tyycord[.]exe | Triage

Resubmissions

27/07/2024, 14:51

240727-r78b1sxere 7

27/07/2024, 14:47

240727-r5zxvsthrj 7

Sharing

Copy URL Twitter E-mail

General

Target

tyycord.exe
Size

22.1MB
MD5

f9e04beecd8c19eebba078b5d3685fcb
SHA1

94bc0d5959deb67715636da97da799d27513dbb8
SHA256

20614d95d579121e01fce83ffba3d87ae026312c8e505a3f5858051bce6c4dc4
SHA512

2d2173708386c773a33a31d07a1ffa020d7cf3ddfd199b86a61c4cdd7236e3d9a6bc2c43e08693e018aade408be9e9ccb2b20e1ea00ebd2c6d87bda159ad84fa
SSDEEP

393216:vXg0v9HWCRoq/vibvCsOb3AWOL4yrSbejZIn1nc4xjBWRro4CjlHoz5Djk:Y0v92dAiEbwWQ4kU1pxCrrCpIlDQ

Score

1^/10

Malware Config

Signatures

Files

tyycord.exe
.exe windows:6 windows x86 arch:x86

7d8a2f2b4d9b83da02c929b87a8f060b

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

08:de:82:42:76:ee:62:da:18:13:fb:db:f1:28:a8:fb
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

10/11/2021, 00:00

Not After

06/11/2024, 23:59

Subject

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

50:ac:39:45:d9:a8:33:40:15:49:6f:ec:e1:ad:10:b8:3a:2a:7e:41
Signer

Actual PE Digest

50:ac:39:45:d9:a8:33:40:15:49:6f:ec:e1:ad:10:b8:3a:2a:7e:41

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\build.tc\agent\work\464efc35df4c0270\build\RelWithDebInfo\GoToResolveUnattendedUpdater.pdb

Imports

shlwapi

PathIsDirectoryEmptyW
PathIsDirectoryW

ole32

StgOpenStorage

wtsapi32

WTSEnumerateProcessesW
WTSFreeMemory

kernel32

UnmapViewOfFile
GetFileSize
CreateFileMappingW
MapViewOfFile
GetModuleHandleW
SetLastError
lstrlenW
WriteFile
GetVersionExW
FindFirstFileW
FindNextFileW
GetCurrentProcess
RemoveDirectoryW
FindClose
Sleep
DeleteFileW
LoadLibraryW
GetProcAddress
MoveFileExW
FreeLibrary
LocalAlloc
GetCurrentProcessId
ReadFile
HeapFree
TerminateProcess
InitializeCriticalSectionEx
WaitForSingleObject
GetCurrentThreadId
OpenProcess
HeapAlloc
GetCurrentDirectoryW
DecodePointer
DeleteCriticalSection
GetProcessHeap
IsWow64Process
GetExitCodeProcess
MoveFileExA
GetThreadLocale
LCIDToLocaleName
GetStdHandle
K32GetModuleFileNameExW
ProcessIdToSessionId
FlushFileBuffers
GetFileAttributesA
GetDynamicTimeZoneInformation
GetConsoleMode
WriteConsoleA
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
GetFileType
RaiseException
SetUnhandledExceptionFilter
AddVectoredExceptionHandler
SetEvent
SleepEx
CreateEventW
CreateThread
GetExitCodeThread
GetVersion
GetFileAttributesW
LockFileEx
SetEndOfFile
UnlockFileEx
RemoveVectoredExceptionHandler
InitializeCriticalSection
SetNamedPipeHandleState
TransactNamedPipe
CreateNamedPipeW
WaitNamedPipeW
GetFileSizeEx
SetFilePointerEx
CreateFileW
FindFirstFileExW
GetFileTime
GetSystemTimeAsFileTime
OutputDebugStringW
GetLocalTime
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
WriteConsoleW
lstrcpyW
GetFileAttributesExW
GetFileInformationByHandle
GetFullPathNameW
SetFileAttributesW
DeviceIoControl
AreFileApisANSI
MultiByteToWideChar
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
HeapReAlloc
GetConsoleCP
ExitProcess
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
LCMapStringEx
InitOnceComplete
InitOnceBeginInitialize
SleepConditionVariableSRW
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
TryAcquireSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
WaitForSingleObjectEx
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
ReadConsoleW
GetStringTypeW
GetTimeZoneInformation
HeapSize
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
CreateEventA
OpenEventA
FormatMessageA
VerifyVersionInfoW
WideCharToMultiByte
CreateProcessW
EncodePointer
CompareStringEx
GetCPInfo
ResetEvent
UnhandledExceptionFilter
GetDriveTypeW
SetConsoleCtrlHandler
SetStdHandle
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
GetCommandLineA
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
VerSetConditionMask
LocalFree
SetCurrentDirectoryW
FindResourceW
LoadResource
CloseHandle
LockResource
lstrcatW
GetLastError
FormatMessageW
GetModuleFileNameW
GetCommandLineW
SizeofResource
CreateDirectoryW
IsProcessorFeaturePresent
TlsAlloc
RtlUnwind
GetStartupInfoW
IsDebuggerPresent
SetFileInformationByHandle
CopyFileW
GetFileInformationByHandleEx
CreateSymbolicLinkW
GetLocaleInfoEx
QueryPerformanceCounter
QueryPerformanceFrequency
InitializeSListHead

