0a0dcf40a73e7f7a00a488367b7b0cadc4ff3ac7818cf22a46cd3e24ff5cf6e3[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

0a0dcf40a73e7f7a00a488367b7b0cadc4ff3ac7818cf22a46cd3e24ff5cf6e3.exe
Size

6.1MB
MD5

38162872c36186016f483d5a94aa831b
SHA1

8b5d04df8b44b704deb20aae9ac1733c1b732803
SHA256

0a0dcf40a73e7f7a00a488367b7b0cadc4ff3ac7818cf22a46cd3e24ff5cf6e3
SHA512

a6d822085e10a07cb0c27015e53d313786a9cfba4e0fa960ace7223ce171d3f9e58eb74f38fa17c1bb88113b9852edee96443f2ac37248ecadf2684cf30d89ec
SSDEEP

98304:a1W0ZauUzNfO5bn4xhDE7NlF3Yw8hEYXn0bKVZnjwiO9:aTa5wxn4x9njDe

Score

1^/10

Malware Config

Signatures

Files

0a0dcf40a73e7f7a00a488367b7b0cadc4ff3ac7818cf22a46cd3e24ff5cf6e3.exe
.exe windows:6 windows x86 arch:x86

bc1254c7b336b59f5b9c6c72e40e673e

Code Sign

9e:02:b0:e9:4a:ce:b2:10:9c:a1:e9:83:6b:e0:c2:db
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

25-05-2021 00:00

Not After

24-05-2036 23:59

Subject

CN=Sectigo RSA Code Signing CA 2,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:44:b7:3f:fc:ef:5a:cf:a2:7a:00:00:00:00:00:44
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22-07-2015 21:03

Not After

22-07-2025 21:03

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

32:8f:83:ae:4a:5c:2e:da:3d:a2:ff:f0:83:90:4a:38
Certificate

Issuer

CN=Sectigo RSA Code Signing CA 2,O=Sectigo Limited,C=GB

Not Before

22-02-2022 00:00

Not After

15-02-2025 23:59

Subject

CN=Carbon Black\, Inc.,O=Carbon Black\, Inc.,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03-05-2023 00:00

Not After

02-08-2034 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:9c:5a:47:49:cf:d3:b6:07:68:48:80:d6:3e:4a:82:12:23:b2:3c:9a:b1:dc:7f:a1:c4:95:35:15:25:10:46
Signer

Actual PE Digest

52:9c:5a:47:49:cf:d3:b6:07:68:48:80:d6:3e:4a:82:12:23:b2:3c:9a:b1:dc:7f:a1:c4:95:35:15:25:10:46

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\workspace\AC_CC_Windows_TACC_MASTER_master\src\solidifier\svc\bin\OBJ_WIN7_X86_REL\scsrvc.pdb

Imports

advapi32

AllocateAndInitializeSid
FreeSid
GetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetEntriesInAclW
CreateProcessAsUserW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegFlushKey
RegSetValueExW
RegDeleteTreeW
ImpersonateLoggedOnUser
RevertToSelf
LogonUserW
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
InitiateSystemShutdownW
ImpersonateNamedPipeClient
OpenThreadToken
CheckTokenMembership
CreateWellKnownSid
DuplicateToken
EqualSid
GetTokenInformation
ConvertStringSidToSidW
CloseEventLog
NotifyChangeEventLog
GetNumberOfEventLogRecords
GetOldestEventLogRecord
OpenEventLogW
ReadEventLogW
GetFileSecurityW
GetLengthSid
GetSecurityDescriptorOwner
LookupAccountSidW
LookupAccountNameW
RegQueryInfoKeyW
ChangeServiceConfigW
ChangeServiceConfig2W
CloseServiceHandle
CreateServiceW
OpenSCManagerW
OpenServiceW
RegisterServiceCtrlHandlerW
SetServiceStatus
StartServiceCtrlDispatcherW
DeregisterEventSource
RegisterEventSourceA
ReportEventW
GetAce
GetAclInformation
GetNamedSecurityInfoW
QueryServiceConfigW
ReportEventA
RegQueryValueExA
RegOpenKeyExA
RegNotifyChangeKeyValue
DuplicateTokenEx
QueryServiceStatus
ControlService
QueryServiceStatusEx
StartServiceW

