ddd5af11992726fa6113492620cd77b6996b4437651c133e7c6229bf5d24f5fd[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

ddd5af11992726fa6113492620cd77b6996b4437651c133e7c6229bf5d24f5fd.exe
Size

2.9MB
MD5

f46f568146e9ed3ff35027fbfe477a85
SHA1

83b26ce8514f168d43178dc7d536acf1aa11aab5
SHA256

ddd5af11992726fa6113492620cd77b6996b4437651c133e7c6229bf5d24f5fd
SHA512

1e08c7409bab34b9c495bc02ce156a7988ae5668c019264f89e90e4a9d8d7814a3077515fe66c38c938705232de278b3c76ca61e4465710c39a0ff700833ff73
SSDEEP

49152:RIwpqrjWnZQKtdwzY5LjmbTGnAr3OA96iN/ixTwazuZbi:RI9WnZQKEzY5LjwKAr3tKuZW

Score

1^/10

Malware Config

Signatures

Files

ddd5af11992726fa6113492620cd77b6996b4437651c133e7c6229bf5d24f5fd.exe
.exe windows:6 windows x64 arch:x64

519297b86e54b0d9dc0516b8632ef8cc

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

47:e0:d8:57:8a:b2:00:08:39:19:fa:11
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

13/10/2023, 14:08

Not After

13/10/2026, 14:08

Subject

SERIALNUMBER=2306741,CN=McAfee\, LLC,O=McAfee\, LLC,STREET=6220 America Ctr Dr,L=San Jose,ST=California,C=US,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:ae:66:bc:5a:ba:7f:95:87:c6:f9:e9:04:e3:33:04
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

26/09/2024, 00:00

Not After

25/11/2035, 23:59

Subject

CN=DigiCert Timestamp 2024,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7c:3b:96:f1:ad:79:c7:97:53:2e:79:86:26:3a:7f:df:78:75:2d:4d:4f:51:c7:0f:26:3a:bf:23:24:af:36:14
Signer

Actual PE Digest

7c:3b:96:f1:ad:79:c7:97:53:2e:79:86:26:3a:7f:df:78:75:2d:4d:4f:51:c7:0f:26:3a:bf:23:24:af:36:14

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\jenkins\workspace\ebAdvisor_WABinary_release_4.1.1\build\x64\Release\Installer.pdb

Imports

winhttp

WinHttpReadData
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpAddRequestHeaders
WinHttpOpenRequest
WinHttpConnect
WinHttpSetOption
WinHttpOpen
WinHttpCloseHandle
WinHttpCrackUrl

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

bcrypt

BCryptOpenAlgorithmProvider
BCryptCreateHash
BCryptCloseAlgorithmProvider
BCryptHashData
BCryptDestroyHash
BCryptFinishHash
BCryptImportKeyPair
BCryptVerifySignature
BCryptDestroyKey
BCryptGetProperty
BCryptGenRandom

