0d495a94e29faa4dfded29253322be1b2c534a56c078bea1ad8f1dc1fd23b742[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

0d495a94e29faa4dfded29253322be1b2c534a56c078bea1ad8f1dc1fd23b742.exe
Size

3.6MB
MD5

8612d97036f5f452bdf3ebb4053d4c81
SHA1

9142068ba30eb8dcac104b499f14f3972b70dcec
SHA256

0d495a94e29faa4dfded29253322be1b2c534a56c078bea1ad8f1dc1fd23b742
SHA512

4bedac3570eb8369c5182e812624176d8c72e6fac38773bb7c73e7068135837cc8f0390bc407289a12f7c5f5485d104a26dd632e7fc29a412e3d025236249055
SSDEEP

49152:dT2PQnvmVQM0eqJAC7YaVVVVVVVVbImRPKB9bjgEge7Co1wl+MhV4Jt8tBNZZd:TIB3slN

Score

1^/10

Malware Config

Signatures

Files

0d495a94e29faa4dfded29253322be1b2c534a56c078bea1ad8f1dc1fd23b742.exe
.dll windows:6 windows x64 arch:x64

689ff199fb7bbb786a1b91371ee279cc

Code Sign

72:2a:66:67:75:dc:48:0e:a2:b8:41:41:3d:7b:87:65
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

27-03-2019 00:00

Not After

03-04-2022 23:59

Subject

CN=Ubisoft Entertainment Sweden AB,O=Ubisoft Entertainment Sweden AB,L=Malmo,ST=Skåne,C=SE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2014 00:00

Not After

22-10-2024 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10-11-2006 00:00

Not After

10-11-2021 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

16:61:cf:d4:7f:a7:bb:ba:03:aa:2d:00:c0:ea:91:76:a9:f7:9f:cd:bc:07:c9:65:0d:a2:24:b6:92:b9:bd:8c
Signer

Actual PE Digest

16:61:cf:d4:7f:a7:bb:ba:03:aa:2d:00:c0:ea:91:76:a9:f7:9f:cd:bc:07:c9:65:0d:a2:24:b6:92:b9:bd:8c

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\JenkinsWorkspace\workspace\client_build_installer\client\build\working_directory\RelWithDebInfo\ubiorbitapi_r264.pdb

Imports

iphlpapi

GetAdaptersAddresses

shell32

SHBrowseForFolderW
ord190
SHCreateItemFromParsingName
ShellExecuteW
SHGetFolderPathW
ord155
SHOpenFolderAndSelectItems
SHGetPathFromIDListW
CommandLineToArgvW
ShellExecuteExW

propsys

PSGetPropertyKeyFromName

winhttp

WinHttpGetProxyForUrl
WinHttpGetIEProxyConfigForCurrentUser
WinHttpCloseHandle
WinHttpOpen

rpcrt4

UuidCreate
RpcStringFreeA
UuidToStringA

d3d9

Direct3DCreate9

advapi32

RegEnumKeyExW
RegOpenKeyExA
RegQueryValueExA
OpenProcessToken
SetNamedSecurityInfoW
GetNamedSecurityInfoW
GetExplicitEntriesFromAclW
SetEntriesInAclW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCreateKeyW
GetTokenInformation
EqualSid
AllocateAndInitializeSid

user32

GetLastInputInfo
GetForegroundWindow
GetWindowThreadProcessId
SetClipboardData
CloseClipboard
OpenClipboard
SendMessageW
AllowSetForegroundWindow
MessageBoxW
GetMonitorInfoW
EnumDisplayMonitors
SetProcessDPIAware
PostMessageW
SetWindowPos
GetWindowRect
GetParent
MonitorFromPoint
GetWindowInfo
GetSystemMetrics
GetClipboardData
EmptyClipboard

