SentryService[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

SentryService.exe
Size

5.6MB
MD5

0f53312319e9f546e8f9f0f2f837bc67
SHA1

3dbb745fcc6e90116826d12d506abd0fca5feab3
SHA256

1c1ed14c1c6086d9dc57be9e8f4adceee66ec6e0ddf90d0fad2ef273b9f78610
SHA512

6895b41e2fa95b5e1b5d84adfccd00e9b1fedecf81dd2d827b738edce22ec97c76eb785bd8a18e6e3176654c3912241dd623c3348236bc0884fa8c42c5e32a87
SSDEEP

98304:0ZpvbxNb7Ni0mkNX4brNSl6Y+/ZB6kp0G1K8Tnil5lGX9S2h7elf:0HbxN7NFN8NS7yp3nil5lGX9Sf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SentryService.exe

Files

SentryService.exe
.exe windows:5 windows x86

67cc9cc1bdfd0a16d0ed0deada914c0a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WaitForMultipleObjects
GetUserDefaultUILanguage
Thread32Next
GlobalFree
SuspendThread
TerminateThread
QueryPerformanceFrequency
QueryPerformanceCounter
OpenThread
GetPrivateProfileStringW
QueryDosDeviceW
GetCurrentProcessId
GetDriveTypeW
lstrcmpA
lstrcpyW
GetModuleHandleW
GetCurrentProcess
LoadLibraryW
OutputDebugStringA
ExpandEnvironmentStringsW
GetTimeFormatW
GetDateFormatW
FormatMessageW
FindResourceExW
GetSystemDirectoryW
CreateEventW
SetEvent
GetCurrentThreadId
GetStdHandle
DuplicateHandle
ExitProcess
GetSystemInfo
SystemTimeToTzSpecificLocalTime
GetWindowsDirectoryW
GetFileAttributesExW
GetComputerNameW
FlushFileBuffers
MapViewOfFile
CreateFileMappingW
GetSystemTimeAsFileTime
LockFileEx
CreateFileMappingA
UnlockFile
HeapCompact
WaitForSingleObjectEx
FlushViewOfFile
OutputDebugStringW
GetDiskFreeSpaceA
HeapValidate
UnmapViewOfFile
UnlockFileEx
SetEndOfFile
LockFile
GetDiskFreeSpaceW
InterlockedCompareExchange
HeapCreate
AreFileApisANSI
TryEnterCriticalSection
WritePrivateProfileStringW
MulDiv
ResumeThread
ResetEvent
ReleaseSemaphore
TlsAlloc
TlsGetValue
VerSetConditionMask
VerifyVersionInfoW
SetThreadPriority
GetThreadPriority
CreateSemaphoreA
CreateMutexA
PulseEvent
CreateEventA
GetLocaleInfoW
SetLastError
GlobalSize
GlobalLock
GlobalUnlock
GetModuleHandleA
LoadLibraryExW
lstrcmpiW
GetFileSizeEx
GlobalGetAtomNameW
TlsFree
GlobalReAlloc
GlobalHandle
LocalReAlloc
CompareStringW
EncodePointer
FreeResource
GlobalDeleteAtom
GlobalAddAtomW
GlobalFindAtomW
GlobalFlags
VirtualProtect
GetProfileIntW
SearchPathW
GetTempFileNameW
GetUserDefaultLCID
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetStringTypeW
SwitchToThread
GetCPInfo
LCMapStringW
RtlUnwind
VirtualQuery
GetFileType
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
GetConsoleMode
SetStdHandle
HeapQueryInformation
GetCommandLineA
VirtualAlloc
IsValidLocale
EnumSystemLocalesW
SetFilePointerEx
ReadConsoleW
GetConsoleCP
SetEnvironmentVariableA
SetEnvironmentVariableW
FindFirstFileExW
IsValidCodePage
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteConsoleW
Process32FirstW
GlobalAlloc
Process32NextW
CreateToolhelp32Snapshot
OpenProcess
GetVersionExW
TerminateProcess
GetVolumeInformationW
ReleaseMutex
WaitForSingleObject
CreateMutexW
lstrcmpW
MultiByteToWideChar
LocalAlloc
InterlockedDecrement
CreateProcessW
TlsSetValue
FreeLibrary
FindNextFileW
FindFirstFileW
LoadLibraryA
GetProcAddress
CreateFileW
GetVersionExA
GetTimeZoneInformation
GetFileSize
WriteFile
ReadFile
GetFileTime
CreateThread
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
SetFilePointer
FindClose
CreateDirectoryW
MoveFileA
MoveFileW
CreateFileA
GetFileAttributesW
GetFileAttributesA
SetFileAttributesW
SetFileAttributesA
CreateDirectoryA
DeleteFileA
DeleteFileW
CopyFileW
GetModuleFileNameW
GetTempPathA
WTSGetActiveConsoleSessionId
GetTempPathW
GetCurrentDirectoryW
GetCurrentDirectoryA
GetFullPathNameA
GetFullPathNameW
FileTimeToLocalFileTime
GetLocalTime
GetSystemTime
CompareFileTime
SystemTimeToFileTime
FileTimeToSystemTime
FormatMessageA
GetComputerNameA
GetOEMCP
GetACP
GetTickCount
LocalFree
GetNativeSystemInfo
CloseHandle
QueueUserWorkItem
WideCharToMultiByte
GetProcessHeap
DeleteCriticalSection
HeapDestroy
DecodePointer
HeapAlloc
FindResourceW
LoadResource
RaiseException
HeapReAlloc
LockResource
GetLastError
Sleep
HeapSize
InitializeCriticalSectionAndSpinCount
GetCommandLineW
HeapFree
Thread32First
SizeofResource

