sedlauncher[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

sedlauncher.exe
Size

343KB
MD5

d6086d685b028d917db054ee6743ea00
SHA1

2fea6cd69bc5bdc4e35c0a105fb3564dff756bba
SHA256

4d71ed77ca8e2291dec29b77e39611d668b5c0107c8c177b9bcea30818f91be4
SHA512

1c9dbf71f011cd908ecd011d13f3bda83ab64a4a58be77d1578a443e819811a2befffd92f0be2e4ae09a1dc608f72ccdd382f7e212ca0eae0d66079e8cdc9a6c
SSDEEP

3072:xq81TzFpTu0aFcQSOligQjfWm2AdfJBYjKU5PZynV3T4v1yH0ktollXIDsaJNVw6:Q81vD6ZibjfzJSWU5PkU0to7YDhDv

Score

1^/10

Malware Config

Signatures

Files

sedlauncher.exe
.exe windows x64

c6e3fe897fa46e90fbf2162d8592eaeb

Code Sign

33:00:00:02:ed:2c:45:e4:c1:45:cf:48:44:00:00:00:00:02:ed
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/12/2020, 21:29

Not After

02/12/2021, 21:29

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

76:24:d5:cb:81:d7:2a:6e:92:ab:22:db:ca:28:03:c9:e8:07:fc:69:d9:18:1d:39:a6:e9:7a:20:a9:58:a0:67
Signer

Actual PE Digest

76:24:d5:cb:81:d7:2a:6e:92:ab:22:db:ca:28:03:c9:e8:07:fc:69:d9:18:1d:39:a6:e9:7a:20:a9:58:a0:67

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

api-ms-win-crt-locale-l1-1-0

_lock_locales
_unlock_locales

api-ms-win-crt-string-l1-1-0

memset
wcsnlen

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_initterm
_initterm_e
_c_exit

api-ms-win-crt-private-l1-1-0

_o__ismbblead
_o__purecall
_o__putws
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_errno
_o__set_fmode
_o__set_new_mode
_o__wcsdup
_o__wcsicmp
_o__wcsnicmp
_o__wcsupr_s
_o_abort
_o_exit
_o_free
_o_malloc
_o_realloc
_o_setlocale
_o_strncpy_s
_o_strtol
_o_terminate
_o_wcstok_s
_o_wcstombs
_o_wcstoul
__uncaught_exception
__C_specific_handler
_CxxThrowException
_o__invalid_parameter_noinfo_noreturn
_o__invalid_parameter_noinfo
_o__initialize_wide_environment
_o__initialize_onexit_table
_o__get_wide_winmain_command_line
wcsstr
_o__exit
_o__errno
_o__crt_atexit
_o__configure_wide_argv
_o__configthreadlocale
_o__cexit
_o__calloc_base
_o__callnewh
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsnprintf_s
_o___std_exception_destroy
_o___std_exception_copy
_o___pctype_func
_o___p__commode
_o____mb_cur_max_func
_o____lc_locale_name_func
_o____lc_codepage_func
strrchr
strchr
wcschr
memmove
__CxxFrameHandler3
memcmp
memcpy

api-ms-win-core-file-l1-1-0

GetFileSize
DeleteFileW
WriteFile
CreateFileW
GetTempFileNameW
GetFileAttributesW
CreateDirectoryW

api-ms-win-core-libraryloader-l1-1-0

GetModuleFileNameW
GetModuleHandleExW
GetProcAddress
GetModuleHandleW
FreeLibrary
GetModuleFileNameA

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceExecuteOnce
InitOnceComplete

api-ms-win-eventing-controller-l1-1-0

EnableTraceEx2
StartTraceW
ControlTraceW

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegQueryValueExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegDeleteValueW
RegCreateKeyExW
RegEnumValueW
RegGetValueW

api-ms-win-core-synch-l1-1-0

InitializeSRWLock
CreateEventExW
AcquireSRWLockShared
SetEvent
DeleteCriticalSection
InitializeCriticalSectionEx
WaitForSingleObjectEx
ReleaseSemaphore
AcquireSRWLockExclusive
OpenSemaphoreW
CreateMutexW
WaitForSingleObject
LeaveCriticalSection
ReleaseSRWLockExclusive
CreateMutexExW
ReleaseMutex
CreateSemaphoreExW
ReleaseSRWLockShared

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
RaiseException
GetLastError
SetLastError

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-com-l1-1-0

CoUninitialize
CoInitializeEx
CLSIDFromString
CoTaskMemRealloc
CoCreateFreeThreadedMarshaler
CoGetApartmentType
CoWaitForMultipleHandles
CoTaskMemAlloc
CoCreateGuid
CoTaskMemFree

api-ms-win-eventing-legacy-l1-1-0

QueryTraceW

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventSetInformation
EventUnregister
EventWriteTransfer

