tracksvc[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

tracksvc.exe
Size

1.9MB
MD5

a795216cf6d16f1c6e9d324b393ae283
SHA1

5c0fff395b5e9b7b1c89049dd351aa129fd015a6
SHA256

8421a077b511588318a7b791ec57d4d1db0a1bab18e8f6e27b843e103c71f554
SHA512

7d4d376302768c9fe8be255b88c7bc4c0d54b8077cb052967b317200d67221583af93a3fc20f3fe4e137fe7a50cc3cc18fab507f65103e0fddc202242e050f03
SSDEEP

49152:Ap/uGbvTNICpLL/frsz53p57tQBOJ4rmNt1F:ADTTPLLn4z53P7t2A4rmNt1F

Score

1^/10

Malware Config

Signatures

Files

tracksvc.exe
.exe windows:5 windows x86 arch:x86

856b8b54e186ca2261951ae2290437bb

Code Sign

0e:1d:ba:2c:04:05:55:c6:c5:0e:c2:90:16:5e:ca:73
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/04/2021, 00:00

Not After

27/04/2023, 23:59

Subject

CN=Ivanti\, Inc.,O=Ivanti\, Inc.,L=South Jordan,ST=Utah,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:1c:b2:8a:00:00:00:00:00:26
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:41

Not After

15/04/2021, 19:51

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

80:df:05:c0:8a:72:21:17:d7:ed:8c:e3:22:8e:85:f1:86:f5:61:c2:25:f5:25:3f:ea:04:fc:9b:7d:0e:ec:b5
Signer

Actual PE Digest

80:df:05:c0:8a:72:21:17:d7:ed:8c:e3:22:8e:85:f1:86:f5:61:c2:25:f5:25:3f:ea:04:fc:9b:7d:0e:ec:b5

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wtsapi32

WTSQuerySessionInformationA
WTSFreeMemory
WTSEnumerateSessionsA

kernel32

GetFileType
GetDriveTypeW
CreateFileW
PeekNamedPipe
RtlUnwind
OutputDebugStringW
CreateThread
ExitThread
FreeLibraryAndExitThread
WriteConsoleW
GetModuleFileNameA
GetTickCount
TerminateProcess
GetLastError
CloseHandle
Sleep
HeapFree
InitializeCriticalSectionAndSpinCount
HeapSize
HeapReAlloc
RaiseException
HeapAlloc
DecodePointer
DeleteCriticalSection
GetProcessHeap
GetModuleHandleExW
GetComputerNameA
GetCurrentProcess
WaitForSingleObject
CreateProcessA
GetExitCodeProcess
MoveFileA
DeleteFileA
VerifyVersionInfoA
GetModuleHandleA
GetSystemInfo
GetProcAddress
VerSetConditionMask
LocalAlloc
LoadLibraryA
LocalFree
FreeLibrary
OpenProcess
GetCurrentProcessId
lstrlenA
InterlockedDecrement
SetEvent
GetCurrentThreadId
SetThreadPriority
ResumeThread
GetCommandLineA
GetCommandLineW
VirtualAlloc
VirtualQuery
HeapQueryInformation
QueryPerformanceFrequency
SetStdHandle
ExitProcess
GetStdHandle
GetCurrentDirectoryW
GetFullPathNameW
LCMapStringW
SetFilePointerEx
GetConsoleMode
ReadConsoleW
GetConsoleCP
GetStringTypeW
GetTimeZoneInformation
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateEventW
WaitForSingleObjectEx
ResetEvent
SearchPathA
GetCurrentThread
GetVersionExA
LoadLibraryExW
GetProfileIntA
GetTempFileNameA
GetTempPathA
GetWindowsDirectoryA
FindResourceExW
lstrcpyA
GetACP
SystemTimeToTzSpecificLocalTime
GetFileTime
GetFileSizeEx
GetFileAttributesExA
GetFileAttributesA
FileTimeToLocalFileTime
SetErrorMode
FileTimeToSystemTime
GetCPInfo
GetOEMCP
VirtualProtect
GetVolumeInformationA
lstrcmpiA
DuplicateHandle
WriteFile
UnlockFile
SetFilePointer
SetEndOfFile
ReadFile
LockFile
GetFullPathNameA
GetFileSize
FlushFileBuffers
FindFirstFileA
FindClose
CreateFileA
GlobalFlags
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
CompareStringW
GetCurrentDirectoryA
CopyFileA
FormatMessageA
MulDiv
GlobalSize
GlobalGetAtomNameA
GlobalFindAtomA
FindResourceA
lstrcmpW
FreeResource
GetSystemDirectoryW
EncodePointer
LocalReAlloc
GlobalFree
GlobalUnlock
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
LoadLibraryW
GetModuleFileNameW
SetLastError
OutputDebugStringA
GlobalAddAtomA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
GetModuleHandleW
CompareStringA
WideCharToMultiByte
MultiByteToWideChar
FindResourceW
lstrcmpA
GlobalDeleteAtom
GlobalLock
GlobalAlloc
SizeofResource
LockResource
LoadResource

