Source: sj-updater-app.exe |
Static PE information: certificate valid |
Source: sj-updater-app.exe |
Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Source: |
Binary string: C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\cmakebuild\Release\bin\sj-updater\sj-updater-app.pdb source: sj-updater-app.exe |
Source: C:\Users\user\Desktop\sj-updater-app.exe |
Code function: 0_2_00007FF63CC07210 WSARecv,#111, |
0_2_00007FF63CC07210 |
Source: sj-updater-app.exe |
String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E |
Source: sj-updater-app.exe |
String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0 |
Source: sj-updater-app.exe |
String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0 |
Source: sj-updater-app.exe |
String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C |
Source: sj-updater-app.exe |
String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0 |
Source: sj-updater-app.exe |
String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S |
Source: sj-updater-app.exe |
String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0 |
Source: sj-updater-app.exe |
String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0 |
Source: sj-updater-app.exe |
String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0 |
Source: sj-updater-app.exe |
String found in binary or memory: http://ocsp.digicert.com0 |
Source: sj-updater-app.exe |
String found in binary or memory: http://ocsp.digicert.com0A |
Source: sj-updater-app.exe |
String found in binary or memory: http://ocsp.digicert.com0C |
Source: sj-updater-app.exe |
String found in binary or memory: http://ocsp.digicert.com0X |
Source: sj-updater-app.exe |
String found in binary or memory: http://www.digicert.com/CPS0 |
Source: sj-updater-app.exe |
String found in binary or memory: https://2.4.5sj-pulse-desktop |
Source: sj-updater-app.exe |
String found in binary or memory: https://pulse.surveyjunkie.com/downloads |
Source: sj-updater-app.exe |
String found in binary or memory: https://www.surveyjunkie.com/api/v1/pulse/$(user.id)/heartbeat |
Source: sj-updater-app.exe |
String found in binary or memory: https://www.surveyjunkie.com/api/v1/pulse/$(user.id)/heartbeatingress.coralogix.us/logs/v1/bulkinsig |
Source: C:\Users\user\Desktop\sj-updater-app.exe |
Code function: 0_2_00007FF63CC51620 |
0_2_00007FF63CC51620 |
Source: C:\Users\user\Desktop\sj-updater-app.exe |
Code function: 0_2_00007FF63CC355E0 |
0_2_00007FF63CC355E0 |
Source: C:\Users\user\Desktop\sj-updater-app.exe |
Code function: 0_2_00007FF63CC45EF0 |
0_2_00007FF63CC45EF0 |
Source: C:\Users\user\Desktop\sj-updater-app.exe |
Code function: 0_2_00007FF63CC47EA0 |
0_2_00007FF63CC47EA0 |
Source: C:\Users\user\Desktop\sj-updater-app.exe |
Code function: 0_2_00007FF63CC40650 |
0_2_00007FF63CC40650 |
Source: C:\Users\user\Desktop\sj-updater-app.exe |
Code function: 0_2_00007FF63CC09660 |
0_2_00007FF63CC09660 |
Source: C:\Users\user\Desktop\sj-updater-app.exe |
Code function: 0_2_00007FF63CC48030 |
0_2_00007FF63CC48030 |
Source: C:\Users\user\Desktop\sj-updater-app.exe |
Code function: 0_2_00007FF63CC12FC0 |
0_2_00007FF63CC12FC0 |
Source: C:\Users\user\Desktop\sj-updater-app.exe |
Code function: 0_2_00007FF63CC557E0 |
0_2_00007FF63CC557E0 |
Source: C:\Users\user\Desktop\sj-updater-app.exe |
Code function: 0_2_00007FF63CC32FA0 |
0_2_00007FF63CC32FA0 |
Source: C:\Users\user\Desktop\sj-updater-app.exe |
Code function: 0_2_00007FF63CCF7740 |
0_2_00007FF63CCF7740 |
Source: C:\Users\user\Desktop\sj-updater-app.exe |
Code function: 0_2_00007FF63CC02F50 |
