Extended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
Behavioral task
behavioral1
Sample
c41745d8a3ead8489fba5d9ddbadbcc868194da360463eae2d63a0a09c07c19f.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
c41745d8a3ead8489fba5d9ddbadbcc868194da360463eae2d63a0a09c07c19f.exe
Resource
win10v2004-20240508-en
Target
c41745d8a3ead8489fba5d9ddbadbcc868194da360463eae2d63a0a09c07c19f
Size
6.3MB
MD5
6c7b1c7f2a466936f3c06f608358311a
SHA1
14723c060f07a69d9bb5a6d04debccd55b32781d
SHA256
c41745d8a3ead8489fba5d9ddbadbcc868194da360463eae2d63a0a09c07c19f
SHA512
6d31d272eed382edec75873f116d5e49ea02672affaa0bc7e8c8733e1244e245e66ee016eafb25d3c9322f153e02c3538c798c6e74d860464c68acab6d06937b
SSDEEP
98304:Wy2Ra3s45KZATR1DPBLPjmFk1wTdrobphQ7O9CKkq7xb4T0HmphWdo80jT:WM5igRjLik1OibpCyCZT0mpMeT
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
KeyUsageCertSign
KeyUsageCRLSign
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
C:\jenkins\iad0-cisystem\workspace\client-hotfix-pipeline\client\stAgent\out\bin\winnt-x86-Release\stAgentSvc.pdb
CertEnumCertificatesInStore
CertOpenStore
CertDuplicateCertificateContext
CertGetCertificateContextProperty
CryptAcquireCertificatePrivateKey
CertCreateCertificateContext
CryptStringToBinaryA
CertAddCertificateContextToStore
CryptUnprotectData
CryptProtectData
CertGetCertificateChain
CertFreeCertificateChain
CertNameToStrA
CryptFindOIDInfo
CertStrToNameA
CertFreeCertificateContext
CertGetEnhancedKeyUsage
CertGetNameStringA
CertFindCertificateInStore
CryptMsgGetParam
CryptQueryObject
CryptMsgClose
CertOpenSystemStoreA
CertGetIntendedKeyUsage
CertCloseStore
WSAGetLastError
inet_pton
WSACleanup
WSAStartup
ntohl
socket
shutdown
getaddrinfo
freeaddrinfo
htons
ntohs
getnameinfo
htonl
connect
closesocket
getsockopt
__WSAFDIsSet
ioctlsocket
select
inet_ntop
getsockname
bind
send
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAPoll
WSAResetEvent
WSAWaitForMultipleEvents
inet_ntoa
inet_addr
gethostname
getpeername
sendto
recvfrom
recv
listen
accept
WSAIoctl
setsockopt
WSASetLastError
MiniDumpWriteDump
DestroyEnvironmentBlock
LoadUserProfileW
UnloadUserProfile
CreateEnvironmentBlock
ExpandEnvironmentStringsForUserW
OpenServiceA
SetServiceObjectSecurity
QueryServiceStatusEx
QueryServiceObjectSecurity
StartServiceCtrlDispatcherA
SetServiceStatus
RegisterServiceCtrlHandlerExA
AllocateAndInitializeSid
FreeSid
CheckTokenMembership
GetUserNameW
CryptSignHashA
LsaFreeMemory
LsaQueryInformationPolicy
LsaOpenPolicy
LsaClose
SetFileSecurityW
CryptGetHashParam
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
ImpersonateLoggedOnUser
CryptSetHashParam
CryptDestroyKey
ReportEventW
RegisterEventSourceW
DeregisterEventSource
EnumServicesStatusExA
QueryServiceConfigA
RegCloseKey
RegOpenCurrentUser
RegGetValueA
RegQueryValueExA
RevertToSelf
GetTokenInformation
OpenThreadToken
DuplicateToken
OpenProcessToken
CreateWellKnownSid
CreateProcessAsUserA
LookupAccountSidW
EqualSid
ConvertStringSecurityDescriptorToSecurityDescriptorA
RegCreateKeyExA
RegFlushKey
CryptHashData
