SentinelOneInstaller_windows_64bit_v22_2_4_558[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

SentinelOneInstaller_windows_64bit_v22_2_4_558.exe
Size

70.1MB
MD5

ef520f8c886e739267506d912e321897
SHA1

170fa6e0d1367aefa0e6af85436d973b4480dfd8
SHA256

b80e1bcf755852b795e7ff0851ce396a30e62c7d75f5b6ec5432fd8752793833
SHA512

52500d1e38c082e74b0d2325dc795f8825e2473075a446d1634a689e33019f7dbb0db29bd660572bcf1ed5873e37abe33a37525311a3505bbc6d9f30ccc2a0de
SSDEEP

1572864:dNVQmWklILUeniVYYXApys5NdfeYBsR/+hTrh3RP/ppMkbw0qEfdpwSj:d/WIILUeiZQpyYNeYBsR/+prh3T+Z2/r

Score

N/A

Malware Config

Signatures

Files

SentinelOneInstaller_windows_64bit_v22_2_4_558.exe
.exe windows x64

34c708c6481dd8dda9da2f9ec4ec3644

Code Sign

04:9c:5c:fc:1a:b2:51:64:20:07:1f:bf:48:94:22:13
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25/02/2020, 00:00

Not After

01/03/2023, 12:00

Subject

SERIALNUMBER=5278570,CN=Sentinel Labs\, Inc.,OU=Sentinel Labs\, Inc.,O=Sentinel Labs\, Inc.,L=Mountain View,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

84:18:e7:54:c5:cf:11:cc:e7:c4:44:3c:57:5a:72:f3:91:60:ee:31:14:5e:3a:0f:79:1b:a3:da:0a:82:81:04
Signer

Actual PE Digest

84:18:e7:54:c5:cf:11:cc:e7:c4:44:3c:57:5a:72:f3:91:60:ee:31:14:5e:3a:0f:79:1b:a3:da:0a:82:81:04

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=5278570,CN=Sentinel Labs\, Inc.,OU=Sentinel Labs\, Inc.,O=Sentinel Labs\, Inc.,L=Mountain View,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

04/12/2022, 19:17
Valid: true

Chain 1

SERIALNUMBER=5278570,CN=Sentinel Labs\, Inc.,OU=Sentinel Labs\, Inc.,O=Sentinel Labs\, Inc.,L=Mountain View,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

DeleteFileW
MoveFileExW
SetFileInformationByHandle
CopyFileW
GetFileAttributesW
GetFileAttributesExW
SetLastError
RemoveDirectoryW
CreateDirectoryW
DeviceIoControl
SetFileAttributesW
GetFileInformationByHandleEx
GetSystemWindowsDirectoryW
GetSystemDirectoryW
ExpandEnvironmentStringsW
GetLongPathNameW
WriteFile
GetFileSizeEx
SetEndOfFile
GetVolumeInformationW
SetFilePointerEx
GetFileInformationByHandle
WideCharToMultiByte
MultiByteToWideChar
FreeLibrary
GetCurrentProcessId
GetTickCount64
GetModuleHandleW
GetModuleHandleExW
GetModuleHandleA
VerifyVersionInfoW
VerSetConditionMask
GetProcAddress
IsProcessorFeaturePresent
DuplicateHandle
GetNativeSystemInfo
GetProductInfo
FindClose
FindFirstFileW
FindNextFileW
FileTimeToSystemTime
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetDriveTypeW
QueryPerformanceCounter
QueryPerformanceFrequency
FindResourceW
LoadResource
SizeofResource
LockResource
LoadLibraryExW
GetModuleFileNameW
UnlockFileEx
CreateFileTransactedW
LockFileEx
GetCurrentThreadId
TerminateProcess
GetSystemTimeAsFileTime
CreateEventW
SetEvent
ResetEvent
CreateProcessW
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
AcquireSRWLockShared
GetOverlappedResult
WaitForMultipleObjectsEx
FindResourceExW
WaitForThreadpoolIoCallbacks
CloseThreadpoolIo
GetDiskFreeSpaceExW
LoadLibraryW
GetSystemPowerStatus
GlobalFree
SetThreadPreferredUILanguages
FindFirstFileExW
GetTempPathW
AreFileApisANSI
WaitForSingleObjectEx
GetStringTypeW
RtlPcToFileHeader
InitializeSRWLock
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
GetLocaleInfoEx
InitOnceComplete
InitOnceBeginInitialize
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
EncodePointer
LCMapStringEx
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
InitOnceExecuteOnce
CompareStringEx
GetCPInfo
IsDebuggerPresent
OutputDebugStringW
InitializeCriticalSectionAndSpinCount
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
RtlUnwindEx
InterlockedPushEntrySList
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
ExitProcess
SetStdHandle
GetFileType
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualQuery
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetTimeZoneInformation
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
ReadConsoleW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
WriteConsoleW
SetFilePointer
FormatMessageW
GetVolumeInformationByHandleW
CancelIoEx
ReadFile
ReleaseSRWLockShared
GlobalMemoryStatusEx
CreateFileW
GetComputerNameExW
GetThreadTimes
GetDateFormatEx
RtlUnwind
GetTimeFormatEx
GetProcessHeap
DeleteCriticalSection
HeapDestroy
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
HeapSize
InitializeCriticalSectionEx
HeapFree
GetConsoleWindow
SetConsoleTitleW
AllocConsole
GetStdHandle
GetCurrentThread
GetCurrentProcess
CloseHandle
LocalFree
GetCommandLineW
Sleep
WaitForSingleObject
GetLastError
FormatMessageA
GetExitCodeProcess