user32

MapVirtualKeyExA
IsCharLowerA
GetKeyboardLayout
PostThreadMessageA
GetComboBoxInfo
MonitorFromPoint
UpdateLayeredWindow
LockWindowUpdate
SetRect
DrawIcon
FrameRect
CopyIcon
SetCursorPos
LoadMenuW
IsZoomed
DrawFrameControl
DrawEdge
DrawStateA
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
SetWindowRgn
SetClassLongA
EnumDisplayMonitors
SetLayeredWindowAttributes
GetMenuDefaultItem
NotifyWinEvent
InvertRect
HideCaret
EnableScrollBar
MessageBeep
GetIconInfo
DrawIconEx
DrawFocusRect
GetNextDlgGroupItem
SetParent
GetSystemMenu
IsRectEmpty
UnionRect
MapVirtualKeyA
GetKeyNameTextA
LoadImageW
TrackMouseEvent
ReuseDDElParam
UnpackDDElParam
LoadImageA
InsertMenuItemA
CreatePopupMenu
LoadMenuA
TranslateAcceleratorA
LoadAcceleratorsA
BringWindowToTop
IntersectRect
MapDialogRect
GetAsyncKeyState
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamA
OffsetRect
SetRectEmpty
InflateRect
GetKeyboardState
DestroyMenu
CharUpperA
DestroyIcon
GetSysColorBrush
GetSystemMetrics
LoadCursorW
LoadCursorA
WindowFromPoint
ReleaseCapture
SetCapture
GetMenuItemCount
TrackPopupMenu
UpdateWindow
SetActiveWindow
WaitMessage
FillRect
ReleaseDC
GetWindowDC
GetDC
TabbedTextOutA
GrayStringA
DrawTextExA
DrawTextA
InvalidateRect
KillTimer
SetTimer
RealChildWindowFromPoint
GetDesktopWindow
ClientToScreen
DeleteMenu
SystemParametersInfoA
CopyImage
RemoveMenu
AppendMenuA
CreateMenu
GetMenuState
GetMenuStringA
IsDialogMessageA
SetWindowTextA
SendDlgItemMessageA
CheckDlgButton
MoveWindow
ShowWindow
GetMonitorInfoA
MonitorFromWindow
WinHelpA
GetScrollInfo
SetScrollInfo
LoadIconW
LoadIconA
GetWindow
GetTopWindow
GetClassNameA
GetClassLongA
SetWindowLongA
PtInRect
EqualRect
ToAsciiEx
LoadAcceleratorsW
CreateAcceleratorTableA
DestroyAcceleratorTable
CopyAcceleratorTableA
SetMenuDefaultItem
GetDoubleClickTime
ModifyMenuA
RegisterClipboardFormatA
CharUpperBuffA
IsClipboardFormatAvailable
GetUpdateRect
DrawMenuBar
DefFrameProcA
DefMDIChildProcA
TranslateMDISysAccel
SubtractRect
GetMenuItemInfoA
GetForegroundWindow
SetForegroundWindow
BeginPaint
EndPaint
RedrawWindow
ScrollWindow
SetScrollPos
GetScrollPos
SetScrollRange
GetScrollRange
ShowScrollBar
SetPropA
GetPropA
RemovePropA
GetWindowTextA
GetWindowTextLengthA
GetLastInputInfo
wsprintfA
UnregisterClassA
FindWindowA
OpenInputDesktop
OpenDesktopA
CloseDesktop
GetClientRect
GetWindowThreadProcessId
GetMessageA
TranslateMessage
DispatchMessageA
PeekMessageA
SendMessageA
IsWindowVisible
GetActiveWindow
GetKeyState
ValidateRect
GetCursorPos
SetWindowsHookExA
CallNextHookEx
PostMessageA
PostQuitMessage
ShowOwnedPopups
SetCursor
EnableWindow
IsWindowEnabled
MessageBoxA
GetWindowLongA
GetParent
GetLastActivePopup
GetFocus
CheckMenuItem
EnableMenuItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
SetMenuItemInfoA
LoadBitmapW
UnhookWindowsHookEx
RegisterWindowMessageA
GetMessagePos
GetMessageTime
DefWindowProcA
CallWindowProcA
RegisterClassA
GetWindowRect
AdjustWindowRectEx
GetClassInfoA
GetClassInfoExA
CreateWindowExA
IsWindow
IsMenu
IsChild
DestroyWindow
SetWindowPos
GetWindowRgn
DestroyCursor
InsertMenuA
GetWindowPlacement
SetWindowPlacement
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
IsIconic
GetDlgItem
GetDlgCtrlID
SetFocus
GetCapture
GetMenu
SetMenu
GetSubMenu
CopyRect
GetSysColor
MapWindowPoints
ScreenToClient
GetMenuItemID