kernel32

GetStdHandle
FlushFileBuffers
GetACP
HeapReAlloc
SetStdHandle
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetConsoleCtrlHandler
WriteConsoleW
FindFirstFileExA
FindFirstFileExW
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
HeapSize
HeapFree
GetModuleFileNameA
GetConsoleCP
ReadConsoleW
GetConsoleMode
GetFileAttributesExW
GetModuleHandleExW
ResumeThread
ExitThread
SystemTimeToTzSpecificLocalTime
GetFileType
GetFileInformationByHandle
GetCurrentDirectoryA
SetCurrentDirectoryW
SetCurrentDirectoryA
SetEnvironmentVariableW
SetEnvironmentVariableA
GetFullPathNameA
GetDriveTypeW
RtlUnwindEx
LoadLibraryW
UnregisterWaitEx
Sleep
GetCommandLineW
GetCurrentDirectoryW
GetCurrentProcessId
OpenProcess
GetModuleFileNameW
LocalFree
CloseHandle
GetLastError
WaitForSingleObject
TerminateProcess
GetExitCodeProcess
RtlCaptureStackBackTrace
GetProcessId
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
CreateDirectoryW
CreateFileW
DeleteFileW
FindClose
FindFirstFileW
FindNextFileW
GetFileAttributesW
GetFileSizeEx
GetFileTime
GetFullPathNameW
GetTempFileNameW
GetVolumePathNameW
RemoveDirectoryW
SetEndOfFile
SetFileAttributesW
SetFilePointerEx
SetFileTime
SetErrorMode
CopyFileW
MoveFileExW
OutputDebugStringA
GetEnvironmentVariableW
GetDiskFreeSpaceExW
GetVolumeNameForVolumeMountPointW
GetCurrentProcess
ExitProcess
GetSystemInfo
GetTickCount
GetVersionExW
GetNativeSystemInfo
GetPhysicallyInstalledSystemMemory
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetComputerNameA
FileTimeToSystemTime
SystemTimeToFileTime
GetTimeZoneInformation
GetLocaleInfoW
GetUserDefaultUILanguage
SetEvent
ResetEvent
WaitForMultipleObjectsEx
CreateEventW
GetTempPathW
CreateThread
GetCurrentThreadId
RaiseException
SuspendThread
ReadFile
WriteFile
PeekNamedPipe
GetOverlappedResult
GetSystemTimeAsFileTime
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
TryEnterCriticalSection
DeleteCriticalSection
MultiByteToWideChar
WideCharToMultiByte
SetLastError
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
SetProcessAffinityMask
HeapAlloc
CreateProcessW
FormatMessageW
DuplicateHandle
WaitForSingleObjectEx
SwitchToThread
GetCurrentThread
GetExitCodeThread
RtlPcToFileHeader
EncodePointer
DecodePointer
GetStringTypeW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetCPInfo
QueryPerformanceCounter
QueryPerformanceFrequency
CompareStringW
LCMapStringW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
InitializeSListHead
CreateTimerQueue
SignalObjectAndWait
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
OutputDebugStringW
GetThreadTimes
FreeLibrary
FreeLibraryAndExitThread
LoadLibraryExW
VirtualAlloc
VirtualProtect
VirtualFree
RtlUnwind

