MaliciousHelpCenter

Sharing

Copy URL Twitter E-mail

General

Target

MaliciousHelpCenter
Size

753KB
MD5

9b57599f67d82d1d60243df0be0e8af9
SHA1

13079b98e98a4adcf829686d96a0d2203731a8b4
SHA256

e96a011de8eecf6f754f9ce9bb38b377bea5cc88d7b5d975adc3cd182affa9f0
SHA512

a4112136a116455cc7aa3ca9a348cac74d5014d6d5bf2c8018b2f5d20d3a58ddea3e6dab4dc6a7246c08ab399854ef16517578b5d2510373fbd0e9d5a5e932aa
SSDEEP

12288:zR6KIXRtRFiu+Xy1NY1W/nVoY9A7cPSwd1BJ85LxfN1haEhhIhzJdsCm7vcv:zUhfRFiu+Xy1NY1W/nmqA7cPSwr853X4

Score

N/A

Malware Config

Signatures

Files

MaliciousHelpCenter
.exe windows x86

e6b1eea91e3781bafe441292d02e978c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memmove
_strnicoll
iswcntrl
__doserrno
_controlfp
remove
_open
_read
_write
_close
_lseek
_tempnam
_onexit
__dllonexit
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
wcschr
wcscpy
wcsncpy
_wcsnicmp
wcsrchr
_wtoi
_stricmp
_wcsdup
memchr
wcscat
iswspace
_ftol
_beginthreadex
_vsnwprintf
_CxxThrowException
wcscmp
swscanf
swprintf
_purecall
_wcsicmp
wcslen
realloc
free
malloc
__CxxFrameHandler
_errno

advapi32

SetSecurityDescriptorDacl
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptDeriveKey
CryptEncrypt
CryptDecrypt
CryptDestroyHash
CryptDestroyKey
CryptReleaseContext
ReportEventW
DeregisterEventSource
RegisterEventSourceW
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW
RegGetKeySecurity
GetFileSecurityW
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
LsaOpenPolicy
LsaAddAccountRights
LsaNtStatusToWinError
LsaClose
CryptVerifySignatureW
CryptImportKey
LogonUserW
CreateProcessAsUserW
DuplicateTokenEx
CreateServiceW
ChangeServiceConfig2W
ControlService
DeleteService
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerW
SetServiceStatus
OpenSCManagerW
OpenServiceW
CloseServiceHandle
RevertToSelf
RegSetKeySecurity
SetFileSecurityW
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyExW
InitializeAcl
InitializeSecurityDescriptor
MakeAbsoluteSD
RegQueryValueExW
IsValidSecurityDescriptor
MakeSelfRelativeSD
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
AddAccessDeniedAce
GetAce
AddAccessAllowedAce
GetLengthSid
GetAclInformation
IsValidAcl
GetSecurityDescriptorDacl
DeleteAce
EqualSid
LookupAccountNameW
FreeSid
AllocateAndInitializeSid
RegConnectRegistryW
RegEnumKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
AddAce
ConvertSecurityDescriptorToStringSecurityDescriptorW
GetSecurityDescriptorControl
SetSecurityDescriptorControl
SetThreadToken
AccessCheck
MapGenericMask
CopySid
GetTokenInformation
OpenThreadToken
ConvertStringSidToSidW
LookupAccountSidW
AddAccessAllowedAceEx
AddAccessDeniedAceEx
AddAuditAccessAceEx
AddAccessAllowedObjectAce
AddAccessDeniedObjectAce
AddAuditAccessObjectAce