user32

GetSystemMetrics
MessageBoxW
MsgWaitForMultipleObjectsEx

advapi32

AddAce
AdjustTokenPrivileges
LookupPrivilegeValueW
InitiateSystemShutdownExW
RegGetValueW
InitializeAcl
SetNamedSecurityInfoW
CryptDestroyHash
CryptCreateHash
CryptReleaseContext
CryptAcquireContextW
NotifyServiceStatusChangeW
EventWriteTransfer
OpenProcessToken
OpenThreadToken
QueryServiceStatus
StartServiceW
OpenServiceW
OpenSCManagerW
GetSidLengthRequired
InitializeSid
GetSidSubAuthority
ImpersonateSelf
RevertToSelf
GetTokenInformation
IsValidSid
GetLengthSid
CopySid
RegQueryValueExW
RegDeleteValueW
RegCloseKey
RegOpenKeyExW
CryptHashData
CryptGetHashParam
CloseServiceHandle
EventUnregister
EventRegister
TreeSetNamedSecurityInfoW
EventWrite

shell32

CommandLineToArgvW

userenv

UnloadUserProfile

bcrypt

BCryptOpenAlgorithmProvider
BCryptFinishHash
BCryptHashData
BCryptCreateHash
BCryptDestroyHash
BCryptCloseAlgorithmProvider
BCryptGetProperty

ktmw32

CreateTransaction
CommitTransaction
RollbackTransaction

netapi32

DsRoleFreeMemory
NetWkstaGetInfo
NetApiBufferFree
DsRoleGetPrimaryDomainInformation

fltlib

FilterConnectCommunicationPort
FilterSendMessage

msi

ord94
ord8
ord72

iphlpapi

ResolveIpNetEntry2
GetAdaptersAddresses
GetIpNetEntry2

ws2_32

ntohl
InetNtopW

winhttp

WinHttpSetTimeouts
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpGetProxyForUrl
WinHttpGetIEProxyConfigForCurrentUser
WinHttpSendRequest
WinHttpQueryAuthSchemes
WinHttpSetOption
WinHttpQueryOption
WinHttpSetCredentials
WinHttpSetStatusCallback
WinHttpGetDefaultProxyConfiguration
WinHttpOpen
WinHttpCloseHandle
WinHttpConnect
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpWriteData

crypt32

CertVerifyCertificateChainPolicy
CertFreeCertificateChain
CryptBinaryToStringW
CryptStringToBinaryA
CryptUnprotectMemory
CertFreeCertificateContext
CertGetCertificateChain

version

VerQueryValueW

ole32

CoCreateGuid
IIDFromString
StringFromGUID2
CoInitializeEx
CoUninitialize
CoCreateInstance
CoSetProxyBlanket

oleaut32

SetErrorInfo
GetErrorInfo
SysStringLen
SysFreeString
VariantInit
VariantClear
SysAllocString

ntdll

NtQueryKey
NtQueryInformationFile
NtQuerySection
RtlGetVersion
NtQueryInformationProcess
NtCreateFile
RtlInitUnicodeString
RtlNtStatusToDosError

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 581KB - Virtual size: 580KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 74KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 67.0MB - Virtual size: 67.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

34c708c6481dd8dda9da2f9ec4ec3644

Code Sign

04:9c:5c:fc:1a:b2:51:64:20:07:1f:bf:48:94:22:13Certificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

84:18:e7:54:c5:cf:11:cc:e7:c4:44:3c:57:5a:72:f3:91:60:ee:31:14:5e:3a:0f:79:1b:a3:da:0a:82:81:04Signer

Signature Validations

Verification

04/12/2022, 19:17 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

userenv

bcrypt

ktmw32

netapi32

fltlib

msi

iphlpapi

ws2_32

winhttp

crypt32

version

ole32

oleaut32

ntdll

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 581KB - Virtual size: 580KB

.data Size: 74KB - Virtual size: 90KB

.pdata Size: 76KB - Virtual size: 76KB

_RDATA Size: 512B - Virtual size: 244B

.rsrc Size: 67.0MB - Virtual size: 67.0MB

.reloc Size: 10KB - Virtual size: 10KB

04:9c:5c:fc:1a:b2:51:64:20:07:1f:bf:48:94:22:13
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

84:18:e7:54:c5:cf:11:cc:e7:c4:44:3c:57:5a:72:f3:91:60:ee:31:14:5e:3a:0f:79:1b:a3:da:0a:82:81:04
Signer

04/12/2022, 19:17
Valid: true

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 581KB - Virtual size: 580KB

.data
Size: 74KB - Virtual size: 90KB

.pdata
Size: 76KB - Virtual size: 76KB

_RDATA
Size: 512B - Virtual size: 244B

.rsrc
Size: 67.0MB - Virtual size: 67.0MB

.reloc
Size: 10KB - Virtual size: 10KB