b8f4e87a0b8a1346fc9338a01f0096c095a3e9b6309376f1bb125a8fa56c68bf

Sharing

Copy URL Twitter E-mail

General

Target

b8f4e87a0b8a1346fc9338a01f0096c095a3e9b6309376f1bb125a8fa56c68bf
Size

2.3MB
MD5

54706464d396fdba71fd160d7eaecdef
SHA1

06b824a3f3cee7ae2e58ae7049603666d75454a0
SHA256

b8f4e87a0b8a1346fc9338a01f0096c095a3e9b6309376f1bb125a8fa56c68bf
SHA512

2e1cbd166b6e948b42838fc1163a7b4ff81a64d712cc7d73536e0677f349cd83218b982343aa7d1041dbb5daa4f9f941bbdced6732a215d7edffb233f4b7be8a
SSDEEP

24576:5zVsF0nOJg31hXCneWfJ/z2L5PIoH562FuAIRbYQQSrh0lhSMXlkedci2IWEL:rw0OJg31hXCn3fJ/zls6DAIGQSldciZX

Score

1^/10

Malware Config

Signatures

Files

b8f4e87a0b8a1346fc9338a01f0096c095a3e9b6309376f1bb125a8fa56c68bf
.exe windows:6 windows x64 arch:x64

8c8fbc38cc99ed9eee61aa46636ba454

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

34:03:e1:7d:7c:27:63:fd:ae:68:86:3e:8e:b4:a8:37
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

06/09/2023, 00:00

Not After

05/09/2024, 23:59

Subject

CN=Intel Corporation,O=Intel Corporation,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\source\repos\Pm2Merge\build\Release-EDSS\PresentMon.pdb

Imports

libcef

cef_get_mime_type
cef_parse_url
cef_register_scheme_handler_factory
cef_post_task
cef_currently_on
cef_string_list_free
cef_string_list_alloc
cef_process_message_create
cef_string_userfree_utf16_free
cef_v8context_get_current_context
cef_log
cef_initialize
cef_v8value_create_double
cef_api_hash
cef_v8value_create_null
cef_v8value_create_bool
cef_v8value_create_int
cef_string_utf16_clear
cef_string_utf16_to_utf8
cef_string_utf8_to_utf16
cef_string_utf8_clear
cef_string_utf16_set
cef_v8value_create_string
cef_v8value_create_object
cef_v8value_create_array
cef_execute_process
cef_v8value_create_function
cef_string_map_alloc
cef_string_map_free
cef_command_line_get_global
cef_value_create
cef_list_value_create
cef_dictionary_value_create
cef_browser_host_create_browser
cef_set_osmodal_loop
cef_string_list_size
cef_string_list_value
cef_string_list_append
cef_string_map_size
cef_string_map_key
cef_string_map_value
cef_string_map_append
cef_string_multimap_size
cef_string_multimap_key
cef_string_multimap_value
cef_string_multimap_append
cef_string_multimap_alloc
cef_string_multimap_free
cef_shutdown
cef_string_utf16_cmp

kernel32

GetModuleFileNameW
K32EnumProcessModules
LocalFree
K32GetModuleInformation
K32GetModuleBaseNameA
GetCurrentThread
K32GetModuleFileNameExA
RtlCaptureContext
OutputDebugStringW
RtlUnwind
GetProcessId
GetCurrentProcess
WideCharToMultiByte
MultiByteToWideChar
SetWaitableTimerEx
CreateWaitableTimerExW
LoadLibraryExA
GetProcAddress
FormatMessageA
SetLastError
GetLastError
GetModuleHandleA
SetEndOfFile
GetCurrentThreadId
GetTempPathW
CreateToolhelp32Snapshot
Process32NextW
WriteConsoleW
SetStdHandle
HeapSize
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
GetTimeZoneInformation
HeapReAlloc
ReadConsoleW
ReadFile
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
SetFilePointerEx
GetFileSizeEx
GetFileType
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
Process32FirstW
CloseHandle
WaitForSingleObject
FormatMessageW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
HeapFree
HeapAlloc
WriteFile
GetStdHandle
ExitProcess
GetCommandLineW
GetCommandLineA
FreeLibraryAndExitThread
ExitThread
CreateThread
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
InterlockedPushEntrySList
RtlUnwindEx
GetCurrentProcessId
GetStartupInfoW
IsDebuggerPresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
InitializeSListHead
GetCPInfo
CompareStringEx
LCMapStringEx
GetSystemTimeAsFileTime
DecodePointer
EncodePointer
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
LoadLibraryExW
InitOnceBeginInitialize
InitOnceComplete
SleepConditionVariableSRW
WakeAllConditionVariable
WakeConditionVariable
GetModuleHandleExW
CloseThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolWork
FreeLibraryWhenCallbackReturns
IsProcessorFeaturePresent
RaiseException
RtlPcToFileHeader
GetStringTypeW
GetFileInformationByHandleEx
AreFileApisANSI
GetFinalPathNameByHandleW
GetFileAttributesExW
FindNextFileW
FindFirstFileExW
FindFirstFileW
FindClose
CreateFileW
CreateDirectoryW
GetCurrentDirectoryW
GetLocaleInfoEx
GetExitCodeThread
SwitchToThread
Sleep
WaitForSingleObjectEx
TryAcquireSRWLockExclusive
AcquireSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockShared
ReleaseSRWLockExclusive
QueryPerformanceCounter
QueryPerformanceFrequency
GetModuleHandleW
OpenProcess