user32

GetKeyboardState
CreateAcceleratorTableW
DestroyAcceleratorTable
CopyAcceleratorTableW
SetRect
LockWindowUpdate
SetMenuDefaultItem
GetDoubleClickTime
ModifyMenuW
RegisterClipboardFormatW
CharUpperBuffW
IsClipboardFormatAvailable
GetUpdateRect
DrawMenuBar
DefFrameProcW
DefMDIChildProcW
TranslateMDISysAccel
SubtractRect
CreateMenu
GetWindowRgn
DestroyCursor
GetSystemMenu
IsZoomed
DrawFrameControl
DrawEdge
DrawStateW
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
SetParent
SetWindowRgn
SetClassLongW
EnumDisplayMonitors
SetLayeredWindowAttributes
LoadMenuW
GetKeyNameTextW
MapVirtualKeyW
GetMenuDefaultItem
CreatePopupMenu
NotifyWinEvent
InvertRect
HideCaret
EnableScrollBar
MessageBeep
GetIconInfo
DrawIconEx
IsRectEmpty
DrawFocusRect
WindowFromPoint
ReleaseCapture
SetCapture
GetNextDlgGroupItem
KillTimer
SetTimer
DeleteMenu
SetCursor
ShowOwnedPopups
LoadImageW
InvalidateRect
TrackMouseEvent
MapDialogRect
GetAsyncKeyState
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamW
PostQuitMessage
OffsetRect
SetRectEmpty
SendDlgItemMessageA
CopyImage
GetMenuItemInfoW
DestroyMenu
DestroyIcon
IntersectRect
InflateRect
RealChildWindowFromPoint
ToUnicodeEx
SetWindowTextW
CheckDlgButton
MoveWindow
GetMonitorInfoW
MonitorFromWindow
WinHelpW
GetScrollInfo
SetScrollInfo
LoadIconW
GetWindow
GetTopWindow
GetClassNameW
GetClassLongW
SetWindowLongW
PtInRect
EqualRect
CopyRect
MapWindowPoints
AdjustWindowRectEx
IsCharLowerW
RemovePropW
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
RedrawWindow
SetForegroundWindow
GetForegroundWindow
SetActiveWindow
UpdateWindow
TrackPopupMenu
SetMenu
GetMenu
GetCapture
SetFocus
GetDlgCtrlID
GetDlgItem
IsIconic
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
SetWindowPos
DestroyWindow
IsChild
IsMenu
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
CallWindowProcW
DefWindowProcW
GetMessageTime
GetMessagePos
RegisterWindowMessageW
CallNextHookEx
SetWindowsHookExW
GetCursorPos
ValidateRect
GetKeyState
GetActiveWindow
GetMessageW
LoadCursorW
GetSysColorBrush
GetWindowTextLengthW
FillRect
GetSysColor
ScreenToClient
ClientToScreen
GetKeyboardLayout
WaitMessage
IsDialogMessageW
MapVirtualKeyExW
EndPaint
BeginPaint
ReleaseDC
GetWindowDC
GetDC
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
CharUpperW
GetLastActivePopup
IsWindowEnabled
EnableWindow
LoadBitmapW
GetParent
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
GetFocus
UnhookWindowsHookEx
GetDesktopWindow
RemoveMenu
AppendMenuW
InsertMenuW
GetMenuItemCount
GetMenuItemID
GetSubMenu
GetMenuState
GetMenuStringW
SendMessageW
FindWindowA
PostMessageA
SystemParametersInfoW
ShowWindow
PostThreadMessageW
GetSystemMetrics
MessageBoxW
DispatchMessageW
PeekMessageW
TranslateMessage
GetWindowLongW
GetWindowThreadProcessId
PostMessageW
IsWindowVisible
IsWindow
GetWindowTextW
wsprintfW
GetComboBoxInfo
GetWindowRect
ReuseDDElParam
UnpackDDElParam
InsertMenuItemW
TranslateAcceleratorW
LoadAcceleratorsW
MonitorFromPoint
UpdateLayeredWindow
UnionRect
DrawIcon
FrameRect
CopyIcon
SetCursorPos
GetClientRect
BringWindowToTop

