sync-installer[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

sync-installer.exe
Size

47.2MB
MD5

3ec6f06cebbf559143794f86ded8fdea
SHA1

77e2f0e0a59b72093bb65a26aa59ce061f3d5e3e
SHA256

726e1acc63fcc6859f0d26d341a2a61cffcafb9eafdb39a27729103e7225d05b
SHA512

53aea781de8230535f8c80ff2426d8092ea85ae79bc33532ccd7946ab5eb17faad98294939e34ec8955bd28dc557ccbf1c7a5c39e6583e1bc357dd8c34982917
SSDEEP

786432:OaTrHQ8Vzeo30F+IJStJM5EIyFGGGGGGdfDn4s07xRFC3Mc9LSROtv06f0el3v:OaTrw8VeWQBJ+uAMsYRFC3FLSROG6f06

Score

1^/10

Malware Config

Signatures

Files

sync-installer.exe
.exe windows x86

fd49a1962f604342e943074e52300cb4

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2021 00:00

Not After

31-12-2028 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

de:0a:25:31:a6:a7:2b:c5:c3:6d:91:d6:e7:4b:4a:f2
Certificate

Issuer

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Not Before

29-07-2022 00:00

Not After

28-07-2025 23:59

Subject

SERIALNUMBER=18610160,CN=Sync.com Inc.,O=Sync.com Inc.,ST=Ontario,C=CA,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#13074f6e746172696f,1.3.6.1.4.1.311.60.2.1.3=#13024341

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03-05-2023 00:00

Not After

02-08-2034 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e1:5f:96:38:7b:51:72:79:c0:d0:99:bf:de:2c:43:18:21:c7:5f:e5:e5:69:da:ad:f0:3d:f9:25:f7:d2:11:a2
Signer

Actual PE Digest

e1:5f:96:38:7b:51:72:79:c0:d0:99:bf:de:2c:43:18:21:c7:5f:e5:e5:69:da:ad:f0:3d:f9:25:f7:d2:11:a2

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

ShellExecuteExW
SHChangeNotify
SHGetFolderPathW
DragQueryPoint
DragFinish
SHFileOperationW
ord6
SHGetFileInfoW
ExtractIconExW
ExtractIconW
CommandLineToArgvW
DragAcceptFiles
DragQueryFileW