kernel32

RtlRestoreContext
RtlUnwindEx
RtlVirtualUnwind
RaiseException
SetLastError
LoadLibraryExA
VirtualFree
VirtualQuery
GetModuleHandleA
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObject
Sleep
CreateThread
FreeLibrary
GetModuleFileNameA
GetModuleHandleExA
FormatMessageA
ResumeThread
WaitForMultipleObjects
QueueUserAPC
ReadFile
OutputDebugStringA
OutputDebugStringW
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
VirtualAlloc
VirtualProtect
GetFileSizeEx
FindClose
GetModuleFileNameW
MoveFileExW
GetFileAttributesW
FindFirstFileW
FindNextFileW
CreateDirectoryW
GetTempPathW
GetTickCount64
WTSGetActiveConsoleSessionId
FormatMessageW
LocalAlloc
GetEnvironmentVariableW
GetUserDefaultLangID
GetUserDefaultUILanguage
GetCurrentProcessId
OpenProcess
GetExitCodeProcess
ProcessIdToSessionId
lstrcmpiW
K32EnumProcesses
QueryFullProcessImageNameW
TerminateProcess
LoadLibraryExW
DuplicateHandle
IsWow64Process
IsWow64Process2
GetFinalPathNameByHandleW
GetModuleHandleExW
GetSystemDirectoryW
LoadLibraryW
LCMapStringEx
GetFileInformationByHandleEx
SetFileInformationByHandle
IsDebuggerPresent
RaiseFailFastException
FindResourceExW
RtlLookupFunctionEntry
IsProcessorFeaturePresent
GetNativeSystemInfo
GetLargePageMinimum
ExitProcess
OpenEventW
ResetEvent
CreateMutexA
ReleaseMutex
WaitNamedPipeW
GetNamedPipeServerProcessId
CreateEventW
CancelIoEx
WriteFile
GetOverlappedResult
CreateSemaphoreW
ReleaseSemaphore
GetTempFileNameW
MoveFileW
FindResourceA
FlsGetValue
FlsAlloc
EncodePointer
WakeConditionVariable
InitializeConditionVariable
RtlPcToFileHeader
SleepConditionVariableSRW
WakeAllConditionVariable
AreFileApisANSI
GetFileAttributesExW
FindFirstFileExW
GetLocaleInfoEx
InitOnceComplete
InitOnceBeginInitialize
QueryPerformanceFrequency
QueryPerformanceCounter
AcquireSRWLockShared
ReleaseSRWLockShared
GetExitCodeThread
WaitForSingleObjectEx
TryAcquireSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
GetStringTypeW
GetSystemInfo
CompareStringEx
GetCPInfo
InitializeCriticalSectionAndSpinCount
UnhandledExceptionFilter
InitializeSListHead
GetStartupInfoW
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
RtlUnwind
ExitThread
FreeLibraryAndExitThread
GetStdHandle
RtlCaptureContext
WideCharToMultiByte
GetCommandLineW
CreateProcessW
GetCommandLineA
GetCurrentProcess
GetCurrentThreadId
UnmapViewOfFile
MapViewOfFileEx
CreateFileMappingW
GetFileSize
CreateFileW
DecodePointer
GetProcAddress
DeleteCriticalSection
InitializeCriticalSectionEx
MultiByteToWideChar
DeleteFileW
RemoveDirectoryW
GetLastError
CreateEventA
LocalFree
CloseHandle
VerSetConditionMask
VerifyVersionInfoW
GetModuleHandleW
LockResource
LoadResource
FindResourceW
GetTimeZoneInformation
GetConsoleMode
ReadConsoleW
FlushFileBuffers
GetConsoleOutputCP
SetFilePointerEx
CreatePipe
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
SetEndOfFile
WriteConsoleW
SetEvent
GetNamedPipeClientProcessId
SizeofResource
GetSystemTimeAsFileTime
FlsSetValue
FlsFree
SetUnhandledExceptionFilter
GetFileType
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale

user32

PostQuitMessage
GetMessageW
SetClassLongPtrW
SetLayeredWindowAttributes
LoadImageW
AttachThreadInput
GetForegroundWindow
GetSystemMetrics
RegisterClassExW
GetClassInfoExW
IsWindow
EnableWindow
KillTimer
CharLowerBuffW
ShowWindow
EndPaint
BeginPaint
BringWindowToTop
SetWindowPos
SendMessageW
SetWindowLongW
GetWindowLongPtrW
DestroyWindow
CreateWindowExW
GetCursorPos
CallWindowProcW
DefWindowProcW
ReleaseCapture
SetCapture
ScreenToClient
MoveWindow
PostMessageW
SetWindowLongPtrW
PtInRect
GetWindowThreadProcessId
TranslateMessage
PeekMessageW
MsgWaitForMultipleObjectsEx
MessageBoxW
ExitWindowsEx
GetWindowInfo
SystemParametersInfoW
EnumChildWindows
FindWindowExW
FindWindowW
GetDesktopWindow
GetClassNameW
GetParent
GetWindow
ClientToScreen
GetClientRect
GetWindowRect
GetWindowLongW
MessageBoxA
UnregisterClassW
SetTimer
DispatchMessageW
LoadCursorW

