CastSrv[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

CastSrv.exe
Size

59KB
MD5

a7f7a053b53dd45ed1bd6fe637258538
SHA1

a0bf435a265f4c32472342683b7ca15a0842f93b
SHA256

83423cd9721e9b0583715c176a459d67ab803645328306e1fddfe195f12f8db3
SHA512

dbc3968604186019c11a8488720c8ceae7933198d5989b94c6b0e13ba61da9e4094cb9d8224b1398908ede1dc3959da8d722ce657817f64a0f0e8cd3607be1df
SSDEEP

1536:A2BhfT//E7y5Jsi1zAzqhwJNei8bj5TExPyzruaa:JBhfTvc0gqhwzerPCxaba

Score

1^/10

Malware Config

Signatures

Files

CastSrv.exe
.exe windows x64

c72da8053ebe1390070de23e82991e7f

Code Sign

33:00:00:02:66:bd:15:80:ef:a7:5c:d6:d3:00:00:00:00:02:66
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/03/2020, 18:30

Not After

03/03/2021, 18:30

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e0:5a:c5:df:5f:29:76:74:af:7e:ae:cf:cb:a6:4d:a7:e5:e8:88:3f:07:03:a1:23:9e:8b:52:07:7f:79:89:c9
Signer

Actual PE Digest

e0:5a:c5:df:5f:29:76:74:af:7e:ae:cf:cb:a6:4d:a7:e5:e8:88:3f:07:03:a1:23:9e:8b:52:07:7f:79:89:c9

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

__CxxFrameHandler3
_initterm
_commode
__setusermatherr
_fmode
_exit
_wcmdln
_onexit
exit
__C_specific_handler
_cexit
_unlock
__set_app_type
_purecall
?terminate@@YAXXZ
_lock
_callnewh
__wgetmainargs
_amsg_exit
_XcptFilter
malloc
free
__dllonexit
memset

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared
AcquireSRWLockExclusive
InitializeSRWLock

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableFlags
TraceMessage
GetTraceEnableLevel
GetTraceLoggerHandle
UnregisterTraceGuids
RegisterTraceGuidsW

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventUnregister

api-ms-win-shcore-obsolete-l1-1-0

CommandLineToArgvW

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
SetPriorityClass
GetCurrentProcess
OpenProcessToken
OpenThreadToken
TerminateProcess
GetCurrentThread
GetCurrentThreadId
GetStartupInfoW

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-security-base-l1-1-0

GetTokenInformation

api-ms-win-core-registry-l1-1-0

RegGetValueW

api-ms-win-core-file-l1-1-0

CreateFileW

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolQueueTask

api-ms-win-shcore-thread-l1-1-0

SHCreateThread

api-ms-win-core-synch-l1-2-0

WakeAllConditionVariable
SleepConditionVariableSRW
Sleep

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 392B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 568B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c72da8053ebe1390070de23e82991e7f

Code Sign

33:00:00:02:66:bd:15:80:ef:a7:5c:d6:d3:00:00:00:00:02:66Certificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

e0:5a:c5:df:5f:29:76:74:af:7e:ae:cf:cb:a6:4d:a7:e5:e8:88:3f:07:03:a1:23:9e:8b:52:07:7f:79:89:c9Signer

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

api-ms-win-core-synch-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-shcore-obsolete-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-shcore-taskpool-l1-1-0

api-ms-win-shcore-thread-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-apiquery-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Sections

.text Size: 30KB - Virtual size: 30KB

.imrsiv Size: - Virtual size: 4B

.rdata Size: 13KB - Virtual size: 12KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 2KB - Virtual size: 1KB

.didat Size: 512B - Virtual size: 392B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 568B

33:00:00:02:66:bd:15:80:ef:a7:5c:d6:d3:00:00:00:00:02:66
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

e0:5a:c5:df:5f:29:76:74:af:7e:ae:cf:cb:a6:4d:a7:e5:e8:88:3f:07:03:a1:23:9e:8b:52:07:7f:79:89:c9
Signer

.text
Size: 30KB - Virtual size: 30KB

.imrsiv
Size: - Virtual size: 4B

.rdata
Size: 13KB - Virtual size: 12KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 2KB - Virtual size: 1KB

.didat
Size: 512B - Virtual size: 392B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 568B