sgagent[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

sgagent.exe
Size

615KB
MD5

6f3932653bbbc892edceb5bcc86d65dd
SHA1

da49d286472eeec6c551302d88a60495e742980a
SHA256

4ac517b663fff768922ca9ab5e8cb385610b4f1b7d97ee4a0281afaa931be964
SHA512

b841d297c82e2c2508d34891d19617ee60cefae27f51b8b06e37f49e3db40999257fb1cf968c72fcc9ab50f6158aa0275a7ed1801219be3e43ca585994caf3bb
SSDEEP

12288:CPd1SBbznWvLA7cDr2oiYVvYcpfOVXTxAlLqfYcOJDRagLJfpzd54mJpyJ:CPLozn57cDr2tYVvYcpqAlLwYbRagLZm

Score

1^/10

Malware Config

Signatures

Files

sgagent.exe
.exe windows:4 windows x86 arch:x86

630ad8d28a1c209d40fa3ea3fabc0e51

Code Sign

01:ea:62:e4:43:cb:22:50:c8:70:ff:6b:b1:3b:a9:8e
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

14/01/2020, 00:00

Not After

20/01/2021, 12:00

Subject

CN=Tencent Technology(Shenzhen) Company Limited,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:6e:de:36:46:25:fc:c0:ef:95:5e:52:d2:f2:d2:b2
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

13/01/2020, 00:00

Not After

20/01/2021, 12:00

Subject

CN=Tencent Technology(Shenzhen) Company Limited,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

66:11:21:f5:8a:d7:86:b9:d6:c8:3f:2e:44:5f:a3:55:2d:09:27:84:2a:27:56:29:ed:02:d5:ed:79:d3:f1:2a
Signer

Actual PE Digest

66:11:21:f5:8a:d7:86:b9:d6:c8:3f:2e:44:5f:a3:55:2d:09:27:84:2a:27:56:29:ed:02:d5:ed:79:d3:f1:2a

Digest Algorithm

sha256

PE Digest Matches

true

bb:08:fe:3f:d6:2e:78:e3:23:96:cb:03:75:32:7a:39:3c:21:8d:b1
Signer

Actual PE Digest

bb:08:fe:3f:d6:2e:78:e3:23:96:cb:03:75:32:7a:39:3c:21:8d:b1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

ChangeServiceConfig2A
CloseServiceHandle
ControlService
CreateServiceA
DeleteService
OpenSCManagerA
OpenServiceA
RegisterServiceCtrlHandlerA
SetServiceStatus
StartServiceA
StartServiceCtrlDispatcherA

iphlpapi

GetAdaptersInfo

kernel32

AddAtomA
CloseHandle
CreateDirectoryA
CreateEventA
CreateFileA
CreateMutexA
CreateSemaphoreA
DeleteCriticalSection
DeleteFileA
DuplicateHandle
EnterCriticalSection
ExitProcess
FindAtomA
GetAtomNameA
GetCurrentProcess
GetCurrentThread
GetCurrentThreadId
GetExitCodeProcess
GetFileSize
GetHandleInformation
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetPrivateProfileIntA
GetPrivateProfileStringA
GetProcAddress
GetProcessAffinityMask
GetThreadContext
GetThreadPriority
GetVersionExA
InitializeCriticalSection
InterlockedDecrement
InterlockedExchange
InterlockedExchangeAdd
InterlockedIncrement
IsDBCSLeadByteEx
LeaveCriticalSection
MultiByteToWideChar
OutputDebugStringA
ReleaseMutex
ReleaseSemaphore
ResetEvent
ResumeThread
SetCriticalSectionSpinCount
SetCurrentDirectoryA
SetEvent
SetLastError
SetProcessAffinityMask
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
SuspendThread
TlsAlloc
TlsGetValue
TlsSetValue
TryEnterCriticalSection
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte

msvcrt

_fdopen
_read
_write
__getmainargs
__mb_cur_max
__p__environ
__p__fmode
__set_app_type
_access
_beginthreadex
_cexit
_endthreadex
_errno
_filelengthi64
_fstati64
_ftime
_iob
_lseeki64
_onexit
_setjmp
_setmode
_snprintf
abort
atexit
atoi
calloc
exit
fclose
fflush
fgetpos
fopen
fprintf
fputc
fputs
fread
free
fsetpos
fwrite
getc
getenv
getwc
iswctype
localeconv
localtime
longjmp
malloc
memchr
memcmp
memcpy
memmove
memset
printf
putc
puts
putwc
realloc
remove
rename
setlocale
setvbuf
signal
sprintf
strchr
strcmp
strcoll
strerror
strftime
strlen
strtod
strxfrm
time
towlower
towupper
ungetc
ungetwc
vfprintf
wcscoll
wcsftime
wcslen
wcsxfrm