kernel32

EnumSystemLocalesW
HeapReAlloc
SetConsoleCtrlHandler
GetCurrentDirectoryW
SetEndOfFile
SetEnvironmentVariableW
GetFileSizeEx
RtlUnwind
VirtualQuery
HeapFree
HeapAlloc
GetOEMCP
InterlockedPushEntrySList
InterlockedFlushSList
LoadLibraryExW
GetEnvironmentStringsW
FreeEnvironmentStringsW
FindFirstFileExW
GetCommandLineA
GetModuleHandleExW
ExitThread
FreeLibraryAndExitThread
GetFullPathNameW
GetDateFormatW
SetFileAttributesW
SetFilePointerEx
GetConsoleOutputCP
ReadConsoleW
GetTimeFormatW
InitializeSListHead
GetConsoleMode
CreateDirectoryW
RemoveDirectoryW
SetStdHandle
MoveFileExW
FindResourceW
SizeofResource
LockResource
LoadResource
GetProcAddress
GetModuleHandleW
GetProcessId
GetCurrentProcess
CloseHandle
GetShortPathNameW
DeleteFileW
GetTimeZoneInformation
GetFileAttributesExW
FindNextFileW
GetStdHandle
FreeConsole
AttachConsole
WriteConsoleA
WriteConsoleW
FillConsoleOutputCharacterW
GetConsoleScreenBufferInfo
SetConsoleCursorPosition
ReadConsoleOutputCharacterA
MulDiv
GetLastError
SetLastError
ExitProcess
GetCurrentThreadId
GetCommandLineW
LocalFree
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
FreeLibrary
LoadLibraryW
GlobalAlloc
GlobalUnlock
GlobalLock
HeapSize
GetProcessHeap
GlobalSize
GlobalFree
SetErrorMode
MultiByteToWideChar
WideCharToMultiByte
TryEnterCriticalSection
ReleaseSemaphore
ReleaseMutex
WaitForSingleObject
CreateMutexW
Sleep
CreateSemaphoreW
SetThreadPriority
TerminateThread
GetExitCodeThread
SuspendThread
ResumeThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetThreadContext
GetSystemInfo
GetProcessAffinityMask
SetProcessAffinityMask
FormatMessageW
SetCurrentDirectoryW
CreateFileW
GetFileAttributesW
GetFileType
GetWindowsDirectoryW
CopyFileW
ReadFile
WriteFile
SetHandleInformation
CreatePipe
SetNamedPipeHandleState
PeekNamedPipe
SetEvent
CreateEventW
WaitForMultipleObjects
GetExitCodeProcess
CreateThread
CreateProcessW
EnumResourceNamesW
GetSystemTimeAsFileTime
ExpandEnvironmentStringsW
FindClose
FindFirstFileW
GetFileSize
GetFileTime
GetLongPathNameW
GetTempFileNameW
SetFileTime
GetTempPathW
GetEnvironmentVariableW
GetDiskFreeSpaceExW
IsDebuggerPresent
GetCurrentProcessId
TerminateProcess
OpenProcess
GetVersionExW
GetModuleFileNameW
GlobalMemoryStatus
GetProfileStringW
GetComputerNameW
IsValidCodePage
GetCPInfo
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
OutputDebugStringW
GetACP
GetLocaleInfoW
IsValidLocale
GetThreadLocale
SetThreadLocale
GetUserDefaultLCID
QueryPerformanceCounter
QueryPerformanceFrequency
GetDriveTypeW
GetLogicalDriveStringsW
GetCurrentThread
GetStartupInfoW
RaiseException
IsBadReadPtr
IsBadStringPtrA
VerSetConditionMask
GetProcessTimes
GetModuleHandleA
VerifyVersionInfoW
K32EnumProcesses
K32GetProcessImageFileNameW
FormatMessageA
EncodePointer
DecodePointer
InitializeCriticalSectionAndSpinCount
SwitchToThread
GetTickCount
CompareStringW
LCMapStringW
GetStringTypeW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
ResetEvent
WaitForSingleObjectEx
FlushFileBuffers

msi

ord70

user32

SetActiveWindow
RegisterClassW
UnregisterClassW
GetKeyState
MessageBoxW
GetProcessDefaultLayout
LoadCursorW
TranslateMessage
DispatchMessageW
PeekMessageW
RegisterHotKey
UnregisterHotKey
GetMessagePos
GetMessageTime
SendMessageW
DefWindowProcW
PostQuitMessage
CallWindowProcW
CreateWindowExW
IsWindow
DestroyWindow
ShowWindow
AnimateWindow
MoveWindow
SetWindowPos
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
IsWindowVisible
SetFocus
GetActiveWindow
GetFocus
GetAsyncKeyState
VkKeyScanW
MapVirtualKeyW
GetCapture
SetCapture
ReleaseCapture
EnableWindow
IsWindowEnabled
GetSystemMetrics
GetMenuItemCount
TrackPopupMenu
GetMenuItemInfoW
UpdateWindow
GetDC
ReleaseDC
GetUpdateRgn
InvalidateRect
RedrawWindow
ScrollWindow
EnableScrollBar
SetWindowTextW
GetClientRect
GetWindowRect
SetCursorPos
SetCursor
GetCursorPos
ClientToScreen
ScreenToClient
MapWindowPoints
WindowFromPoint
ChildWindowFromPointEx
GetSysColor
FillRect
InflateRect
PtInRect
GetWindowLongW
SetWindowLongW
GetParent
SetParent
GetWindow
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
IsDialogMessageW
SetScrollInfo
GetScrollInfo
SystemParametersInfoW
CreateDialogParamW
GetDlgItem
SetWindowRgn
GetWindowPlacement
SetWindowPlacement
SetLayeredWindowAttributes
FlashWindowEx
IsIconic
IsZoomed
BringWindowToTop
GetDialogBaseUnits
DrawMenuBar
GetSystemMenu
EnableMenuItem
FindWindowExW
EndDialog
MsgWaitForMultipleObjects
EnumChildWindows
GetWindowTextW
GetWindowTextLengthW
MessageBeep
GetClassNameW
GetMessageW
PostThreadMessageW
ValidateRect
DrawFrameControl
DrawIconEx
LoadCursorFromFileW
DestroyCursor
CreateIconIndirect
GetIconInfo
LoadAcceleratorsW
CreateAcceleratorTableW
DestroyAcceleratorTable
TranslateAcceleratorW
GetDoubleClickTime
DrawTextW
DrawFocusRect
ValidateRgn
SetRectEmpty
UnionRect
OffsetRect
IsRectEmpty
LoadBitmapW
LoadIconW
LoadImageW
GetMenuState
CreateMenu
CreatePopupMenu
DestroyMenu
GetSubMenu
InsertMenuW
AppendMenuW
ModifyMenuW
RemoveMenu
SetMenuInfo
InsertMenuItemW
SetMenuItemInfoW
GetWindowDC
BeginPaint
EndPaint
DestroyIcon
DrawStateW
CopyRect
GetComboBoxInfo
IsMenu
keybd_event
HideCaret
ShowCaret
PostMessageW
ChildWindowFromPoint
CreateIconFromResourceEx
DrawEdge
CheckMenuItem
GetMenuItemID
GetSysColorBrush
SetRect
CheckMenuRadioItem
GetDesktopWindow
RegisterClipboardFormatW
GetClipboardFormatNameW
RegisterWindowMessageW
SetMenu
ChangeDisplaySettingsExW
EnumDisplaySettingsW
MonitorFromPoint
MonitorFromWindow
GetMonitorInfoW
EnumDisplayMonitors
GetClassInfoW
wsprintfW
OpenClipboard
CloseClipboard
EnumClipboardFormats
EmptyClipboard
IsClipboardFormatAvailable
WaitForInputIdle
ExitWindowsEx
SetTimer
KillTimer
DdeInitializeW
DdeUninitialize
DdeConnect
DdeDisconnect
DdePostAdvise
DdeNameService
DdeClientTransaction
DdeCreateDataHandle
DdeGetData
DdeFreeDataHandle
DdeGetLastError
DdeCreateStringHandleW
DdeQueryStringW
DdeFreeStringHandle
CreateDialogIndirectParamW
SetForegroundWindow
AllowSetForegroundWindow
EnumWindows
GetWindowThreadProcessId