ole32

CoInitializeEx
CoCreateInstance
CoInitialize
CoUninitialize

comdlg32

GetSaveFileNameW

Exports

Exports

??0OrbitSession@orbitdll@mg@@QEAA@XZ
??1OrbitSession@orbitdll@mg@@QEAA@XZ
?CheckUpdate@OrbitSession@orbitdll@mg@@QEAAHXZ
?Close@SavegameReader@orbitdll@mg@@QEAAXXZ
?Close@SavegameWriter@orbitdll@mg@@QEAAX_N@Z
?GetLocText@OrbitSession@orbitdll@mg@@QEAAPEBGPEBGPEBD@Z
?GetLoginDetails@OrbitSession@orbitdll@mg@@QEAAXIPEAVIGetLoginDetailsListener@23@@Z
?GetName@SavegameInfo@orbitdll@mg@@QEAAPEBGXZ
?GetNetworkTraffic@OrbitSession@orbitdll@mg@@QEAAXIPEAVIGetNetworkTrafficListener@23@@Z
?GetOrbitServer@OrbitSession@orbitdll@mg@@QEAAXIPEAVIGetOrbitServerListener@23@II@Z
?GetRequestUniqueId@OrbitSession@orbitdll@mg@@QEAAIXZ
?GetSavegameId@SavegameInfo@orbitdll@mg@@QEAAIXZ
?GetSavegameList@OrbitSession@orbitdll@mg@@QEAAXIPEAVIGetSavegameListListener@23@I@Z
?GetSavegameReader@OrbitSession@orbitdll@mg@@QEAAXIPEAVIGetSavegameReaderListener@23@II@Z
?GetSavegameWriter@OrbitSession@orbitdll@mg@@QEAAXIPEAVIGetSavegameWriterListener@23@II_N@Z
?GetSize@SavegameInfo@orbitdll@mg@@QEAAIXZ
?GetUplayId@SavegameInfo@orbitdll@mg@@QEAAIXZ
?Read@SavegameReader@orbitdll@mg@@QEAAXIPEAVISavegameReadListener@23@IPEAXI@Z
?RemoveSavegame@OrbitSession@orbitdll@mg@@QEAAXIPEAVIRemoveSavegameListener@23@II@Z
?SetName@SavegameWriter@orbitdll@mg@@QEAA_NPEAG@Z
?StartLauncher@OrbitSession@orbitdll@mg@@QEAA_NIIPEBD0@Z
?StartProcess@OrbitSession@orbitdll@mg@@QEAAXPEBG00@Z
?Update@OrbitSession@orbitdll@mg@@QEAAXXZ
?Write@SavegameWriter@orbitdll@mg@@QEAAXIPEAVISavegameWriteListener@23@PEAXI@Z
MgOrbitdllCheckUpdate
MgOrbitdllGetFakeSession
MgOrbitdllGetLocText
MgOrbitdllGetLoginDetails
MgOrbitdllGetNetworkTraffic
MgOrbitdllGetOrbitServer
MgOrbitdllGetRequestUniqueId
MgOrbitdllGetSavegameList
MgOrbitdllGetSavegameReader
MgOrbitdllGetSavegameWriter
MgOrbitdllGetSession
MgOrbitdllRemoveSavegame
MgOrbitdllSaveGameInfoGetName
MgOrbitdllSaveGameInfoGetProductId
MgOrbitdllSaveGameInfoGetSavegameId
MgOrbitdllSaveGameInfoGetSize
MgOrbitdllSaveGameReaderClose
MgOrbitdllSaveGameReaderRead
MgOrbitdllSaveGameWriterClose
MgOrbitdllSaveGameWriterSetName
MgOrbitdllSaveGameWriterWrite
MgOrbitdllStartLauncher
MgOrbitdllStartProcess
MgOrbitdllUpdate

Sections

.text
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 717KB - Virtual size: 716KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 170KB - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

689ff199fb7bbb786a1b91371ee279cc

Code Sign

72:2a:66:67:75:dc:48:0e:a2:b8:41:41:3d:7b:87:65Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

16:61:cf:d4:7f:a7:bb:ba:03:aa:2d:00:c0:ea:91:76:a9:f7:9f:cd:bc:07:c9:65:0d:a2:24:b6:92:b9:bd:8cSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

iphlpapi

shell32

propsys

winhttp

rpcrt4

d3d9

advapi32

user32

kernel32

ole32

comdlg32

Exports

Exports

Sections

.text Size: 2.7MB - Virtual size: 2.7MB

.rdata Size: 717KB - Virtual size: 716KB

.data Size: 36KB - Virtual size: 71KB

.pdata Size: 170KB - Virtual size: 169KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 13KB - Virtual size: 12KB

72:2a:66:67:75:dc:48:0e:a2:b8:41:41:3d:7b:87:65
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

16:61:cf:d4:7f:a7:bb:ba:03:aa:2d:00:c0:ea:91:76:a9:f7:9f:cd:bc:07:c9:65:0d:a2:24:b6:92:b9:bd:8c
Signer

.text
Size: 2.7MB - Virtual size: 2.7MB

.rdata
Size: 717KB - Virtual size: 716KB

.data
Size: 36KB - Virtual size: 71KB

.pdata
Size: 170KB - Virtual size: 169KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 13KB - Virtual size: 12KB