FSBrlDriverSetupPackage[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

FSBrlDriverSetupPackage.exe
Size

16.4MB
MD5

7501241355b5c1f8e019514d42863aa5
SHA1

58d509f2bda1dc4c1cfad43a11103e7ad1696326
SHA256

008c2e93c7d894c7dbb50780181b74ba98dbe5b0b1cab0dd6439bd1bf768a0ef
SHA512

5d0edcd3f737028dbf420c3327546716a9cb5cc8554347a15ae5588b7e2eb673b87a1031fb83ff5b45f4e4242b0019c544b0fab63db07fd606ae0ee437fc3899
SSDEEP

393216:ZKECl4ujnXumoCirI5j2ZrMKykQgRdFw0po8Kq+7hZ:Zul4uz3FSlVw0HKq0Z

Score

1^/10

Malware Config

Signatures

Files

FSBrlDriverSetupPackage.exe
.exe windows:6 windows x86 arch:x86

0c39b593b873ca32e1c3c07e8751b772

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

4b:04:27:58:91:ca:74:97:1a:13:8e:0b:06:9e:c0:26
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/03/2015, 00:00

Not After

21/05/2018, 23:59

Subject

CN=Freedom Scientific Inc,O=Freedom Scientific Inc,L=St. Petersburg,ST=Florida,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

76:fc:08:a8:1a:bc:6b:fa:37:f8:bf:1d:ab:32:bd:1b:f5:50:ef:21
Signer

Actual PE Digest

76:fc:08:a8:1a:bc:6b:fa:37:f8:bf:1d:ab:32:bd:1b:f5:50:ef:21

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\GoAgent\pipelines\FSBrlDsp_mul_RELEASE\FSBrlDsp\2.0-01-FBD00\WiX projects\FSBrlDriverSetupPackage\Release\FSBrlDriverSetupPackage.pdb

Imports

kernel32

DeleteCriticalSection
InitializeCriticalSectionEx
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetLastError
RaiseException
DecodePointer
WriteConsoleW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
SetStdHandle
FreeEnvironmentStringsW
VerSetConditionMask
SetCurrentDirectoryW
GetCurrentDirectoryW
CreateFileW
DeleteFileW
FindFirstFileW
GetFileAttributesW
GetFullPathNameW
GetLongPathNameW
SetFileAttributesW
WriteFile
GetTempPathW
CloseHandle
SetErrorMode
SetEvent
ReleaseMutex
WaitForSingleObject
CreateMutexW
OpenMutexW
CreateEventW
GetExitCodeProcess
GetCurrentThreadId
OpenProcess
GetSystemInfo
GetTickCount
GetSystemDirectoryW
GetWindowsDirectoryW
GetVersionExW
FindResourceExW
FreeLibrary
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
LoadResource
LockResource
SizeofResource
FindResourceW
LoadLibraryW
EnumResourceNamesW
LocalFree
FormatMessageW
EnumResourceTypesW
EnumResourceLanguagesW
GetPrivateProfileIntW
GetPrivateProfileStringW
GetPrivateProfileSectionW
CopyFileW
VerifyVersionInfoW
InitializeCriticalSectionAndSpinCount
FlushFileBuffers
GetFileSize
ReadFile
SetFilePointer
Sleep
GetLocalTime
MultiByteToWideChar
WideCharToMultiByte
CreateDirectoryW
SetUnhandledExceptionFilter
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
VirtualProtect
VirtualQuery
ReadProcessMemory
lstrlenW
IsBadWritePtr
FindClose
FindNextFileW
LocalAlloc
IsDebuggerPresent
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
EncodePointer
RtlUnwind
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
SetLastError
GetFileAttributesExW
CreateThread
ExitThread
ResumeThread
FreeLibraryAndExitThread
GetModuleHandleExW
GetCommandLineA
GetCommandLineW
ExitProcess
GetStdHandle
GetACP
GetStringTypeW
GetFileType
LCMapStringW
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCPInfo
GetEnvironmentStringsW