oleacc

LresultFromObject

uxtheme

GetThemePartSize
IsThemePartDefined
GetThemeBackgroundExtent
SetWindowTheme
GetThemeSysFont
GetThemeFont
GetThemeMargins
IsAppThemed
IsThemeActive
DrawThemeParentBackground
GetThemeColor
IsThemeBackgroundPartiallyTransparent
GetThemeBackgroundContentRect
DrawThemeBackground
CloseThemeData
OpenThemeData
GetThemeInt
GetThemeSysColor
GetCurrentThemeName

urlmon

URLDownloadToFileW

msimg32

AlphaBlend
GradientFill

gdi32

PlayEnhMetaFile
GetWinMetaFileBits
GetEnhMetaFileHeader
SetWinMetaFileBits
GetEnhMetaFileW
DeleteEnhMetaFile
CreateEnhMetaFileW
CopyEnhMetaFileW
CloseEnhMetaFile
SetMetaFileBitsEx
GetMetaFileBitsEx
CreateRectRgn
ExcludeClipRect
RealizePalette
SelectObject
SelectPalette
GetTextMetricsW
SetBrushOrgEx
GdiFlush
GetSystemPaletteEntries
EndPage
StartPage
EndDoc
StartDocW
ExtCreateRegion
GetRegionData
OffsetRgn
GetDeviceCaps
LineTo
MoveToEx
CreateFontIndirectW
DeleteObject
GetOutlineTextMetricsW
AddFontResourceExW
Arc
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateSolidBrush
DeleteDC
Ellipse
ExtFloodFill
GetBkColor
GetClipBox
GetObjectType
GetPixel
GetStockObject
MaskBlt
Pie
PolyPolygon
Rectangle
RoundRect
SelectClipRgn
ExtSelectClipRgn
SetBkColor
SetBkMode
SetGraphicsMode
SetMapMode
SetLayout
GetLayout
SetPixel
SetPolyFillMode
StretchBlt
StretchDIBits
SetROP2
SetStretchBltMode
SetTextColor
GetWorldTransform
SetWorldTransform
ModifyWorldTransform
GetObjectW
ExtTextOutW
Polygon
Polyline
PolyBezier
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
CombineRgn
EqualRgn
GetRgnBox
PtInRegion
RectInRegion
CreatePolygonRgn
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetTextExtentPoint32W
CreateHatchBrush
CreatePatternBrush
CreateDCW
SetAbortProc
CreateBitmap
CreateBitmapIndirect
CreateRectRgnIndirect
GetCharABCWidthsW
GetTextExtentExPointW
CreatePen
CreateICW
ExtCreatePen
CreateDIBitmap
GetDIBits
CreateDIBSection
GetDIBColorTable
EnumFontFamiliesExW

