ade42947e1ec14aed6cd2c77ab0175a418ee19186652bf6116f58aa0a00d9bc9

Sharing

Copy URL Twitter E-mail

General

Target

ade42947e1ec14aed6cd2c77ab0175a418ee19186652bf6116f58aa0a00d9bc9
Size

3.1MB
MD5

fc3680045d1ea6461cec2134be8537c1
SHA1

5fcc4ef5e9d93c124f031b610522e67d88592167
SHA256

ade42947e1ec14aed6cd2c77ab0175a418ee19186652bf6116f58aa0a00d9bc9
SHA512

7c481798efb5120254836fe2a7840e196d646849fbba707b03435d4f218e639fb922837259d28a8d3188c5f74da9d25e79ceb67943b48bd704f6f741b13cf31e
SSDEEP

49152:BKokYxxQ+KqeFjIDWNg4Owc8mepXG4mY2XmFJ566uBLMeDET6KjwvXUWM1Qj/tyL:YokYxxQR3FsWm4IamY2XW6jBYejwN

Score

1^/10

Malware Config

Signatures

Files

ade42947e1ec14aed6cd2c77ab0175a418ee19186652bf6116f58aa0a00d9bc9
.dll windows:6 windows x86 arch:x86

d933a866acfec52d7a8ba8e29a1dbe96

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:71:35:2d:c4:c1:03:b7:0a:e7:25:e9:54:48:63:74
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

04/05/2023, 00:00

Not After

06/05/2026, 23:59

Subject

CN=Electronic Arts\, Inc.,OU=EAC,O=Electronic Arts\, Inc.,L=Redwood City,ST=CALIFORNIA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

bf:56:3c:f6:22:b3:ce:fd:0d:9a:23:86:83:65:4f:b9:c3:ed:8c:aa:ce:d5:8e:21:62:f9:e4:fb:cc:bc:00:97:f9:03:2c:60:96:ca:fe:80:d8:19:68:c4:0e:fc:2a:70:3f:56:55:74:96:60:8c:f5:89:6f:0e:6c:d7:b6:d3:53
Signer

Actual PE Digest

bf:56:3c:f6:22:b3:ce:fd:0d:9a:23:86:83:65:4f:b9:c3:ed:8c:aa:ce:d5:8e:21:62:f9:e4:fb:cc:bc:00:97:f9:03:2c:60:96:ca:fe:80:d8:19:68:c4:0e:fc:2a:70:3f:56:55:74:96:60:8c:f5:89:6f:0e:6c:d7:b6:d3:53

Digest Algorithm

sha512

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\jenkins\workspace\dev\juno-desktop-installer_live\build\juno-bootstrapper-application\pc-vc-tool-opt\bin\juno-bootstrapper-application.pdb

Imports

gdi32

SetViewportOrgEx
CreateFontIndirectW
CreateCompatibleDC
DeleteDC
SetBkMode
GetObjectW
GetStockObject

user32

RegisterClassW
EnumDisplayDevicesA
GetSystemMetrics
FindWindowExW
GetWindowTextW
SendMessageTimeoutW
CharLowerBuffW
SetWindowPos
PostMessageW
GetClassInfoW
BeginDeferWindowPos
ReleaseCapture
DeferWindowPos
EndDeferWindowPos
CreateDialogParamW
GetDlgItem
SetCapture
GetKeyState
LoadCursorW
ScreenToClient
SetCursor
GetCursorPos
IsWindowEnabled
GetParent
MapWindowPoints
TrackMouseEvent
GetWindowRect
GetClientRect
SetWindowTextW
InvalidateRect
EndPaint
BeginPaint
KillTimer
GetMessageW
TranslateMessage
DispatchMessageW
SendMessageW
PostThreadMessageW
BringWindowToTop
SetForegroundWindow
MessageBoxW
IsDialogMessageW
PostQuitMessage
SetTimer
IsWindow
DestroyWindow
IsWindowVisible
GetDlgCtrlID
SetFocus
GetFocus
PtInRect
GetWindowLongW
SetWindowLongW
ShowWindow
CreateWindowExA
GetWindow
DefWindowProcW

