General

Malware Config

Signatures

Files

• GearUP-2.3.0-win.exe

  .exe windows:5 windows x86 arch:x86

  0d96bccf9a8346b90c3639fb88143deb

  
  

  Code Sign

  08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9

  Certificate

  Issuer

  CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  29-04-2021 00:00

  Not After

  28-04-2036 23:59

  Subject

  CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  0c:7f:76:dd:c2:e3:c5:f6:77:6f:1f:7c:b3:64:d8:ec

  Certificate

  Issuer

  CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

  Not Before

  27-11-2023 00:00

  Not After

  25-11-2025 23:59

  Subject

  SERIALNUMBER=202237112N,CN=GearUP Portal Pte. Ltd.,O=GearUP Portal Pte. Ltd.,L=Singapore,C=SG,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13025347

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16

  Certificate

  Issuer

  CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

  Not Before

  14-07-2023 00:00

  Not After

  13-10-2034 23:59

  Subject

  CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b

  Certificate

  Issuer

  CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  23-03-2022 00:00

  Not After

  22-03-2037 23:59

  Subject

  CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a

  Certificate

  Issuer

  CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  01-08-2022 00:00

  Not After

  09-11-2031 23:59

  Subject

  CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9

  Certificate

  Issuer

  CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  29-04-2021 00:00

  Not After

  28-04-2036 23:59

  Subject

  CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  0c:7f:76:dd:c2:e3:c5:f6:77:6f:1f:7c:b3:64:d8:ec

  Certificate

  Issuer

  CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

  Not Before

  27-11-2023 00:00

  Not After

  25-11-2025 23:59

  Subject

  SERIALNUMBER=202237112N,CN=GearUP Portal Pte. Ltd.,O=GearUP Portal Pte. Ltd.,L=Singapore,C=SG,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13025347

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16

  Certificate

  Issuer

  CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

  Not Before

  14-07-2023 00:00

  Not After

  13-10-2034 23:59

  Subject

  CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b

  Certificate

  Issuer

  CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  23-03-2022 00:00

  Not After

  22-03-2037 23:59

  Subject

  CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a

  Certificate

  Issuer

  CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  01-08-2022 00:00

  Not After

  09-11-2031 23:59

  Subject

  CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  1c:10:b9:b8:b7:70:89:ae:af:da:f1:32:67:4a:5a:25:1b:0d:d2:88:ab:6c:37:3e:d5:b7:ac:78:81:e4:64:48

  Signer

  Actual PE Digest

  1c:10:b9:b8:b7:70:89:ae:af:da:f1:32:67:4a:5a:25:1b:0d:d2:88:ab:6c:37:3e:d5:b7:ac:78:81:e4:64:48