advapi32

SetEntriesInAclW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
CryptGetHashParam
CryptAcquireContextW
OpenServiceW
StartServiceW
ControlService
DeleteService
OpenSCManagerW
CloseServiceHandle
QueryServiceStatus
CreateServiceW
ReportEventW
RegisterEventSourceW
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerW
SetServiceStatus
DeregisterEventSource
RegQueryValueExW
RegOpenKeyExW
LookupAccountNameW
RegDeleteValueW
ConvertSidToStringSidW
CreateProcessAsUserW
FreeSid
RegCreateKeyExW
AllocateAndInitializeSid
RegEnumValueW
RegEnumKeyExW
RegDeleteKeyW
GetTokenInformation
OpenProcessToken
IsValidSid
GetSidSubAuthority
GetSidSubAuthorityCount
CryptGetUserKey
GetUserNameA
RegOpenKeyExA
RegCreateKeyExA
CryptAcquireContextA
CryptReleaseContext
CryptGenRandom
RegCloseKey
RegSetValueExA
RegSetValueExW
RegQueryValueExA
CryptExportKey
CryptDestroyKey
CryptHashData
CryptCreateHash
CryptEnumProvidersA
CryptGetProvParam

ole32

IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
OleGetClipboard
DoDragDrop
CreateStreamOnHGlobal
CoDisconnectObject
ReleaseStgMedium
OleDuplicateData
CoTaskMemAlloc
CoInitialize
CoSetProxyBlanket
CoCreateInstance
CoUninitialize
CoTaskMemFree
CoCreateGuid
CoInitializeEx
StringFromGUID2
OleLockRunning

crypt32

CryptEncryptMessage
CertGetNameStringW
CryptQueryObject
CertNameToStrW
CertFreeCertificateContext
CertSetCertificateContextProperty
CryptDecodeObject
CertGetCertificateContextProperty
CertDuplicateCertificateContext
CertCreateCertificateContext
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CertFindCertificateInStore
CertGetSubjectCertificateFromStore
CryptMsgControl
CryptMsgGetParam
CryptMsgClose
CryptMsgUpdate
CryptMsgOpenToDecode
CryptDecryptMessage
CryptEncodeObject

ws2_32

select
__WSAFDIsSet
closesocket
shutdown
WSAGetLastError
send
setsockopt
WSAStartup
ioctlsocket
recv
accept
getsockname
bind
gethostbyname
socket
connect
listen
htons
inet_addr
ntohs
inet_ntoa

msimg32

AlphaBlend
TransparentBlt

shlwapi

StrFormatKBSizeW
PathRemoveFileSpecW
PathFindFileNameW
PathFindExtensionW
PathStripToRootW
PathIsUNCW
UrlUnescapeW
PathFileExistsW

uxtheme

GetThemeSysColor
IsThemeBackgroundPartiallyTransparent
GetWindowTheme
GetThemePartSize
DrawThemeParentBackground
OpenThemeData
CloseThemeData
DrawThemeBackground
GetThemeColor
GetCurrentThemeName
DrawThemeText
IsAppThemed

psapi

GetProcessImageFileNameW
GetModuleFileNameExW

gdiplus

GdipDeleteGraphics
GdipDrawImageI
GdipBitmapLockBits
GdipGetImageGraphicsContext
GdipCreateBitmapFromHBITMAP
GdipCloneImage
GdiplusStartup
GdipFree
GdipAlloc
GdiplusShutdown
GdipDisposeImage
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromScan0
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePalette
GdipGetImagePaletteSize
GdipBitmapUnlockBits
GdipCreateBitmapFromStream