shell32

ShellExecuteExA

shlwapi

PathFileExistsA
PathIsDirectoryA

jsoncpp

_ZN4Json10FastWriter5writeERKNS_5ValueE
_ZN4Json10FastWriterC1Ev
_ZN4Json5Value6appendERKS0_
_ZN4Json5ValueC1ENS_9ValueTypeE
_ZN4Json5ValueC1EPKc
_ZN4Json5ValueC1ERKS0_
_ZN4Json5ValueC1ERKSs
_ZN4Json5ValueC1Ei
_ZN4Json5ValueD1Ev
_ZN4Json5ValueaSES0_
_ZN4Json5ValueixEPKc
_ZN4Json5ValueixEi
_ZN4Json6Reader5parseERKSsRNS_5ValueEb
_ZN4Json6ReaderC1Ev
_ZN4Json6WriterD2Ev
_ZN4Json9ExceptionD2Ev
_ZNK4Json5Value4sizeEv
_ZNK4Json5Value5asIntEv
_ZNK4Json5Value8asStringEv
_ZNK4Json9Exception4whatEv
_ZTVN4Json10FastWriterE

libcurl

curl_easy_cleanup
curl_easy_getinfo
curl_easy_init
curl_easy_perform
curl_easy_setopt
curl_easy_strerror
curl_global_init
curl_slist_append
curl_slist_free_all

Exports

Exports

_ZTIN4Json10CharReader7FactoryE
_ZTIN4Json10CharReaderE
_ZTIN4Json10FastWriterE
_ZTIN4Json10LogicErrorE
_ZTIN4Json12RuntimeErrorE
_ZTIN4Json12StreamWriter7FactoryE
_ZTIN4Json12StreamWriterE
_ZTIN4Json12StyledWriterE
_ZTIN4Json17CharReaderBuilderE
_ZTIN4Json19StreamWriterBuilderE
_ZTIN4Json6WriterE
_ZTIN4Json9ExceptionE
_ZTVN4Json10CharReader7FactoryE
_ZTVN4Json10CharReaderE
_ZTVN4Json10LogicErrorE
_ZTVN4Json12RuntimeErrorE

Sections

.text
Size: 530KB - Virtual size: 530KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 660B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 31KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1024B - Virtual size: 639B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

630ad8d28a1c209d40fa3ea3fabc0e51

Code Sign

01:ea:62:e4:43:cb:22:50:c8:70:ff:6b:b1:3b:a9:8eCertificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

04:6e:de:36:46:25:fc:c0:ef:95:5e:52:d2:f2:d2:b2Certificate

Extended Key Usages

Key Usages

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6dCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

66:11:21:f5:8a:d7:86:b9:d6:c8:3f:2e:44:5f:a3:55:2d:09:27:84:2a:27:56:29:ed:02:d5:ed:79:d3:f1:2aSigner

bb:08:fe:3f:d6:2e:78:e3:23:96:cb:03:75:32:7a:39:3c:21:8d:b1Signer

Headers

File Characteristics

Imports

advapi32

iphlpapi

kernel32

msvcrt

shell32

shlwapi

jsoncpp

libcurl

Exports

Exports

Sections

.text Size: 530KB - Virtual size: 530KB

.data Size: 1024B - Virtual size: 660B

.rdata Size: 36KB - Virtual size: 35KB

.eh_fram Size: 5KB - Virtual size: 5KB

.bss Size: - Virtual size: 31KB

.edata Size: 1024B - Virtual size: 639B

.idata Size: 6KB - Virtual size: 5KB

.CRT Size: 512B - Virtual size: 28B

.tls Size: 512B - Virtual size: 32B

.reloc Size: 19KB - Virtual size: 18KB

01:ea:62:e4:43:cb:22:50:c8:70:ff:6b:b1:3b:a9:8e
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

04:6e:de:36:46:25:fc:c0:ef:95:5e:52:d2:f2:d2:b2
Certificate

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

66:11:21:f5:8a:d7:86:b9:d6:c8:3f:2e:44:5f:a3:55:2d:09:27:84:2a:27:56:29:ed:02:d5:ed:79:d3:f1:2a
Signer

bb:08:fe:3f:d6:2e:78:e3:23:96:cb:03:75:32:7a:39:3c:21:8d:b1
Signer

.text
Size: 530KB - Virtual size: 530KB

.data
Size: 1024B - Virtual size: 660B

.rdata
Size: 36KB - Virtual size: 35KB

.eh_fram
Size: 5KB - Virtual size: 5KB

.bss
Size: - Virtual size: 31KB

.edata
Size: 1024B - Virtual size: 639B

.idata
Size: 6KB - Virtual size: 5KB

.CRT
Size: 512B - Virtual size: 28B

.tls
Size: 512B - Virtual size: 32B

.reloc
Size: 19KB - Virtual size: 18KB