kernel32

OpenFileMappingW
MapViewOfFile
lstrcpyW
lstrcatW
GetProcAddress
CreateThread
FindCloseChangeNotification
FindFirstChangeNotificationW
FindNextChangeNotification
GetLocaleInfoW
IsDBCSLeadByte
CompareStringA
SetThreadPriority
FormatMessageW
GetWindowsDirectoryW
LocalAlloc
LoadLibraryA
RaiseException
ResetEvent
MoveFileW
ReleaseMutex
FlushViewOfFile
UnmapViewOfFile
OpenMutexW
GetSystemDirectoryW
SetLastError
lstrcmpiA
MultiByteToWideChar
lstrlenW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
lstrcmpiW
lstrcpynW
HeapDestroy
InterlockedIncrement
InterlockedDecrement
FreeLibrary
lstrlenA
SizeofResource
LoadResource
FindResourceW
GetLastError
LoadLibraryExW
GetShortPathNameW
GetModuleFileNameW
GetVersionExW
GetCommandLineW
GetPrivateProfileStringW
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InterlockedExchange
Sleep
LoadLibraryW
WaitForMultipleObjects
SetEvent
CloseHandle
CreateEventW
WaitForSingleObject
GetCurrentThread
SetEnvironmentVariableW
GetTempPathW
GetEnvironmentVariableW
CopyFileW
SetFileAttributesW
DeleteFileW
MoveFileExW
GetFileAttributesExW
CreateDirectoryW
FindClose
FindNextFileW
FindFirstFileW
RemoveDirectoryW
CreateFileW
CompareFileTime
GetSystemTime
GetLocalTime
GlobalMemoryStatusEx
CreateFileMappingW
GlobalUnlock
GlobalLock
GlobalSize
GlobalAlloc
FileTimeToSystemTime
GetUserDefaultLCID
GetTimeZoneInformation
GetCurrentDirectoryW
GetFullPathNameW
ExpandEnvironmentStringsW
GetDiskFreeSpaceW
GetTempFileNameW
WideCharToMultiByte
LocalFree
DuplicateHandle
WriteFile
SetFilePointer
ReadFile
GetFileInformationByHandle
GlobalFree
GetModuleHandleA
GetStartupInfoW
OpenProcess
GetFileAttributesA
FileTimeToDosDateTime
FileTimeToLocalFileTime
CreateFileA
HeapAlloc
GetThreadPriority
IsDBCSLeadByteEx
GetSystemDefaultLangID
GetLocaleInfoA
GetACP
HeapReAlloc
HeapFree
GetProcessHeap
CreateMutexW

user32

CharUpperW
CharNextA
GetSystemMetrics
PeekMessageW
CharUpperBuffW
DispatchMessageW
MsgWaitForMultipleObjects
LoadStringW
CharNextW
GetMessageW
PostThreadMessageW
TranslateMessage

ole32

CLSIDFromString
CoSuspendClassObjects
CoRegisterClassObject
StringFromCLSID
CoSetProxyBlanket
GetHGlobalFromStream
StgOpenStorageEx
StgCreateStorageEx
CoGetCallContext
CreateStreamOnHGlobal
CoCreateGuid
StringFromGUID2
CoCreateInstanceEx
CoInitializeEx
CoInitializeSecurity
CoUninitialize
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CoRevokeClassObject

oleaut32

SysAllocStringByteLen
SysStringByteLen
CreateErrorInfo
SetErrorInfo
RegisterTypeLi
LoadTypeLi
GetErrorInfo
VariantInit
VariantTimeToSystemTime
VariantChangeTypeEx
SysFreeString
SysAllocString
VarUI4FromStr
LoadRegTypeLi
SysStringLen
VariantClear
VariantCopy
VariantChangeType
SystemTimeToVariantTime
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SysAllocStringLen
SafeArrayCreateVector

ntdll

wcsncmp
sprintf
strrchr
tolower
strchr
_wtol
_itow
_ltow
wcsstr
_snwprintf
towlower
strtoul
wcstoul
NtQueryInformationProcess
strncpy

rpcrt4

I_RpcBindingInqLocalClientPID

Sections

.text
Size: 637KB - Virtual size: 636KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 92KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e6b1eea91e3781bafe441292d02e978c

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

advapi32

kernel32

user32

ole32

oleaut32

ntdll

rpcrt4

Sections

.text Size: 637KB - Virtual size: 636KB

.data Size: 22KB - Virtual size: 23KB

.rsrc Size: 92KB - Virtual size: 94KB

.text
Size: 637KB - Virtual size: 636KB

.data
Size: 22KB - Virtual size: 23KB

.rsrc
Size: 92KB - Virtual size: 94KB