sesinetd[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

sesinetd.exe
Size

12.1MB
MD5

3a73e0a6186a323af03bcbdc75e3c30d
SHA1

0de541955d9cdee859f9f207154dfb288a400c88
SHA256

2cd2b98b9f8b0e1ab1d554e28671b080d214412388ce10092e3a2dc769850a0c
SHA512

af763030cf1028e88c40921316521db220cdcfa9d45bbce1c5329213bece2c024142d4ab7461bc1bdc8900fc061c889822f94a67f3cff6e153b1e761723fbd46
SSDEEP

196608:R6n3kSyzGj+30hE1u1BfCN1k5heG2sXZV67U6Fu:R6V6Gj+30hE0BfCNEfXa7q

Score

1^/10

Malware Config

Signatures

Files

sesinetd.exe
.exe windows:6 windows x64 arch:x64

8602fc263836e71ccfea4afb98d6c01a

Code Sign

4e:40:e4:37:54:ed:e6:8c:00:00:00:00:51:d3:94:7f
Certificate

Issuer

CN=Entrust Root Certification Authority - G2,OU=See www.entrust.net/legal-terms+OU=(c) 2009 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Not Before

07-05-2021 15:43

Not After

07-11-2030 16:13

Subject

CN=Entrust Code Signing Root Certification Authority - CSBR1,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

67:1b:1b:17:c1:6f:1a:a6:ab:94:9d:65:14:56:0f:5a
Certificate

Issuer

CN=Entrust Code Signing CA - OVCS2,O=Entrust\, Inc.,C=US

Not Before

26-08-2022 14:11

Not After

16-09-2025 14:11

Subject

CN=Side Effects Software Inc.,O=Side Effects Software Inc.,L=Toronto,ST=Ontario,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

71:ef:55:74:af:35:54:c3:5a:2c:69:f6:6f:4b:6b:cd
Certificate

Issuer

CN=Entrust Code Signing Root Certification Authority - CSBR1,O=Entrust\, Inc.,C=US

Not Before

07-05-2021 19:20

Not After

29-12-2040 23:59

Subject

CN=Entrust Code Signing CA - OVCS2,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03-05-2023 00:00

Not After

02-08-2034 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

10:ae:76:87:53:5b:86:e3:99:4f:a7:12:5a:93:43:a0:42:88:81:33:ae:3b:4e:71:4a:bb:c2:f6:a0:ed:96:33
Signer

Actual PE Digest

10:ae:76:87:53:5b:86:e3:99:4f:a7:12:5a:93:43:a0:42:88:81:33:ae:3b:4e:71:4a:bb:c2:f6:a0:ed:96:33

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:/sesinetd.pdb

Imports

iphlpapi

GetAdaptersAddresses
GetAdaptersInfo

ws2_32

WSAIoctl
WSAWaitForMultipleEvents
WSAResetEvent
__WSAFDIsSet
setsockopt
WSAEventSelect
shutdown
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
accept
recv
bind
closesocket
connect
ioctlsocket
getpeername
getsockname
getsockopt
htonl
htons
listen
ntohl
ntohs
WSAStartup
getservbyport
gethostbyaddr
inet_ntoa
inet_addr
gethostbyname
gethostname
getservbyname
send
WSACleanup
inet_ntop
inet_pton
socket
sendto
recvfrom
WSAAddressToStringW
freeaddrinfo
getaddrinfo
WSASocketW
WSASend
WSARecv
WSAGetLastError
WSASetLastError
select

mpr

WNetGetUniversalNameW

dbghelp

SymRefreshModuleList
StackWalk64
SymSetOptions
SymCleanup
SymFunctionTableAccess64
SymGetModuleBase64
SymGetLineFromAddr64
SymFromAddr
SymInitialize

psapi

GetProcessImageFileNameA

bcrypt

BCryptOpenAlgorithmProvider
BCryptCloseAlgorithmProvider
BCryptGenRandom

wldap32

ord32
ord27
ord26
ord33
ord79
ord30
ord200
ord301
ord22
ord35
ord60
ord143
ord217
ord46
ord211
ord41
ord50
ord45

crypt32

CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertFindExtension
CertDuplicateCertificateContext
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryA
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CertAddCertificateContextToStore
CertGetCertificateContextProperty

