CompatTelRunner[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

CompatTelRunner.exe
Size

181KB
MD5

a0ce39a271de8faf9ac1864ad0a6563a
SHA1

350513265dace6378637f490e31b3e2bb0a86362
SHA256

607242b21660b23ad732d3dc532cc836a3656602b95ce668d580ee3d36322a64
SHA512

577837c6491649bdc803dcc0d67dbcd715000fcb600698f14175d0b7e02c1501b7231308b9046630e5c66bb7f91d012647fa8d08942c4c70a011c0f75d820ddc
SSDEEP

3072:5e62NvGQ23K5QEJlhKuD0kcxqmqLXUs73Z+DFDG59UkwgFukahJoV0ix:5eIa5QUhKuD0kcxqLLXU+ZzYkNuk+c

Score

1^/10

Malware Config

Signatures

Files

CompatTelRunner.exe
.exe windows x64

0de309ada60684eef12ed8335ccff28b

Code Sign

33:00:00:04:15:82:95:a1:a3:d8:2e:28:57:00:00:00:00:04:15
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/02/2023, 00:05

Not After

01/02/2024, 00:05

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

fe:eb:0a:2d:36:b5:13:67:70:80:24:b9:ff:64:b7:1e:a4:cf:6b:1d:18:13:ee:3b:43:67:09:86:78:14:86:a3
Signer

Actual PE Digest

fe:eb:0a:2d:36:b5:13:67:70:80:24:b9:ff:64:b7:1e:a4:cf:6b:1d:18:13:ee:3b:43:67:09:86:78:14:86:a3

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

strncpy_s
strtol
_set_errno
malloc
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBQEBDH@Z
?what@exception@@UEBAPEBDXZ
_CxxThrowException
memcpy
memmove
_errno
wcsstr
_wcslwr
wcscat_s
_wcsnicmp
strcpy_s
_callnewh
memcmp
??1type_info@@UEAA@XZ
wcsrchr
wcscpy_s
?terminate@@YAXXZ
_onexit
__dllonexit
_unlock
_lock
_commode
_fmode
__C_specific_handler
_initterm
__setusermatherr
_cexit
wcsncmp
_exit
__CxxFrameHandler3
exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
sprintf_s
strchr
_vsnprintf
_stricmp
_wcsicmp
memmove_s
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
_purecall
??3@YAXPEAX@Z
memcpy_s
_vsnwprintf
wcschr
memset

ntdll

RtlReleaseRelativeName
NtLoadKeyEx
RtlDosPathNameToRelativeNtPathName_U
RtlStringFromGUID
RtlRandomEx
RtlFreeSid
RtlAllocateAndInitializeSid
RtlNtStatusToDosError
RtlAdjustPrivilege
ZwQuerySystemInformation
RtlGetNativeSystemInformation
RtlUpcaseUnicodeChar
EtwEventRegister
EtwEventWrite
EtwEventUnregister
NtQueryLicenseValue
RtlAppendUnicodeToString
RtlAppendUnicodeStringToString
ZwQueryValueKey
RtlInitUnicodeStringEx
ZwEnumerateKey
ZwOpenKey
RtlFreeUnicodeString
RtlInitUnicodeString
ZwClose
RtlLeaveCriticalSection
RtlFreeHeap
RtlInitializeCriticalSection
RtlMultiByteToUnicodeN
RtlInitAnsiString
RtlEnterCriticalSection
RtlReAllocateHeap
RtlEqualString
RtlAllocateHeap
RtlDeleteCriticalSection
WinSqmIsOptedInEx
NtCreateEvent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
VerSetConditionMask