user32

FindWindowW
wsprintfW
BringWindowToTop
AttachThreadInput
ShowWindow
GetWindowThreadProcessId

shell32

ShellExecuteW
ShellExecuteExW
CommandLineToArgvW

oleaut32

VariantClear

advapi32

RegSetValueExA
RegCreateKeyExA
SystemFunction036
ConvertStringSecurityDescriptorToSecurityDescriptorW
BuildExplicitAccessWithNameW
BuildSecurityDescriptorW
RegDeleteTreeA
SetEntriesInAclW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
ConvertStringSidToSidW
RegDeleteKeyExA
QueryServiceStatus
CloseServiceHandle
OpenSCManagerW
RegDeleteKeyW
ChangeServiceConfig2W
RegCreateKeyExW
DeleteService
ControlService
StartServiceW
QueryServiceConfigW
OpenServiceW
EnumServicesStatusW
RegQueryInfoKeyW
RegEnumValueW
RegQueryValueExW
RegCloseKey
RegQueryValueExA
RegOpenKeyExA

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

ws2_32

WSAStartup
gethostname
WSAGetLastError
WSACleanup

crypt32

CryptProtectData
CertOpenStore
CertGetNameStringW
CertFindCertificateInStore
CertCloseStore
CertFreeCertificateContext
CertDeleteCertificateFromStore

comctl32

ord345

Sections

.text
Size: 828KB - Virtual size: 828KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 198KB - Virtual size: 198KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21.0MB - Virtual size: 21.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

7d8a2f2b4d9b83da02c929b87a8f060b

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

08:de:82:42:76:ee:62:da:18:13:fb:db:f1:28:a8:fbCertificate

Extended Key Usages

Key Usages

50:ac:39:45:d9:a8:33:40:15:49:6f:ec:e1:ad:10:b8:3a:2a:7e:41Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

ole32

wtsapi32

kernel32

user32

shell32

oleaut32

advapi32

version

ws2_32

crypt32

comctl32

Sections

.text Size: 828KB - Virtual size: 828KB

.rdata Size: 198KB - Virtual size: 198KB

.data Size: 21KB - Virtual size: 26KB

.rsrc Size: 21.0MB - Virtual size: 21.0MB

.reloc Size: 36KB - Virtual size: 35KB

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

08:de:82:42:76:ee:62:da:18:13:fb:db:f1:28:a8:fb
Certificate

50:ac:39:45:d9:a8:33:40:15:49:6f:ec:e1:ad:10:b8:3a:2a:7e:41
Signer

.text
Size: 828KB - Virtual size: 828KB

.rdata
Size: 198KB - Virtual size: 198KB

.data
Size: 21KB - Virtual size: 26KB

.rsrc
Size: 21.0MB - Virtual size: 21.0MB

.reloc
Size: 36KB - Virtual size: 35KB