wtsapi32

WTSQueryUserToken
WTSEnumerateSessionsW
WTSSendMessageW
WTSFreeMemory

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

crypt32

CertVerifyCertificateChainPolicy
CertFreeCertificateChain
CryptDecodeObject
CryptMsgClose
CryptMsgGetParam
CertCloseStore
CertFindCertificateInStore
CertFreeCertificateContext
CertGetNameStringW
CryptQueryObject
CryptBinaryToStringW
CryptStringToBinaryW
CryptBinaryToStringA
CryptFindOIDInfo
CertGetCertificateContextProperty
CertGetPublicKeyLength
CertGetCertificateChain

ole32

CoInitializeEx
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
StringFromGUID2
CoCreateGuid
CoInitialize

oleaut32

SystemTimeToVariantTime
SysAllocString
SysFreeString
VarUI4FromStr

rpcrt4

UuidToStringW
UuidCreate
RpcStringFreeW

setupapi

SetupFindNextLine
SetupFindFirstLineW
SetupGetLineTextW
SetupOpenInfFileW
SetupCloseInfFile
SetupGetStringFieldW
SetupEnumInfSectionsW

sfc

SfcIsFileProtected

netapi32

NetUserGetLocalGroups
NetApiBufferFree

vcruntime140

wcsrchr
memset
wcsstr
_purecall
__std_terminate
strchr
__std_exception_copy
_CxxThrowException
strrchr
memmove
strstr
memchr
memcmp
_except_handler4_common
__current_exception
__std_type_info_destroy_list
__current_exception_context
__CxxFrameHandler3
memcpy
wcschr
__std_exception_destroy

api-ms-win-crt-heap-l1-1-0

calloc
malloc
realloc
_set_new_mode
free
_recalloc
_callnewh

api-ms-win-crt-convert-l1-1-0

_strtoi64
wcstoul
_wtoi
strtoul
atoi
strtod
strtol
strtof
atol

api-ms-win-crt-string-l1-1-0

isalnum
strncmp
strncpy
wcstok
wcscpy_s
_strdup
strcmp
isxdigit
iswspace
wmemcpy_s
isalpha
_wcsdup
isupper
islower
strcspn
isspace
tolower
_wcsnicmp
wcsncpy_s
iswctype
_wcsupr
wcsnlen
__strncnt
_strnicmp
_wcslwr
wcstok_s
wcscspn
wcsncat
wcsncmp
wcsncpy
wcsspn
_wcsicmp
strncat
toupper
isdigit

api-ms-win-crt-time-l1-1-0

_W_Gettnames
_Wcsftime
wcsftime
_Getdays
_Getmonths
_Gettnames
_gmtime64_s
_ftime64
_W_Getdays
_mktime64
_localtime64
_W_Getmonths
_gmtime64
_time64
_Strftime

api-ms-win-crt-runtime-l1-1-0

_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_register_thread_local_exe_atexit_callback
_initialize_onexit_table
_c_exit
_register_onexit_function
_cexit
__p___wargv
__p___argc
_exit
exit
_initterm_e
_execute_onexit_table
_crt_at_quick_exit
terminate
_invalid_parameter_noinfo
raise
strerror
_initterm
_endthreadex
_get_initial_wide_environment
_beginthreadex
__doserrno
_errno
_initialize_wide_environment
_invalid_parameter_noinfo_noreturn
signal
_controlfp_s
_configure_wide_argv
_crt_atexit
abort
_set_app_type
_seh_filter_exe

api-ms-win-crt-stdio-l1-1-0

fgets
fseek
feof
ftell
_fileno
_setmode
fflush
fwrite
fread
__stdio_common_vsscanf
ferror
fopen
_wtempnam
fclose
__stdio_common_vsprintf_p
fgetc
fopen_s
__stdio_common_vsnprintf_s
__stdio_common_vsprintf
__stdio_common_vfscanf
__stdio_common_vfprintf_p
__stdio_common_vfprintf_s
__stdio_common_vfprintf
__stdio_common_vswscanf
fputs
_set_fmode
__stdio_common_vswprintf_p
__stdio_common_vsnwprintf_s
__stdio_common_vswprintf_s
__stdio_common_vsprintf_s
__stdio_common_vswprintf
__stdio_common_vfwscanf
_open
__p__commode
_write
_read
_lseek
_close
_wfopen
__acrt_iob_func
__stdio_common_vfwprintf_p
__stdio_common_vfwprintf_s
__stdio_common_vfwprintf

api-ms-win-crt-filesystem-l1-1-0

_mkdir
_stat64i32
_wsplitpath

api-ms-win-crt-environment-l1-1-0

_wgetenv
getenv

api-ms-win-crt-locale-l1-1-0

___lc_collate_cp_func
__pctype_func
setlocale
___lc_codepage_func
_unlock_locales
_lock_locales
___mb_cur_max_func
_configthreadlocale
localeconv
___lc_locale_name_func

