00800863[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

00800863.exe
Size

1.1MB
MD5

74eea0bfe1d12efd32d9bcc747012545
SHA1

0af5baa63ae8e79da312c57599ae4fec2cc66409
SHA256

6877820dbaf83d1fff53bfb45afc839d36a77a3f0da2ec282eef8619ef19e883
SHA512

6e182e0c5f42e60538ce7e1db7131fc56ad61d087c670c59ae8938183a5467d09682749cf9a86ca1fa88c73b32259f6bf037025885844ae41afcbb5dbff02bca
SSDEEP

24576:FWczyLxrxwuhkjf8cFgEGh3BZOEYmKL0s9k:FWcm/wud5h3BZOEYnws9

Score

1^/10

Malware Config

Signatures

Files

00800863.exe
.exe windows x86

8b02917bbc33e4844411445a509b0ca3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

TraceMessage
EnumDependentServicesW
ChangeServiceConfigW
RegCloseKey
CloseServiceHandle
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
OpenSCManagerW
OpenServiceW
QueryServiceStatus
EventWriteTransfer
OpenProcessToken
CreateProcessAsUserW
CreateRestrictedToken
GetUserNameW
ReadEventLogW
RegOpenKeyExW
RegQueryValueExW
OpenEventLogW
GetOldestEventLogRecord
GetNumberOfEventLogRecords
CloseEventLog
QueryServiceStatusEx
ProcessTrace
CloseTrace
OpenTraceW
LookupPrivilegeValueW
AdjustTokenPrivileges
RegCreateKeyExW
RegEnumKeyExW
RegSetValueExW
RegEnumValueW
ChangeServiceConfig2W
ControlService
QueryServiceConfig2W
EventRegister
EventUnregister
CopySid
FreeSid
StartServiceW
AllocateAndInitializeSid
ConvertStringSidToSidW
EnumServicesStatusExW
CheckTokenMembership
ConvertSidToStringSidW
EqualSid
GetLengthSid
IsValidSid
QueryServiceConfigW

kernel32

GetCommandLineA
GetSystemInfo
LoadLibraryExA
VirtualProtect
GetSystemFirmwareTable
VirtualQuery
MapViewOfFile
HeapSetInformation
GetNativeSystemInfo
GetSystemDirectoryW
QueryFullProcessImageNameW
QueryPerformanceFrequency
OpenProcess
CreateTimerQueueTimer
CreateThreadpoolTimer
SetThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
InitializeSRWLock
FileTimeToDosDateTime
FindResourceW
LoadResource
LockResource
SizeofResource
SystemTimeToFileTime
Module32NextW
Module32FirstW
DeleteTimerQueueTimer
ConvertDefaultLocale
GetComputerNameExW
GetSystemPowerStatus
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
InterlockedPushEntrySList
InitializeSListHead
QueryPerformanceCounter
CreateEventW
ResetEvent
SetEvent
HeapSize
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
WriteConsoleW
GetModuleFileNameW
SetStdHandle
GetOEMCP
GetACP
IsValidCodePage
ExitProcess
CreateSemaphoreExW
CreateMutexExW
GetCurrentProcessId
OpenSemaphoreW
WaitForSingleObjectEx
ReleaseMutex
ReleaseSemaphore
OutputDebugStringW
IsDebuggerPresent
GetModuleHandleW
GetModuleFileNameA
GetModuleHandleExW
HeapFree
GetProcessHeap
HeapAlloc
lstrlenA
MultiByteToWideChar
GetSystemDefaultUILanguage
GetProcAddress
TerminateProcess
CompareFileTime
GetTimeFormatW
GetDateFormatW
SetConsoleMode
GetConsoleMode
GetStdHandle
LoadLibraryExW
ExpandEnvironmentStringsW
FileTimeToLocalFileTime
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
FindClose
FindNextFileW
GetSystemTime
FindFirstFileW
WaitForSingleObject
CreateProcessW
SetHandleInformation
CreatePipe
CopyFileW
GetLocalTime
CreateDirectoryW
DeleteFileW
GetExitCodeProcess
GetCurrentProcess
GetCommandLineW
GetCurrentThreadId
SetLastError
GetTickCount
LocalFree
UnmapViewOfFile
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetLastError
DebugBreak
GetSystemTimeAsFileTime
LoadLibraryW
FormatMessageW
SetErrorMode
CloseHandle
FreeLibrary
Sleep
TryAcquireSRWLockExclusive
FormatMessageA
WideCharToMultiByte
GetStringTypeW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockShared
GetFileInformationByHandleEx
FindFirstFileExW
DeviceIoControl
GetFinalPathNameByHandleW
SetEndOfFile
GetTempPathW
CreateFileW
GetFileAttributesW
SetFileAttributesW
GetFileInformationByHandle
GetFileAttributesExW
SetFileInformationByHandle
SetFilePointerEx
MoveFileExW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
LCMapStringEx
GetLocaleInfoEx
GetCPInfo
CompareStringEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
HeapReAlloc
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileType
GetStartupInfoW
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetTimeZoneInformation
GetFileSizeEx
ReadFile
RaiseException
ReadConsoleW

