SettingSyncHost[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

SettingSyncHost.exe
Size

808KB
MD5

4a6de1c22cc7dd0e1fe961cd332612c7
SHA1

973ceaf0f02eb90553b36b3ae5d859245bf5f3b4
SHA256

beac3a39f7b8e0e3542ba6b8ab57ebfb1621c7b6c24524ebb195d1952cf27528
SHA512

fb08a4bdf7583fe3d283b64d03fdeefdc1fed0da12984afa530eb06d0372492829fac145416caa6c7982fa0d11afc648e92930ebd4a21879924cfea01bb63617
SSDEEP

24576:G3TDDYN/r99VuTK0/Bss6xp/z1HgcgAWAvv5H:+TOfuG0pss6xpmle5H

Score

1^/10

Malware Config

Signatures

Files

SettingSyncHost.exe
.exe windows x86

0d38133e118dd5aa2e0986a13517d7fe

Code Sign

33:00:00:03:3b:65:5f:ae:fa:db:75:e9:d6:00:00:00:00:03:3b
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:23

Not After

01/09/2022, 18:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d8:8b:99:7d:d7:20:a3:94:d5:74:58:bf:e1:64:ea:47:6f:94:69:e9:8d:6a:a3:a4:f5:1a:18:e9:4a:fb:39:96
Signer

Actual PE Digest

d8:8b:99:7d:d7:20:a3:94:d5:74:58:bf:e1:64:ea:47:6f:94:69:e9:8d:6a:a3:a4:f5:1a:18:e9:4a:fb:39:96

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

iswalnum
wcschr
wcsstr
_CxxThrowException
_vsnprintf_s
wcstok_s
swscanf_s
_ftol2
??0exception@@QAE@ABV0@@Z
memcmp
_wcstoui64
_vsnwprintf
strncmp
memmove
_except_handler4_common
_controlfp
_wcsnicmp
wcsncpy_s
malloc
?terminate@@YAXXZ
__CxxFrameHandler3
_onexit
__dllonexit
_unlock
_lock
_wcmdln
_initterm
__setusermatherr
__p__fmode
_callnewh
_cexit
??1type_info@@UAE@XZ
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__p__commode
memmove_s
realloc
_wcsicmp
toupper
time
_XcptFilter
free
_get_errno
_set_errno
??1exception@@UAE@XZ
_purecall
??0exception@@QAE@XZ
memcpy_s
memcpy
srand
rand
memset

api-ms-win-core-libraryloader-l1-2-0

LoadResource
GetModuleHandleExW
GetModuleFileNameA
GetModuleHandleW
GetProcAddress
SizeofResource
GetModuleFileNameW
LockResource

api-ms-win-core-synch-l1-1-0

CreateSemaphoreExW
ReleaseSemaphore
InitializeSRWLock
WaitForSingleObject
InitializeCriticalSection
ReleaseMutex
CreateEventW
WaitForSingleObjectEx
AcquireSRWLockShared
InitializeCriticalSectionEx
DeleteCriticalSection
ReleaseSRWLockShared
OpenSemaphoreW
SetEvent
CreateMutexExW
CreateEventExW
ResetEvent
ReleaseSRWLockExclusive
OpenEventW
EnterCriticalSection
AcquireSRWLockExclusive
CreateMutexW
LeaveCriticalSection
TryAcquireSRWLockExclusive

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree
HeapSetInformation

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
SetLastError
GetLastError
RaiseException
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
OpenProcessToken
GetCurrentProcess
OpenThreadToken
ProcessIdToSessionId
GetCurrentThreadId
GetStartupInfoW
SetThreadPriority
SetPriorityClass
CreateProcessW
GetCurrentThread
GetCurrentProcessId

