SentinelOne[.]exe[.]7z

Sharing

Copy URL

Twitter E-mail

General

Target

SentinelOne.exe.7z
Size

730KB
MD5

b7f8bf75e08055bf67d5f037bd74b2e0
SHA1

5999a12991ff14f003ceb7d38a53c93c4e7314c7
SHA256

9c35feff7a7536dd0d509810f2b91c98c9f189abbd57c2dde09c3fad6468cc23
SHA512

0eb6107564a7f557f5fa7fe7d63ac31931a057d86f8f0c3058997d7014f3a3f8b29f008491c577ccd50b27a76ed92315d619f57ee0e6bb6672dfeef323d60f99
SSDEEP

12288:R52gvmH6HlcEWHMArjehgKE8C+uCTv8/cCnxdviZs4TNeuU2QpkRnM8ZzNrt1Hmz:R52QHlcRMkeL7bunxdvC0SQpkRZt1HCR

Score

1^/10

Malware Config

Signatures

Files

SentinelOne.exe.7z
.7z

Password: infected
SentinelOne.exe
.exe windows:5 windows x86 arch:x86

Password: infected

4a9ba3a4d89ba59ce8649e532f6e115a

Code Sign

04:5b:d7:bd:e9:5f:97:12
Certificate

Issuer

CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

09-10-2020 11:32

Not After

09-10-2021 11:32

Subject

CN=JetBrains s.r.o.,O=JetBrains s.r.o.,L=Praha 4,C=CZ

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

07
Certificate

Issuer

CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

03-05-2011 07:00

Not After

03-05-2031 07:00

Subject

CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13-04-2011 10:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24-05-2016 00:00

Not After

24-06-2027 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:5b:d7:bd:e9:5f:97:12
Certificate

Issuer

CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

09-10-2020 11:32

Not After

09-10-2021 11:32

Subject

CN=JetBrains s.r.o.,O=JetBrains s.r.o.,L=Praha 4,C=CZ

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

07
Certificate

Issuer

CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

03-05-2011 07:00

Not After

03-05-2031 07:00

Subject

CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13-04-2011 10:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24-05-2016 00:00

Not After

24-06-2027 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

ad:5b:57:84:f9:c2:3a:23:1c:69:2a:10:7f:36:70:8b:d7:77:07:cc:f3:84:31:e1:dd:f3:25:2a:5c:f2:58:23
Signer

Actual PE Digest

ad:5b:57:84:f9:c2:3a:23:1c:69:2a:10:7f:36:70:8b:d7:77:07:cc:f3:84:31:e1:dd:f3:25:2a:5c:f2:58:23

Digest Algorithm

sha256

PE Digest Matches

false

c4:fb:72:6d:fa:9a:43:fe:b8:86:69:5f:0d:0d:ea:39:4a:6e:34:94
Signer

Actual PE Digest

c4:fb:72:6d:fa:9a:43:fe:b8:86:69:5f:0d:0d:ea:39:4a:6e:34:94

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\vmagent_new\bin\joblist\766812\out\Release\PopTip.pdb

Imports

kernel32

GetPrivateProfileStringW
SystemTimeToFileTime
MultiByteToWideChar
WideCharToMultiByte
GetUserDefaultUILanguage
GetTempFileNameW
GetTempPathW
GlobalAlloc
GlobalFree
MulDiv
FormatMessageW
SetCurrentDirectoryW
CreateDirectoryW
GetStartupInfoW
CompareFileTime
RaiseException
CreateRemoteThread
FlushInstructionCache
GetSystemTimeAsFileTime
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
SetErrorMode
GetSystemInfo
OpenProcess
ProcessIdToSessionId
CreateProcessW
GetExitCodeThread
GetCurrentThreadId
RtlUnwind
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
lstrcmpiW
ReleaseSemaphore
LocalFree
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetThreadPriority
SetThreadPriority
SignalObjectAndWait
CreateTimerQueue
lstrcmpiA
lstrcmpA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
OpenThread
HeapWalk
HeapUnlock
HeapLock
SetFilePointerEx
GetFileSizeEx
LocalFileTimeToFileTime
CreateFileA
CompareStringW
TryEnterCriticalSection
QueryPerformanceCounter
GetCurrentThread
SwitchToThread
WaitForSingleObjectEx
DuplicateHandle
LCMapStringW
GetStringTypeW
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
OutputDebugStringW
IsDebuggerPresent
LocalAlloc
LoadLibraryW
FindResourceW
SizeofResource
LockResource
CreateSemaphoreW
LoadResource
CreateThread
GetExitCodeProcess
TerminateProcess
GetCurrentProcessId
GetCurrentProcess
Sleep
CreateEventW
CreateMutexW
WaitForSingleObject
ReleaseMutex
LoadLibraryExW
GetProcAddress
GetModuleHandleExW
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameW
FreeResource
FreeLibrary
FindResourceExW
GetVersionExW
GetSystemWindowsDirectoryW
GetSystemDirectoryW
GetTickCount
GetVersion
VirtualProtect
ResetEvent
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
DeviceIoControl
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
SetLastError
GetLastError
CloseHandle
WriteFile
ReadFile
GetShortPathNameW
GetFileSize
GetFileAttributesW
DeleteFileW
CreateFileW
ExitProcess