api-ms-win-crt-math-l1-1-0

ldexp
frexp
_CIpow
_except1
__setusermatherr

kernel32

GetVersion
LoadLibraryA
FlushConsoleInputBuffer
GetTickCount
GlobalMemoryStatus
FindNextFileA
FindFirstFileA
Process32NextW
SystemTimeToFileTime
SetPriorityClass
CreateToolhelp32Snapshot
Process32FirstW
InitializeSListHead
GetSystemTimeAsFileTime
WaitForSingleObjectEx
InitializeCriticalSectionAndSpinCount
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LCMapStringEx
GetCPInfo
CompareStringEx
EncodePointer
GetLocaleInfoEx
GetStringTypeW
IsDebuggerPresent
CreateEventA
LoadLibraryExA
InterlockedDecrement
InterlockedIncrement
InterlockedCompareExchange
CreateThread
WTSGetActiveConsoleSessionId
CallNamedPipeW
DosDateTimeToFileTime
SetFileTime
LocalFileTimeToFileTime
GetSystemTime
FindVolumeMountPointClose
FindNextVolumeMountPointW
FindFirstVolumeMountPointW
CancelIoEx
GetLogicalDriveStringsW
GetDriveTypeW
GetEnvironmentVariableW
WriteConsoleA
ReadConsoleA
WaitNamedPipeW
CreateNamedPipeW
DisconnectNamedPipe
ConnectNamedPipe
CreateMutexW
ReleaseMutex
GetLocaleInfoW
GetVersionExW
SetConsoleCtrlHandler
SetErrorMode
CancelIo
DuplicateHandle
lstrcmpiW
FindResourceW
SizeofResource
LoadResource
InitializeCriticalSectionEx
RaiseException
DecodePointer
LoadLibraryW
GetOverlappedResult
TerminateProcess
FileTimeToSystemTime
lstrcmpA
VirtualProtectEx
GetSystemInfo
GetExitCodeThread
GetVolumeNameForVolumeMountPointW
QueryDosDeviceW
GetVolumeInformationW
GetLongPathNameW
GetFileAttributesExW
FileTimeToLocalFileTime
CreateSemaphoreW
ReleaseSemaphore
GetShortPathNameW
GetNativeSystemInfo
GetWindowsDirectoryW
GetSystemDirectoryW
QueryPerformanceFrequency
QueryPerformanceCounter
GetVolumePathNameW
K32EnumProcesses
OpenThread
GetTickCount64
GetSystemTimes
GetProcessTimes
SetThreadPriority
GetCurrentThread
GetLocalTime
GetStartupInfoW
CreateProcessW
GetExitCodeProcess
ExitProcess
PeekNamedPipe
CreatePipe
SetHandleInformation
K32GetModuleFileNameExW
K32EnumProcessModules
OpenProcess
GetFileAttributesW
FindNextFileW
FindFirstFileW
FindClose
WaitForMultipleObjects
IsBadReadPtr
MoveFileExW
CopyFileW
UnmapViewOfFile
MapViewOfFileEx
CreateFileMappingW
DeviceIoControl
SetFilePointerEx
SetFileAttributesW
SetEndOfFile
RemoveDirectoryW
ReadFile
GetFullPathNameW
GetFileSizeEx
FlushFileBuffers
DeleteFileW
CreateFileW
CreateDirectoryW
GetCurrentThreadId
GetModuleHandleW
GetCurrentProcess
PulseEvent
CreateEventW
ResetEvent
SetEvent
DeleteCriticalSection
TryEnterCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
TryAcquireSRWLockShared
TryAcquireSRWLockExclusive
AcquireSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockShared
ReleaseSRWLockExclusive
InitializeSRWLock
Sleep
WriteConsoleW
GetConsoleOutputCP
WideCharToMultiByte
MultiByteToWideChar
WriteFile
GetFileType
GetStdHandle
FormatMessageW
DebugBreak
FormatMessageA
LoadLibraryExW
GetProcAddress
GetModuleHandleA
GetModuleFileNameW
FreeLibrary
SetLastError
OutputDebugStringW
GetCurrentDirectoryW
ProcessIdToSessionId
GetCurrentProcessId
GetLastError
LocalAlloc
LocalFree
CloseHandle
WaitForSingleObject

ws2_32

getaddrinfo
htonl
WSAGetLastError
ntohl
__WSAFDIsSet
accept
WSACleanup
WSAStartup
socket
setsockopt
shutdown
bind
closesocket
connect
ioctlsocket
getpeername
getsockname
getsockopt
inet_ntoa
listen
ntohs
recv
select
send
getnameinfo
WSASetLastError
freeaddrinfo