api-ms-win-core-localization-l1-2-0

GetUserGeoID
FormatMessageW
GetGeoInfoW
LCMapStringEx

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-com-l1-1-0

CoCreateFreeThreadedMarshaler
StringFromGUID2
CoDisableCallCancellation
CoEnableCallCancellation
CoGetInterfaceAndReleaseStream
CoMarshalInterThreadInterfaceInStream
CoCancelCall
StringFromCLSID
CoReleaseMarshalData
CoCreateGuid
CoGetCallContext
CoUninitialize
CoFreeUnusedLibraries
CoInitializeEx
CoGetMalloc
CoCreateInstance
CoSetProxyBlanket
StringFromIID
CoResumeClassObjects
CoRegisterClassObject
CoWaitForMultipleHandles
CoTaskMemAlloc
CoTaskMemRealloc
CoRevokeClassObject
CoAddRefServerProcess
CoGetApartmentType
CoReleaseServerProcess
CoTaskMemFree
CLSIDFromString
PropVariantClear

api-ms-win-core-winrt-string-l1-1-0

WindowsIsStringEmpty
WindowsCreateString
WindowsCreateStringReference
WindowsCompareStringOrdinal
WindowsGetStringRawBuffer
WindowsDeleteString
WindowsStringHasEmbeddedNull

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolQueueTask
SHTaskPoolGetUniqueContext

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree
LocalReAlloc

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar
CompareStringOrdinal

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventProviderEnabled
EventSetInformation
EventUnregister
EventRegister

api-ms-win-core-file-l1-1-0

CreateFileW
GetFileAttributesW
FindClose
RemoveDirectoryW
FindNextFileW
GetTempFileNameW
FindFirstFileW
GetFileAttributesExW
CompareFileTime
DeleteFileW
CreateDirectoryW
WriteFile
SetFileAttributesW
SetFileTime

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
SleepConditionVariableSRW
Sleep
InitOnceComplete
InitOnceBeginInitialize
WakeAllConditionVariable

api-ms-win-core-registry-l1-1-0

RegDeleteTreeW
RegQueryValueExW
RegDeleteValueW
RegQueryInfoKeyW
RegOpenCurrentUser
RegEnumKeyExW
RegGetValueW
RegCreateKeyExW
RegSetValueExW
RegCloseKey
RegEnumValueW
RegOpenKeyExW

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage
GetTraceLoggerHandle
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceEnableLevel

ntdll

ZwClose
AlpcGetMessageAttribute
AlpcInitializeMessageAttribute
TpWaitForAlpcCompletion
ZwAlpcConnectPort
RtlWaitOnAddress
ZwAlpcQueryInformation
TpReleaseAlpcCompletion
ZwAlpcSendWaitReceivePort
ZwAlpcDisconnectPort
TpAllocAlpcCompletion
RtlWakeAddressAll
ZwAlpcCancelMessage
RtlFreeHeap
RtlAllocateHeap
RtlInitUnicodeString
vDbgPrintEx
NtPowerInformation
RtlGetSuiteMask
RtlPublishWnfStateData
NtCreateWnfStateName
RtlSubscribeWnfStateChangeNotification
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlFreeUnicodeString
RtlConvertSidToUnicodeString
NtQueryWnfStateData
EtwTraceMessage
EtwEventActivityIdControl
NtSetInformationProcess
NtSetInformationThread
RtlNtStatusToDosError

api-ms-win-shcore-thread-l1-1-0

SHCreateThreadWithHandle

api-ms-win-core-libraryloader-l1-2-1

FindResourceW

api-ms-win-shcore-stream-l1-1-0

IStream_Reset
IStream_Copy
SHCreateStreamOnFileW
IStream_Read
IStream_WriteStr
SHOpenRegStream2W
IStream_Write
SHCreateMemStream
IStream_Size

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-sysinfo-l1-1-0

GetSystemTime
GetTickCount
GetVersionExW
GetTickCount64
GetSystemTimeAsFileTime
GetSystemDirectoryW

api-ms-win-shcore-obsolete-l1-1-0

CommandLineToArgvW
SHStrDupW

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
RoOriginateErrorW
SetRestrictedErrorInfo
RoTransformError

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoRegisterActivationFactories
RoActivateInstance
RoRevokeActivationFactories

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
CloseThreadpoolWait
CloseThreadpoolTimer
SetThreadpoolTimer
CreateThreadpool
CloseThreadpool
CreateThreadpoolWait
SetThreadpoolWait
WaitForThreadpoolTimerCallbacks

api-ms-win-core-string-l2-1-0

CharLowerBuffW

api-ms-win-core-path-l1-1-0

PathAllocCombine
PathCchAppend

api-ms-win-core-registry-l1-1-1

RegDeleteKeyValueW

api-ms-win-core-threadpool-legacy-l1-1-0

CreateTimerQueueTimer
DeleteTimerQueueTimer

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrRChrW
StrStrIW
QISearch
StrToIntExW

