git[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

git.exe
Size

3.5MB
MD5

960994758b5fe423bbb36d6d149e1919
SHA1

d09cebd89647656c7613589382d3a53b67273120
SHA256

28e7a4e991814cd245648c06a844c360e8d36464964307b050c84452674a4ecf
SHA512

13ec9baab2db9eb40220bc0e3bc8dde879ac9b127d2f5335a3f0b22989c35bf0197227e3e78772b24c72d0f9de3052d44bad3e63c0b0c24518e2bcbba4597495
SSDEEP

98304:8tlnW/7aEEtv0dM+zGZiGfFe+NrCpGzxeA:pjZejZiGf15CkD

Score

1^/10

Malware Config

Signatures

Files

git.exe
.exe windows x64

7e72b534181b9e8fe5ead081196fa10b

Code Sign

7d:ed:cb:b3:d5:2b:c5:76:62:19:ab:48:a2:d9:c1:9c
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

19/05/2022, 00:00

Not After

19/05/2023, 23:59

Subject

CN=Johannes Schindelin,O=Johannes Schindelin,ST=Nordrhein-Westfalen,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01/01/2004, 00:00

Not After

31/12/2028, 23:59

Subject

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11/05/2022, 00:00

Not After

10/08/2033, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ce:ff:76:68:cb:9c:27:93:73:15:f1:32:c6:53:ca:5f:c0:a5:5e:6d:1a:96:59:b5:33:3c:f4:7a:39:30:8a:78
Signer

Actual PE Digest

ce:ff:76:68:cb:9c:27:93:73:15:f1:32:c6:53:ca:5f:c0:a5:5e:6d:1a:96:59:b5:33:3c:f4:7a:39:30:8a:78

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Johannes Schindelin,O=Johannes Schindelin,ST=Nordrhein-Westfalen,C=DE

07/02/2023, 20:42
Valid: true

Chain 1

CN=Johannes Schindelin,O=Johannes Schindelin,ST=Nordrhein-Westfalen,C=DE

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

AdjustTokenPrivileges
AllocateAndInitializeSid
CheckTokenMembership
ConvertSidToStringSidA
CopySid
EqualSid
FreeSid
GetLengthSid
GetNamedSecurityInfoW
GetTokenInformation
GetUserNameW
InitializeSecurityDescriptor
IsValidSid
IsWellKnownSid
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
SetEntriesInAclA
SetSecurityDescriptorDacl
SystemFunction036

libiconv-2

libiconv
libiconv_close
libiconv_open

libintl-8

__printf__
libintl_bind_textdomain_codeset
libintl_bindtextdomain
libintl_fprintf
libintl_gettext
libintl_ngettext
libintl_setlocale
libintl_snprintf
libintl_swprintf
libintl_textdomain
libintl_vfprintf
libintl_vprintf
libintl_vsnprintf

