ba7531b3175cea91200e46c413b8517ba68fdc7b7165b63fbbc53c879fee1038

Sharing

Copy URL Twitter E-mail

General

Target

ba7531b3175cea91200e46c413b8517ba68fdc7b7165b63fbbc53c879fee1038
Size

685KB
MD5

aa11eb772c8fb6ceaa97e1fba696361c
SHA1

fe09892e0062e93beb6f6465d9528a70351d8e41
SHA256

ba7531b3175cea91200e46c413b8517ba68fdc7b7165b63fbbc53c879fee1038
SHA512

496c0e50afee57ce13a5edcc76c23240b39f3b52da614a44e78596c8c23e35f99c59376581fd5fdf56626ee53eb0c4cbe244dcf22cf340ae71f56a8ef4445f6b
SSDEEP

12288:h7t9ft9X31iVZu/5fZLoSgd3G68s4epWVZu/5fZLoSg8Iscc/QgK/ea/5fZLoNCo:39n0Vw/5fZLjgd3Gfs43Vw/5fZLjg8IQ

Score

1^/10

Malware Config

Signatures

Files

ba7531b3175cea91200e46c413b8517ba68fdc7b7165b63fbbc53c879fee1038
.exe windows:6 windows x86 arch:x86

a70c4fefb96cddb95b24fb1a9fe36491

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:93:6f:7b:46:74:c4:5c:2c:08:32:9a:61:fa:d7:7a
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

05/08/2020, 00:00

Not After

11/10/2023, 12:00

Subject

CN=Star Finanz - Software Entwicklung und Vertriebs GmbH,OU=Entwicklung,O=Star Finanz - Software Entwicklung und Vertriebs GmbH,L=Hamburg,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:93:6f:7b:46:74:c4:5c:2c:08:32:9a:61:fa:d7:7a
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

05/08/2020, 00:00

Not After

11/10/2023, 12:00

Subject

CN=Star Finanz - Software Entwicklung und Vertriebs GmbH,OU=Entwicklung,O=Star Finanz - Software Entwicklung und Vertriebs GmbH,L=Hamburg,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

26:a5:ca:22:fc:87:71:78:c2:58:de:64:f1:5f:18:b4:d7:20:be:3d:15:f9:58:5a:51:26:7f:cc:50:cd:39:d8
Signer

Actual PE Digest

26:a5:ca:22:fc:87:71:78:c2:58:de:64:f1:5f:18:b4:d7:20:be:3d:15:f9:58:5a:51:26:7f:cc:50:cd:39:d8

Digest Algorithm

sha256

PE Digest Matches

true

f3:48:f3:47:27:49:96:90:80:63:86:ac:b6:de:46:04:91:fa:a6:fe
Signer

Actual PE Digest

f3:48:f3:47:27:49:96:90:80:63:86:ac:b6:de:46:04:91:fa:a6:fe

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\jenkins2\workspace\FK\SFirm\SFirm_55_Agent_script\SfMigrationReorg\Release\SfMigrationReorg.pdb

Imports

mfc140

ord14343
ord1542
ord5455
ord6831
ord9166
ord10202
ord8182
ord5388
ord7677
ord7688
ord7687
ord5210
ord5390
ord5231
ord5742
ord5504
ord9305
ord5739
ord5528
ord5228
ord12869
ord12162
ord12194
ord10383
ord8180
ord12190
ord12182
ord5894
ord3844
ord6323
ord14582
ord6324
ord14583
ord6322
ord14581
ord7964
ord12474
ord14380
ord11928
ord11927
ord2027
ord7905
ord12888
ord4143
ord9353
ord2184
ord7886
ord14509
ord12485
ord12484
ord2484
ord5336
ord8285
ord12806
ord8347
ord8429
ord266
ord883
ord2874
ord3879
ord3609
ord3154
ord2462
ord13893
ord8188
ord7063
ord5724
ord3392
ord3365
ord7151
ord265
ord3858
ord3863
ord1722
ord13199
ord3153
ord1915
ord2714
ord13464
ord14391
ord6384
ord8101
ord13463
ord4655
ord8679
ord8672
ord14322
ord14321
ord5538
ord14327
ord12863
ord885
ord2185
ord2186
ord2241
ord2301
ord2354
ord7961
ord2383
ord2387
ord1468
ord993
ord7618
ord8322
ord8717
ord14328
ord14334
ord4656
ord12706
ord2992
ord301
ord1650
ord6411
ord6410
ord1097
ord440
ord6409
ord6358
ord2875
ord6913
ord11895
ord1094
ord436
ord6357
ord6356
ord6978
ord5547
ord2876
ord12584
ord4807
ord5541
ord13198
ord2381
ord5723
ord1093
ord435
ord5720
ord5540
ord5533
ord6977
ord1447
ord974
ord6976
ord305
ord5898
ord7891
ord3591
ord3005
ord2877
ord3841
ord5545
ord1544
ord11898
ord11899
ord2403
ord1095
ord437
ord1507
ord1098
ord441
ord11894
ord2394
ord321
ord1091
ord432
ord316
ord1529
ord310
ord1551
ord8759
ord1044
ord300
ord2986
ord5532
ord882
ord13235
ord5548
ord8151
ord11896
ord3878
ord13883
ord3882
ord5863
ord4725
ord2298
ord2463
ord3155
ord4570
ord2881
ord4705
ord1142
ord3840
ord503
ord2983
ord1692
ord5102
ord4580
ord13382
ord13386
ord1696
ord8426
ord12503
ord1693
ord14333
ord442
ord1526
ord14507
ord2407
ord1509