0_2_00007FF63CC02F50 |
Source: C:\Users\user\Desktop\sj-updater-app.exe |
Code function: 0_2_00007FF63CBFCF60 |
0_2_00007FF63CBFCF60 |
Source: C:\Users\user\Desktop\sj-updater-app.exe |
Code function: 0_2_00007FF63CC3F760 |
0_2_00007FF63CC3F760 |
Source: C:\Users\user\Desktop\sj-updater-app.exe |
Code function: 0_2_00007FF63CC58F60 |
0_2_00007FF63CC58F60 |
Source: C:\Users\user\Desktop\sj-updater-app.exe |
Code function: 0_2_00007FF63CC27100 |
0_2_00007FF63CC27100 |
Source: C:\Users\user\Desktop\sj-updater-app.exe |
Code function: 0_2_00007FF63CBEE0C0 |
0_2_00007FF63CBEE0C0 |
Source: C:\Users\user\Desktop\sj-updater-app.exe |
Code function: 0_2_00007FF63CC0A0C0 |
0_2_00007FF63CC0A0C0 |
Source: C:\Users\user\Desktop\sj-updater-app.exe |
Code function: 0_2_00007FF63CBF0080 |
0_2_00007FF63CBF0080 |
Source: C:\Users\user\Desktop\sj-updater-app.exe |
Code function: 0_2_00007FF63CC408B0 |
0_2_00007FF63CC408B0 |
Source: C:\Users\user\Desktop\sj-updater-app.exe |
Code function: 0_2_00007FF63CBF2840 |
0_2_00007FF63CBF2840 |
Source: C:\Users\user\Desktop\sj-updater-app.exe |
Code function: 0_2_00007FF63CBEA060 |
0_2_00007FF63CBEA060 |
Source: C:\Users\user\Desktop\sj-updater-app.exe |
Code function: 0_2_00007FF63CC07210 |
0_2_00007FF63CC07210 |
Source: C:\Users\user\Desktop\sj-updater-app.exe |
Code function: 0_2_00007FF63CC32230 |
0_2_00007FF63CC32230 |
Source: C:\Users\user\Desktop\sj-updater-app.exe |
Code function: 0_2_00007FF63CC25A20 |
0_2_00007FF63CC25A20 |
Source: C:\Users\user\Desktop\sj-updater-app.exe |
Code function: 0_2_00007FF63CC479A0 |
0_2_00007FF63CC479A0 |
Source: C:\Users\user\Desktop\sj-updater-app.exe |
Code function: 0_2_00007FF63CD06970 |
0_2_00007FF63CD06970 |
Source: C:\Users\user\Desktop\sj-updater-app.exe |
Code function: 0_2_00007FF63CC2DB10 |
0_2_00007FF63CC2DB10 |
Source: C:\Users\user\Desktop\sj-updater-app.exe |
Code function: 0_2_00007FF63CC2D330 |
0_2_00007FF63CC2D330 |
Source: C:\Users\user\Desktop\sj-updater-app.exe |
Code function: 0_2_00007FF63CC40AD0 |
0_2_00007FF63CC40AD0 |
Source: C:\Users\user\Desktop\sj-updater-app.exe |
Code function: 0_2_00007FF63CC2B290 |
0_2_00007FF63CC2B290 |
Source: C:\Users\user\Desktop\sj-updater-app.exe |
Code function: 0_2_00007FF63CC29A90 |
0_2_00007FF63CC29A90 |
Source: C:\Users\user\Desktop\sj-updater-app.exe |
Code function: 0_2_00007FF63CBE12B0 |
0_2_00007FF63CBE12B0 |
Source: C:\Users\user\Desktop\sj-updater-app.exe |
Code function: 0_2_00007FF63CBF5B80 |
0_2_00007FF63CBF5B80 |
Source: C:\Users\user\Desktop\sj-updater-app.exe |
Code function: 0_2_00007FF63CBEFBB0 |
0_2_00007FF63CBEFBB0 |
Source: C:\Users\user\Desktop\sj-updater-app.exe |
Code function: 0_2_00007FF63CBE6BB0 |
0_2_00007FF63CBE6BB0 |
Source: C:\Users\user\Desktop\sj-updater-app.exe |
Code function: 0_2_00007FF63CC4E340 |
0_2_00007FF63CC4E340 |
Source: C:\Users\user\Desktop\sj-updater-app.exe |
Code function: 0_2_00007FF63CC01370 |
0_2_00007FF63CC01370 |
Source: C:\Users\user\Desktop\sj-updater-app.exe |
Code function: 0_2_00007FF63CC47CF0 |
0_2_00007FF63CC47CF0 |
Source: C:\Users\user\Desktop\sj-updater-app.exe |
Code function: 0_2_00007FF63CC3E4A0 |
0_2_00007FF63CC3E4A0 |
Source: C:\Users\user\Desktop\sj-updater-app.exe |
Code function: 0_2_00007FF63CC52440 |
0_2_00007FF63CC52440 |
Source: C:\Users\user\Desktop\sj-updater-app.exe |
Code function: String function: 00007FF63CBE3690 appears 67 times |
|
Source: sj-updater-app.exe |
Binary or memory string: OriginalFilename vs sj-updater-app.exe |
Source: sj-updater-app.exe, 00000000.00000000.1972281910.00007FF63CDDC000.00000002.00000001.01000000.00000003.sdmp |