kernel32

CancelIoEx
CloseHandle
ConnectNamedPipe
CopyFileW
CreateEventA
CreateEventW
CreateFileA
CreateFileMappingA
CreateFileW
CreateHardLinkW
CreateNamedPipeW
CreatePipe
CreateProcessW
CreateRemoteThread
CreateSymbolicLinkW
CreateThread
CreateToolhelp32Snapshot
DeleteCriticalSection
DeleteFileW
DeleteProcThreadAttributeList
DeviceIoControl
DisconnectNamedPipe
DuplicateHandle
EnterCriticalSection
ExitThread
FillConsoleOutputCharacterA
FindClose
FindFirstFileW
FindFirstVolumeW
FindNextFileW
FindNextVolumeW
FindVolumeClose
FlsAlloc
FlsFree
FlsSetValue
FlushFileBuffers
FormatMessageW
FreeConsole
FreeEnvironmentStringsW
FreeLibrary
GetConsoleMode
GetConsoleScreenBufferInfo
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentProcessorNumber
GetCurrentThreadId
GetDiskFreeSpaceExA
GetDiskFreeSpaceExW
GetDriveTypeW
GetEnvironmentStringsW
GetEnvironmentVariableA
GetEnvironmentVariableW
GetExitCodeProcess
GetFileAttributesExW
GetFileAttributesW
GetFileInformationByHandle
GetFileInformationByHandleEx
GetFileSizeEx
GetFileType
GetFinalPathNameByHandleW
GetFullPathNameA
GetFullPathNameW
GetHandleInformation
GetLargePageMinimum
GetLastError
GetLongPathNameW
GetModuleHandleA
GetModuleHandleW
GetNamedPipeHandleStateA
GetNumaHighestNodeNumber
GetNumaNodeProcessorMask
GetNumaProcessorNode
GetNumberOfConsoleInputEvents
GetOverlappedResult
GetProcAddress
GetProcessHeap
GetProcessId
GetProcessTimes
GetShortPathNameW
GetStartupInfoW
GetStdHandle
GetSystemDirectoryW
GetSystemInfo
GetSystemTimeAsFileTime
GetTickCount64
GetVersion
GetVolumeInformationA
GetVolumeInformationW
GlobalMemoryStatusEx
HeapAlloc
HeapFree
InitializeConditionVariable
InitializeCriticalSection
InitializeProcThreadAttributeList
IsDebuggerPresent
IsWow64Process
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
LocalAlloc
LocalFree
MapViewOfFileEx
MoveFileExW
OpenProcess
PeekConsoleInputA
PeekNamedPipe
Process32First
Process32Next
QueryPerformanceCounter
QueryPerformanceFrequency
ReadDirectoryChangesW
ReadFile
ResetEvent
SetConsoleCtrlHandler
SetConsoleMode
SetConsoleTextAttribute
SetEndOfFile
SetEnvironmentVariableW
SetEvent
SetFileAttributesW
SetFilePointer
SetFileTime
SetLastError
SetNamedPipeHandleState
SetStdHandle
SetUnhandledExceptionFilter
Sleep
SleepConditionVariableCS
SleepEx
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnmapViewOfFile
UpdateProcThreadAttribute
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
VirtualUnlock
WaitForMultipleObjects
WaitForSingleObject
WaitNamedPipeW
WakeAllConditionVariable
WakeConditionVariable
WideCharToMultiByte
WriteConsoleA
WriteConsoleW

msvcrt

__C_specific_handler
___mb_cur_max_func
__iob_func
__set_app_type
__setusermatherr
__wgetmainargs
__winitenv
_amsg_exit
_assert
_beginthreadex
_cexit
_close
_commit
_commode
_dup
_dup2
_errno
_execlp
_execl
_fdopen
_fileno
_fileno
_flushall
_fmode
_get_osfhandle
_getpid
_gmtime64
_initterm
_isatty
_localtime64
_lseeki64
_mktime64
_onexit
_open_osfhandle
_read
_rmdir
_setmode
_stricmp
_stricmp
_strnicmp
_strnicmp
_telli64
_time64
_umask
_vscprintf
_vsnprintf
_vsnwprintf
_waccess
_wchdir
_wchmod
_wcmdln
_wcsicmp
_wcsicmp
_wcsnicmp
_wcsnicmp
_wfopen
_wfreopen
_wmkdir
_wmktemp
_wopen
_wpgmptr
_wrmdir
_wunlink
abort
atoi
bsearch
calloc
clearerr
exit
fclose
feof
ferror
fflush
fgetc
fgets
fprintf
fputc
fputs
fread
free
fscanf
fseek
ftell
fwrite
getc
getchar
getenv
isalnum
isalpha
iscntrl
isgraph
islower
isprint
ispunct
isspace
isupper
iswctype
isxdigit
_write
malloc
memchr
memcmp
memcpy
memmove
memset
perror
putc
putchar
puts
raise
realloc
rand
rewind
setbuf
setvbuf
signal
srand
sscanf
strchr
strcmp
strcspn
strerror
strftime
strlen
strncmp
strpbrk
strrchr
strspn
strstr
strtol
strtoul
tolower
toupper
ungetc
vfprintf
wcscat
wcschr
wcscmp
wcscpy
wcslen
wcsncmp
wcsncpy
wcsstr
wcstombs