crypt32

CryptImportPublicKeyInfo
CertFreeCertificateContext
CryptDecodeObjectEx
CryptMsgClose
CryptMsgGetParam
CertCreateCertificateContext
CryptStringToBinaryA
CertFreeCertificateChain
CertGetCertificateChain
CryptQueryObject
CertGetNameStringW
CryptBinaryToStringA
CertFindCertificateInStore
CertCloseStore

gdiplus

GdipPrivateAddMemoryFont
GdipDeletePath
GdipNewPrivateFontCollection
GdipGetFontUnit
GdipGetFontSize
GdipGetFontStyle
GdipGetFamily
GdipCreateFont
GdipDrawPath
GdipGetGenericFontFamilySansSerif
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipDrawImageRectRect
GdipSetInterpolationMode
GdipMeasureString
GdipSetTextContrast
GdipSetTextRenderingHint
GdipStringFormatGetGenericTypographic
GdipDeleteStringFormat
GdipCloneStringFormat
GdipGetLogFontW
GdipSetPixelOffsetMode
GdipSetSmoothingMode
GdipSetCompositingQuality
GdipAddPathArcI
GdipAddPathLineI
GdipSetStringFormatFlags
GdipCreatePath
GdipDrawLineI
GdipSetClipRectI
GdipSetCompositingMode
GdipGetStringFormatFlags
GdipCreateBitmapFromStream
GdipDisposeImage
GdipCloneImage
GdipDeletePen
GdipCreatePen1
GdipDeleteFont
GdipDrawImageRectRectI
GdipFillRectangleI
GdipDeleteGraphics
GdipCreateFromHDC
GdipGetImageHeight
GdipGetImageWidth
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdipFree
GdipAlloc
GdiplusStartup
GdipFillPath
GdipReleaseDC
GdipGetDC
GdipCreateFromHWND
GdipCreateBitmapFromScan0
GdipGetImageGraphicsContext
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipAddPathLine2I
GdipDrawString
GdipSetStringFormatTrimming
GdipGetDpiY
GdipGetFontHeightGivenDPI
GdipClosePathFigure
GdipSetClipPath
GdipDeletePrivateFontCollection

rpcrt4

UuidCreate

version

VerQueryValueA
GetFileVersionInfoSizeExW
GetFileVersionInfoExW
VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW
GetFileVersionInfoSizeA
GetFileVersionInfoA