Binary or memory string: OriginalFilenamesj-updater.exe6 vs sj-updater-app.exe |
Source: sj-updater-app.exe |
Binary or memory string: OriginalFilenamesj-updater.exe6 vs sj-updater-app.exe |
Source: classification engine |
Classification label: clean2.winEXE@2/0@0/0 |
Source: C:\Users\user\Desktop\sj-updater-app.exe |
Code function: 0_2_00007FF63CD446DC GetDiskFreeSpaceExW,GetLastError,__std_fs_open_handle,CloseHandle,free,malloc,free,free,GetFinalPathNameByHandleW,malloc,free,free,CloseHandle,abort,CloseHandle,GetDiskFreeSpaceExW,GetLastError,free,GetLastError,CloseHandle,free,free, |
0_2_00007FF63CD446DC |
Source: C:\Users\user\Desktop\sj-updater-app.exe |
Code function: 0_2_00007FF63CC28A90 StartServiceCtrlDispatcherA,GetLastError,_invalid_parameter_noinfo_noreturn, |
0_2_00007FF63CC28A90 |
Source: C:\Users\user\Desktop\sj-updater-app.exe |
Code function: 0_2_00007FF63CC28A90 StartServiceCtrlDispatcherA,GetLastError,_invalid_parameter_noinfo_noreturn, |
0_2_00007FF63CC28A90 |
Source: C:\Windows\System32\conhost.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1864:120:WilError_03 |
Source: sj-updater-app.exe |
Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
Source: C:\Users\user\Desktop\sj-updater-app.exe |
Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
Source: sj-updater-app.exe |
String found in binary or memory: MMHS-Exempted-Address |
Source: sj-updater-app.exe |
String found in binary or memory: Originator-Return-Address |
Source: sj-updater-app.exe |
String found in binary or memory: List-Help |
Source: sj-updater-app.exe |
String found in binary or memory: Accept-Additions |
Source: sj-updater-app.exe |
String found in binary or memory: /maximum-install-time-ms |
Source: sj-updater-app.exe |
String found in binary or memory: /maximum-install-time-ms |
Source: sj-updater-app.exe |
String found in binary or memory: bad numeric conversion: positive overflow/hosting-url/initial-check-delay-ms/version-check-interval-ms/maximum-install-time-ms/error-expiration-period-ms/maximum-retry-attempts/verify-signature/version-info-file-url/feature-flags-file-url/feature-flags-config-dir/feature-flags-update-post-delay-ms/observabilityFailed to load updater configuraion: {}C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-updater\src\UpdaterConfig.cpp__cdecl sj::UpdaterConfig::UpdaterConfig(const class std::vector<struct sj::cfg::ConfigFile,class std::allocator<struct sj::cfg::ConfigFile> > &)Activating default configurationhttps://www.surveyjunkie.com/api/v1/pulse/$(user.id)/heartbeatingress.coralogix.us/logs/v1/bulkinsights-collector.newrelic.com/v1/accounts/1592627/eventsev_log-api.newrelic.com/log/v1log_metric-api.newrelic.com/metric/v1mt_trace-api.newrelic.com/trace/v1tr_api.mixpanel.com93c82f2a7e19b351d199aada15357e62https://pulse.surveyjunkie.com/downloads{}/version-info-{}.json{}/desktop-feature-flags.jsonSJPulse/config'JSON pointer must be empty or begin with '/' - was: 'escape character '~' must be followed with '0' or '1'Overflow detected for '{}'. {} become {}Rounding detected for '{}'. {} become {}Attempting to assign negative number '{}' to a variable expecting positive number '{}'Number expected for '{}', but {} given.unresolved reference token '9 at byte parse errorparse_error/~1~~0nullobjectarraystringbooleanbinarydiscardednumbercannot use operator[] with a string argument with cannot use operator[] with a numeric argument with 961c151d2e87f2686a955a9be24d316f1362bf21 3.11.2) is out of rangearray index '-' (' must not begin with '0'array index '' is not a number exceeds size_typearray index out_of_rangetype_errorother_errortype must be string, but is type must be boolean, but is type must be number, but is |