user32

TranslateMessage
DispatchMessageW
CharNextW
GetDC
GetDesktopWindow
GetMessageW
UnregisterClassW
ReleaseDC
GetUserObjectInformationW
GetProcessWindowStation
MessageBoxA

mpr

WNetGetUniversalNameW
WNetGetConnectionW

msi

ord141
ord41
ord173
ord66
ord159
ord160
ord92
ord118
ord8
ord70
ord32
ord45

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

wintrust

WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain
WinVerifyTrust
CryptCATAdminReleaseContext

winhttp

WinHttpAddRequestHeaders
WinHttpOpenRequest
WinHttpSetTimeouts
WinHttpSetOption
WinHttpReceiveResponse
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpConnect
WinHttpCloseHandle
WinHttpOpen
WinHttpSendRequest
WinHttpWriteData
WinHttpQueryOption

shell32

CommandLineToArgvW

fltlib

FilterConnectCommunicationPort
FilterGetMessage
FilterSendMessage

api-ms-win-crt-utility-l1-1-0

rand
qsort
srand

api-ms-win-crt-conio-l1-1-0

_getch

gdi32

DeleteObject
GetDIBits
CreateCompatibleBitmap
GetDeviceCaps
GetObjectA

Exports

Exports

ma_dl_close
ma_dl_error
ma_dl_open
ma_dl_sym
ma_temp_buffer_address_of
ma_temp_buffer_capacity
ma_temp_buffer_copy
ma_temp_buffer_get
ma_temp_buffer_init
ma_temp_buffer_reserve
ma_temp_buffer_uninit

Sections

.text
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

fipstx
Size: 221KB - Virtual size: 224KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 906KB - Virtual size: 908KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.4MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

fipsrd
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

fipsro
Size: 31KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

fipsda
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 947KB - Virtual size: 946KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bc1254c7b336b59f5b9c6c72e40e673e

Code Sign

9e:02:b0:e9:4a:ce:b2:10:9c:a1:e9:83:6b:e0:c2:dbCertificate

Extended Key Usages

Key Usages

33:00:00:00:44:b7:3f:fc:ef:5a:cf:a2:7a:00:00:00:00:00:44Certificate

Extended Key Usages

Key Usages

32:8f:83:ae:4a:5c:2e:da:3d:a2:ff:f0:83:90:4a:38Certificate

Extended Key Usages

Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

52:9c:5a:47:49:cf:d3:b6:07:68:48:80:d6:3e:4a:82:12:23:b2:3c:9a:b1:dc:7f:a1:c4:95:35:15:25:10:46Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

wtsapi32

userenv

crypt32

ole32

oleaut32

rpcrt4

setupapi

sfc

netapi32

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

kernel32

ws2_32

user32

mpr

msi

version

wintrust

winhttp

shell32

fltlib

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-conio-l1-1-0

gdi32

Exports

Exports

Sections

.text Size: 2.6MB - Virtual size: 2.6MB

fipstx Size: 221KB - Virtual size: 224KB

.rdata Size: 906KB - Virtual size: 908KB

.data Size: 1.4MB - Virtual size: 2.6MB

fipsrd Size: 8KB - Virtual size: 8KB

fipsro Size: 31KB - Virtual size: 32KB

fipsda Size: 3KB - Virtual size: 4KB

.rsrc Size: 947KB - Virtual size: 946KB

9e:02:b0:e9:4a:ce:b2:10:9c:a1:e9:83:6b:e0:c2:db
Certificate

33:00:00:00:44:b7:3f:fc:ef:5a:cf:a2:7a:00:00:00:00:00:44
Certificate

32:8f:83:ae:4a:5c:2e:da:3d:a2:ff:f0:83:90:4a:38
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

52:9c:5a:47:49:cf:d3:b6:07:68:48:80:d6:3e:4a:82:12:23:b2:3c:9a:b1:dc:7f:a1:c4:95:35:15:25:10:46
Signer

.text
Size: 2.6MB - Virtual size: 2.6MB

fipstx
Size: 221KB - Virtual size: 224KB

.rdata
Size: 906KB - Virtual size: 908KB

.data
Size: 1.4MB - Virtual size: 2.6MB

fipsrd
Size: 8KB - Virtual size: 8KB

fipsro
Size: 31KB - Virtual size: 32KB

fipsda
Size: 3KB - Virtual size: 4KB

.rsrc
Size: 947KB - Virtual size: 946KB