GetSecurityDescriptorDacl
BuildExplicitAccessWithNameW
OpenSCManagerA
CloseServiceHandle
SetEntriesInAclW
ChangeServiceConfig2A
CreateServiceA
ChangeServiceConfigA
StartServiceA
QueryServiceStatus
ControlService
DeleteService
CryptReleaseContext
CryptGenRandom
CryptAcquireContextW
DeleteAce
GetNamedSecurityInfoW
SetNamedSecurityInfoW
GetAce
ConvertSidToStringSidA
GetAclInformation
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegEnumKeyExA
RegDeleteValueA
RegEnumValueA
RegOpenKeyExA
RegQueryInfoKeyA
RegSetValueExA
RegDeleteKeyExA
DuplicateHandle
GetCurrentProcess
CreateSemaphoreA
HeapAlloc
WaitForMultipleObjectsEx
GetEnvironmentVariableA
GetTickCount
GetModuleHandleA
GetProcAddress
GetSystemDirectoryA
GetSystemWow64DirectoryA
GetShortPathNameA
GetCurrentDirectoryA
GetModuleFileNameA
SetCurrentDirectoryA
WaitForMultipleObjects
WaitForSingleObject
OpenProcess
TerminateProcess
GetExitCodeProcess
ResetEvent
QueryPerformanceCounter
Thread32Next
GetSystemPowerStatus
Thread32First
CreateToolhelp32Snapshot
ProcessIdToSessionId
K32GetModuleFileNameExA
K32GetProcessMemoryInfo
LoadLibraryA
GetProcessIoCounters
K32EnumProcesses
GlobalMemoryStatusEx
FreeLibrary
GetProcessTimes
GetSystemTimes
GetVolumeInformationA
GetLogicalDriveStringsA
GetDiskFreeSpaceExA
FormatMessageA
VerifyVersionInfoA
VerSetConditionMask
GetTickCount64
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
SetLastError
FormatMessageW
EnterCriticalSection
LeaveCriticalSection
QueryPerformanceFrequency
MultiByteToWideChar
WideCharToMultiByte
MoveFileExA
CompareFileTime
GetStdHandle
GetFileType
ReadFile
PeekNamedPipe
SleepEx
VerifyVersionInfoW
RtlUnwind
ExpandEnvironmentStringsA
GetEnvironmentVariableW
CreateFileW
Wow64RevertWow64FsRedirection
DeleteFileA
DeleteFileW
LocalFree
CopyFileW
FlushFileBuffers
GetNativeSystemInfo
Process32First
WriteFile
QueryFullProcessImageNameA
CreateFileA
Process32Next
GetOverlappedResult
CreateProcessW
CreateProcessA
HeapFree
LocalAlloc
GetComputerNameExA
LoadLibraryExW
GetComputerNameExW
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
GetModuleHandleExW
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
SwitchToFiber
DeleteFiber
CreateFiber
ConvertFiberToThread
ConvertThreadToFiber
LoadLibraryW
FindClose
FindFirstFileW
FindNextFileW
GetSystemTime
SystemTimeToFileTime
InitializeCriticalSection
OutputDebugStringA
GetModuleFileNameW
SetErrorMode
CreateMutexA
ReleaseMutex
GetLocalTime
AddVectoredExceptionHandler
GetErrorMode
SetUnhandledExceptionFilter
GetWindowsDirectoryW
GetFileAttributesW
OutputDebugStringW
DeviceIoControl
GetCurrentThread
WTSGetActiveConsoleSessionId
GlobalAlloc
GlobalFree
InterlockedPushEntrySList
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
IsProcessorFeaturePresent
UnhandledExceptionFilter
AreFileApisANSI
GetProcessHeap
OpenEventW
GetConsoleCP
ExitThread
FreeLibraryAndExitThread
WriteConsoleW
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
LCMapStringW
MoveFileExW
SetFilePointerEx
SetEndOfFile
RemoveDirectoryW
FileTimeToSystemTime
SetConsoleCtrlHandler
