Peam[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

Peam.exe
Size

20.6MB
MD5

66dd4a784a2f05ccde36c2aebd5ade99
SHA1

3e654231d413eed3bef307fa8aaf2377c9ccc934
SHA256

229cfe6fd7e042b7b73d2cb84fb75f04778740d7f5dfc234850706a5f48ffb96
SHA512

224b6611312cbfab62c2587d11ec7100246b655f0ce76a0c9f81b43fc6403d8a85b6c9f00ace3ff3c96fa799f8481a36495548e51848e3f00f61077e04d3cce6
SSDEEP

393216:Aq+Jsv6tWKFdu9C2KS1P7nEscpZr8LE10MT4xwGyxBKP1JztKuUyvUTAzayj+lhe:hP1nxcpZ9z4xsB4z/JvUTWZjlXykJ

Score

1^/10

Malware Config

Signatures

Files

Peam.exe
.exe windows:6 windows x86 arch:x86

d20be4a6f6d74bc9826bbeedd35a04b3

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:de:82:42:76:ee:62:da:18:13:fb:db:f1:28:a8:fb
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

10-11-2021 00:00

Not After

06-11-2024 23:59

Subject

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6b:3d:31:3a:ec:88:2a:09:bb:a0:11:32:69:c5:a7:79:e0:d6:39:19:0f:63:e4:82:2b:8f:c9:39:9f:d3:1f:81
Signer

Actual PE Digest

6b:3d:31:3a:ec:88:2a:09:bb:a0:11:32:69:c5:a7:79:e0:d6:39:19:0f:63:e4:82:2b:8f:c9:39:9f:d3:1f:81

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\build.tc\work\464efc35df4c0270\build\RelWithDebInfo\unattended-updater.pdb

Imports

shlwapi

PathIsDirectoryW
PathIsDirectoryEmptyW

wtsapi32

WTSFreeMemory
WTSEnumerateProcessesW

kernel32

GetCurrentProcess
RemoveDirectoryW
FindClose
DeleteFileW
LoadLibraryW
GetProcAddress
MoveFileExW
FreeLibrary
LocalAlloc
HeapFree
WaitForSingleObject
GetSystemDirectoryW
OpenProcess
HeapAlloc
GetCurrentDirectoryW
GetProcessHeap
GetExitCodeProcess
TerminateProcess
K32GetModuleFileNameExW
OutputDebugStringW
GetLocalTime
GetFileAttributesW
LockFileEx
SetEndOfFile
UnlockFileEx
GetFileType
RaiseException
SetUnhandledExceptionFilter
SetEvent
SleepEx
CreateEventW
CreateThread
GetExitCodeThread
FlushInstructionCache
GetVersion
VirtualAllocEx
VirtualProtectEx
WriteProcessMemory
WerRegisterRuntimeExceptionModule
GetFileSizeEx
ReadFile
SetFilePointerEx
GetNamedPipeInfo
FindFirstFileExW
GetFileTime
InitializeCriticalSection
DuplicateHandle
GetSystemInfo
VirtualQueryEx
ReadProcessMemory
SetNamedPipeHandleState
TransactNamedPipe
CreateNamedPipeW
WaitNamedPipeW
GetSystemTimeAsFileTime
CompareStringEx
WaitForSingleObjectEx
GetSystemTime
IsProcessorFeaturePresent
GetConsoleWindow
WaitForMultipleObjects
GetCurrentThread
SetThreadPriority
GetThreadPriority
TerminateThread
ResumeThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetErrorMode
GetConsoleMode
QueryPerformanceCounter
QueryPerformanceFrequency
GetTickCount64
MultiByteToWideChar
GetDateFormatW
GetTimeFormatW
GetLocaleInfoW
GetCurrencyFormatW
GetUserDefaultLCID
GetUserPreferredUILanguages
GetStartupInfoW
ResetEvent
GetTimeZoneInformation
GetGeoInfoW
GetUserGeoID
GetFileAttributesExW
GetFileInformationByHandle
GetFullPathNameW
GetLogicalDrives
GetLongPathNameW
SetFileTime
GetTempPathW
GetVolumePathNamesForVolumeNameW
DeviceIoControl
CopyFileW
MoveFileW
TzSpecificLocalTimeToSystemTime
FileTimeToSystemTime
SystemTimeToFileTime
GetFileInformationByHandleEx
FlushFileBuffers
GetDriveTypeW
UnregisterWaitEx
RegisterWaitForSingleObject
ReleaseMutex
FindNextFileW
VirtualAlloc
VirtualFree
AreFileApisANSI
GetOEMCP
GetACP
IsValidCodePage
SetEnvironmentVariableW
HeapSize
EnumSystemLocalesW
IsValidLocale
LCMapStringW
CompareStringW
HeapReAlloc
ExitProcess
GetConsoleOutputCP
ReadConsoleW
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
SetConsoleCtrlHandler
FreeLibraryAndExitThread
ExitThread
SetStdHandle
GetCommandLineA
LoadLibraryExW
RtlUnwind
IsDebuggerPresent
SetFileInformationByHandle
SetFileAttributesW
Sleep
GetCurrentThreadId
InitializeSListHead
UnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCPInfo
DecodePointer
FindFirstFileW
GetDynamicTimeZoneInformation
WriteConsoleA
GetStdHandle
SetConsoleTextAttribute
GetConsoleScreenBufferInfo
GetModuleHandleW
MapViewOfFile
CreateFileMappingW
FormatMessageA
lstrcpyW
WideCharToMultiByte
CreateProcessW
GetFileSize
LocalFree
SetCurrentDirectoryW
FindResourceW
LoadResource
CloseHandle
LockResource
lstrcatW
GetLastError
FormatMessageW
FreeResource
UnmapViewOfFile
CreateFileW
SetFilePointer
GetModuleFileNameW
WriteFile
GetCommandLineW
SizeofResource
CreateDirectoryW
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteConsoleW
CreateDirectoryExW
CreateSymbolicLinkW
GetLocaleInfoEx
GetStringTypeW
TryEnterCriticalSection
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableSRW
InitOnceBeginInitialize
InitOnceComplete
LCMapStringEx
LCIDToLocaleName
GetThreadLocale
MoveFileExA
lstrlenW
SetLastError
GetCurrentProcessId
EncodePointer
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSectionEx
CreateMutexW
GetFileAttributesA
CreateEventA
OpenEventA
GetModuleHandleExW

