SCEWIN_64[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

SCEWIN_64.exe
Size

668KB
MD5

d89e8173dc0b82d80add7451d4aa4622
SHA1

578358cd958756b1786f30e913e4195c0003333c
SHA256

2d78e7bb62fcab44c54fe853f51e8836ada45ea374027423bcb6d7a5db46502b
SHA512

cb5e4ebf895b5414b70caa243d032ec1d8820ff3aac155aa065a449f3a3f7ef0b01a29b006d49c69c8c1f8c11235742f0a453b120132942d32d310c7b2d3808a
SSDEEP

6144:Jk/u4+ss7CVVs7DYebnaGSEM1JLCUdDcwDfTx1ZdeuLJzVpEKz7k32lobAYBhXcP:JTjC/s7DjkDZdeuLHuEm2ybAYBc/3+s

Score

1^/10

Malware Config

Signatures

Files

SCEWIN_64.exe
.exe windows:5 windows x64 arch:x64

c6ad08a1589dd9cf353748c20ce378ce

Code Sign

b9:96:37:58:ea:d2:36:c6:e1:5c:d4:8b:a5:43:3a:ae
Certificate

Issuer

CN=COMODO RSA Extended Validation Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

21/09/2020, 00:00

Not After

21/09/2023, 23:59

Subject

SERIALNUMBER=7155083,CN=AMI US HOLDINGS INC,O=AMI US HOLDINGS INC,POSTALCODE=30093,STREET=5555 Oakbrook Parkway Suite 200,L=Norcross,ST=Georgia,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6d:d4:72:eb:02:ae:04:06:e3:dd:84:3f:5f:e1:45:e1
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/12/2014, 00:00

Not After

02/12/2029, 23:59

Subject

CN=COMODO RSA Extended Validation Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:18:54:86:00:00:00:00:00:24
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11/04/2011, 22:06

Not After

11/04/2021, 22:16

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a0:4f:56:4e:4f:9b:a7:68:c9:b1:53:d9:6b:ae:32:32:e5:c1:99:ae:20:01:3d:d6:fd:62:2d:be:df:b4:f3:c2
Signer

Actual PE Digest

a0:4f:56:4e:4f:9b:a7:68:c9:b1:53:d9:6b:ae:32:32:e5:c1:99:ae:20:01:3d:d6:fd:62:2d:be:df:b4:f3:c2

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

SetHandleCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
EncodePointer
DecodePointer
FlsFree
SetLastError
FlsSetValue
FlsGetValue
GetLastError
GetCurrentThreadId
FlsAlloc
HeapSetInformation
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
OutputDebugStringA
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlUnwindEx
SetConsoleCtrlHandler
FreeLibrary
InitializeCriticalSectionAndSpinCount
GetEnvironmentStringsW
HeapFree
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
Sleep
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
LCMapStringW
MultiByteToWideChar
GetStringTypeW
HeapReAlloc
VirtualProtect
VirtualAlloc
SetThreadStackGuarantee
GetSystemInfo
VirtualQuery
RaiseException
RtlPcToFileHeader
HeapSize
WideCharToMultiByte
FreeEnvironmentStringsW
GetModuleFileNameA
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleW
GetProcAddress
SetUnhandledExceptionFilter
GetVersionExW
LoadLibraryExW
GetCommandLineA
GetProcessHeap
SetEndOfFile
GetWindowsDirectoryA
LoadLibraryA
GetSystemDirectoryA
CloseHandle
GetFullPathNameA
GetSystemFirmwareTable
SetThreadExecutionState
CreateMutexA
SetProcessAffinityMask
GetVersionExA
GetCurrentDirectoryA
GetModuleHandleA
DeleteFileA
CreateFileA
DeviceIoControl
CreateNamedPipeA
ReadFile
CreateThread
LocalFree
GetLocalTime
DebugBreak
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
GetConsoleCP
FlushFileBuffers
SetFilePointer
CreateFileW
WriteConsoleW
SetStdHandle

advapi32

DeleteService
ControlService
OpenServiceA
StartServiceA
CreateServiceA
CloseServiceHandle
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyExA
OpenSCManagerA

shell32

ShellExecuteA

user32

SystemParametersInfoA
BlockInput
ExitWindowsEx
MessageBoxA
RegisterClassExA
DefWindowProcA
DispatchMessageA
TranslateMessage
GetMessageA
CreateWindowExA
wsprintfA

Sections

.text
Size: 523KB - Virtual size: 523KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c6ad08a1589dd9cf353748c20ce378ce

Code Sign

b9:96:37:58:ea:d2:36:c6:e1:5c:d4:8b:a5:43:3a:aeCertificate

Extended Key Usages

Key Usages

6d:d4:72:eb:02:ae:04:06:e3:dd:84:3f:5f:e1:45:e1Certificate

Extended Key Usages

Key Usages

61:18:54:86:00:00:00:00:00:24Certificate

Key Usages

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6bCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

a0:4f:56:4e:4f:9b:a7:68:c9:b1:53:d9:6b:ae:32:32:e5:c1:99:ae:20:01:3d:d6:fd:62:2d:be:df:b4:f3:c2Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shell32

user32

Sections

.text Size: 523KB - Virtual size: 523KB

.rdata Size: 104KB - Virtual size: 103KB

.data Size: 13KB - Virtual size: 53KB

.pdata Size: 16KB - Virtual size: 16KB

b9:96:37:58:ea:d2:36:c6:e1:5c:d4:8b:a5:43:3a:ae
Certificate

6d:d4:72:eb:02:ae:04:06:e3:dd:84:3f:5f:e1:45:e1
Certificate

61:18:54:86:00:00:00:00:00:24
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

a0:4f:56:4e:4f:9b:a7:68:c9:b1:53:d9:6b:ae:32:32:e5:c1:99:ae:20:01:3d:d6:fd:62:2d:be:df:b4:f3:c2
Signer

.text
Size: 523KB - Virtual size: 523KB

.rdata
Size: 104KB - Virtual size: 103KB

.data
Size: 13KB - Virtual size: 53KB

.pdata
Size: 16KB - Virtual size: 16KB