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-shlwapi-legacy-l1-1-0

PathGetCharTypeW
PathStripPathW
PathFindFileNameW

api-ms-win-security-base-l1-1-0

GetTokenInformation
AdjustTokenPrivileges
GetSidSubAuthority
CreateWellKnownSid

api-ms-win-shcore-registry-l1-1-0

SHDeleteValueW
SHSetValueW
SHRegGetPathW
SHRegGetValueW
SHRegSetPathW
SHDeleteKeyW

rpcrt4

UuidCreate

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-power-base-l1-1-0

PowerDeterminePlatformRoleEx

api-ms-win-core-version-l1-1-0

GetFileVersionInfoSizeExW
VerQueryValueW
GetFileVersionInfoExW

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-security-provider-l1-1-0

SetEntriesInAclW
GetNamedSecurityInfoW
SetNamedSecurityInfoW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

propsys

PSPropertyBag_WriteUnknown
PropVariantToUInt32
PropVariantToBoolean
PSPropertyBag_WriteStr
PropVariantToStringAlloc
PSCreateMemoryPropertyStore

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

userenv

GetProfileType

api-ms-win-core-sysinfo-l1-2-0

GetOsSafeBootMode

api-ms-win-core-url-l1-1-0

UrlEscapeW

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
FileTimeToSystemTime

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

Sections

.text
Size: 736KB - Virtual size: 735KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0d38133e118dd5aa2e0986a13517d7fe

Code Sign

33:00:00:03:3b:65:5f:ae:fa:db:75:e9:d6:00:00:00:00:03:3bCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

d8:8b:99:7d:d7:20:a3:94:d5:74:58:bf:e1:64:ea:47:6f:94:69:e9:8d:6a:a3:a4:f5:1a:18:e9:4a:fb:39:96Signer

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-shcore-taskpool-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-registry-l1-1-0

api-ms-win-eventing-classicprovider-l1-1-0

ntdll

api-ms-win-shcore-thread-l1-1-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-shcore-stream-l1-1-0

api-ms-win-core-file-l1-2-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-shcore-obsolete-l1-1-0

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-path-l1-1-0

api-ms-win-core-registry-l1-1-1

api-ms-win-core-threadpool-legacy-l1-1-0

api-ms-win-security-sddl-l1-1-0

api-ms-win-core-shlwapi-obsolete-l1-1-0

api-ms-win-core-com-l1-1-1

api-ms-win-core-shlwapi-legacy-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-shcore-registry-l1-1-0

rpcrt4

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-power-base-l1-1-0

api-ms-win-core-version-l1-1-0

api-ms-win-core-apiquery-l1-1-0

api-ms-win-security-provider-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

propsys

api-ms-win-core-psapi-l1-1-0

userenv

api-ms-win-core-sysinfo-l1-2-0

api-ms-win-core-url-l1-1-0

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-winrt-error-l1-1-1

Sections

.text Size: 736KB - Virtual size: 735KB

.data Size: 1024B - Virtual size: 3KB

.idata Size: 12KB - Virtual size: 12KB

.didat Size: 512B - Virtual size: 240B

.rsrc Size: 9KB - Virtual size: 8KB

.reloc Size: 39KB - Virtual size: 38KB

33:00:00:03:3b:65:5f:ae:fa:db:75:e9:d6:00:00:00:00:03:3b
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

d8:8b:99:7d:d7:20:a3:94:d5:74:58:bf:e1:64:ea:47:6f:94:69:e9:8d:6a:a3:a4:f5:1a:18:e9:4a:fb:39:96
Signer

.text
Size: 736KB - Virtual size: 735KB

.data
Size: 1024B - Virtual size: 3KB

.idata
Size: 12KB - Virtual size: 12KB

.didat
Size: 512B - Virtual size: 240B

.rsrc
Size: 9KB - Virtual size: 8KB

.reloc
Size: 39KB - Virtual size: 38KB