gdi32

MoveToEx
TextOutA
ExtTextOutA
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CreateFontIndirectA
GetTextExtentPoint32A
CombineRgn
CreateRectRgnIndirect
PatBlt
SetRectRgn
DPtoLP
CreateCompatibleBitmap
GetTextMetricsA
EnumFontFamiliesExA
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
RealizePalette
GetBkColor
CreateDIBitmap
GetTextCharsetInfo
SetPixel
StretchBlt
CreateDIBSection
SetDIBColorTable
CreateEllipticRgn
Ellipse
GetTextColor
CreatePolygonRgn
Polygon
Polyline
CreateRoundRectRgn
LPtoDP
Rectangle
GetRgnBox
OffsetRgn
RoundRect
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
ExtFloodFill
SetPaletteEntries
SetPixelV
GetWindowOrgEx
GetViewportOrgEx
GetTextFaceA
SetTextAlign
SetROP2
SetPolyFillMode
GetLayout
SetLayout
SetMapMode
CreateBitmap
SetBkColor
SetTextColor
GetObjectA
CopyMetaFileA
CreateDCA
GetDeviceCaps
DeleteObject
BitBlt
CreateCompatibleDC
CreateHatchBrush
CreatePen
CreatePatternBrush
CreateRectRgn
CreateSolidBrush
DeleteDC
Escape
ExcludeClipRect
GetClipBox
GetObjectType
GetPixel
GetStockObject
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
LineTo
PtVisible
RectVisible
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectObject
SelectPalette
SetBkMode
EnumFontFamiliesA

msimg32

TransparentBlt
AlphaBlend

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegQueryValueA
RegEnumKeyA
ConvertSidToStringSidA
LookupAccountNameA
GetUserNameA
LookupAccountSidA
GetTokenInformation
StartServiceCtrlDispatcherA
SetServiceStatus
RegisterServiceCtrlHandlerA
RegCloseKey
RegDeleteKeyA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegEnumValueA
RegDeleteValueA
RegEnumKeyExA
RevertToSelf
CreateProcessAsUserA
SetTokenInformation
ImpersonateSelf
OpenProcessToken
DuplicateTokenEx
CreateServiceA
QueryServiceStatus
CloseServiceHandle
OpenSCManagerA
DeleteService
ControlService
StartServiceA
ChangeServiceConfig2A
QueryServiceStatusEx
OpenServiceA

shell32

SHBrowseForFolderA
SHGetFileInfoA
DragQueryFileA
DragFinish
ShellExecuteA
SHGetPathFromIDListA
SHAppBarMessage
SHGetDesktopFolder
SHGetSpecialFolderLocation

shlwapi

PathFindFileNameA
PathIsUNCA
PathStripToRootA
PathRemoveFileSpecW
PathFindExtensionA
StrFormatKBSizeA

uxtheme

DrawThemeText
DrawThemeBackground
IsThemeBackgroundPartiallyTransparent
DrawThemeParentBackground
OpenThemeData
GetThemeSysColor
GetWindowTheme
IsAppThemed
GetThemePartSize
GetCurrentThemeName
GetThemeColor
CloseThemeData

ole32

CoCreateInstance
CoUninitialize
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
OleLockRunning
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
OleGetClipboard
DoDragDrop
CreateStreamOnHGlobal
CoDisconnectObject
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc
CoInitialize
CoCreateGuid
CoInitializeEx
CoInitializeSecurity

oleaut32

VariantInit
VariantChangeType
SysAllocStringByteLen
LoadTypeLi
SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SysAllocStringLen
VariantCopy
VarBstrFromDate
SysFreeString
SysAllocString
VariantClear

powrprof

CallNtPowerInformation

oleacc

CreateStdAccessibleObject
AccessibleObjectFromWindow
LresultFromObject

gdiplus

GdiplusShutdown
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipFree
GdipAlloc

imm32

ImmGetContext
ImmGetOpenStatus
ImmReleaseContext

winmm

PlaySoundA

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 311KB - Virtual size: 310KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.giats
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

856b8b54e186ca2261951ae2290437bb

Code Sign

0e:1d:ba:2c:04:05:55:c6:c5:0e:c2:90:16:5e:ca:73Certificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

61:1c:b2:8a:00:00:00:00:00:26Certificate

Key Usages

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

80:df:05:c0:8a:72:21:17:d7:ed:8c:e3:22:8e:85:f1:86:f5:61:c2:25:f5:25:3f:ea:04:fc:9b:7d:0e:ec:b5Signer

Headers

DLL Characteristics

File Characteristics

Imports

wtsapi32

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

shlwapi

uxtheme

ole32

oleaut32

powrprof

oleacc

gdiplus

imm32

winmm

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 311KB - Virtual size: 310KB

.data Size: 21KB - Virtual size: 49KB

.gfids Size: 104KB - Virtual size: 104KB

.giats Size: 512B - Virtual size: 16B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 16KB - Virtual size: 16KB

0e:1d:ba:2c:04:05:55:c6:c5:0e:c2:90:16:5e:ca:73
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

61:1c:b2:8a:00:00:00:00:00:26
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

80:df:05:c0:8a:72:21:17:d7:ed:8c:e3:22:8e:85:f1:86:f5:61:c2:25:f5:25:3f:ea:04:fc:9b:7d:0e:ec:b5
Signer

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 311KB - Virtual size: 310KB

.data
Size: 21KB - Virtual size: 49KB

.gfids
Size: 104KB - Virtual size: 104KB

.giats
Size: 512B - Virtual size: 16B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 16KB - Virtual size: 16KB