eba4831cf3f60f39ac85911947494dc2f0142784bb44847a3294e8c1129b2962

Sharing

Copy URL Twitter E-mail

General

Target

eba4831cf3f60f39ac85911947494dc2f0142784bb44847a3294e8c1129b2962
Size

285KB
MD5

1fffd13636ad4a3365689beb86c21a1e
SHA1

3a84d034a2729f1bdc73ee3566926785c41dc07b
SHA256

eba4831cf3f60f39ac85911947494dc2f0142784bb44847a3294e8c1129b2962
SHA512

8e1312c18c9ffb305dcd34b24ff310db5ba362c4de44893b600c46cd8c162ea07a2b0e4d3663c3875dd759461b71861d9a7fab55f5ebac41f7e42b0faa4dfe21
SSDEEP

6144:w1+3pQij+0ZvclCIM/0hb7BjUhIuDv0FYRkA:w1+3a3vJF6v0FLA

Score

1^/10

Malware Config

Signatures

Files

eba4831cf3f60f39ac85911947494dc2f0142784bb44847a3294e8c1129b2962
.exe windows:4 windows x64 arch:x64

0fcda6bb5acc42470aa05f845ce2adc6

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:e7:9b:8b:c0:bc:2a:73:e3:69:c2:0a:c9:e4:a8:a5
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

09/09/2022, 00:00

Not After

08/08/2024, 23:59

Subject

CN=ForeScout Technologies\, Inc,OU=Corporate IT,O=ForeScout Technologies\, Inc,L=San Jose,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ce:08:f2:46:17:a2:2c:38:1b:9a:9a:ba:17:09:f2:1c:14:c5:64:e1:04:9f:85:54:0a:3c:13:1f:25:02:95:ee
Signer

Actual PE Digest

ce:08:f2:46:17:a2:2c:38:1b:9a:9a:ba:17:09:f2:1c:14:c5:64:e1:04:9f:85:54:0a:3c:13:1f:25:02:95:ee

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\users\devops_ci\jenkins_ta_slave\workspace\project_hps_fsprocsvc_rel_11.3.3\x64\release\fsprocsvc.pdb

Imports

shlwapi

PathFileExistsW

psapi

EnumProcesses
GetModuleBaseNameW
EnumProcessModules

advapi32

OpenProcessToken
RegCloseKey
RegOpenKeyExW
SetNamedSecurityInfoW
RegQueryValueExW
RevertToSelf
GetTokenInformation
GetAclInformation
CopySid
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetAce
InitializeAcl
AddAccessAllowedAce
AddAce
GetLengthSid
GetSecurityDescriptorDacl
CreateProcessAsUserW
RegisterServiceCtrlHandlerExW
SetServiceStatus
ConvertStringSecurityDescriptorToSecurityDescriptorW
CreateServiceW
CloseServiceHandle
DeleteService
OpenSCManagerW
StartServiceCtrlDispatcherW
GetUserNameW
OpenServiceW
EqualSid
StartServiceW
QueryServiceStatus
ChangeServiceConfigW
AllocateAndInitializeSid
QueryServiceStatusEx
FreeSid
ControlService
QueryServiceConfigW
DuplicateTokenEx
ImpersonateLoggedOnUser
LsaNtStatusToWinError

wtsapi32

WTSEnumerateSessionsW
WTSFreeMemory
WTSEnumerateProcessesW

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

secur32

LsaGetLogonSessionData
LsaFreeReturnBuffer
LsaEnumerateLogonSessions

kernel32

CompareStringW
SetEnvironmentVariableA
DebugBreak
GetTickCount
CompareStringA
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetTimeZoneInformation
HeapAlloc
HeapFree
GetProcessHeap
GetLastError
GetTimeFormatA
GetDateFormatA
GetLocalTime
CloseHandle
GetFileSize
CreateMutexW
FindFirstFileW
SystemTimeToTzSpecificLocalTime
CompareFileTime
WaitForSingleObject
WriteFile
CopyFileW
FileTimeToSystemTime
CreateFileW
FlushFileBuffers
FindClose
FindNextFileW
GetFileTime
ReleaseMutex
DeleteFileW
CreateProcessW
GetCommandLineA
GetPrivateProfileIntW
GetProcAddress
ProcessIdToSessionId
GetModuleHandleA
GetCurrentThreadId
OutputDebugStringA
GetCurrentProcessId
LocalFree
ExitProcess
GetCommandLineW
SetEvent
CreateSemaphoreW
CreateEventW
WaitForMultipleObjects
OpenEventW
CreateThread
MoveFileExW
VirtualQuery
lstrcmpiW
GetCurrentProcess
WaitNamedPipeW
OpenProcess
Sleep
GetModuleFileNameW
lstrlenW
VerSetConditionMask
VerifyVersionInfoW
SetLastError
ConnectNamedPipe
CreateNamedPipeW
ReadFile
ReleaseSemaphore
DisconnectNamedPipe
SetNamedPipeHandleState
SystemTimeToFileTime
SetFileTime
WideCharToMultiByte
MultiByteToWideChar
GetWindowsDirectoryW
GetSystemTime
GetLocaleInfoA
InitializeCriticalSection
LoadLibraryA
FreeLibrary
HeapReAlloc
GetConsoleMode
GetConsoleCP
SetFilePointer
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlCaptureContext
GetSystemTimeAsFileTime
GetVersionExA
RtlVirtualUnwind
RtlLookupFunctionEntry
RaiseException
RtlPcToFileHeader
FlsGetValue
FlsSetValue
TlsFree
FlsFree
FlsAlloc
HeapSize
RtlUnwindEx
GetStdHandle
GetModuleFileNameA
HeapSetInformation
HeapCreate
GetCPInfo
GetACP
GetOEMCP
EnterCriticalSection
LeaveCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
QueryPerformanceCounter

user32

SetUserObjectSecurity
GetUserObjectSecurity
OpenWindowStationW
SetProcessWindowStation
CloseWindowStation
GetProcessWindowStation
OpenDesktopW
CloseDesktop

Sections

.text
Size: 172KB - Virtual size: 172KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 47B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0fcda6bb5acc42470aa05f845ce2adc6

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

05:e7:9b:8b:c0:bc:2a:73:e3:69:c2:0a:c9:e4:a8:a5Certificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

ce:08:f2:46:17:a2:2c:38:1b:9a:9a:ba:17:09:f2:1c:14:c5:64:e1:04:9f:85:54:0a:3c:13:1f:25:02:95:eeSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

psapi

advapi32

wtsapi32

userenv

secur32

kernel32

user32

Sections

.text Size: 172KB - Virtual size: 172KB

.rdata Size: 84KB - Virtual size: 83KB

.data Size: 6KB - Virtual size: 16KB

.pdata Size: 10KB - Virtual size: 9KB

.tls Size: 512B - Virtual size: 47B

.rsrc Size: 1KB - Virtual size: 1KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:e7:9b:8b:c0:bc:2a:73:e3:69:c2:0a:c9:e4:a8:a5
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

ce:08:f2:46:17:a2:2c:38:1b:9a:9a:ba:17:09:f2:1c:14:c5:64:e1:04:9f:85:54:0a:3c:13:1f:25:02:95:ee
Signer

.text
Size: 172KB - Virtual size: 172KB

.rdata
Size: 84KB - Virtual size: 83KB

.data
Size: 6KB - Virtual size: 16KB

.pdata
Size: 10KB - Virtual size: 9KB

.tls
Size: 512B - Virtual size: 47B

.rsrc
Size: 1KB - Virtual size: 1KB