gdi32

CreateSolidBrush

advapi32

RegDeleteTreeW
SetTokenInformation
ConvertStringSidToSidW
CreateProcessAsUserW
DuplicateTokenEx
RegDeleteKeyExW
SetNamedSecurityInfoW
GetSecurityDescriptorDacl
OpenServiceW
OpenSCManagerW
SetSecurityInfo
GetSecurityInfo
GetAce
GetAclInformation
AddAce
InitializeAcl
EqualSid
IsValidSid
GetLengthSid
CopySid
GetSidSubAuthority
InitializeSid
GetSidLengthRequired
CreateServiceA
QueryServiceStatus
CloseServiceHandle
OpenSCManagerA
DeleteService
ChangeServiceConfigA
ControlService
StartServiceA
ChangeServiceConfig2A
OpenServiceA
SetServiceStatus
RegisterServiceCtrlHandlerExW
StartServiceCtrlDispatcherW
EventUnregister
EventRegister
EventWriteTransfer
RegCreateKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegSetValueExA
RegSetValueExW
RegQueryValueExW
RegQueryValueExA
RegOpenKeyExW
RegCloseKey

shell32

CommandLineToArgvW
SHGetKnownFolderPath
SHGetFolderPathW
ShellExecuteExW
SHGetSpecialFolderPathW

ole32

CoUninitialize
CoInitializeEx
StringFromCLSID
OleRun
CoTaskMemFree
CoCreateGuid
StringFromGUID2
OleLockRunning
OleCreate
OleSetContainedObject
CoCreateInstance
CoCreateFreeThreadedMarshaler

oleaut32

SafeArrayCreate
SafeArrayDestroy
SafeArrayGetLBound
SafeArrayGetUBound
VariantCopyInd
SetErrorInfo
GetErrorInfo
SafeArrayLock
SysAllocStringLen
SysFreeString
SysAllocString
SysAllocStringByteLen
VariantInit
VariantClear
VariantChangeType
SysStringLen
VariantCopy
SafeArrayUnlock