crypt32

CertVerifyCertificateChainPolicy

rpcrt4

UuidFromStringW
UuidCreate

userenv

CreateEnvironmentBlock
LoadUserProfileW
DestroyEnvironmentBlock
UnloadUserProfile

wintrust

CryptCATAdminEnumCatalogFromHash
WinVerifyTrust
WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminAcquireContext
CryptCATAdminReleaseCatalogContext
CryptCATAdminReleaseContext
CryptCATCatalogInfoFromContext

bcrypt

BCryptOpenAlgorithmProvider
BCryptGetProperty
BCryptCreateHash
BCryptHashData
BCryptFinishHash
BCryptCloseAlgorithmProvider
BCryptDestroyHash

mpclient

MpCleanStart
MpCleanOpen
MpScanStartEx
MpScanControl
MpScanResult
MpThreatEnumerate
MpThreatOpen
MpAddDynamicSignatureFile
MpServiceLogMessage
MpUnblockSignatures
MpRemoveDynamicSignatureFile
MpRollbackPlatform
MpDynamicSignatureOpen
MpManagerEnable
MpUnblockEngine
MpUpdateTSModeEx
MpGetTSModeInfo
MpClientUtilExportFunctions
MpConfigClose
MpConfigSetValue
MpConfigGetValue
MpGetTPStateInfo
MpUpdatePlatform
MpManagerStatusQuery
MpManagerOpen
MpConfigGetValueAlloc
MpConfigOpen
MpFreeMemory
MpHandleClose
MpUpdateStartEx
MpDynamicSignatureEnumerate
MpGetTaskSchedulerStrings
MpGetNpSupportFile
MpManagerVersionQuery
MpGetTDTFeatureStatusEx
MpGetTDTFeatureStatus
MpConfigIteratorOpen
MpConfigIteratorEnum
MpConfigIteratorClose
MpNetworkCapture
MpConfigDelValue
MpQuarantineRequest
MpManagerStatusQueryEx
MpUpdateStart
MpSampleQuery
MpSampleSubmit
MpConveySampleSubmissionResult
MpGetSampleChunk
MpQueryEngineConfigDword
MpGetDeviceControlSecurityPolicies
MpSetTPState
MpAllocMemory
MpWDEnable
MpUtilsExportFunctions
MpUnblockPlatform
MpConfigUninitialize
MpConfigInitialize

api-ms-win-service-private-l1-1-0

UnsubscribeServiceChangeNotifications
SubscribeServiceChangeNotifications

ntdll

NtQueryInformationProcess
RtlUnwind
RtlCompareMemory
RtlLengthSid

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8b02917bbc33e4844411445a509b0ca3

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

crypt32

rpcrt4

userenv

wintrust

bcrypt

mpclient

api-ms-win-service-private-l1-1-0

ntdll

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.data Size: 23KB - Virtual size: 27KB

.idata Size: 9KB - Virtual size: 9KB

.didat Size: 512B - Virtual size: 144B

.rsrc Size: 49KB - Virtual size: 49KB

.reloc Size: 48KB - Virtual size: 47KB

.text
Size: 1.0MB - Virtual size: 1.0MB

.data
Size: 23KB - Virtual size: 27KB

.idata
Size: 9KB - Virtual size: 9KB

.didat
Size: 512B - Virtual size: 144B

.rsrc
Size: 49KB - Virtual size: 49KB

.reloc
Size: 48KB - Virtual size: 47KB