendto
recvfrom
__WSAFDIsSet
WSASetLastError
send
recv
WSASetEvent
WSAGetLastError
ioctlsocket
getaddrinfo
freeaddrinfo
ntohl
htons
bind
listen
htonl
gethostname
closesocket
ntohs
accept

wldap32

ord26
ord219
ord14
ord118
ord127
ord133
ord145
ord208
ord142
ord79
ord167
ord301
ord27
ord41
ord46
ord216
ord73
ord147

crypt32

CertFreeCertificateChain
CertGetCertificateChain
CryptQueryObject
CertAddCertificateContextToStore
CertCreateCertificateChainEngine
CertGetNameStringW
CertFreeCertificateChainEngine
CertEnumCertificatesInStore
CertOpenStore
CryptStringToBinaryW
CertCloseStore
CertFreeCertificateContext
CertFindCertificateInStore

user32

InvalidateRgn
CreateAcceleratorTableW
CloseWindow
GetUserObjectInformationW
GetProcessWindowStation
MessageBoxA
MsgWaitForMultipleObjectsEx
PeekMessageW
CallMsgFilterW
GetQueueStatus
WaitMessage
UnregisterClassW
MoveWindow
GetWindowRgn
CharNextW
MessageBoxW
SetWindowRgn
wvsprintfW
SetCursor
OffsetRect
GetClassInfoExW
RegisterClassExW
LoadCursorW
RegisterClassW
SetPropW
GetPropW
CallWindowProcW
MonitorFromWindow
EnableWindow
ShowWindow
DefWindowProcW
GetMessageW
TranslateMessage
GetWindowTextW
SetWindowTextW
GetWindow
BeginPaint
IsRectEmpty
UpdateLayeredWindow
EndPaint
GetUpdateRect
MapWindowPoints
CreateWindowExW
SetFocus
GetFocus
DestroyWindow
SetWindowPos
PostMessageW
ReleaseCapture
SetCapture
InvalidateRect
GetWindowLongW
SetWindowLongW
GetDC
IsWindow
PostQuitMessage
KillTimer
SetTimer
PtInRect
LoadImageW
SendMessageW
IsZoomed
GetClientRect
ScreenToClient
ReleaseDC
EnumDisplaySettingsW
GetMonitorInfoW
EnumDisplayMonitors
GetCursorPos
GetKeyState
GetWindowRect
IsIconic
GetSysColor
SetCaretPos
GetParent
GetWindowTextLengthW
ShowCaret
HideCaret
CreateCaret
ClientToScreen
SetRect
CharPrevW
DrawTextW
FillRect
DispatchMessageW
IntersectRect

gdi32

GetObjectA
GetCharABCWidthsW
GetTextExtentPoint32W
TextOutW
SetBkMode
SetTextColor
RoundRect
CreatePenIndirect
MoveToEx
LineTo
CreateSolidBrush
SetBkColor
ExtTextOutW
SetStretchBltMode
StretchBlt
CombineRgn
GetClipBox
CreateRectRgnIndirect
ExtSelectClipRgn
SelectClipRgn
CreateRectRgn
PtInRegion
CreateRoundRectRgn
CreateCompatibleDC
CreateDIBSection
SaveDC
BitBlt
RestoreDC
Rectangle
SetWindowOrgEx
DeleteDC
CreatePen
DeleteObject
GetStockObject
GetObjectW
CreateFontIndirectW
SelectObject
GetTextMetricsW
GetDeviceCaps
CreateDCW

advapi32

CryptHashData
RegCloseKey
RegQueryValueExW
OpenSCManagerW
CreateServiceW
CloseServiceHandle
OpenServiceW
ControlService
CryptImportKey
DeleteService
RegCreateKeyExW
RegSetValueExW
RegDeleteValueW
DeregisterEventSource
ReportEventA
CryptEncrypt
CryptDestroyKey
CryptCreateHash
RegisterEventSourceA
RegOpenKeyExW
CryptGetHashParam
CryptDestroyHash
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext

shell32

SHGetMalloc
SHBrowseForFolderW
SHGetFolderPathW
SHGetSpecialFolderLocation
ShellExecuteW
SHGetPathFromIDListW
SHFileOperationW

ole32

CLSIDFromString
CLSIDFromProgID
OleLockRunning
CreateStreamOnHGlobal
CoUninitialize
CoInitialize
CoCreateInstance

shlwapi

PathFileExistsW

gdiplus

GdipCloneImage
GdipDrawImageRectRectI
GdipDrawImageRectI
GdipSetImageAttributesColorMatrix
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipCloneBrush
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipDrawString
GdipSetTextRenderingHint
GdipCreateFromHDC
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipCreateLineBrushI
GdiplusStartup
GdipDeleteFont
GdipDeleteGraphics
GdipDeleteStringFormat
GdipCreateStringFormat
GdipAlloc
GdipFree
GdipDeleteBrush
GdiplusShutdown

comctl32

ord17
_TrackMouseEvent

msimg32

AlphaBlend

winmm

timeGetTime

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 328KB - Virtual size: 327KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56.3MB - Virtual size: 56.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 223KB - Virtual size: 222KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0d96bccf9a8346b90c3639fb88143deb

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0c:7f:76:dd:c2:e3:c5:f6:77:6f:1f:7c:b3:64:d8:ecCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0c:7f:76:dd:c2:e3:c5:f6:77:6f:1f:7c:b3:64:d8:ecCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

1c:10:b9:b8:b7:70:89:ae:af:da:f1:32:67:4a:5a:25:1b:0d:d2:88:ab:6c:37:3e:d5:b7:ac:78:81:e4:64:48Signer

c2:17:e0:4c:60:12:3e:8f:ab:48:c7:37:ec:97:16:e3:55:75:aa:28Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

iphlpapi

version

kernel32

ws2_32

wldap32

crypt32

user32

gdi32

advapi32

shell32

ole32

shlwapi

gdiplus

comctl32

msimg32

winmm

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 328KB - Virtual size: 327KB

.data Size: 21KB - Virtual size: 40KB

.rsrc Size: 56.3MB - Virtual size: 56.3MB

.reloc Size: 223KB - Virtual size: 222KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0c:7f:76:dd:c2:e3:c5:f6:77:6f:1f:7c:b3:64:d8:ec
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0c:7f:76:dd:c2:e3:c5:f6:77:6f:1f:7c:b3:64:d8:ec
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

1c:10:b9:b8:b7:70:89:ae:af:da:f1:32:67:4a:5a:25:1b:0d:d2:88:ab:6c:37:3e:d5:b7:ac:78:81:e4:64:48
Signer

c2:17:e0:4c:60:12:3e:8f:ab:48:c7:37:ec:97:16:e3:55:75:aa:28
Signer

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 328KB - Virtual size: 327KB

.data
Size: 21KB - Virtual size: 40KB

.rsrc
Size: 56.3MB - Virtual size: 56.3MB

.reloc
Size: 223KB - Virtual size: 222KB