shlwapi

PathFileExistsW
StrRChrW

Exports

Exports

__swprintf_l
__vswprintf_l
_fprintf_l
_fprintf_p
_fprintf_p_l
_fprintf_s_l
_fscanf_l
_fscanf_s_l
_fwprintf_l
_fwprintf_p
_fwprintf_p_l
_fwprintf_s_l
_fwscanf_l
_fwscanf_s_l
_printf_l
_printf_p
_printf_p_l
_printf_s_l
_scanf_l
_scanf_s_l
_scprintf
_scprintf_l
_scprintf_p
_scprintf_p_l
_scwprintf
_scwprintf_l
_scwprintf_p
_scwprintf_p_l
_snprintf
_snprintf_c
_snprintf_c_l
_snprintf_l
_snprintf_s
_snprintf_s_l
_snscanf
_snscanf_l
_snscanf_s
_snscanf_s_l
_snwprintf
_snwprintf_l
_snwprintf_s
_snwprintf_s_l
_snwscanf
_snwscanf_l
_snwscanf_s
_snwscanf_s_l
_sprintf_l
_sprintf_p
_sprintf_p_l
_sprintf_s_l
_sscanf_l
_sscanf_s_l
_swprintf
_swprintf_c
_swprintf_c_l
_swprintf_l
_swprintf_p
_swprintf_p_l
_swprintf_s_l
_swscanf_l
_swscanf_s_l
_vfprintf_l
_vfprintf_p
_vfprintf_p_l
_vfprintf_s_l
_vfscanf_l
_vfscanf_s_l
_vfwprintf_l
_vfwprintf_p
_vfwprintf_p_l
_vfwprintf_s_l
_vfwscanf_l
_vfwscanf_s_l
_vprintf_l
_vprintf_p
_vprintf_p_l
_vprintf_s_l
_vscanf_l
_vscanf_s_l
_vscprintf
_vscprintf_l
_vscprintf_p
_vscprintf_p_l
_vscwprintf
_vscwprintf_l
_vscwprintf_p
_vscwprintf_p_l
_vsnprintf
_vsnprintf_c
_vsnprintf_c_l
_vsnprintf_l
_vsnprintf_s
_vsnprintf_s_l
_vsnwprintf
_vsnwprintf_l
_vsnwprintf_s
_vsnwprintf_s_l
_vsnwscanf_l
_vsnwscanf_s_l
_vsprintf_l
_vsprintf_p
_vsprintf_p_l
_vsprintf_s_l
_vsscanf_l
_vsscanf_s_l
_vswprintf
_vswprintf_c
_vswprintf_c_l
_vswprintf_l
_vswprintf_p
_vswprintf_p_l
_vswprintf_s_l
_vswscanf_l
_vswscanf_s_l
_vwprintf_l
_vwprintf_p
_vwprintf_p_l
_vwprintf_s_l
_vwscanf_l
_vwscanf_s_l
_wprintf_l
_wprintf_p
_wprintf_p_l
_wprintf_s_l
_wscanf_l
_wscanf_s_l
fprintf
fprintf_s
fscanf
fscanf_s
fwprintf
fwprintf_s
fwscanf
fwscanf_s
printf
printf_s
scanf
scanf_s
snprintf
sprintf
sprintf_s
sscanf
sscanf_s
swprintf
swprintf_s
swscanf
swscanf_s
vfprintf
vfprintf_s
vfscanf
vfscanf_s
vfwprintf
vfwprintf_s
vfwscanf
vfwscanf_s
vprintf
vprintf_s
vscanf
vscanf_s
vsnprintf
vsnprintf_s
vsprintf
vsprintf_s
vsscanf
vsscanf_s
vswprintf
vswprintf_s
vswscanf
vswscanf_s
vwprintf
vwprintf_s
vwscanf
vwscanf_s
wprintf
wprintf_s
wscanf
wscanf_s

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 502KB - Virtual size: 501KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 38KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 602KB - Virtual size: 602KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

519297b86e54b0d9dc0516b8632ef8cc

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

47:e0:d8:57:8a:b2:00:08:39:19:fa:11Certificate

Extended Key Usages

Key Usages

0b:ae:66:bc:5a:ba:7f:95:87:c6:f9:e9:04:e3:33:04Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

7c:3b:96:f1:ad:79:c7:97:53:2e:79:86:26:3a:7f:df:78:75:2d:4d:4f:51:c7:0f:26:3a:bf:23:24:af:36:14Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

winhttp

userenv

bcrypt

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

Exports

Exports

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 502KB - Virtual size: 501KB

.data Size: 38KB - Virtual size: 114KB

.pdata Size: 88KB - Virtual size: 88KB

.didat Size: 512B - Virtual size: 272B

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 602KB - Virtual size: 602KB

.reloc Size: 12KB - Virtual size: 12KB

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

47:e0:d8:57:8a:b2:00:08:39:19:fa:11
Certificate

0b:ae:66:bc:5a:ba:7f:95:87:c6:f9:e9:04:e3:33:04
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

7c:3b:96:f1:ad:79:c7:97:53:2e:79:86:26:3a:7f:df:78:75:2d:4d:4f:51:c7:0f:26:3a:bf:23:24:af:36:14
Signer

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 502KB - Virtual size: 501KB

.data
Size: 38KB - Virtual size: 114KB

.pdata
Size: 88KB - Virtual size: 88KB

.didat
Size: 512B - Virtual size: 272B

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 602KB - Virtual size: 602KB

.reloc
Size: 12KB - Virtual size: 12KB