Source: sj-updater-app.exe |
String found in binary or memory: Accept-Additions |
Source: sj-updater-app.exe |
String found in binary or memory: List-Help |
Source: sj-updater-app.exe |
String found in binary or memory: MMHS-Exempted-Address |
Source: sj-updater-app.exe |
String found in binary or memory: Originator-Return-Address |
Source: sj-updater-app.exe |
String found in binary or memory: C:\DISQO-Dev\vcpkg\installed\x64-windows\include\boost/asio/ip/impl/address_v4.ipp |
Source: sj-updater-app.exe |
String found in binary or memory: C:\DISQO-Dev\vcpkg\installed\x64-windows\include\boost/asio/ip/impl/address_v6.ipp |
Source: sj-updater-app.exe |
String found in binary or memory: http/1.1C:\DISQO-Dev\vcpkg\installed\x64-windows\include\boost/asio/ip/impl/address_v4.ippC:\DISQO-Dev\vcpkg\installed\x64-windows\include\boost/asio/ip/impl/address_v6.ippC:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\sj-pulse-core\src\network\details\SslUtilities.cppvoid __cdecl sj::details::configureSslContextOptions(struct ssl_ctx_st *const ) noexceptCould not set minimum protocol version for SSL contextCould not set SNI server name '{}', desc: {}void __cdecl sj::details::configureCertificateValidation(class boost::asio::ssl::stream<class boost::asio::basic_stream_socket<class boost::asio::ip::tcp,class boost::asio::any_io_executor> &> &,class std::variant<class std::basic_string_view<char,struct std::char_traits<char> >,class boost::asio::ip::address>,class std::basic_string_view<char,struct std::char_traits<char> >,bool &,class boost::system::error_code &)Could not set ALPN list, desc: {} |
Source: unknown |
Process created: C:\Users\user\Desktop\sj-updater-app.exe "C:\Users\user\Desktop\sj-updater-app.exe" |
Source: C:\Users\user\Desktop\sj-updater-app.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
Source: C:\Users\user\Desktop\sj-updater-app.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\sj-updater-app.exe |
Section loaded: boost_iostreams-vc143-mt-x64-1_83.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\sj-updater-app.exe |
Section loaded: libssl-3-x64.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\sj-updater-app.exe |
Section loaded: libcrypto-3-x64.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\sj-updater-app.exe |
Section loaded: spdlog.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\sj-updater-app.exe |
Section loaded: fmt.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\sj-updater-app.exe |
Section loaded: brotlienc.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\sj-updater-app.exe |
Section loaded: brotlidec.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\sj-updater-app.exe |
Section loaded: sentry.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\sj-updater-app.exe |
Section loaded: msvcp140.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\sj-updater-app.exe |
Section loaded: msvcp140_atomic_wait.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\sj-updater-app.exe |
Section loaded: wtsapi32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\sj-updater-app.exe |
Section loaded: powrprof.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\sj-updater-app.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\sj-updater-app.exe |
Section loaded: rstrtmgr.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\sj-updater-app.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\sj-updater-app.exe |