  Digest Algorithm

  sha256

  PE Digest Matches

  true

  c2:17:e0:4c:60:12:3e:8f:ab:48:c7:37:ec:97:16:e3:55:75:aa:28

  Signer

  Actual PE Digest

  c2:17:e0:4c:60:12:3e:8f:ab:48:c7:37:ec:97:16:e3:55:75:aa:28

  Digest Algorithm

  sha1

  PE Digest Matches

  true

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  PDB Paths

  D:\jenkins\jobs\CHANNEL_GEARUP\workspace\gearup-booster\install\install.pdb

  Imports

  iphlpapi

  GetAdaptersInfo

  version

  GetFileVersionInfoA

  VerQueryValueA

  GetFileVersionInfoSizeA

  kernel32

  InterlockedExchangeAdd

  IsValidLocale

  EnumSystemLocalesA

  GetLocaleInfoA

  GetUserDefaultLCID

  FlushFileBuffers

  GetTimeZoneInformation

  GetFullPathNameA

  SetStdHandle

  WriteConsoleW

  GetStringTypeW

  SetHandleCount

  CreateThread

  GetEnvironmentStringsW

  FreeEnvironmentStringsW

  GetCurrentThreadId

  GetModuleHandleA

  GetVersion

  GetFileAttributesA

  TlsGetValue

  TlsSetValue

  TlsAlloc

  TlsFree

  TerminateThread

  SetThreadPriority

  GetQueuedCompletionStatus

  PostQueuedCompletionStatus

  CreateIoCompletionPort

  QueryPerformanceCounter

  GetSystemTimeAsFileTime

  FileTimeToSystemTime

  QueryPerformanceFrequency

  FileTimeToLocalFileTime

  HeapCreate

  InterlockedExchange

  IsValidCodePage

  GetOEMCP

  GetLocaleInfoW

  GetSystemDirectoryW

  IsProcessorFeaturePresent

  HeapSize

  IsDebuggerPresent

  SetUnhandledExceptionFilter

  UnhandledExceptionFilter

  LCMapStringW

  SleepEx

  GetCPInfo

  SetConsoleMode

  ReadConsoleInputA

  GetFileInformationByHandle

  FindFirstFileExA

  GetDriveTypeA

  SetConsoleCtrlHandler

  GetConsoleMode

  GetConsoleCP

  HeapReAlloc

  HeapAlloc

  RtlUnwind

  GetStartupInfoW

  HeapSetInformation

  GetCommandLineW

  HeapFree

  ExitThread

  DecodePointer

  EncodePointer

  InterlockedDecrement

  PeekNamedPipe

  InterlockedIncrement

  RaiseException

  ExpandEnvironmentStringsA

  InterlockedCompareExchange

  InitializeCriticalSectionAndSpinCount

  GetLocalTime

  GlobalAlloc

  SetLastError

  FormatMessageA

  GlobalLock

  GlobalUnlock

  GetFileSize

  SetFileTime

  DosDateTimeToFileTime

  SystemTimeToFileTime

  ReadFile

  GetFileSizeEx

  DuplicateHandle

  GetFileType

  SetFilePointer

  FormatMessageW

  LocalFree

  GlobalMemoryStatus

  LoadLibraryA

  ExitProcess

  GetACP

  GetCurrentDirectoryW

  FlushConsoleInputBuffer

  GetCurrentProcessId

  LoadLibraryW

  FreeLibrary

  MulDiv

  GetDiskFreeSpaceExW

  GetUserDefaultUILanguage

  OpenMutexW

  CreateMutexW

  CreateFileW

  WriteFile

  CreateFileA

  GetFileAttributesW

  CreateProcessW

  GetStdHandle

  GetModuleFileNameA

  GetVersionExW

  GetModuleFileNameW

  GetCurrentProcess

  WideCharToMultiByte

  MultiByteToWideChar

  VerifyVersionInfoW

  VerSetConditionMask

  OutputDebugStringW

  TerminateProcess

  Sleep

  Process32NextW

  OpenProcess

  lstrcmpiW

  Process32FirstW

  CreateToolhelp32Snapshot

  WaitForMultipleObjects

  FindClose

  FindNextFileW

  FindFirstFileW

  CreateDirectoryW

  DeleteFileW

  GetTempFileNameW

  GetTempPathW

  GetTickCount

  MoveFileExW

  CopyFileW

  WinExec

  SetEnvironmentVariableA

  GetExitCodeProcess

  ResetEvent

  InitializeCriticalSection

  FreeResource

  LockResource

  SizeofResource

  CreateEventW

  WaitForSingleObject

  SetEvent

  GetProcAddress

  DeleteCriticalSection

  LeaveCriticalSection

  EnterCriticalSection

  CloseHandle

  GetLastError

  LoadResource

  FindResourceW

  OutputDebugStringA

  GetModuleHandleW

  SetEndOfFile

  GetProcessHeap

  GetDriveTypeW

  CompareStringW

  ws2_32

  socket

  WSACleanup

  WSAStartup

  WSAIoctl

  setsockopt

  getsockname

  select

  getsockopt

  getpeername

  connect

  sendto

  recvfrom

  __WSAFDIsSet

  WSASetLastError

  send

  recv

  WSASetEvent

  WSAGetLastError

  ioctlsocket

  getaddrinfo

  freeaddrinfo

  ntohl

  htons

  bind

  listen

  htonl

  gethostname

  closesocket

  ntohs

  accept

  wldap32

  ord26

  ord219

  ord14

  ord118

  ord127

  ord133

  ord145

  ord208

  ord142

  ord79

  ord167

  ord301

  ord27

  ord41

  ord46

  ord216

  ord73

  ord147

  crypt32

  CertFreeCertificateChain

  CertGetCertificateChain

  CryptQueryObject

  CertAddCertificateContextToStore

  CertCreateCertificateChainEngine

  CertGetNameStringW

  CertFreeCertificateChainEngine

