CompatTelRunner[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

CompatTelRunner.exe
Size

273KB
MD5

cc3c745453e03afd9a03e50a504c0576
SHA1

86214f7f3a8ac4b824c23ef54f65d60ec5bc8618
SHA256

6982f534dbc752aa46c9fb4aa4e945ed6dbaa0171ec43d783da4b3c48aa609b6
SHA512

069587968fb6127c0b97199f55fe2f12255aa680957aa79bc01bcd2a38976567735d770ec8df9b2fb83dfe605cbad1427b1c1b9a0246db2f65e92337ac6d3297
SSDEEP

6144:v3DGWokKenPBg5YGnsMZFEAqdSBOt89z5:vyWo/QPBtQz/Z0A

Score

1^/10

Malware Config

Signatures

Files

CompatTelRunner.exe
.exe windows:10 windows x64 arch:x64

0e540a4e6f888d50854655d4e750cfa0

Code Sign

33:00:00:05:00:27:d6:32:6f:43:73:7b:87:00:00:00:00:05:00
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/02/2023, 20:11

Not After

31/01/2024, 20:11

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7c:8b:c9:1a:89:76:17:b3:72:65:df:89:c9:4f:55:03:51:51:a9:ec:46:a3:34:84:01:7a:37:1a:1e:fd:23:63
Signer

Actual PE Digest

7c:8b:c9:1a:89:76:17:b3:72:65:df:89:c9:4f:55:03:51:51:a9:ec:46:a3:34:84:01:7a:37:1a:1e:fd:23:63

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

__dllonexit
_onexit
_unlock
_lock
_commode
_fmode
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
memmove
memcpy
_CxxThrowException
?terminate@@YAXXZ
?what@exception@@UEBAPEBDXZ
??1type_info@@UEAA@XZ
wcschr
_wtoi
??0exception@@QEAA@AEBQEBDH@Z
_wtof
wcsrchr
_wcsnicmp
__CxxFrameHandler3
sscanf_s
wcsstr
??_V@YAXPEAX@Z
iswdigit
_wtoi64
??0exception@@QEAA@AEBQEBD@Z
strchr
wcsncmp
_vsnprintf
_stricmp
sprintf_s
_wcsicmp
memmove_s
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
_callnewh
malloc
??1exception@@UEAA@XZ
strcpy_s
_purecall
??3@YAXPEAX@Z
wcscpy_s
wcscat_s
memcpy_s
_vsnwprintf
_wcslwr
strncmp
memcmp
memset
wcscmp

ntdll

RtlVerifyVersionInfo
LdrResSearchResource
ZwMapViewOfSection
ZwUnmapViewOfSection
ZwQuerySystemInformation
RtlGetNativeSystemInformation
RtlUpcaseUnicodeChar
RtlAnsiStringToUnicodeString
RtlxAnsiStringToUnicodeSize
EtwEventRegister
EtwEventWrite
EtwEventUnregister
ZwCreateSection
ZwQueryInformationFile
ZwCreateFile
RtlAppendUnicodeToString
RtlAppendUnicodeStringToString
ZwQueryValueKey
RtlImageDirectoryEntryToData
ZwEnumerateKey
ZwOpenKey
RtlFreeUnicodeString
RtlDosPathNameToNtPathName_U_WithStatus
ZwClose
RtlLeaveCriticalSection
RtlFreeHeap
RtlInitializeCriticalSection
RtlMultiByteToUnicodeN
RtlInitAnsiString
RtlEnterCriticalSection
RtlEqualString
RtlAllocateHeap
RtlDeleteCriticalSection
NtCreateEvent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlAllocateAndInitializeSid
RtlNtStatusToDosError
RtlFreeSid
VerSetConditionMask
WinSqmIsOptedInEx
RtlInitUnicodeString
LdrGetDllHandle
RtlInitString
LdrGetProcedureAddress
RtlDosPathNameToRelativeNtPathName_U_WithStatus
NtCreateFile
NtQueryInformationFile
NtClose
RtlInitUnicodeStringEx

rpcrt4

UuidCreate

ws2_32

WSAGetLastError
getaddrinfo
freeaddrinfo
WSACleanup
WSAStartup
gethostname

aepic

ord108
ord100
ord102
ord103
ord101
ord109
ord104
ord105
ord106
ord107

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetModuleHandleExA
GetModuleHandleExW
GetProcAddress
LoadLibraryExW
GetModuleFileNameW
GetModuleFileNameA
GetModuleHandleW

api-ms-win-core-synch-l1-1-0

CreateMutexW
CreateSemaphoreExW
AcquireSRWLockShared
DeleteCriticalSection
EnterCriticalSection
ReleaseSemaphore
CreateEventW
SetEvent
InitializeCriticalSectionEx
OpenWaitableTimerW
WaitForSingleObject
CreateMutexExW
ReleaseMutex
SetWaitableTimer
CreateEventA
ReleaseSRWLockExclusive
InitializeSRWLock
TryAcquireSRWLockExclusive
AcquireSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
LeaveCriticalSection
ReleaseSRWLockShared

api-ms-win-core-heap-l1-1-0

HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
SetLastError
GetLastError
UnhandledExceptionFilter