user32

FindWindowW
wsprintfW
BringWindowToTop
ShowWindow
GetWindowThreadProcessId
CharNextExA
TranslateMessage
DispatchMessageW
PeekMessageW
PostMessageW
AttachThreadInput
MsgWaitForMultipleObjectsEx
DefWindowProcW
RegisterClassW
SetWindowLongW
GetWindowLongW
KillTimer
SetTimer
GetQueueStatus
DestroyWindow
CreateWindowExW
UnregisterClassW

shell32

ShellExecuteExW
CommandLineToArgvW
ShellExecuteW

ole32

CoCreateInstance
CoUninitialize
CoInitialize
CoTaskMemFree

oleaut32

VariantClear

advapi32

ConvertStringSidToSidW
QueryServiceConfigW
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegCloseKey
RegQueryValueExW
RegEnumValueW
RegQueryInfoKeyW
EnumServicesStatusW
GetSidSubAuthorityCount
GetSidSubAuthority
RegFlushKey
BuildTrusteeWithSidW
GetEffectiveRightsFromAclW
LookupAccountSidW
MapGenericMask
DuplicateToken
CopySid
AccessCheck
RegEnumKeyExW
SystemFunction036
ConvertStringSecurityDescriptorToSecurityDescriptorW
BuildExplicitAccessWithNameW
BuildSecurityDescriptorW
RegDeleteTreeA
AllocateAndInitializeSid
SetEntriesInAclW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
StartServiceW
RegDeleteKeyExA
RegSetValueExW
OpenProcessToken
FreeSid
RegOpenKeyExW
RegDeleteValueW
GetLengthSid
GetTokenInformation
QueryServiceStatus
CloseServiceHandle
OpenSCManagerW
RegDeleteKeyW
ChangeServiceConfig2W
RegCreateKeyExW
DeleteService
ControlService
OpenServiceW

userenv

GetUserProfileDirectoryW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

netapi32

NetApiBufferFree
NetShareEnum

ws2_32

WSAAsyncSelect
htonl
WSAStartup
WSAGetLastError
gethostname
WSACleanup

winmm

timeKillEvent
timeSetEvent

iphlpapi

ConvertInterfaceLuidToNameW
GetAdaptersAddresses
ConvertInterfaceIndexToLuid
ConvertInterfaceNameToLuidW

comctl32

ord345

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 107KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qtmetad
Size: 512B - Virtual size: 106B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 16.7MB - Virtual size: 16.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d20be4a6f6d74bc9826bbeedd35a04b3

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

08:de:82:42:76:ee:62:da:18:13:fb:db:f1:28:a8:fbCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

6b:3d:31:3a:ec:88:2a:09:bb:a0:11:32:69:c5:a7:79:e0:d6:39:19:0f:63:e4:82:2b:8f:c9:39:9f:d3:1f:81Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

wtsapi32

kernel32

user32

shell32

ole32

oleaut32

advapi32

userenv

version

netapi32

ws2_32

winmm

iphlpapi

comctl32

Sections

.text Size: 2.1MB - Virtual size: 2.1MB

.rdata Size: 1.7MB - Virtual size: 1.7MB

.data Size: 107KB - Virtual size: 126KB

.qtmetad Size: 512B - Virtual size: 106B

.rsrc Size: 16.7MB - Virtual size: 16.7MB

.reloc Size: 83KB - Virtual size: 83KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

08:de:82:42:76:ee:62:da:18:13:fb:db:f1:28:a8:fb
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

6b:3d:31:3a:ec:88:2a:09:bb:a0:11:32:69:c5:a7:79:e0:d6:39:19:0f:63:e4:82:2b:8f:c9:39:9f:d3:1f:81
Signer

.text
Size: 2.1MB - Virtual size: 2.1MB

.rdata
Size: 1.7MB - Virtual size: 1.7MB

.data
Size: 107KB - Virtual size: 126KB

.qtmetad
Size: 512B - Virtual size: 106B

.rsrc
Size: 16.7MB - Virtual size: 16.7MB

.reloc
Size: 83KB - Virtual size: 83KB