user32

LoadStringW
PostQuitMessage
MoveWindow
SwitchToThisWindow
LoadImageW
ClientToScreen
LoadCursorW
FindWindowW
GetParent
SetClassLongW
GetClassLongW
SetWindowLongW
GetWindowLongW
PtInRect
IsRectEmpty
CopyRect
SetRectEmpty
ScreenToClient
SetCursor
SetForegroundWindow
DrawTextW
IsWindowEnabled
EnableWindow
KillTimer
SetTimer
GetWindowPlacement
SetWindowPos
ShowWindow
DestroyWindow
CreateWindowExW
GetClassInfoExW
RegisterClassExW
UnregisterClassW
CallWindowProcW
DefWindowProcW
SendMessageTimeoutW
SendMessageW
LockSetForegroundWindow
GetMessagePos
RegisterWindowMessageW
WaitForInputIdle
GetClientRect
InvalidateRect
GetMonitorInfoW
MonitorFromRect
OffsetRect
GetWindowRect
ReleaseDC
GetWindowDC
GetDC
IsWindowVisible
GetWindowThreadProcessId
GetMessageW
TranslateMessage
DispatchMessageW
PeekMessageW
BringWindowToTop
CharNextW
UpdateLayeredWindow
GetCursorPos
PostMessageW
GetSystemMetrics
IsWindow

gdi32

GetPixel
CreateFontW
CreateDIBSection
SelectObject
GetStockObject
DeleteObject
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
GetTextMetricsW
GetObjectA
GetObjectW
SetViewportOrgEx
GetDeviceCaps
CreateRectRgnIndirect

advapi32

ConvertSidToStringSidW
CryptReleaseContext
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
GetTokenInformation
GetSidSubAuthority
OpenProcessToken
RegCreateKeyA
RegQueryInfoKeyW
RegQueryValueExA
CryptAcquireContextA
CryptGenRandom
RegEnumKeyExA
RegOpenKeyExA

shell32

ord680
SHGetFolderPathW
SHGetSpecialFolderPathW
ord165

ole32

CoTaskMemFree
CoUninitialize
CoInitialize
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CreateStreamOnHGlobal

oleaut32

DispCallFunc
SafeArrayPutElement
VarUI4FromStr
VarBstrCmp
VariantCopy
SafeArrayGetVartype
SafeArrayCopy
SafeArrayUnlock
SafeArrayLock
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayDestroy
SafeArrayCreate
SysAllocStringByteLen
SysStringByteLen
VariantClear
VariantInit
SysFreeString
SysAllocString

shlwapi

SHDeleteValueA
ColorHLSToRGB
SHGetValueW
SHSetValueW
ord437
ColorRGBToHLS
StrStrIA
StrStrIW
StrCmpIW
wnsprintfW
PathAddBackslashW
PathAppendW
PathCombineW
PathFileExistsW
PathFindFileNameW
PathRemoveFileSpecW
SHGetValueA
SHSetValueA

gdiplus

GdipResetClip
GdipCreateFontFromLogfontA
GdipDeleteFont
GdipGetFontHeight
GdipCreateFontFromDC
GdipCreateFont
GdipDeleteFontFamily
GdipCloneFontFamily
GdipNewPrivateFontCollection
GdipDeletePrivateFontCollection
GdipGetFontCollectionFamilyList
GdipSetStringFormatLineAlign
GdipSetClipRectI
GdipFillRectangle
GdipDrawEllipseI
GdipDrawRectangleI
GdipDrawLineI
GdipDrawLine
GdipRotateWorldTransform
GdipSetStringFormatAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdipMeasureString
GdipDrawString
GdipPrivateAddMemoryFont
GdipTranslateWorldTransform
GdipResetWorldTransform
GdipSetTextRenderingHint
GdipGetPixelOffsetMode
GdipGetSmoothingMode
GdipCreateFromHWND
GdipCreateFromHDC
GdipBitmapGetPixel
GdipSetPenDashOffset
GdipSetPenDashStyle
GdipSetPenWidth
GdipCreatePen1
GdipSetLinePresetBlend
GdipCreateLineBrushFromRectI
GdipCreateLineBrushFromRect
GdipAddPathEllipseI
GdipAddPathRectangleI
GdipAddPathArcI
GdipAddPathLineI
GdipClosePathFigure
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipDrawImageRectRectI
GdipDrawImagePointRectI
GdipDrawImageRectI
GdipFillPath
GdipFillRectangleI
GdipDrawPath
GdipSetInterpolationMode
GdipSetPixelOffsetMode
GdipSetSmoothingMode
GdipDeleteGraphics
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdipCreateBitmapFromStream
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipSaveImageToFile
GdipDisposeImage
GdipCloneImage
GdipDeletePen
GdipCreatePen2
GdipSetPathGradientGammaCorrection
GdipResetPath
GdipGetPathGradientPointCount
GdipSetPathGradientCenterPoint
GdipSetPathGradientSurroundColorsWithCount
GdipSetPathGradientCenterColor
GdipCreatePathGradientFromPath
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdipGetPathWorldBoundsI
GdipAddPathPie
GdipAddPathArc
GdipAddPathLine2
GdipAddPathLine
GdipDeletePath
GdipCreatePath
GdipFree
GdipAlloc
GdipBitmapSetPixel