kernel32

RaiseException
GetLocaleInfoEx
InitializeConditionVariable
WakeConditionVariable
GetExitCodeThread
GetStringTypeW
EncodePointer
DecodePointer
LCMapStringEx
TlsGetValue
TlsSetValue
VerSetConditionMask
CloseHandle
GetLastError
SetLastError
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
WaitForSingleObject
SleepEx
CreateEventA
CreateEventW
SetWaitableTimer
Sleep
WaitForMultipleObjects
QueueUserAPC
TerminateThread
TlsAlloc
TlsFree
GetSystemTimeAsFileTime
GetModuleFileNameA
GetModuleHandleA
LocalFree
FormatMessageA
FormatMessageW
CreateWaitableTimerA
VerifyVersionInfoA
WideCharToMultiByte
ReleaseSemaphore
WaitForSingleObjectEx
WaitForMultipleObjectsEx
CreateSemaphoreA
SwitchToThread
GetVolumeInformationA
FindClose
SetErrorMode
FreeLibrary
GetProcAddress
LoadLibraryA
CreateFileA
GetCurrentProcessId
CreateNamedPipeA
ReadFile
WriteFile
GetOverlappedResult
GetCurrentThreadId
SetUnhandledExceptionFilter
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
SleepConditionVariableSRW
GetStdHandle
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
GetCurrentProcess
TerminateProcess
GetShortPathNameW
LockFileEx
UnlockFileEx
CopyFileW
MoveFileExW
DeleteFileW
GetTempFileNameW
GetTempPathW
OutputDebugStringA
CreateThread
SetConsoleCtrlHandler
GetExitCodeProcess
CreateProcessA
CreateToolhelp32Snapshot
Process32First
Process32Next
MapViewOfFile
UnmapViewOfFile
SetStdHandle
GetFileType
DuplicateHandle
CreatePipe
MultiByteToWideChar
GetCommandLineW
InitializeCriticalSection
ResetEvent
GetCurrentThread
SuspendThread
ResumeThread
CreateFileW
FlushFileBuffers
PeekNamedPipe
DeviceIoControl
GetFileAttributesW
GetCurrentDirectoryW
GetWindowsDirectoryA
RtlCaptureContext
OpenThread
GetProcessId
GetThreadContext
VirtualQuery
Thread32First
Thread32Next
GetTickCount
DisconnectNamedPipe
WakeAllConditionVariable
ExpandEnvironmentStringsA
GetShortPathNameA
QueryPerformanceCounter
QueryPerformanceFrequency
GetTickCount64
FileTimeToSystemTime
GetSystemInfo
GetNativeSystemInfo
GetProcessAffinityMask
IsValidCodePage
GetACP
GetOEMCP
GetFileAttributesA
GetFileInformationByHandle
GetFullPathNameW
CreateDirectoryW
FindFirstFileW
SetEndOfFile
SetFileAttributesW
SetFilePointer
SetFileTime
SearchPathA
SetHandleInformation
ReleaseMutex
CreateMutexA
GetSystemDirectoryA
VirtualFree
VirtualAlloc
InitOnceBeginInitialize
InitOnceComplete
CreateFileMappingW
GetSystemTime
SystemTimeToFileTime
GetProcessHeap
GetFileSize
UnlockFile
HeapDestroy
HeapCompact
HeapAlloc
LoadLibraryW
HeapReAlloc
DeleteFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetDiskFreeSpaceA
GetTempPathA
HeapSize
HeapValidate
CreateMutexW
GetFullPathNameA
LockFile
GetDiskFreeSpaceW
HeapFree
HeapCreate
AreFileApisANSI
TryEnterCriticalSection
InitializeCriticalSectionEx
GetEnvironmentVariableA
MoveFileExA
GetFileSizeEx
GetModuleHandleW
GetEnvironmentVariableW
RemoveDirectoryW
SetFilePointerEx
FindNextFileW
SwitchToFiber
DeleteFiber
CreateFiber
GetModuleHandleExW
RtlVirtualUnwind
ConvertFiberToThread
ConvertThreadToFiber
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
CompareStringEx
GetCPInfo
InitializeSListHead
RtlLookupFunctionEntry
UnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InterlockedPushEntrySList
RtlUnwindEx
LoadLibraryExW
RtlUnwind
ExitThread
FreeLibraryAndExitThread
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
ExitProcess
VirtualProtect
FindFirstFileExW
GetModuleFileNameW
WriteConsoleW
GetCommandLineA
SetEnvironmentVariableW
GetConsoleOutputCP
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetTimeZoneInformation
GetEnvironmentStringsW
FreeEnvironmentStringsW
RtlPcToFileHeader
OpenProcess