wintrust

WinVerifyTrust

kernel32

FindClose
FindFirstFileW
FindNextFileW
DecodePointer
CloseHandle
RaiseException
GetLastError
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
SetEvent
ReleaseMutex
WaitForSingleObject
CreateMutexW
CreateEventW
Sleep
GetCurrentProcessId
GetThreadId
GetModuleFileNameW
LocalFree
FormatMessageA
VerifyVersionInfoW
GetFileInformationByHandleEx
GetDiskFreeSpaceExW
GetVolumePathNameW
ResetEvent
DisableThreadLibraryCalls
CompareStringW
WriteFile
SetFilePointer
lstrlenA
LoadLibraryW
GetModuleFileNameA
OutputDebugStringA
CreateFileA
GetLocalTime
lstrlenW
GetTempPathW
CreateDirectoryW
FormatMessageW
MultiByteToWideChar
WideCharToMultiByte
LCMapStringW
GetProcAddress
ExitProcess
GetModuleHandleA
RemoveDirectoryW
GetFileAttributesW
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
GetEnvironmentVariableW
SetEnvironmentVariableW
GetFinalPathNameByHandleW
GetShortPathNameW
WaitForMultipleObjects
GetCurrentProcess
TerminateProcess
ProcessIdToSessionId
OpenProcess
GetNativeSystemInfo
IsWow64Process
LoadLibraryExA
LocalAlloc
QueryFullProcessImageNameW
CopyFileW
GetComputerNameW
GetGeoInfoW
GetUserGeoID
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
ReadFile
GetSystemTimeAsFileTime
GetTickCount64
LoadResource
LockResource
SizeofResource
CreateFileW
GetModuleHandleExW
GetUserDefaultLocaleName
QueryPerformanceCounter
GetEnvironmentVariableA
SetEnvironmentVariableA
QueryPerformanceFrequency
WaitForSingleObjectEx
CreateMutexA
GetCurrentThread
SetThreadPriority
GetThreadPriority
SetPriorityClass
GetPriorityClass
GetSystemTime
FreeLibrary
GetTimeZoneInformation
GetDateFormatA
GetTimeFormatA
IsDebuggerPresent
DuplicateHandle
InitializeCriticalSectionAndSpinCount
TryEnterCriticalSection
ReleaseSemaphore
SleepEx
SwitchToThread
GetCurrentThreadId
SetThreadPriorityBoost
GetExitCodeThread
ResumeThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetThreadIdealProcessor
GetSystemInfo
GetTickCount
MapViewOfFile
UnmapViewOfFile
LoadLibraryA
GetProcessAffinityMask
SetThreadAffinityMask
CreateSemaphoreA
CreateFileMappingA
CreateDirectoryA
LocalFileTimeToFileTime
SetFileAttributesA
SetFileTime
ContinueDebugEvent
WaitForDebugEvent
CreatePipe
PeekNamedPipe
CreateEventA
GetExitCodeProcess
OpenThread
SuspendThread
CreateProcessW
GetThreadContext
VirtualQuery
ReadProcessMemory
DosDateTimeToFileTime
SetConsoleCtrlHandler
FlushFileBuffers
GetFileAttributesExW
GetFileSizeEx
GetLogicalDriveStringsW
GetLongPathNameW
SetEndOfFile
SetFilePointerEx
CreateIoCompletionPort
GetQueuedCompletionStatus
GetQueuedCompletionStatusEx
PostQueuedCompletionStatus
GetOverlappedResult
Module32First
Module32Next
CreateEventExA
GetGeoInfoA
GetUserDefaultLangID
GetFileSize
GetFileType
QueryDosDeviceW
GlobalMemoryStatusEx
GetComputerNameExA
GetVersionExA
GetModuleHandleW
GetComputerNameA
K32GetMappedFileNameW
Thread32First
Thread32Next
SetUnhandledExceptionFilter
AddVectoredExceptionHandler
RemoveVectoredExceptionHandler
OutputDebugStringW
SetLastError
AreFileApisANSI
FindFirstFileExW
GetStringTypeW
GetCommandLineW
VerSetConditionMask
EncodePointer
GetLocaleInfoW
GetCPInfo
UnhandledExceptionFilter
IsProcessorFeaturePresent
GetStartupInfoW
InitializeSListHead
CreateTimerQueue
SignalObjectAndWait
CreateThread
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
FreeLibraryAndExitThread
LoadLibraryExW
GetVersionExW
VirtualAlloc
VirtualProtect
VirtualFree
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
RtlUnwind
ExitThread
GetConsoleMode
ReadConsoleW
GetConsoleCP
GetStdHandle
IsValidCodePage
GetACP
GetOEMCP
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetDateFormatW
GetTimeFormatW
SetStdHandle
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteConsoleW
DeleteFileW
FindResourceW

ole32

CreateStreamOnHGlobal
CoSetProxyBlanket
CoCreateInstance
CoTaskMemFree
CoInitialize
CoUninitialize

shell32

SHCreateItemFromParsingName
SHGetKnownFolderPath
ShellExecuteW
CommandLineToArgvW
ShellExecuteExW

oleaut32

VarBstrCmp
SysStringLen
SysAllocStringLen
VariantClear
VariantInit
SysFreeString
SysAllocString

shlwapi

PathFileExistsW
PathFindFileNameW
PathIsRelativeW
PathIsRootW
PathIsNetworkPathW
PathAppendW
PathRemoveFileSpecW

