consent[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

consent.exe
Size

104KB
MD5

e306e30284d5d7ea535f3501b634dfc8
SHA1

096e8f287df88efd0775df107ad795c619930b0e
SHA256

c6fdbe93a5b3596c154007c38ce8b7e4569d1ac3edb3b7e1d2e8af175cabb208
SHA512

cb2db34a1329db88243be4ccca85e28a815e00313e936e03ce677e7160a85af63e6d7f52aff3da2f34d7255df2d23db271df106963e8ca5a618dc0a16d3ee250
SSDEEP

768:Mtjvw+XxdgfaqivcuguNJ4Vnlhycb8Or0hZTR3KOkedLcaqZU9QZU9z8RI1PuWK:aDwim5ivc8NGxlz8O0hZTR3NkGqzQBPK

Score

1^/10

Malware Config

Signatures

Files

consent.exe
.exe windows x86

3f38f9b645eebc120f6dfe0b37f41f22

Code Sign

33:00:00:02:32:41:fb:59:99:6d:cc:4d:ff:00:00:00:00:02:32
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02-05-2019 21:24

Not After

02-05-2020 21:24

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c6:25:d2:b3:a0:66:fe:ab:bb:29:09:a5:c1:fc:5b:85:f8:09:df:37:80:a8:70:a1:56:4b:51:16:40:ef:e8:87
Signer

Actual PE Digest

c6:25:d2:b3:a0:66:fe:ab:bb:29:09:a5:c1:fc:5b:85:f8:09:df:37:80:a8:70:a1:56:4b:51:16:40:ef:e8:87

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

GetTokenInformation
RegGetValueW
RevertToSelf
ImpersonateLoggedOnUser
MakeAbsoluteSD
ConvertStringSecurityDescriptorToSecurityDescriptorW
EventRegister
EventWriteTransfer
GetSidSubAuthority
GetSidSubAuthorityCount
InitializeSid
GetSidLengthRequired

kernel32

GetCurrentThreadId
GetCurrentProcessId
ReleaseMutex
Sleep
LoadLibraryW
SetEvent
GetTickCount
GetExitCodeThread
WaitForMultipleObjects
ResumeThread
CreateEventW
GetProcAddress
GetLocaleInfoW
GetCurrentProcess
GetCommandLineW
CreateFileW
SetPriorityClass
HeapSetInformation
UnmapViewOfFile
VirtualQuery
MapViewOfFile
CreateFileMappingW
DelayLoadFailureHook
InterlockedCompareExchange
LoadLibraryExA
GetDriveTypeW
LoadLibraryExW
FreeLibrary
GetUserPreferredUILanguages
SetThreadPreferredUILanguages
QueueUserWorkItem
GetModuleHandleW
WaitForSingleObject
CreateThread
GetModuleHandleExW
CloseHandle
FindResourceExW
LoadResource
LockResource
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
GetStartupInfoA
InterlockedExchange
LocalAlloc
LocalFree
GetLastError
GlobalFree

gdi32

SetDCBrushColor
GetStockObject
CreateCompatibleDC
CreateDIBSection
SelectObject
DeleteObject
DeleteDC
GetLayout
BitBlt
CreateCompatibleBitmap

user32

GetForegroundWindow
FlashWindowEx
SetPropW
DestroyWindow
PostMessageW
UnregisterClassW
DispatchMessageW
TranslateMessage
GetMessageW
GetDesktopWindow
CreateWindowExW
RegisterClassW
LoadCursorW
GetWindowRect
SendMessageW
SetThreadDesktop
GetParent
GetDC
FillRect
GetAncestor
GetPropW
ShowWindow
DefWindowProcW
BeginPaint
GetWindowDC
ReleaseDC
EndPaint
PostQuitMessage
GetWindowLongW
SetWindowLongW
GetThreadDesktop
OpenInputDesktop
CloseDesktop
GetUserObjectInformationW
LoadIconW
DestroyIcon
GetSystemMetrics
LoadStringW
OpenDesktopW

msvcrt

_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
memset
__p__fmode
wcschr
wcsrchr
_amsg_exit
_wcsicmp
_wtoi
_errno
_wtol
_vsnwprintf
__set_app_type
_controlfp
__setusermatherr
swscanf_s
__p__commode
__getmainargs
?terminate@@YAXXZ
memcpy
_except_handler4_common

ntdll

EtwSendNotification
EtwTraceMessage
RtlSubAuthoritySid
RtlNtStatusToDosError
NtQueryInformationToken
RtlNtStatusToDosErrorNoTeb
NtDuplicateToken
RtlEqualSid
WinSqmAddToStreamEx
RtlImageNtHeaderEx
EtwEventRegister
NtOpenProcess
EtwEventUnregister
NtQueryVolumeInformationFile
NtWriteVirtualMemory
RtlAllocateHeap
NtReadVirtualMemory
NtDuplicateObject
RtlFreeHeap
RtlLengthRequiredSid
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwGetTraceEnableFlags
EtwEventWrite
RtlInitializeSid
RtlAdjustPrivilege
NtClose
RtlInitString
NtAllocateLocallyUniqueId

ole32

CoTaskMemAlloc
CoCreateInstance
StringFromGUID2
CoInitializeEx
CoUninitialize
CoInitializeSecurity
CoTaskMemFree

msimg32

AlphaBlend

wmsgapi

WmsgSendMessage

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

winmm

PlaySoundW

userenv

LoadUserProfileW
UnloadUserProfile

winsta

WinStationQueryInformationW

crypt32

CertFreeCertificateContext

msctfmonitor

UninitLocalMsCtfMonitor
InitLocalMsCtfMonitor

comctl32

ord345

Sections

.text
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

consent
Size: 512B - Virtual size: 98B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3f38f9b645eebc120f6dfe0b37f41f22

Code Sign

33:00:00:02:32:41:fb:59:99:6d:cc:4d:ff:00:00:00:00:02:32Certificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

c6:25:d2:b3:a0:66:fe:ab:bb:29:09:a5:c1:fc:5b:85:f8:09:df:37:80:a8:70:a1:56:4b:51:16:40:ef:e8:87Signer

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

gdi32

user32

msvcrt

ntdll

ole32

msimg32

wmsgapi

wtsapi32

winmm

userenv

winsta

crypt32

msctfmonitor

comctl32

Sections

.text Size: 41KB - Virtual size: 40KB

.data Size: 1KB - Virtual size: 1KB

consent Size: 512B - Virtual size: 98B

.rsrc Size: 49KB - Virtual size: 49KB

.reloc Size: 2KB - Virtual size: 2KB

33:00:00:02:32:41:fb:59:99:6d:cc:4d:ff:00:00:00:00:02:32
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

c6:25:d2:b3:a0:66:fe:ab:bb:29:09:a5:c1:fc:5b:85:f8:09:df:37:80:a8:70:a1:56:4b:51:16:40:ef:e8:87
Signer

.text
Size: 41KB - Virtual size: 40KB

.data
Size: 1KB - Virtual size: 1KB

consent
Size: 512B - Virtual size: 98B

.rsrc
Size: 49KB - Virtual size: 49KB

.reloc
Size: 2KB - Virtual size: 2KB