user32

RegisterWindowMessageW
SendMessageW
PostMessageW
MoveWindow
DialogBoxParamW
EndDialog
GetDlgItem
SetDlgItemTextW
GetDlgItemTextW
SendDlgItemMessageW
GetKeyState
keybd_event
GetSystemMetrics
RedrawWindow
SetWindowTextW
GetWindowTextW
GetWindowRect
FindWindowW
GetWindowThreadProcessId
wsprintfW
UnhookWindowsHookEx
CallNextHookEx
LoadBitmapW
LoadIconW
ChangeDisplaySettingsExW
EnumDisplaySettingsW
EnumDisplayDevicesW
MessageBoxW
SetCursor
LoadCursorW
IntersectRect
IsRectEmpty
TranslateMessage
DispatchMessageW
PeekMessageW
MsgWaitForMultipleObjects
GetDesktopWindow
wvsprintfA
ExitWindowsEx
AttachThreadInput
DefWindowProcW
RegisterClassExW
CreateWindowExW
DestroyWindow
GetForegroundWindow
SetForegroundWindow
wvsprintfW
LoadStringW
UnregisterClassW
SetWindowsHookExW

shlwapi

PathAppendW
PathIsRelativeW
PathRemoveExtensionW
PathRemoveFileSpecW
PathStripPathW
PathUnquoteSpacesW
wvnsprintfW
PathRemoveBlanksW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

msi

ord32
ord159
ord70
ord92
ord118
ord160
ord205
ord8

wininet

InternetGetConnectedState
InternetErrorDlg
HttpQueryInfoW
InternetOpenW
FtpOpenFileW
InternetSetStatusCallbackW
InternetCloseHandle
InternetConnectW
HttpSendRequestW
InternetOpenUrlW
InternetReadFile
InternetQueryDataAvailable
InternetQueryOptionW
InternetGetLastResponseInfoW

winmm

PlaySoundW

gdi32

ExtEscape
DeleteDC
CreateSolidBrush
CreateDCW

advapi32

OpenThreadToken
RegEnumKeyExW
RegFlushKey
RegOpenKeyExW
RegQueryValueExW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
RegCloseKey
RegCreateKeyW
RegCreateKeyExW
RegDeleteKeyW
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
IsValidSecurityDescriptor
InitializeSecurityDescriptor
InitializeAcl
GetLengthSid
DuplicateToken
AddAccessAllowedAce
AccessCheck
RegSetValueExW
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegDeleteValueW

shell32

SHCreateDirectoryExW
ShellExecuteExW

Sections

.text
Size: 160KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 292B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16.2MB - Virtual size: 16.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0c39b593b873ca32e1c3c07e8751b772

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

4b:04:27:58:91:ca:74:97:1a:13:8e:0b:06:9e:c0:26Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

76:fc:08:a8:1a:bc:6b:fa:37:f8:bf:1d:ab:32:bd:1b:f5:50:ef:21Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

shlwapi

version

msi

wininet

winmm

gdi32

advapi32

shell32

Sections

.text Size: 160KB - Virtual size: 160KB

.rdata Size: 82KB - Virtual size: 82KB

.data Size: 3KB - Virtual size: 10KB

.gfids Size: 512B - Virtual size: 292B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 16.2MB - Virtual size: 16.2MB

.reloc Size: 10KB - Virtual size: 9KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

4b:04:27:58:91:ca:74:97:1a:13:8e:0b:06:9e:c0:26
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

76:fc:08:a8:1a:bc:6b:fa:37:f8:bf:1d:ab:32:bd:1b:f5:50:ef:21
Signer

.text
Size: 160KB - Virtual size: 160KB

.rdata
Size: 82KB - Virtual size: 82KB

.data
Size: 3KB - Virtual size: 10KB

.gfids
Size: 512B - Virtual size: 292B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 16.2MB - Virtual size: 16.2MB

.reloc
Size: 10KB - Virtual size: 9KB