ntdll

RtlDllShutdownInProgress

psapi

GetModuleFileNameExW

imm32

ImmDisableIME

wininet

InternetGetConnectedState
InternetCrackUrlA

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

userenv

GetUserProfileDirectoryW

dnsapi

DnsFree
DnsQuery_A

ws2_32

inet_ntoa
htons
htonl
ntohl
ntohs

msvcrt

_CIsqrt
floor
_wtoi
realloc
wcstoul
srand
rand
_atoi64
strpbrk
wcsftime
_mbscspn
_mbsicmp
_mbsspn
modf
_mktime64
??0exception@@QAE@XZ
_CIcos
__RTDynamicCast
_wtoi64
__p___argc
__p___wargv
__uncaught_exception
___mb_cur_max_func
__pctype_func
___lc_codepage_func
___lc_handle_func
_wfsopen
atoi
??3@YAXPAX@Z
memcmp
_amsg_exit
__wgetmainargs
__setusermatherr
_initterm
__p__commode
_strlwr
strncat
strncpy
isprint
_CIexp
__CxxFrameHandler
__DestructExceptionObject
iswctype
_wcslwr
_iob
_gmtime64
memset
_lseeki64
_lock
_unlock
_ismbblead
_wcstoui64
memmove
fwrite
_msize
__set_app_type
_wcmdln
_control87
_XcptFilter
_fmode
_isatty
_fileno
mbtowc
strrchr
memcpy
_CIlog10
ceil
_clearfp
?terminate@@YAXXZ
_CIsin
memchr
_CxxThrowException
_CIpow
localeconv
setlocale
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@ABQBD@Z
_time64
_beginthreadex
ldexp
frexp
ungetc
setvbuf
fseek
fsetpos
fgetpos
fgetc
fflush
fclose
_ismbcspace
strcspn
_wcsnicmp
_wcsicmp
wcsspn
wcscspn
wcsstr
wcschr
strchr
tolower
isspace
isdigit
strtol
strtod
abort
wcstol
malloc
free
calloc
_errno
??_V@YAXPAX@Z
??_U@YAPAXI@Z
??2@YAPAXI@Z
fputc
fread

msvcp60

_Tolower
_Toupper
_Mbrtowc
_Wcrtomb
_Getctype
_Getcoll

Sections

.text
Size: 917KB - Virtual size: 920KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 202KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 292KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 567KB - Virtual size: 566KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

4a9ba3a4d89ba59ce8649e532f6e115a

Code Sign

04:5b:d7:bd:e9:5f:97:12Certificate

Extended Key Usages

Key Usages

07Certificate

Key Usages

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14Certificate

Extended Key Usages

Key Usages

04:5b:d7:bd:e9:5f:97:12Certificate

Extended Key Usages

Key Usages

07Certificate

Key Usages

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14Certificate

Extended Key Usages

Key Usages

ad:5b:57:84:f9:c2:3a:23:1c:69:2a:10:7f:36:70:8b:d7:77:07:cc:f3:84:31:e1:dd:f3:25:2a:5c:f2:58:23Signer

c4:fb:72:6d:fa:9a:43:fe:b8:86:69:5f:0d:0d:ea:39:4a:6e:34:94Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

gdiplus

ntdll

psapi

imm32

wininet

version

userenv

dnsapi

ws2_32

msvcrt

msvcp60

Sections

.text Size: 917KB - Virtual size: 920KB

.rdata Size: 202KB - Virtual size: 204KB

.data Size: 22KB - Virtual size: 292KB

.rsrc Size: 567KB - Virtual size: 566KB

04:5b:d7:bd:e9:5f:97:12
Certificate

07
Certificate

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

04:5b:d7:bd:e9:5f:97:12
Certificate

07
Certificate

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

ad:5b:57:84:f9:c2:3a:23:1c:69:2a:10:7f:36:70:8b:d7:77:07:cc:f3:84:31:e1:dd:f3:25:2a:5c:f2:58:23
Signer

c4:fb:72:6d:fa:9a:43:fe:b8:86:69:5f:0d:0d:ea:39:4a:6e:34:94
Signer

.text
Size: 917KB - Virtual size: 920KB

.rdata
Size: 202KB - Virtual size: 204KB

.data
Size: 22KB - Virtual size: 292KB

.rsrc
Size: 567KB - Virtual size: 566KB