ExitProcess
GetTimeZoneInformation
GetCommandLineA
GetCommandLineW
GetDateFormatW
Sleep
DecodePointer
DeleteCriticalSection
InitializeCriticalSectionEx
GetLastError
RaiseException
GetSystemTimeAsFileTime
ReleaseSemaphore
GetCurrentProcessId
GetCurrentThreadId
WaitForSingleObjectEx
SetEvent
CreateEventA
CloseHandle
GetStringTypeExA
GetUserDefaultLCID
LCMapStringA
GetFullPathNameW
GetFileInformationByHandle
GetFileAttributesExW
CreateDirectoryW
GetCurrentDirectoryW
CreateWaitableTimerA
ResumeThread
SetWaitableTimer
OpenEventA
GetLocaleInfoEx
GetCPInfo
CompareStringEx
GetTimeFormatW
CompareStringW
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesW
GetFileSizeEx
ReadConsoleInputW
SetStdHandle
HeapReAlloc
HeapSize
FindFirstFileExW
CreateThread
LocalSize
LCMapStringEx
EncodePointer
GetStringTypeW
GetExitCodeThread
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
SleepConditionVariableSRW
SleepConditionVariableCS
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
TryEnterCriticalSection
InitializeSRWLock
CreateEventW
GetFileAttributesA
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
lstrcmpW
lstrlenW
Wow64DisableWow64FsRedirection
GetDynamicTimeZoneInformation
WriteConsoleA
Wow64EnableWow64FsRedirection
RegisterPowerSettingNotification
LoadStringA
MessageBoxW
GetUserObjectInformationW
GetProcessWindowStation
SHCreateDirectoryExW
SHGetFolderPathW
SHGetKnownFolderPath
ord680
SHGetFolderPathA
CoCreateInstance
CoUninitialize
CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
CoInitialize
CoTaskMemFree
SysStringLen
SysFreeString
VariantInit
SysAllocStringByteLen
SysAllocString
VariantClear
SysStringByteLen
GetAdaptersAddresses
GetExtendedTcpTable
GetBestRoute2
SetPerTcpConnectionEStats
GetExtendedUdpTable
GetPerTcpConnectionEStats
Icmp6ParseReplies
NotifyRouteChange2
Icmp6SendEcho2
IcmpSendEcho2Ex
IcmpCloseHandle
Icmp6CreateFile
IcmpCreateFile
CancelMibChangeNotify2
NotifyIpInterfaceChange
GetIfEntry2
IcmpParseReplies
NotifyUnicastIpAddressChange
ord211
ord60
ord46
ord217
ord45
ord50
ord41
ord22
ord26
ord27
ord32
ord33
ord35
ord301
ord200
ord30
ord79
ord143
WTSFreeMemory
WTSEnumerateSessionsA
WTSCloseServer
WTSQuerySessionInformationA
WTSQuerySessionInformationW
WTSQueryUserToken
WTSOpenServerA
EnumProcesses
PathAppendA
PathFileExistsA
PdhAddCounterA
PdhGetFormattedCounterValue
PdhCollectQueryData
PdhOpenQueryA
PdhCloseQuery
PdhAddEnglishCounterA
BCryptFinishHash
BCryptCloseAlgorithmProvider
BCryptDestroyHash
BCryptOpenAlgorithmProvider
BCryptGetProperty
BCryptCreateHash
BCryptHashData
BCryptGenRandom
VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA
WinVerifyTrust
CallNtPowerInformation
ord93
ord71
ord267
ord8
EvtRender
EvtNext
EvtQuery
EvtClose
WinHttpOpen
WinHttpCloseHandle
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpSetTimeouts
CompleteAuthToken
FreeCredentialsHandle
GetUserNameExA
AcquireCredentialsHandleA
InitializeSecurityContextA
DeleteSecurityContext
NCryptSignHash
NCryptFreeObject
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