winmm

timeGetTime

advapi32

RegCloseKey
RegDeleteKeyExW
RegOpenKeyExW
OpenProcessToken
AllocateAndInitializeSid
CopySid
EqualSid
FreeSid
GetLengthSid
GetTokenInformation
LookupAccountSidW
GetUserNameW
GetExplicitEntriesFromAclW
GetNamedSecurityInfoW
GetSecurityInfo
ConvertSidToStringSidW
ConvertSecurityDescriptorToStringSecurityDescriptorW
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptGetHashParam
RegCreateKeyExW
CryptVerifySignatureW
CryptDestroyHash
GetUserNameA
CryptGenRandom
CryptAcquireContextA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
StartServiceW
QueryServiceStatus
OpenServiceW
OpenSCManagerW
DeleteService
ControlService
CryptHashData
CloseServiceHandle
RegDeleteTreeW
RegSetValueExW
RegQueryValueExW
RegQueryInfoKeyW
RegEnumKeyExW
CryptCreateHash
RegDeleteValueW

dbghelp

StackWalk64
SymFunctionTableAccess64
SymGetModuleBase64
SymUnloadModule64
SymLoadModuleExW
SymInitialize
SymGetLineFromAddr64
SymGetSymFromAddr64
SymCleanup
SymSetOptions
UnDecorateSymbolName
SymFromAddr

comctl32

ord412
ord413
ord410

ws2_32

WSAWaitForMultipleEvents
WSASocketW
WSASetEvent
WSARecvFrom
WSARecv
WSAIoctl
getaddrinfo
WSACreateEvent
WSACloseEvent
WSAGetLastError
freeaddrinfo
WSAStartup
gethostname
socket
shutdown
setsockopt
sendto
send
select
recvfrom
recv
getsockopt
getsockname
getpeername
WSACleanup
WSAGetOverlappedResult
WSAResetEvent
__WSAFDIsSet
bind
closesocket
connect
ioctlsocket

Exports

Exports

BootstrapperApplicationCreate
BootstrapperApplicationDestroy

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 903KB - Virtual size: 902KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 45KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 555KB - Virtual size: 555KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d933a866acfec52d7a8ba8e29a1dbe96

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

06:71:35:2d:c4:c1:03:b7:0a:e7:25:e9:54:48:63:74Certificate

Extended Key Usages

Key Usages

bf:56:3c:f6:22:b3:ce:fd:0d:9a:23:86:83:65:4f:b9:c3:ed:8c:aa:ce:d5:8e:21:62:f9:e4:fb:cc:bc:00:97:f9:03:2c:60:96:ca:fe:80:d8:19:68:c4:0e:fc:2a:70:3f:56:55:74:96:60:8c:f5:89:6f:0e:6c:d7:b6:d3:53Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

gdi32

user32

crypt32

gdiplus

rpcrt4

version

wintrust

kernel32

ole32

shell32

oleaut32

shlwapi

winmm

advapi32

dbghelp

comctl32

ws2_32

Exports

Exports

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 903KB - Virtual size: 902KB

.data Size: 45KB - Virtual size: 72KB

.rsrc Size: 555KB - Virtual size: 555KB

.reloc Size: 88KB - Virtual size: 87KB

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

06:71:35:2d:c4:c1:03:b7:0a:e7:25:e9:54:48:63:74
Certificate

bf:56:3c:f6:22:b3:ce:fd:0d:9a:23:86:83:65:4f:b9:c3:ed:8c:aa:ce:d5:8e:21:62:f9:e4:fb:cc:bc:00:97:f9:03:2c:60:96:ca:fe:80:d8:19:68:c4:0e:fc:2a:70:3f:56:55:74:96:60:8c:f5:89:6f:0e:6c:d7:b6:d3:53
Signer

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 903KB - Virtual size: 902KB

.data
Size: 45KB - Virtual size: 72KB

.rsrc
Size: 555KB - Virtual size: 555KB

.reloc
Size: 88KB - Virtual size: 87KB