d8ca3cf209eec87e8e9f1ce63917a2bce05ea136fce5f1e2b17fe80f02c914dd[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

d8ca3cf209eec87e8e9f1ce63917a2bce05ea136fce5f1e2b17fe80f02c914dd.exe
Size

124KB
MD5

9556c9ce5194f7090b05211b460251c7
SHA1

ce754a0a170e6f57cf1d76a82fec16ac6b27e379
SHA256

d8ca3cf209eec87e8e9f1ce63917a2bce05ea136fce5f1e2b17fe80f02c914dd
SHA512

4887593e7940e1243b5530b4e5a9c76f8dcfbb5a935ac96c99b28ae0f25b20cbb923da70827e00236880b9b9dc28241492b31fe6f79074cb139948223e0b5429
SSDEEP

1536:AYMxJ05GReI/5T+/UaKV1x9fTSRt8Q41WR1UEksvl5KpWqfZYnzy:T06IeIhTA5SvTySQ4WR1UEdvl5K4qqn2

Score

1^/10

Malware Config

Signatures

Files

d8ca3cf209eec87e8e9f1ce63917a2bce05ea136fce5f1e2b17fe80f02c914dd.exe
.exe windows:6 windows x64 arch:x64

fdaf65b4bed50d8679c33b02ff22fc4d

Code Sign

33:00:00:03:af:30:40:0e:4c:a3:4d:05:41:00:00:00:00:03:af
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:09

Not After

14/11/2024, 19:09

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5a:82:f5:b5:7e:b2:61:33:64:b1:45:b9:57:0b:88:12:83:c9:80:bf:a5:a9:20:a2:bd:82:65:60:11:e4:0a:ea
Signer

Actual PE Digest

5a:82:f5:b5:7e:b2:61:33:64:b1:45:b9:57:0b:88:12:83:c9:80:bf:a5:a9:20:a2:bd:82:65:60:11:e4:0a:ea

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\_work\1\s\build\win-x64-release\dev\src\exes\relaunchNativeHost\relaunchNativeHost.pdb

Imports

boost_program_options-vc143-mt-x64-1_83

??1validation_error@program_options@boost@@UEAA@XZ
?m_default_line_length@options_description@program_options@boost@@2IB
?arg@program_options@boost@@3V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@A
?parse@?$value_semantic_codecvt_helper@_W@program_options@boost@@EEBAXAEAVany@3@AEBV?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@_N@Z
?what@error_with_option_name@program_options@boost@@UEBAPEBDXZ
?substitute_placeholders@error_with_option_name@program_options@boost@@MEBAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??0error@program_options@boost@@QEAA@AEBV012@@Z
??0error_with_option_name@program_options@boost@@QEAA@AEBV012@@Z
?set_option_name@error_with_option_name@program_options@boost@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??0variables_map@program_options@boost@@QEAA@AEBV012@@Z
??1variables_map@program_options@boost@@UEAA@XZ
??0variables_map@program_options@boost@@QEAA@XZ
?count@?$_Tree@V?$_Tmap_traits@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@Vvariable_value@program_options@boost@@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@Vvariable_value@program_options@boost@@@std@@@2@$0A@@std@@@std@@QEBA_KAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@@Z
??Aabstract_variables_map@program_options@boost@@QEBAAEBVvariable_value@12@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?notify@program_options@boost@@YAXAEAVvariables_map@12@@Z
?store@program_options@boost@@YAXAEBV?$basic_parsed_options@D@12@AEAVvariables_map@12@_N@Z
?to_internal@program_options@boost@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBV34@@Z
??1cmdline@detail@program_options@boost@@QEAA@XZ
?run@cmdline@detail@program_options@boost@@QEAA?AV?$vector@V?$basic_option@D@program_options@boost@@V?$allocator@V?$basic_option@D@program_options@boost@@@std@@@std@@XZ
?set_options_description@cmdline@detail@program_options@boost@@QEAAXAEBVoptions_description@34@@Z
?allow_unregistered@cmdline@detail@program_options@boost@@QEAAXXZ
?get_canonical_option_prefix@cmdline@detail@program_options@boost@@QEAAHXZ
??0cmdline@detail@program_options@boost@@QEAA@AEBV?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@@Z
??1options_description@program_options@boost@@QEAA@XZ
?add_options@options_description@program_options@boost@@QEAA?AVoptions_description_easy_init@23@XZ
??0options_description@program_options@boost@@QEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@II@Z
??Roptions_description_easy_init@program_options@boost@@QEAAAEAV012@PEBDPEBVvalue_semantic@12@0@Z
?check_first_occurrence@validators@program_options@boost@@YAXAEBVany@3@@Z
?bool_switch@program_options@boost@@YAPEAV?$typed_value@_ND@12@XZ
??1?$value_semantic_codecvt_helper@_W@program_options@boost@@UEAA@XZ
??0?$value_semantic_codecvt_helper@_W@program_options@boost@@QEAA@XZ
??0invalid_option_value@program_options@boost@@QEAA@AEBV012@@Z
??1invalid_option_value@program_options@boost@@UEAA@XZ
??0invalid_option_value@program_options@boost@@QEAA@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
??0validation_error@program_options@boost@@QEAA@AEBV012@@Z
??0validation_error@program_options@boost@@QEAA@W4kind_t@012@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@1H@Z