ntdll

NtQueryDirectoryFile
NtQueryObject

libpcre2-8-0

pcre2_code_free_8
pcre2_compile_8
pcre2_compile_context_create_8
pcre2_compile_context_free_8
pcre2_config_8
pcre2_general_context_create_8
pcre2_general_context_free_8
pcre2_get_error_message_8
pcre2_get_ovector_pointer_8
pcre2_jit_compile_8
pcre2_jit_match_8
pcre2_maketables_8
pcre2_maketables_free_8
pcre2_match_8
pcre2_match_data_create_from_pattern_8
pcre2_match_data_free_8
pcre2_pattern_info_8
pcre2_set_character_tables_8

libwinpthread-1

pthread_getspecific
pthread_key_create
pthread_mutex_init
pthread_mutex_lock
pthread_mutex_unlock
pthread_once
pthread_setspecific

libssp-0

__stack_chk_fail
__stack_chk_guard

user32

DispatchMessageA
MsgWaitForMultipleObjects
PeekMessageA
TranslateMessage

ws2_32

WSACleanup
WSAEnumNetworkEvents
WSAEventSelect
WSAGetLastError
WSASetLastError
WSASocketA
WSAStartup
__WSAFDIsSet
accept
bind
closesocket
connect
freeaddrinfo
getaddrinfo
gethostbyname
gethostname
getnameinfo
htons
listen
ntohs
recv
select
setsockopt
shutdown

zlib1

crc32
deflate
deflateBound
deflateEnd
deflateInit2_
deflateInit_
deflateSetHeader
inflate
inflateEnd
inflateInit2_
inflateInit_

Sections

.text
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 566KB - Virtual size: 566KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 539KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.debug
Size: 156B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7e72b534181b9e8fe5ead081196fa10b

Code Sign

7d:ed:cb:b3:d5:2b:c5:76:62:19:ab:48:a2:d9:c1:9cCertificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

01Certificate

Key Usages

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

ce:ff:76:68:cb:9c:27:93:73:15:f1:32:c6:53:ca:5f:c0:a5:5e:6d:1a:96:59:b5:33:3c:f4:7a:39:30:8a:78Signer

Signature Validations

Verification

07/02/2023, 20:42 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

libiconv-2

libintl-8

kernel32

msvcrt

ntdll

libpcre2-8-0

libwinpthread-1

libssp-0

user32

ws2_32

zlib1

Sections

.text Size: 2.7MB - Virtual size: 2.7MB

.data Size: 88KB - Virtual size: 88KB

.rdata Size: 566KB - Virtual size: 566KB

.pdata Size: 73KB - Virtual size: 73KB

.xdata Size: 88KB - Virtual size: 88KB

.bss Size: - Virtual size: 539KB

.edata Size: 512B - Virtual size: 48B

.idata Size: 15KB - Virtual size: 14KB

.CRT Size: 512B - Virtual size: 96B

.tls Size: 512B - Virtual size: 16B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 11KB - Virtual size: 10KB

.debug Size: 156B - Virtual size: 512B

7d:ed:cb:b3:d5:2b:c5:76:62:19:ab:48:a2:d9:c1:9c
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

01
Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

ce:ff:76:68:cb:9c:27:93:73:15:f1:32:c6:53:ca:5f:c0:a5:5e:6d:1a:96:59:b5:33:3c:f4:7a:39:30:8a:78
Signer

07/02/2023, 20:42
Valid: true

.text
Size: 2.7MB - Virtual size: 2.7MB

.data
Size: 88KB - Virtual size: 88KB

.rdata
Size: 566KB - Virtual size: 566KB

.pdata
Size: 73KB - Virtual size: 73KB

.xdata
Size: 88KB - Virtual size: 88KB

.bss
Size: - Virtual size: 539KB

.edata
Size: 512B - Virtual size: 48B

.idata
Size: 15KB - Virtual size: 14KB

.CRT
Size: 512B - Virtual size: 96B

.tls
Size: 512B - Virtual size: 16B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 11KB - Virtual size: 10KB

.debug
Size: 156B - Virtual size: 512B