unsecapp[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

unsecapp.exe
Size

47KB
MD5

2443ca5962e2134cb389dcd5056d27ae
SHA1

7b5037e52d5ed5e84d2205921826e416b15b8bee
SHA256

018ff62bcdc292cf9290db0574c8ef9c97ebc26933c8fc950dd8e6b2b91972fb
SHA512

1617cd4a09d733c2918843f76a63cec3cbd9451bd22f5b25478507b401d332e8cbd8cb62c5f0d0e0d08bda54f8f76a2d4d42a0a75f3cf7f831c3b698a1b938d2
SSDEEP

768:BIhcv/LC1nUcEGg5X93oVEpWv+wIvZDYbPq1mFI4o78SDBIx+4eT/x+QPWPS53:B6cOqcEVXaapWvhmWTq10FO8S1553

Score

N/A

Malware Config

Signatures

Files

unsecapp.exe
.exe windows x64

a3cc49df67c2278f822c9ebb9908bf09

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

_amsg_exit
_XcptFilter
__CxxFrameHandler3
__getmainargs
__set_app_type
_exit
_cexit
_purecall
_callnewh
??0exception@@QEAA@AEBQEBDH@Z
malloc
free
?what@exception@@UEBAPEBDXZ
__setusermatherr
_initterm
__C_specific_handler
_fmode
_commode
exit
??1type_info@@UEAA@XZ
??0exception@@QEAA@XZ
?terminate@@YAXXZ
??0exception@@QEAA@AEBV0@@Z
_lock
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBQEBD@Z
memmove_s
memcpy_s
_unlock
__dllonexit
_CxxThrowException
_onexit
printf
wcsstr
_vsnwprintf

api-ms-win-core-com-l1-1-1

StringFromGUID2
CoRevertToSelf
CoImpersonateClient
CoInitializeSecurity
CoRevokeClassObject
CoRegisterClassObject
CoInitializeEx

api-ms-win-security-base-l1-2-0

IsValidSid
GetLengthSid
EqualSid

api-ms-win-core-synch-l1-2-0

Sleep
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetEvent
CreateEventW
InitializeCriticalSectionAndSpinCount

api-ms-win-core-errorhandling-l1-1-1

UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleHandleW
LoadLibraryExW
GetModuleFileNameW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-2

GetCurrentProcess
GetCurrentProcessId
ExitProcess
GetCurrentThreadId
TerminateProcess

api-ms-win-core-sysinfo-l1-2-1

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-2-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

wbemcomn

??0CCritSec@@QEAA@XZ
??1CCritSec@@QEAA@XZ
??0CInCritSec@@QEAA@PEAU_RTL_CRITICAL_SECTION@@@Z
??1CInCritSec@@QEAA@XZ
??4CNtSid@@QEAAAEAV0@AEBV0@@Z
??0CNtSid@@QEAA@AEBV0@@Z
?GetDWORDStr@Registry@@QEAAHPEBGPEAK@Z
??1Registry@@QEAA@XZ
??0Registry@@QEAA@PEBGK@Z
??0CNtSid@@QEAA@PEAX@Z
?GetTextSid@CNtSid@@QEAAHPEAGPEAK@Z
??1CNtSid@@QEAA@XZ
??0CNtSid@@QEAA@W4SidType@0@@Z
ErrorTrace
_ThrowMemoryException_
?OnInitialize@CUnk@@UEAAHXZ
??0CUnkInternal@@QEAA@PEAVCLifeControl@@@Z
??1CUnkInternal@@UEAA@XZ
?QueryInterface@CUnkInternal@@UEAAJAEBU_GUID@@PEAPEAX@Z
?AddRef@CUnkInternal@@UEAAKXZ
?Release@CUnkInternal@@UEAAKXZ
?Initialize@CUnk@@UEAAHXZ
?AddRef@CUnk@@UEAAKXZ
?Write@CMemoryLog@@QEAAXJ@Z
GetMemLogObject
?InternalRelease@CUnkInternal@@QEAAKXZ
?InternalQueryInterface@CUnkInternal@@QEAAJAEBU_GUID@@PEAPEAX@Z
??8CNtSid@@QEAAHAEAV0@@Z
?Release@CUnk@@UEAAKXZ
?QueryInterface@CUnk@@UEAAJAEBU_GUID@@PEAPEAX@Z
??1CUnk@@UEAA@XZ
??0CUnk@@QEAA@PEAVCLifeControl@@PEAUIUnknown@@@Z
??_7CUnkInternal@@6B@

api-ms-win-core-debug-l1-1-1

DebugBreak

api-ms-win-core-localization-l1-2-1

LCMapStringW

api-ms-win-service-core-l1-1-1

StartServiceCtrlDispatcherW
SetServiceStatus

api-ms-win-service-winsvc-l1-2-0

RegisterServiceCtrlHandlerW

api-ms-win-service-management-l1-1-0

OpenServiceW
DeleteService
OpenSCManagerW
CreateServiceW

api-ms-win-core-processenvironment-l1-2-0

GetCommandLineW

ntdll

EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwTraceMessage
EtwUnregisterTraceGuids

api-ms-win-core-delayload-l1-1-1

DelayLoadFailureHook
ResolveDelayLoadedAPI

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a3cc49df67c2278f822c9ebb9908bf09

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

api-ms-win-core-com-l1-1-1

api-ms-win-security-base-l1-2-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-rtlsupport-l1-2-0

api-ms-win-core-apiquery-l1-1-0

wbemcomn

api-ms-win-core-debug-l1-1-1

api-ms-win-core-localization-l1-2-1

api-ms-win-service-core-l1-1-1

api-ms-win-service-winsvc-l1-2-0

api-ms-win-service-management-l1-1-0

api-ms-win-core-processenvironment-l1-2-0

ntdll

api-ms-win-core-delayload-l1-1-1

Sections

.text Size: 24KB - Virtual size: 24KB

.rdata Size: 16KB - Virtual size: 16KB

.data Size: 512B - Virtual size: 2KB

.pdata Size: 2KB - Virtual size: 1KB

.didat Size: 512B - Virtual size: 64B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 272B

.text
Size: 24KB - Virtual size: 24KB

.rdata
Size: 16KB - Virtual size: 16KB

.data
Size: 512B - Virtual size: 2KB

.pdata
Size: 2KB - Virtual size: 1KB

.didat
Size: 512B - Virtual size: 64B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 272B