MSBuild[.]exe | Triage

Resubmissions

29-05-2024 05:15

240529-fxjecscd94 7

29-05-2024 04:52

240529-fhnersbh95 7

Sharing

Copy URL

Twitter E-mail

General

Target

MSBuild.exe
Size

132KB
MD5

79ad2084b057847ce2ec2e48fda64073
SHA1

f5a1bf349e82f1b044cfa375d119380f973ad0e5
SHA256

290ac98de80154705794e96d0c6d657c948b7dff7abf25ea817585e4c923adb2
SHA512

260014567de5b08a73355069991428637e4c31122b669758cb2d3bbb3e3ab2dc643686f024aae5a7e186403905601c2cd41b074175adaa968debf526de85f334
SSDEEP

1536:iGFB+Zmn+sT1/9A1uWuFSMomPGW2xiISJFfDoUoA1Dju6Em2LfGwlMK2eojLaGBO:dJFvWzOunxiIS3ouh0L8qV3N

Score

1^/10

Malware Config

Signatures

Files

MSBuild.exe
.exe windows:5 windows x86 arch:x86

6bccb2092bd7aeb27dff9f411ff135d9

Code Sign

64:fe:29:dc:cf:38:e0:30:dc:ff:e3:4d:05:68:96:61
Certificate

Issuer

CN=Certum CA,O=Unizeto Sp. z o.o.,C=PL

Not Before

03-03-2009 12:53

Not After

03-03-2024 12:53

Subject

CN=Certum Level III CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

34:55:95:fc:ad:fe:2a:cb:42:7a:1e:d8:c1:3b:d4:07
Certificate

Issuer

CN=Certum Level III CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

14-07-2017 17:51

Not After

07-07-2018 19:04

Subject

CN=Open Source Developer\, Neal Watkins,O=Open Source Developer,C=CN,1.2.840.113549.1.9.1=#0c1b6e65616c6672616e636973774070726f746f6e6d61696c2e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

b9:ed:e7:80:6a:f1:a4:70:f5:f8:55:7b:a6:e9:06:88:76:3f:ac:3c
Signer

Actual PE Digest

b9:ed:e7:80:6a:f1:a4:70:f5:f8:55:7b:a6:e9:06:88:76:3f:ac:3c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
GetFileSize
GetTickCount
ReadFile
CreateFileW
LoadLibraryW
Sleep
lstrlenW
GetTempPathW
GetLocalTime
LocalAlloc
lstrcatW
LocalFree
CreateThread
OpenProcess
GetVersionExW
GetProcAddress
GetModuleHandleA
GetCurrentProcessId
ExitProcess
GetEnvironmentVariableW
lstrcmpA
lstrlenA
GetDriveTypeW
FindNextFileW
GetLogicalDriveStringsW
WaitForSingleObject
GetConsoleWindow
GetModuleFileNameW
lstrcatA
lstrcmpW
GetLastError
ReleaseMutex
GetTempPathA
DeleteFileA
lstrcpyA
CompareStringW
FlushFileBuffers
WriteConsoleW
SetStdHandle
RtlUnwind
HeapReAlloc
GetConsoleMode
GetConsoleCP
SetFilePointer
FindClose
MultiByteToWideChar
WideCharToMultiByte
WriteFile
FindFirstFileW
CreateFileA
GetModuleFileNameA
GetModuleHandleW
CreateProcessW
GetStringTypeW
LCMapStringW
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetExitCodeProcess
CreatePipe
GetStartupInfoW
SetEnvironmentVariableA
GetFileType
SetHandleCount
GetFileAttributesA
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
HeapCreate
GetStdHandle
LeaveCriticalSection
EnterCriticalSection
HeapSize
IsProcessorFeaturePresent
GetCurrentThreadId
SetLastError
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
EncodePointer
DecodePointer
HeapAlloc
GetSystemTimeAsFileTime
HeapFree
CreateProcessA
DuplicateHandle
GetCurrentProcess
GetCommandLineA
HeapSetInformation
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
GetCPInfo
InterlockedIncrement
InterlockedDecrement

user32

ToUnicodeEx
DefWindowProcW
UpdateWindow
CreateWindowExW
ShowWindow
GetDesktopWindow
MapVirtualKeyExW
LoadIconW
wsprintfW
LoadCursorW
GetWindowDC
GetWindowRect

gdi32

DeleteDC
CreateDIBSection
GetDeviceCaps
DeleteObject
SelectObject
CreateCompatibleDC
SaveDC
RestoreDC
BitBlt

wininet

InternetOpenW
InternetConnectA
InternetOpenUrlW
InternetReadFile
HttpOpenRequestA
InternetGetConnectedState
InternetCheckConnectionA
HttpSendRequestA
InternetOpenA
InternetCloseHandle

ws2_32

gethostbyname
gethostname
send
closesocket
socket
recv
setsockopt
htons
inet_addr
connect
inet_ntoa

gdiplus

GdipFree
GdipAlloc
GdipGetImageEncodersSize
GdipDisposeImage
GdipCreateBitmapFromHBITMAP
GdipGetImageEncoders
GdipSaveImageToFile
GdipCloneImage
GdiplusStartup
GdiplusShutdown

shlwapi

StrStrIA

Sections

.text
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

6bccb2092bd7aeb27dff9f411ff135d9

Code Sign

64:fe:29:dc:cf:38:e0:30:dc:ff:e3:4d:05:68:96:61Certificate

Key Usages

34:55:95:fc:ad:fe:2a:cb:42:7a:1e:d8:c1:3b:d4:07Certificate

Extended Key Usages

Key Usages

b9:ed:e7:80:6a:f1:a4:70:f5:f8:55:7b:a6:e9:06:88:76:3f:ac:3cSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

wininet

ws2_32

gdiplus

shlwapi

Sections

.text Size: 87KB - Virtual size: 87KB

.rdata Size: 27KB - Virtual size: 27KB

.data Size: 4KB - Virtual size: 23KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 8KB - Virtual size: 8KB

64:fe:29:dc:cf:38:e0:30:dc:ff:e3:4d:05:68:96:61
Certificate

34:55:95:fc:ad:fe:2a:cb:42:7a:1e:d8:c1:3b:d4:07
Certificate

b9:ed:e7:80:6a:f1:a4:70:f5:f8:55:7b:a6:e9:06:88:76:3f:ac:3c
Signer

.text
Size: 87KB - Virtual size: 87KB

.rdata
Size: 27KB - Virtual size: 27KB

.data
Size: 4KB - Virtual size: 23KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 8KB - Virtual size: 8KB