kernel32

LoadLibraryExA
FreeLibrary
VirtualQuery
VirtualProtect
GetSystemInfo
RaiseException
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SleepConditionVariableSRW
WakeAllConditionVariable
MultiByteToWideChar
AreFileApisANSI
DebugBreak
CloseHandle
HeapAlloc
HeapFree
GetProcessHeap
GetCurrentProcessId
GetCurrentThreadId
GetModuleFileNameA
GetModuleHandleW
GetModuleHandleExW
GetProcAddress
FormatMessageW
IsDebuggerPresent
OutputDebugStringW
GetLastError
SetLastError
InitializeCriticalSectionEx
DeleteCriticalSection
SetEvent
ReleaseSemaphore
ReleaseMutex
WaitForSingleObject
WaitForSingleObjectEx
CreateEventW
OpenSemaphoreW
CreateMutexExW
CreateSemaphoreExW
GetExitCodeProcess
CreateProcessW
OpenProcess
SetProcessMitigationPolicy
SetDefaultDllDirectories
FormatMessageA
GetLocaleInfoEx
ReleaseSRWLockExclusive
LocalFree
AcquireSRWLockExclusive
Sleep

msvcp140

?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?good@ios_base@std@@QEBA_NXZ
?flags@ios_base@std@@QEBAHXZ
?width@ios_base@std@@QEBA_JXZ
?width@ios_base@std@@QEAA_J_J@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
?eback@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
?gptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
?pbase@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
?pptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
?egptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
?gbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXH@Z
?setg@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXPEA_W00@Z
?epptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
?setp@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXPEA_W0@Z
?setp@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXPEA_W00@Z
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
?tie@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBAPEAV?$basic_ostream@_WU?$char_traits@_W@std@@@2@XZ
?rdbuf@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBAPEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@2@XZ
?fill@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WXZ
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
?_Incref@facet@locale@std@@UEAAXXZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?id@?$numpunct@_W@std@@2V0locale@2@A
?_Xout_of_range@std@@YAXPEBD@Z
_Query_perf_counter
_Query_perf_frequency
?_Syserror_map@std@@YAPEBDH@Z
?_Winerror_map@std@@YAHH@Z
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
??Bid@locale@std@@QEAA_KXZ
?c_str@?$_Yarn@D@std@@QEBAPEBDXZ
?_Gettrue@_Locinfo@std@@QEBAPEBDXZ
?_Getfalse@_Locinfo@std@@QEBAPEBDXZ
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
??1_Locinfo@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
_Mbrtowc
?_Xbad_alloc@std@@YAXXZ
?uncaught_exceptions@std@@YAHXZ
??0_Lockit@std@@QEAA@H@Z
?_Xlength_error@std@@YAXPEBD@Z
?classic@locale@std@@SAAEBV12@XZ
??1_Lockit@std@@QEAA@XZ

vcruntime140

_purecall
__std_exception_copy
__std_exception_destroy
_CxxThrowException
memcpy
__current_exception
__std_terminate
__std_type_info_compare
memmove
memset
__C_specific_handler
__current_exception_context

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
__p___argv
_get_initial_narrow_environment
__p___argc
_set_app_type
_invalid_parameter_noinfo_noreturn
_exit
exit
_c_exit
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_exe
_cexit
_initterm_e
_initterm
terminate
_invalid_parameter_noinfo
_errno

api-ms-win-crt-heap-l1-1-0

free
malloc
_callnewh
calloc
_set_new_mode

api-ms-win-crt-locale-l1-1-0

localeconv
_configthreadlocale
___lc_codepage_func

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__stdio_common_vsnprintf_s
__p__commode
__stdio_common_vswprintf

api-ms-win-crt-math-l1-1-0

__setusermatherr
ceilf

Sections

.text
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 568B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fdaf65b4bed50d8679c33b02ff22fc4d

Code Sign

33:00:00:03:af:30:40:0e:4c:a3:4d:05:41:00:00:00:00:03:afCertificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

5a:82:f5:b5:7e:b2:61:33:64:b1:45:b9:57:0b:88:12:83:c9:80:bf:a5:a9:20:a2:bd:82:65:60:11:e4:0a:eaSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

boost_program_options-vc143-mt-x64-1_83

kernel32

msvcp140

vcruntime140

vcruntime140_1

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-math-l1-1-0

Sections

.text Size: 65KB - Virtual size: 64KB

.rdata Size: 36KB - Virtual size: 35KB

.data Size: 4KB - Virtual size: 6KB

.pdata Size: 5KB - Virtual size: 4KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 568B

33:00:00:03:af:30:40:0e:4c:a3:4d:05:41:00:00:00:00:03:af
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

5a:82:f5:b5:7e:b2:61:33:64:b1:45:b9:57:0b:88:12:83:c9:80:bf:a5:a9:20:a2:bd:82:65:60:11:e4:0a:ea
Signer

.text
Size: 65KB - Virtual size: 64KB

.rdata
Size: 36KB - Virtual size: 35KB

.data
Size: 4KB - Virtual size: 6KB

.pdata
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 568B