  CertEnumCertificatesInStore

  CertOpenStore

  CryptStringToBinaryW

  CertCloseStore

  CertFreeCertificateContext

  CertFindCertificateInStore

  user32

  InvalidateRgn

  CreateAcceleratorTableW

  CloseWindow

  GetUserObjectInformationW

  GetProcessWindowStation

  MessageBoxA

  MsgWaitForMultipleObjectsEx

  PeekMessageW

  CallMsgFilterW

  GetQueueStatus

  WaitMessage

  UnregisterClassW

  MoveWindow

  GetWindowRgn

  CharNextW

  MessageBoxW

  SetWindowRgn

  wvsprintfW

  SetCursor

  OffsetRect

  GetClassInfoExW

  RegisterClassExW

  LoadCursorW

  RegisterClassW

  SetPropW

  GetPropW

  CallWindowProcW

  MonitorFromWindow

  EnableWindow

  ShowWindow

  DefWindowProcW

  GetMessageW

  TranslateMessage

  GetWindowTextW

  SetWindowTextW

  GetWindow

  BeginPaint

  IsRectEmpty

  UpdateLayeredWindow

  EndPaint

  GetUpdateRect

  MapWindowPoints

  CreateWindowExW

  SetFocus

  GetFocus

  DestroyWindow

  SetWindowPos

  PostMessageW

  ReleaseCapture

  SetCapture

  InvalidateRect

  GetWindowLongW

  SetWindowLongW

  GetDC

  IsWindow

  PostQuitMessage

  KillTimer

  SetTimer

  PtInRect

  LoadImageW

  SendMessageW

  IsZoomed

  GetClientRect

  ScreenToClient

  ReleaseDC

  EnumDisplaySettingsW

  GetMonitorInfoW

  EnumDisplayMonitors

  GetCursorPos

  GetKeyState

  GetWindowRect

  IsIconic

  GetSysColor

  SetCaretPos

  GetParent

  GetWindowTextLengthW

  ShowCaret

  HideCaret

  CreateCaret

  ClientToScreen

  SetRect

  CharPrevW

  DrawTextW

  FillRect

  DispatchMessageW

  IntersectRect

  gdi32

  GetObjectA

  GetCharABCWidthsW

  GetTextExtentPoint32W

  TextOutW

  SetBkMode

  SetTextColor

  RoundRect

  CreatePenIndirect

  MoveToEx

  LineTo

  CreateSolidBrush

  SetBkColor

  ExtTextOutW

  SetStretchBltMode

  StretchBlt

  CombineRgn

  GetClipBox

  CreateRectRgnIndirect

  ExtSelectClipRgn

  SelectClipRgn

  CreateRectRgn

  PtInRegion

  CreateRoundRectRgn

  CreateCompatibleDC

  CreateDIBSection

  SaveDC

  BitBlt

  RestoreDC

  Rectangle

  SetWindowOrgEx

  DeleteDC

  CreatePen

  DeleteObject

  GetStockObject

  GetObjectW

  CreateFontIndirectW

  SelectObject

  GetTextMetricsW

  GetDeviceCaps

  CreateDCW

  advapi32

  CryptHashData

  RegCloseKey

  RegQueryValueExW

  OpenSCManagerW

  CreateServiceW

  CloseServiceHandle

  OpenServiceW

  ControlService

  CryptImportKey

  DeleteService

  RegCreateKeyExW

  RegSetValueExW

  RegDeleteValueW

  DeregisterEventSource

  ReportEventA

  CryptEncrypt

  CryptDestroyKey

  CryptCreateHash

  RegisterEventSourceA

  RegOpenKeyExW

  CryptGetHashParam

  CryptDestroyHash

  CryptAcquireContextW

  CryptGenRandom

  CryptReleaseContext

  shell32

  SHGetMalloc

  SHBrowseForFolderW

  SHGetFolderPathW

  SHGetSpecialFolderLocation

  ShellExecuteW

  SHGetPathFromIDListW

  SHFileOperationW

  ole32

  CLSIDFromString

  CLSIDFromProgID

  OleLockRunning

  CreateStreamOnHGlobal

  CoUninitialize

  CoInitialize

  CoCreateInstance

  shlwapi

  PathFileExistsW

  gdiplus

  GdipCloneImage

  GdipDrawImageRectRectI

  GdipDrawImageRectI

  GdipSetImageAttributesColorMatrix

  GdipGetPropertyItem

  GdipGetPropertyItemSize

  GdipImageSelectActiveFrame

  GdipImageGetFrameCount

  GdipImageGetFrameDimensionsList

  GdipImageGetFrameDimensionsCount

  GdipGetImageHeight

  GdipGetImageWidth

  GdipDisposeImage

  GdipLoadImageFromStreamICM

  GdipLoadImageFromStream

  GdipDisposeImageAttributes

  GdipCreateImageAttributes

  GdipCloneBrush

  GdipCreateFontFromLogfontA

  GdipCreateFontFromDC

  GdipDrawString

  GdipSetTextRenderingHint

  GdipCreateFromHDC

  GdipSetStringFormatLineAlign

  GdipSetStringFormatAlign

  GdipCreateLineBrushI

  GdiplusStartup

  GdipDeleteFont

  GdipDeleteGraphics

  GdipDeleteStringFormat

  GdipCreateStringFormat

  GdipAlloc

  GdipFree

  GdipDeleteBrush

  GdiplusShutdown

  comctl32

  ord17

  _TrackMouseEvent

  msimg32

  AlphaBlend

  winmm

  timeGetTime

  Sections

  .text

  Size: 1.2MB - Virtual size: 1.2MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 328KB - Virtual size: 327KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 21KB - Virtual size: 40KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 56.3MB - Virtual size: 56.3MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 223KB - Virtual size: 222KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