kernel32

GetCurrentProcessId
CopyFileA
DeleteFileA
MoveFileA
InitializeCriticalSectionEx
GetLastError
DeleteCriticalSection
OutputDebugStringW
GetModuleHandleW
GetProcAddress
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
CloseHandle
CreateEventW
GetPrivateProfileStringA
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
WritePrivateProfileStringA
InitializeSListHead
GetSystemTimeAsFileTime

user32

wsprintfA
PostThreadMessageA

oleaut32

VariantClear
VarUdateFromDate
VariantChangeType

sfaux

?itoa@Strings@Utilities@CBIVGLib@@SA?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@H@Z
?GetInstance@LocalizedStrings@@SAAAV1@XZ
??0SfAuxAutoCleanup@@QAE@XZ
??1SfAuxAutoCleanup@@QAE@XZ
?GetCmdLineParameter@Parser@Utilities@CBIVGLib@@SA?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@ABV45@AAV45@0_N@Z
?SetLanguage@LocalizedStrings@@QAEXD@Z
?GMLS@@YA?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@IZZ
?GetErrorMessageFromException@Strings@Utilities@CBIVGLib@@SA?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@PBVCException@@@Z
?ReadFile@Files@Utilities@CBIVGLib@@SA?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@ABV45@K_N@Z
?WriteFile@Files@Utilities@CBIVGLib@@SA_NABV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@0@Z
?GetReasonableMessageBoxCancelValue@Gui@System@CBIVGLib@@SAHH@Z

sfbasis

?GetDateSysFormat@@YA?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@K@Z

vcruntime140

__std_terminate
memset
__CxxFrameHandler3
__vcrt_InitializeCriticalSectionEx
_except_handler4_common
_CxxThrowException

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode
__stdio_common_vsprintf_s

api-ms-win-crt-time-l1-1-0

strftime

api-ms-win-crt-heap-l1-1-0

_set_new_mode
free

api-ms-win-crt-convert-l1-1-0

atol
atoi

api-ms-win-crt-runtime-l1-1-0

_controlfp_s
_register_thread_local_exe_atexit_callback
_c_exit
exit
_initterm_e
_initterm
_get_narrow_winmain_command_line
_exit
_set_app_type
_seh_filter_exe
terminate
_cexit
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
_setmbcp

Sections

.text
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 404KB - Virtual size: 404KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 117KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a70c4fefb96cddb95b24fb1a9fe36491

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

07:93:6f:7b:46:74:c4:5c:2c:08:32:9a:61:fa:d7:7aCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

07:93:6f:7b:46:74:c4:5c:2c:08:32:9a:61:fa:d7:7aCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

26:a5:ca:22:fc:87:71:78:c2:58:de:64:f1:5f:18:b4:d7:20:be:3d:15:f9:58:5a:51:26:7f:cc:50:cd:39:d8Signer

f3:48:f3:47:27:49:96:90:80:63:86:ac:b6:de:46:04:91:fa:a6:feSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mfc140

kernel32

user32

oleaut32

sfaux

sfbasis

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 103KB - Virtual size: 102KB

.rdata Size: 31KB - Virtual size: 30KB

.data Size: 404KB - Virtual size: 404KB

.gfids Size: 512B - Virtual size: 48B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 117KB - Virtual size: 117KB

.reloc Size: 14KB - Virtual size: 14KB

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

07:93:6f:7b:46:74:c4:5c:2c:08:32:9a:61:fa:d7:7a
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

07:93:6f:7b:46:74:c4:5c:2c:08:32:9a:61:fa:d7:7a
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

26:a5:ca:22:fc:87:71:78:c2:58:de:64:f1:5f:18:b4:d7:20:be:3d:15:f9:58:5a:51:26:7f:cc:50:cd:39:d8
Signer

f3:48:f3:47:27:49:96:90:80:63:86:ac:b6:de:46:04:91:fa:a6:fe
Signer

.text
Size: 103KB - Virtual size: 102KB

.rdata
Size: 31KB - Virtual size: 30KB

.data
Size: 404KB - Virtual size: 404KB

.gfids
Size: 512B - Virtual size: 48B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 117KB - Virtual size: 117KB

.reloc
Size: 14KB - Virtual size: 14KB