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFileExistsW
PathRemoveFileSpecW

api-ms-win-core-heap-obsolete-l1-1-0

LocalFree
GlobalFree
LocalAlloc

api-ms-win-core-processthreads-l1-1-0

GetStartupInfoW
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
OpenProcessToken
GetCurrentProcessId

api-ms-win-core-localization-l1-2-0

GetUserDefaultLocaleName
FormatMessageW
LCMapStringEx

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

oleaut32

VariantClear

api-ms-win-core-path-l1-1-0

PathCchRemoveFileSpec
PathCchCombine

crypt32

CertFreeCertificateContext
CertGetCertificateChain
CertFreeCertificateChain
CertVerifyCertificateChainPolicy
CryptStringToBinaryW

api-ms-win-core-kernel32-legacy-l1-1-0

LoadLibraryW
MoveFileW

api-ms-win-core-string-l1-1-0

GetStringTypeW
WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryW
GetLocalTime
GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-memory-l1-1-0

MapViewOfFile
UnmapViewOfFile
CreateFileMappingW

shell32

CommandLineToArgvW

winhttp

WinHttpReceiveResponse
WinHttpQueryOption
WinHttpOpen
WinHttpQueryDataAvailable
WinHttpConnect
WinHttpSetTimeouts
WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpOpenRequest
WinHttpCloseHandle
WinHttpReadData
WinHttpQueryHeaders

api-ms-win-core-version-l1-1-0

VerQueryValueW

api-ms-win-core-sysinfo-l1-2-0

GetProductInfo

ntdll

RtlConvertDeviceFamilyInfoToString

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime

api-ms-win-core-registry-l2-1-0

RegSetKeyValueW

cryptsp

CryptDestroyHash
CryptCreateHash
CryptHashData
CryptAcquireContextW
CryptGetHashParam
CryptReleaseContext

api-ms-win-security-base-l1-1-0

GetTokenInformation

api-ms-win-core-file-l1-2-0

GetTempPathW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateString
WindowsCreateStringReference
WindowsGetStringRawBuffer
WindowsDeleteString

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance

api-ms-win-core-winrt-error-l1-1-0

RoTransformError
RoOriginateError

wintrust

WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain
WinVerifyTrust

wininet

InternetOpenUrlW
InternetReadFile
InternetOpenW
HttpQueryInfoW
InternetCloseHandle

ext-ms-win-setupapi-classinstallers-l1-1-2

SetupIterateCabinetW

Sections

.text
Size: 123KB - Virtual size: 122KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 133KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 884B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c6e3fe897fa46e90fbf2162d8592eaeb

Code Sign

33:00:00:02:ed:2c:45:e4:c1:45:cf:48:44:00:00:00:00:02:edCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

76:24:d5:cb:81:d7:2a:6e:92:ab:22:db:ca:28:03:c9:e8:07:fc:69:d9:18:1d:39:a6:e9:7a:20:a9:58:a0:67Signer

Headers

DLL Characteristics

File Characteristics

Imports

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-libraryloader-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-eventing-controller-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-security-sddl-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-eventing-legacy-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-shlwapi-legacy-l1-1-0

api-ms-win-core-heap-obsolete-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

oleaut32

api-ms-win-core-path-l1-1-0

crypt32

api-ms-win-core-kernel32-legacy-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-memory-l1-1-0

shell32

winhttp

api-ms-win-core-version-l1-1-0

api-ms-win-core-sysinfo-l1-2-0

ntdll

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-registry-l2-1-0

cryptsp

api-ms-win-security-base-l1-1-0

api-ms-win-core-file-l1-2-0

version

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-winrt-error-l1-1-0

wintrust

wininet

ext-ms-win-setupapi-classinstallers-l1-1-2

Sections

.text Size: 123KB - Virtual size: 122KB

.rdata Size: 69KB - Virtual size: 69KB

.data Size: 1KB - Virtual size: 5KB

.pdata Size: 6KB - Virtual size: 5KB

.rsrc Size: 133KB - Virtual size: 133KB

.reloc Size: 1024B - Virtual size: 884B

33:00:00:02:ed:2c:45:e4:c1:45:cf:48:44:00:00:00:00:02:ed
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

76:24:d5:cb:81:d7:2a:6e:92:ab:22:db:ca:28:03:c9:e8:07:fc:69:d9:18:1d:39:a6:e9:7a:20:a9:58:a0:67
Signer

.text
Size: 123KB - Virtual size: 122KB

.rdata
Size: 69KB - Virtual size: 69KB

.data
Size: 1KB - Virtual size: 5KB

.pdata
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 133KB - Virtual size: 133KB

.reloc
Size: 1024B - Virtual size: 884B