user32

GetDlgItem
EndDialog
DialogBoxIndirectParamA
MessageBoxA
SendMessageA
GetSystemMetrics
ShowScrollBar
MessageBoxW
GetUserObjectInformationW
GetProcessWindowStation
GetSysColorBrush

shell32

SHGetFolderPathW
CommandLineToArgvW

ole32

OleRun
CoSetProxyBlanket
CoInitializeEx
CoCreateInstance

oleaut32

VariantInit
VariantClear
VariantChangeType
SysFreeString
SysAllocString

advapi32

RegCloseKey
CryptGetProvParam
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegOpenKeyA
DeregisterEventSource
RegisterEventSourceA
ReportEventA
GetUserNameA
CloseServiceHandle
OpenSCManagerA
OpenServiceA
QueryServiceStatus
RegisterServiceCtrlHandlerA
SetServiceStatus
StartServiceCtrlDispatcherA
GetUserNameW
CryptGetUserKey
CryptExportKey
CryptDecrypt
OpenThreadToken
AccessCheck
ImpersonateSelf
MapGenericMask
RevertToSelf
GetEffectiveRightsFromAclW
GetNamedSecurityInfoW
BuildTrusteeWithNameW
GetSecurityDescriptorDacl
GetNamedSecurityInfoA
SetNamedSecurityInfoA
ConvertSidToStringSidA
ConvertStringSecurityDescriptorToSecurityDescriptorA
CryptAcquireContextA
CryptReleaseContext
CryptGenRandom
CryptGetHashParam
CryptSignHashW
CryptEnumProvidersW
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptDestroyKey
CryptImportKey
CryptEncrypt
ReportEventW
RegisterEventSourceW
CryptSetHashParam

mswsock

AcceptEx
GetAcceptExSockaddrs

Sections

.text
Size: 7.0MB - Virtual size: 7.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 297KB - Virtual size: 571KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 296KB - Virtual size: 295KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 801KB - Virtual size: 801KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8602fc263836e71ccfea4afb98d6c01a

Code Sign

4e:40:e4:37:54:ed:e6:8c:00:00:00:00:51:d3:94:7fCertificate

Extended Key Usages

Key Usages

67:1b:1b:17:c1:6f:1a:a6:ab:94:9d:65:14:56:0f:5aCertificate

Extended Key Usages

Key Usages

71:ef:55:74:af:35:54:c3:5a:2c:69:f6:6f:4b:6b:cdCertificate

Extended Key Usages

Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

10:ae:76:87:53:5b:86:e3:99:4f:a7:12:5a:93:43:a0:42:88:81:33:ae:3b:4e:71:4a:bb:c2:f6:a0:ed:96:33Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

iphlpapi

ws2_32

mpr

dbghelp

psapi

bcrypt

wldap32

crypt32

kernel32

user32

shell32

ole32

oleaut32

advapi32

mswsock

Sections

.text Size: 7.0MB - Virtual size: 7.0MB

.rdata Size: 3.8MB - Virtual size: 3.8MB

.data Size: 297KB - Virtual size: 571KB

.pdata Size: 296KB - Virtual size: 295KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 801KB - Virtual size: 801KB

4e:40:e4:37:54:ed:e6:8c:00:00:00:00:51:d3:94:7f
Certificate

67:1b:1b:17:c1:6f:1a:a6:ab:94:9d:65:14:56:0f:5a
Certificate

71:ef:55:74:af:35:54:c3:5a:2c:69:f6:6f:4b:6b:cd
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

10:ae:76:87:53:5b:86:e3:99:4f:a7:12:5a:93:43:a0:42:88:81:33:ae:3b:4e:71:4a:bb:c2:f6:a0:ed:96:33
Signer

.text
Size: 7.0MB - Virtual size: 7.0MB

.rdata
Size: 3.8MB - Virtual size: 3.8MB

.data
Size: 297KB - Virtual size: 571KB

.pdata
Size: 296KB - Virtual size: 295KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 801KB - Virtual size: 801KB