config[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

config.exe
Size

191KB
MD5

3147352b2c4365d6830fc8c3733dedcc
SHA1

1cd57b19a07315a3c4aab8381ac6353efab9a57b
SHA256

5141b62b3b9f05161e8e6c6e0b8241a81e922404ca2ef8d4bb1698dafd936a4d
SHA512

2b7382a2271cae0f305b9dd7f69736a31468edd14382d4e79286043e63f3cc48ef54583530678b431bfb7df34553f6a24f6177145f04e301a5d4ef9b1e98158c
SSDEEP

3072:rzPjEcOky57lHVKkJJQW1uNCclqAUIqlKznzHdRy9WsPqlq0rujqf+6opt:rzPjnty57lH8K716lh8hzqfrO

Score

1^/10

Malware Config

Signatures

Files

config.exe
.exe windows:6 windows x64 arch:x64

31186e46085d34874c3dfdd4c5ff3a97

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

21:a0:d4:ab:de:96:3e:42:2c:13:de:1e:aa:1f:54:bb
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

18/05/2022, 00:00

Not After

17/05/2025, 23:59

Subject

CN=Jean-Herve Lescop,O=Jean-Herve Lescop,ST=Île-de-France,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

35:a1:2e:88:5c:77:c4:bb:a3:89:49:f8:ed:0b:88:04:ad:4e:bc:5b:bd:51:e9:be:94:57:56:1c:a5:61:e5:47
Signer

Actual PE Digest

35:a1:2e:88:5c:77:c4:bb:a3:89:49:f8:ed:0b:88:04:ad:4e:bc:5b:bd:51:e9:be:94:57:56:1c:a5:61:e5:47

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

shell32

SHCreateDirectoryExW
ShellExecuteW
SHGetFolderPathW

kernel32

CreateProcessW
GetCurrentThread
GetCurrentProcess
HeapAlloc
GetProcessHeap
HeapFree
GetComputerNameW
GetLocalTime
SystemTimeToFileTime
FileTimeToSystemTime
CreateToolhelp32Snapshot
Process32FirstW
OpenProcess
TerminateProcess
Process32NextW
ExitProcess
LoadLibraryExW
FindResourceW
FreeLibrary
GetFileTime
GetFileSize
SetFileTime
GetFileAttributesW
GetModuleFileNameW
OpenMutexW
CloseHandle
GetComputerNameA
CopyFileW
GetSystemTime
GetFileAttributesExW
MultiByteToWideChar
HeapDestroy
HeapSize
HeapReAlloc
SizeofResource
LockResource
LoadResource
FindResourceExW
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
WriteConsoleW
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
SetFilePointerEx
GetStringTypeW
SetStdHandle
GetLastError
WriteFile
CreateFileW
FindClose
FindNextFileW
SetFileAttributesW
FindFirstFileW
LCMapStringW
CreateMutexW
FreeEnvironmentStringsW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetStdHandle
GetEnvironmentStringsW
WideCharToMultiByte
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
GetFileType
IsDebuggerPresent
OutputDebugStringW
RaiseException
EnterCriticalSection
LeaveCriticalSection
LocalFree
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
SetLastError
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetProcAddress
GetCommandLineA
GetCommandLineW
GetModuleHandleExW

user32

PostQuitMessage
wsprintfA
DefWindowProcW
RegisterClassExW
CreateWindowExW
SetTimer
DispatchMessageW
TranslateMessage
GetMessageW

advapi32

RegCloseKey
RegCreateKeyW
RegCreateKeyA
RegOpenKeyExW
RegSetValueExW
RegDeleteValueW
RegCreateKeyExW
LookupAccountSidW
GetTokenInformation
OpenProcessToken
OpenThreadToken

ole32

CoCreateInstance
CoInitialize

oleaut32

SysAllocString
VariantClear
VariantInit
SysFreeString
SysAllocStringLen

shlwapi

PathAppendW

psapi

GetModuleFileNameExW

version

VerQueryValueA
GetFileVersionInfoW
GetFileVersionInfoSizeW

wtsapi32

WTSRegisterSessionNotification

Sections

.text
Size: 118KB - Virtual size: 117KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

31186e46085d34874c3dfdd4c5ff3a97

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

21:a0:d4:ab:de:96:3e:42:2c:13:de:1e:aa:1f:54:bbCertificate

Extended Key Usages

Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

35:a1:2e:88:5c:77:c4:bb:a3:89:49:f8:ed:0b:88:04:ad:4e:bc:5b:bd:51:e9:be:94:57:56:1c:a5:61:e5:47Signer

Headers

DLL Characteristics

File Characteristics

Imports

shell32

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

psapi

version

wtsapi32

Sections

.text Size: 118KB - Virtual size: 117KB

.rdata Size: 51KB - Virtual size: 51KB

.data Size: 3KB - Virtual size: 8KB

.pdata Size: 6KB - Virtual size: 5KB

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 512B - Virtual size: 480B

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

21:a0:d4:ab:de:96:3e:42:2c:13:de:1e:aa:1f:54:bb
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

35:a1:2e:88:5c:77:c4:bb:a3:89:49:f8:ed:0b:88:04:ad:4e:bc:5b:bd:51:e9:be:94:57:56:1c:a5:61:e5:47
Signer

.text
Size: 118KB - Virtual size: 117KB

.rdata
Size: 51KB - Virtual size: 51KB

.data
Size: 3KB - Virtual size: 8KB

.pdata
Size: 6KB - Virtual size: 5KB

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 512B - Virtual size: 480B