user32

GetClientRect
EndDeferWindowPos
TranslateMessage
BeginDeferWindowPos
ShowWindow
PostMessageA
PostThreadMessageA
GetRawInputData
DefWindowProcA
CreateWindowExA
RegisterRawInputDevices
UnregisterClassA
RegisterClassExA
PostQuitMessage
LoadCursorA
DispatchMessageA
LoadImageA
DeferWindowPos
SetWindowLongPtrW
UnregisterClassW
GetWindowLongPtrW
RegisterClassW
UpdateWindow
SetForegroundWindow
CreateWindowExW
DefWindowProcW
PostMessageW
SetWindowPos
AdjustWindowRect
SetWinEventHook
UnhookWinEvent
MonitorFromWindow
GetMonitorInfoW
FindWindowA
GetWindowRect
IsWindow
ClientToScreen
GetWindowTextW
GetWindowThreadProcessId
GetWindow
IsWindowVisible
EnumWindows
DispatchMessageW
PeekMessageW
LoadCursorW
DestroyWindow
MessageBoxA
GetMessageA

gdi32

GetStockObject

comdlg32

GetSaveFileNameW
GetOpenFileNameW

shell32

SHGetKnownFolderPath
ShellExecuteW

pdh

PdhAddCounterA
PdhOpenQueryA
PdhEnumObjectItemsA
PdhCollectQueryData
PdhGetFormattedCounterValue

dwmapi

DwmSetWindowAttribute

dbghelp

SymFunctionTableAccess64
ImageNtHeader
UnDecorateSymbolName
StackWalk64
SymSetOptions
SymFromAddr
SymGetOptions
SymGetLineFromAddr64
SymLoadModule64
SymGetModuleBase64
SymInitialize

dxgi

CreateDXGIFactory2

d3d11

D3D11CreateDevice

d2d1

ord1

dcomp

DCompositionCreateDevice

dwrite

DWriteCreateFactory

d3dcompiler_47

D3DReadFileToBlob

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey

ole32

CoUninitialize
CoInitializeEx
CoCreateInstance
CoTaskMemFree
CoSetProxyBlanket
CoInitializeSecurity

oleaut32

VariantClear
SysAllocString
SysFreeString

presentmonapi2

pmFreeIntrospectionRoot
pmOpenSession
pmCloseSession
?pmOpenSession_@@YA?AW4PM_STATUS@@PEAPEAUPM_SESSION@@PEBD1@Z
pmStartTrackingProcess
pmStopTrackingProcess
pmGetIntrospectionRoot
pmFreeDynamicQuery
pmPollDynamicQuery
pmRegisterDynamicQuery
pmRegisterFrameQuery
pmFreeFrameQuery
pmConsumeFrames
pmSetTelemetryPollingPeriod

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 701KB - Virtual size: 700KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 47KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8c8fbc38cc99ed9eee61aa46636ba454

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

34:03:e1:7d:7c:27:63:fd:ae:68:86:3e:8e:b4:a8:37Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

libcef

kernel32

user32

gdi32

comdlg32

shell32

pdh

dwmapi

dbghelp

dxgi

d3d11

d2d1

dcomp

dwrite

d3dcompiler_47

advapi32

ole32

oleaut32

presentmonapi2

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 701KB - Virtual size: 700KB

.data Size: 47KB - Virtual size: 82KB

.pdata Size: 69KB - Virtual size: 68KB

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 22KB - Virtual size: 21KB

.reloc Size: 11KB - Virtual size: 10KB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

34:03:e1:7d:7c:27:63:fd:ae:68:86:3e:8e:b4:a8:37
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 701KB - Virtual size: 700KB

.data
Size: 47KB - Virtual size: 82KB

.pdata
Size: 69KB - Virtual size: 68KB

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 22KB - Virtual size: 21KB

.reloc
Size: 11KB - Virtual size: 10KB