b8863004c484c93c0362785e102e8b3f9da696b0e0c94ee92ba1240791f75ed2

Sharing

Copy URL Twitter E-mail

General

Target

b8863004c484c93c0362785e102e8b3f9da696b0e0c94ee92ba1240791f75ed2
Size

277KB
MD5

353ff224d6466c76532746218c8c45c4
SHA1

320c8f0ca03de57abed1e1a4130198ee55c2a1a1
SHA256

b8863004c484c93c0362785e102e8b3f9da696b0e0c94ee92ba1240791f75ed2
SHA512

c63682612a25f52bbb2e71bb043484985ab587c438d941929d03e28456e9a1ff8213aba99e6f999c1cc94031c82eaca8d041ae321fbb9e35d72da148e6d8ba86
SSDEEP

6144:4OzlMrljp3AAchKYxk46xYDYXemWEVcuuhItDG3uOaONFZTRvBxJzFGbZYIeoSdP:r2rljp3AAchKYxk46WYNWEOuuhcG+OdR

Score

1^/10

Malware Config

Signatures

Files

b8863004c484c93c0362785e102e8b3f9da696b0e0c94ee92ba1240791f75ed2
.dll windows:6 windows x86 arch:x86

c3846154055defebe7dc0b85800d9e43

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:44:ac:14:e6:af:24:8f:c9:0c:49:95:78:28:ce:24
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

25/04/2023, 00:00

Not After

24/04/2026, 23:59

Subject

CN=Bitdefender SRL,OU=DEVSUP CL,O=Bitdefender SRL,L=Bucharest,C=RO

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

41:08:4a:82:05:e0:43:5c:6e:99:88:5d:64:30:4f:15:2a:ac:19:9c:17:b6:61:c8:9d:56:76:25:ad:6c:9f:8b
Signer

Actual PE Digest

41:08:4a:82:05:e0:43:5c:6e:99:88:5d:64:30:4f:15:2a:ac:19:9c:17:b6:61:c8:9d:56:76:25:ad:6c:9f:8b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\bamboo\home\xml-data\build-dir\WSP-MASTER-SOURCES\bin\Win32\Release\tuneup.epaas.server.pdb

Imports

kernel32

LoadLibraryW
HeapAlloc
GetProcAddress
LocalFree
VerSetConditionMask
GetCurrentProcessId
GetProcessHeap
CreateProcessW
GetModuleHandleW
FreeLibrary
VerifyVersionInfoW
InitializeCriticalSectionEx
HeapSize
HeapReAlloc
RaiseException
CloseHandle
HeapDestroy
DeleteCriticalSection
GetComputerNameW
MultiByteToWideChar
FormatMessageA
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
WideCharToMultiByte
LoadLibraryExW
LoadResource
LockResource
SizeofResource
FindResourceW
FindResourceExW
OpenEventW
InitializeSListHead
SetUnhandledExceptionFilter
GetCurrentProcess
Process32FirstW
SetEvent
Process32NextW
GetLastError
Sleep
ProcessIdToSessionId
CreateEventW
CreateToolhelp32Snapshot
OpenProcess
GetModuleFileNameW
GetModuleHandleExW
HeapFree
UnhandledExceptionFilter
WaitForSingleObjectEx
ResetEvent
InitializeCriticalSectionAndSpinCount
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
OutputDebugStringW

advapi32

SaferCloseLevel
SetTokenInformation
ConvertStringSidToSidW
SaferCreateLevel
OpenProcessToken
CreateProcessAsUserW
GetLengthSid
SaferComputeTokenFromLevel
GetTokenInformation

msvcp140

?_Xbad_function_call@std@@YAXXZ
?_Xlength_error@std@@YAXPBD@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAE_JPB_W_J@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?id@?$ctype@_W@std@@2V0locale@2@A
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@K@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEPAV12@PA_W_J@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEXABVlocale@2@@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??Bid@locale@std@@QAEIXZ
?_Winerror_map@std@@YAHH@Z
?_Syserror_map@std@@YAPBDH@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Throw_C_error@std@@YAXH@Z
_Mtx_init_in_situ
_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_unlock
?uncaught_exception@std@@YA_NXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
?_Xout_of_range@std@@YAXPBD@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
?widen@?$ctype@_W@std@@QBE_WD@Z

winmm

timeGetTime

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

shlwapi

PathRemoveFileSpecW
PathAddBackslashW

vcruntime140

memset
_except_handler4_common
__std_type_info_destroy_list
memmove
_CxxThrowException
__std_exception_destroy
__CxxFrameHandler3
__std_terminate
__current_exception_context
__current_exception
memcpy
_purecall
wcsrchr
__std_exception_copy

api-ms-win-crt-heap-l1-1-0

malloc
free
realloc
_callnewh

api-ms-win-crt-string-l1-1-0

wcscpy_s
wcstok_s
_wcsicmp
wcscat_s
wcsncpy_s
wmemcpy_s

api-ms-win-crt-runtime-l1-1-0

_execute_onexit_table
_initterm
_initterm_e
_register_onexit_function
_initialize_onexit_table
_invalid_parameter_noinfo_noreturn
terminate
_crt_atexit
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_invalid_parameter_noinfo
_errno
_cexit

api-ms-win-crt-math-l1-1-0

_dsign
_dclass

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vswprintf
__stdio_common_vsprintf
__stdio_common_vswprintf_s

api-ms-win-crt-convert-l1-1-0

strtod
strtoll
strtoull

api-ms-win-crt-locale-l1-1-0

localeconv

Exports

Exports

BdCreateObject
BdDestroyObject

Sections

.text
Size: 189KB - Virtual size: 189KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c3846154055defebe7dc0b85800d9e43

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0c:44:ac:14:e6:af:24:8f:c9:0c:49:95:78:28:ce:24Certificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

41:08:4a:82:05:e0:43:5c:6e:99:88:5d:64:30:4f:15:2a:ac:19:9c:17:b6:61:c8:9d:56:76:25:ad:6c:9f:8bSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

msvcp140

winmm

userenv

shlwapi

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-locale-l1-1-0

Exports

Exports

Sections

.text Size: 189KB - Virtual size: 189KB

.rdata Size: 55KB - Virtual size: 54KB

.data Size: 8KB - Virtual size: 8KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 11KB - Virtual size: 11KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0c:44:ac:14:e6:af:24:8f:c9:0c:49:95:78:28:ce:24
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

41:08:4a:82:05:e0:43:5c:6e:99:88:5d:64:30:4f:15:2a:ac:19:9c:17:b6:61:c8:9d:56:76:25:ad:6c:9f:8b
Signer

.text
Size: 189KB - Virtual size: 189KB

.rdata
Size: 55KB - Virtual size: 54KB

.data
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 11KB - Virtual size: 11KB