rpcrt4

UuidCreate
UuidToStringW
UuidFromStringW
RpcStringFreeW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

advapi32

RegQueryValueExW
RegQueryValueExA
RegOpenKeyExA
LookupPrivilegeValueA
GetUserNameW
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
RegSetValueExW
RegCloseKey
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumValueW
RegEnumKeyW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW

comdlg32

CommDlgExtendedError
GetSaveFileNameW
PrintDlgW
PageSetupDlgW
GetOpenFileNameW
ChooseFontW

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

comctl32

ord17
ord16
ImageList_Create
ImageList_GetImageInfo
ImageList_GetIconSize
ImageList_GetIcon
ImageList_Remove
ImageList_Destroy
ImageList_GetImageCount
ImageList_AddMasked
ImageList_Replace
ImageList_Draw
ImageList_SetBkColor
ImageList_ReplaceIcon
ImageList_Add

ole32

CoTaskMemFree
OleSetClipboard
OleGetClipboard
PropVariantClear
OleIsCurrentClipboard
CoLockObjectExternal
OleUninitialize
OleInitialize
ReleaseStgMedium
CoTaskMemAlloc
RevokeDragDrop
RegisterDragDrop
OleFlushClipboard
CoCreateInstance

shlwapi

SHAutoComplete
AssocQueryStringW
PathFindFileNameW

rstrtmgr

RmRegisterResources
RmGetList
RmStartSession
RmEndSession
RmShutdown
RmRestart

Sections

.text
Size: 4.6MB - Virtual size: 4.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 283KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 782B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 265B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 40.5MB - Virtual size: 40.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 475KB - Virtual size: 475KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fd49a1962f604342e943074e52300cb4

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6eCertificate

Extended Key Usages

Key Usages

de:0a:25:31:a6:a7:2b:c5:c3:6d:91:d6:e7:4b:4a:f2Certificate

Extended Key Usages

Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

e1:5f:96:38:7b:51:72:79:c0:d0:99:bf:de:2c:43:18:21:c7:5f:e5:e5:69:da:ad:f0:3d:f9:25:f7:d2:11:a2Signer

Headers

DLL Characteristics

File Characteristics

Imports

shell32

kernel32

msi

user32

oleacc

uxtheme

urlmon

msimg32

gdi32

rpcrt4

version

advapi32

comdlg32

winspool.drv

comctl32

ole32

shlwapi

rstrtmgr

Sections

.text Size: 4.6MB - Virtual size: 4.6MB

.rdata Size: 1.6MB - Virtual size: 1.6MB

.data Size: 60KB - Virtual size: 283KB

.idata Size: 19KB - Virtual size: 19KB

.tls Size: 1024B - Virtual size: 782B

.00cfg Size: 512B - Virtual size: 265B

.rsrc Size: 40.5MB - Virtual size: 40.5MB

.reloc Size: 475KB - Virtual size: 475KB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

de:0a:25:31:a6:a7:2b:c5:c3:6d:91:d6:e7:4b:4a:f2
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

e1:5f:96:38:7b:51:72:79:c0:d0:99:bf:de:2c:43:18:21:c7:5f:e5:e5:69:da:ad:f0:3d:f9:25:f7:d2:11:a2
Signer

.text
Size: 4.6MB - Virtual size: 4.6MB

.rdata
Size: 1.6MB - Virtual size: 1.6MB

.data
Size: 60KB - Virtual size: 283KB

.idata
Size: 19KB - Virtual size: 19KB

.tls
Size: 1024B - Virtual size: 782B

.00cfg
Size: 512B - Virtual size: 265B

.rsrc
Size: 40.5MB - Virtual size: 40.5MB

.reloc
Size: 475KB - Virtual size: 475KB