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CreateThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentProcessId
GetExitCodeProcess
CreateProcessW
SetPriorityClass
GetCurrentThreadId
TerminateProcess
ExitProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringA
IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-sysinfo-l1-1-0

GetSystemTime
GetSystemTimeAsFileTime
GetSystemDirectoryA
GetSystemDirectoryW
GetTickCount64
GetTickCount

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventWriteTransfer
EventSetInformation
EventRegister

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW
LoadLibraryA

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegQueryInfoKeyW
RegEnumKeyExW
RegEnumValueW
RegDeleteTreeW
RegDeleteValueW
RegGetValueW
RegCloseKey

api-ms-win-core-heap-l2-1-0

LocalFree
GlobalFree

api-ms-win-core-synch-ansi-l1-1-0

CreateSemaphoreA
CreateWaitableTimerA

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects
CreateSemaphoreW
CreateWaitableTimerW

api-ms-win-security-base-l1-1-0

InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RevertToSelf
ImpersonateLoggedOnUser

api-ms-win-security-provider-l1-1-0

SetEntriesInAclW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpA

api-ms-win-core-synch-l1-2-0

Sleep
SignalObjectAndWait

api-ms-win-core-memory-l1-1-1

SetProcessWorkingSetSizeEx

api-ms-win-core-memory-l1-1-0

MapViewOfFile
CreateFileMappingW
OpenFileMappingW
UnmapViewOfFile

api-ms-win-core-registry-l2-1-0

RegOpenKeyW

api-ms-win-core-version-l1-1-0

VerQueryValueW

api-ms-win-core-version-l1-1-1

GetFileVersionInfoW
GetFileVersionInfoSizeW

api-ms-win-core-file-l1-1-0

GetFileAttributesW
GetFileTime
WriteFile
CreateFileW

api-ms-win-core-kernel32-legacy-l1-1-0

GetSystemPowerStatus
WTSGetActiveConsoleSessionId

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

winhttp

WinHttpReadData
WinHttpQueryDataAvailable
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpSetCredentials
WinHttpQueryAuthSchemes
WinHttpSetOption
WinHttpGetDefaultProxyConfiguration
WinHttpGetProxyForUrl
WinHttpGetIEProxyConfigForCurrentUser
WinHttpConnect
WinHttpOpen
WinHttpOpenRequest
WinHttpCloseHandle

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-security-credentials-l1-1-0

CredFree
CredReadW

api-ms-win-core-com-l1-1-0

CoUninitialize
CoInitializeEx
CoCreateInstance

oleaut32

SysFreeString
SysStringLen
SysAllocString

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrCmpNA

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 176KB - Virtual size: 172KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0e540a4e6f888d50854655d4e750cfa0

Code Sign

33:00:00:05:00:27:d6:32:6f:43:73:7b:87:00:00:00:00:05:00Certificate

Extended Key Usages

61:0c:52:4c:00:00:00:00:00:03Certificate

Key Usages

7c:8b:c9:1a:89:76:17:b3:72:65:df:89:c9:4f:55:03:51:51:a9:ec:46:a3:34:84:01:7a:37:1a:1e:fd:23:63Signer

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

ntdll

rpcrt4

ws2_32

aepic

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-kernel32-legacy-l1-1-1

api-ms-win-core-registry-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-synch-ansi-l1-1-0

api-ms-win-core-synch-l1-2-1

api-ms-win-security-base-l1-1-0

api-ms-win-security-provider-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-memory-l1-1-1

api-ms-win-core-memory-l1-1-0

api-ms-win-core-registry-l2-1-0

api-ms-win-core-version-l1-1-0

api-ms-win-core-version-l1-1-1

api-ms-win-core-file-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-registry-l1-1-1

api-ms-win-core-timezone-l1-1-0

winhttp

api-ms-win-core-string-l1-1-0

api-ms-win-security-credentials-l1-1-0

api-ms-win-core-com-l1-1-0

oleaut32

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-shlwapi-obsolete-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Sections

.text Size: 176KB - Virtual size: 172KB

.rdata Size: 60KB - Virtual size: 60KB

.data Size: 4KB - Virtual size: 4KB

.pdata Size: 8KB - Virtual size: 6KB

.didat Size: 4KB - Virtual size: 32B

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 888B

33:00:00:05:00:27:d6:32:6f:43:73:7b:87:00:00:00:00:05:00
Certificate

61:0c:52:4c:00:00:00:00:00:03
Certificate

7c:8b:c9:1a:89:76:17:b3:72:65:df:89:c9:4f:55:03:51:51:a9:ec:46:a3:34:84:01:7a:37:1a:1e:fd:23:63
Signer

.text
Size: 176KB - Virtual size: 172KB

.rdata
Size: 60KB - Virtual size: 60KB

.data
Size: 4KB - Virtual size: 4KB

.pdata
Size: 8KB - Virtual size: 6KB

.didat
Size: 4KB - Virtual size: 32B

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 888B