Section loaded: vcruntime140.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\sj-updater-app.exe |
Section loaded: vcruntime140_1.dll |
Jump to behavior |
Source: sj-updater-app.exe |
Static PE information: certificate valid |
Source: sj-updater-app.exe |
Static PE information: Virtual size of .text is bigger than: 0x100000 |
Source: sj-updater-app.exe |
Static PE information: Image base 0x140000000 > 0x60000000 |
Source: sj-updater-app.exe |
Static file information: File size 2156920 > 1048576 |
Source: sj-updater-app.exe |
Static PE information: Raw size of .text is bigger than: 0x100000 < 0x17a200 |
Source: sj-updater-app.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT |
Source: sj-updater-app.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE |
Source: sj-updater-app.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC |
Source: sj-updater-app.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
Source: sj-updater-app.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG |
Source: sj-updater-app.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT |
Source: sj-updater-app.exe |
Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Source: sj-updater-app.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
Source: |
Binary string: C:\GitLab-Runner\builds\ywNX1RjN\1\behavior\chuck-norrisk\sj-pulse-desktop\cmakebuild\Release\bin\sj-updater\sj-updater-app.pdb source: sj-updater-app.exe |
Source: sj-updater-app.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata |
Source: sj-updater-app.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc |
Source: sj-updater-app.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc |
Source: sj-updater-app.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata |
Source: sj-updater-app.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata |
Source: C:\Users\user\Desktop\sj-updater-app.exe |
Code function: 0_2_00007FF63CC28A90 StartServiceCtrlDispatcherA,GetLastError,_invalid_parameter_noinfo_noreturn, |
0_2_00007FF63CC28A90 |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Windows\System32\conhost.exe |
Last function: Thread delayed |
Source: C:\Users\user\Desktop\sj-updater-app.exe |
Code function: 0_2_00007FF63CC27100 GetProcessHeap,HeapAlloc,GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetLastError,CloseHandle,GetProcessHeap,HeapAlloc,CloseHandle,GetTokenInformation,CloseHandle,AllocateAndInitializeSid,CloseHandle,AllocateAndInitializeSid,FreeSid,EqualSid,EqualSid,FreeSid,FreeSid,CloseHandle,FreeSid,FreeSid,CloseHandle, |
0_2_00007FF63CC27100 |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Users\user\Desktop\sj-updater-app.exe |
Code function: 0_2_00007FF63CD458EC SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
0_2_00007FF63CD458EC |
Source: C:\Users\user\Desktop\sj-updater-app.exe |
Code function: 0_2_00007FF63CC27100 GetProcessHeap,HeapAlloc,GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetLastError,CloseHandle,GetProcessHeap,HeapAlloc,CloseHandle,GetTokenInformation,CloseHandle,AllocateAndInitializeSid,CloseHandle,AllocateAndInitializeSid,FreeSid,EqualSid,EqualSid,FreeSid,FreeSid,CloseHandle,FreeSid,FreeSid,CloseHandle, |
0_2_00007FF63CC27100 |
Source: C:\Users\user\Desktop\sj-updater-app.exe |
Code function: GetLocaleInfoEx,FormatMessageA, |
0_2_00007FF63CD43C4C |
Source: C:\Users\user\Desktop\sj-updater-app.exe |
Code function: 0_2_00007FF63CD45DFC GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter, |
0_2_00007FF63CD45DFC |