dbghelp

MiniDumpWriteDump

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

imm32

ImmReleaseContext
ImmGetOpenStatus
ImmGetContext

winmm

PlaySoundW

gdi32

GetTextFaceW
CopyMetaFileW
CreateDCW
GetDeviceCaps
CreateBitmap
BitBlt
CreateCompatibleDC
CreateHatchBrush
CreatePen
CreatePatternBrush
CreateRectRgn
CreateSolidBrush
DeleteObject
Escape
ExcludeClipRect
GetClipBox
GetObjectType
GetPixel
GetStockObject
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
LineTo
PtVisible
RectVisible
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectObject
SelectPalette
SetBkColor
SetBkMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetTextColor
SetTextAlign
GetObjectW
MoveToEx
TextOutW
ExtTextOutW
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CombineRgn
CreateFontIndirectW
CreateRectRgnIndirect
PatBlt
SetRectRgn
DPtoLP
GetTextExtentPoint32W
GetTextMetricsW
EnumFontFamiliesExW
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
RealizePalette
GetBkColor
CreateCompatibleBitmap
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
GetViewportOrgEx
GetWindowOrgEx
SetPixelV
SetPaletteEntries
ExtFloodFill
PtInRegion
SetPixel
StretchBlt
CreateDIBSection
GetBoundsRect
FrameRgn
FillRgn
RoundRect
OffsetRgn
GetRgnBox
Rectangle
LPtoDP
CreateRoundRectRgn
Polyline
Polygon
CreatePolygonRgn
GetTextColor
Ellipse
CreateEllipticRgn
DeleteDC
SetDIBColorTable

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

shell32

SHGetDesktopFolder
DragQueryFileW
DragFinish
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetFileInfoW
SHBrowseForFolderW
SHAppBarMessage
ShellExecuteW

oleaut32

LoadTypeLi
VarBstrFromDate
VariantClear
SysAllocString
SysFreeString
VariantTimeToSystemTime
SystemTimeToVariantTime
VarUdateFromDate
VariantInit
VariantCopy
VariantChangeType
SysAllocStringLen
SysStringLen

wininet

HttpQueryInfoW
InternetOpenW
InternetOpenUrlW
InternetGetLastResponseInfoW
InternetReadFile
InternetCloseHandle
DeleteUrlCacheEntryW
InternetSetFilePointer
InternetOpenA
InternetConnectW
HttpOpenRequestW
HttpAddRequestHeadersW
HttpSendRequestW
InternetWriteFile
FtpPutFileW
FtpOpenFileW
FtpCreateDirectoryW
FtpSetCurrentDirectoryW
FtpCommandW
InternetSetStatusCallbackW
InternetQueryDataAvailable
InternetSetOptionW
InternetCanonicalizeUrlW
InternetCrackUrlW
FtpGetFileSize

wtsapi32

WTSFreeMemory
WTSQueryUserToken
WTSEnumerateSessionsW
WTSQuerySessionInformationW

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

winhttp

WinHttpOpenRequest
WinHttpCloseHandle
WinHttpSendRequest
WinHttpConnect
WinHttpReceiveResponse
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpOpen

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

Sections

.text
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 342KB - Virtual size: 379KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 230KB - Virtual size: 229KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

67cc9cc1bdfd0a16d0ed0deada914c0a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

crypt32

ws2_32

msimg32

shlwapi

uxtheme

psapi

gdiplus

dbghelp

oleacc

imm32

winmm

gdi32

winspool.drv

shell32

oleaut32

wininet

wtsapi32

userenv

winhttp

version

Sections

.text Size: 3.5MB - Virtual size: 3.5MB

.rdata Size: 1.4MB - Virtual size: 1.4MB

.data Size: 342KB - Virtual size: 379KB

.rsrc Size: 93KB - Virtual size: 92KB

.reloc Size: 230KB - Virtual size: 229KB

.text
Size: 3.5MB - Virtual size: 3.5MB

.rdata
Size: 1.4MB - Virtual size: 1.4MB

.data
Size: 342KB - Virtual size: 379KB

.rsrc
Size: 93KB - Virtual size: 92KB

.reloc
Size: 230KB - Virtual size: 229KB