oleaut32

SysAllocString
SysFreeString
SysStringLen

rpcrt4

UuidCreate

ws2_32

WSAStartup
getaddrinfo
freeaddrinfo
WSACleanup
WSAGetLastError
gethostname

kernel32

CreateSemaphoreW
OpenWaitableTimerW
WaitForMultipleObjects
CreateWaitableTimerW
SetWaitableTimer
GetTickCount
QueryPerformanceCounter
TerminateProcess
UnhandledExceptionFilter
GetSystemPowerStatus
Sleep
SetPriorityClass
LoadLibraryExW
VerifyVersionInfoW
FreeLibrary
GetCurrentProcess
QueryProcessCycleTime
LoadLibraryA
GetSystemDirectoryA
lstrcmpA
IsDebuggerPresent
DebugBreak
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcessHeap
GetCurrentProcessId
DeleteCriticalSection
AcquireSRWLockShared
CreateMutexExW
GetProcAddress
HeapAlloc
CreateThreadpoolTimer
SetThreadpoolTimer
SetEvent
SystemTimeToFileTime
CreateProcessW
GetExitCodeProcess
GetTickCount64
CreateEventW
ExpandEnvironmentStringsW
MoveFileExW
GetCommandLineW
FindClose
FindNextFileW
DeleteFileW
FindFirstFileW
GetFileSizeEx
LoadLibraryW
OutputDebugStringA
GetSystemWindowsDirectoryW
GetFileAttributesW
LocalFree
SetUnhandledExceptionFilter
ReleaseSRWLockShared
GetModuleHandleExA
CreateFileW
GetModuleFileNameW
CloseHandle
OpenSemaphoreW
WaitForSingleObjectEx
AcquireSRWLockExclusive
CloseThreadpoolTimer
OutputDebugStringW
ReleaseSRWLockExclusive
GetLastError
FormatMessageW
ReleaseMutex
GetCurrentThreadId
WaitForSingleObject
WaitForThreadpoolTimerCallbacks
GetModuleFileNameA
CreateSemaphoreExW
HeapFree
SetLastError
EnterCriticalSection
ReleaseSemaphore
GetModuleHandleExW
LeaveCriticalSection
InitializeCriticalSectionEx
WriteFile

advapi32

SetEntriesInAclW
EventWriteTransfer
EventRegister
EventUnregister
SetSecurityDescriptorDacl
RegSetKeySecurity
RegDeleteKeyValueW
RegQueryInfoKeyW
RegSaveKeyExW
RegDeleteKeyExW
RegLoadAppKeyW
StartServiceW
QueryServiceStatusEx
CloseServiceHandle
OpenServiceW
OpenSCManagerW
RegLoadKeyW
RegUnLoadKeyW
SetSecurityDescriptorOwner
RegSetValueExW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteTreeW
RegEnumValueW
RegGetValueW
RegCloseKey
RegSetKeyValueW
RegEnumKeyExW
RegOpenKeyExW
InitializeSecurityDescriptor

shlwapi

StrCmpNA
PathFindFileNameW

ole32

CoCreateInstance
CoUninitialize
CoInitializeEx

Sections

.text
Size: 108KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 592B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0de309ada60684eef12ed8335ccff28b

Code Sign

33:00:00:04:15:82:95:a1:a3:d8:2e:28:57:00:00:00:00:04:15Certificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

fe:eb:0a:2d:36:b5:13:67:70:80:24:b9:ff:64:b7:1e:a4:cf:6b:1d:18:13:ee:3b:43:67:09:86:78:14:86:a3Signer

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

ntdll

oleaut32

rpcrt4

ws2_32

kernel32

advapi32

shlwapi

ole32

Sections

.text Size: 108KB - Virtual size: 104KB

.rdata Size: 44KB - Virtual size: 42KB

.data Size: 4KB - Virtual size: 4KB

.pdata Size: 4KB - Virtual size: 3KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 592B

33:00:00:04:15:82:95:a1:a3:d8:2e:28:57:00:00:00:00:04:15
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

fe:eb:0a:2d:36:b5:13:67:70:80:24:b9:ff:64:b7:1e:a4:cf:6b:1d:18:13:ee:3b:43:67:09:86:78:14:86:a3
Signer

.text
Size: 108KB - Virtual size: 104KB

.rdata
Size: 44KB - Virtual size: 42KB

.data
Size: 4KB - Virtual size: 4KB

.pdata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 592B