Static task
static1
General
-
Target
intelsvc.exe
-
Size
3.1MB
-
MD5
a7cde18f991e97037a7899b7669e2548
-
SHA1
0fd0b96ff150a1ecf93206c227a13148933f28ce
-
SHA256
8b9f1fa5f941c7f46b65bf8929ca80d132435151e1dcb3a5de7693b70b254467
-
SHA512
1d73b9a3b8866ab9ccac32bb97a63062d2a8c5152d83e5681ef1227b2dab1d56ccc4d4fdb05c5fba55a4cb27de77592a509e1211d05f2f1811e19fdfa88fed50
-
SSDEEP
49152:RyBkRdnKQlYeEesgIMIbVSRsyMwJwTStnkoxCnKgyNOnJR:WkAe+Vm2wnndeKg5
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource intelsvc.exe
Files
-
intelsvc.exe.exe windows x86
8f2b3effca00c6e7f278f76a6a20c906
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
TlsAlloc
WideCharToMultiByte
FormatMessageA
FormatMessageW
LocalFree
InterlockedExchangeAdd
CloseHandle
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
Sleep
WaitForMultipleObjects
TerminateThread
QueueUserAPC
SetEvent
PostQueuedCompletionStatus
GetProcAddress
WriteFile
WTSGetActiveConsoleSessionId
ReadFile
RaiseException
GetModuleHandleW
DecodePointer
LoadLibraryW
GetLastError
DeleteFileW
GetModuleFileNameW
FreeLibrary
GetFileSize
GetTickCount
ProcessIdToSessionId
AttachConsole
GetCommandLineW
TerminateProcess
OpenProcess
TlsFree
GetCurrentProcess
GetVersionExW
WriteConsoleW
SetStdHandle
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
EnterCriticalSection
LeaveCriticalSection
GetCurrentProcessId
WaitForSingleObject
CreateFileW
IsValidCodePage
FindNextFileA
FindFirstFileExA
HeapSize
GetTimeZoneInformation
HeapReAlloc
ReadConsoleW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetFileType
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetACP
InterlockedExchange
InterlockedDecrement
InterlockedIncrement
MultiByteToWideChar
GetStringTypeW
QueryPerformanceCounter
QueryPerformanceFrequency
DuplicateHandle
WaitForSingleObjectEx
SwitchToThread
GetCurrentThread
GetCurrentThreadId
GetExitCodeThread
TryEnterCriticalSection
EncodePointer
SetLastError
CreateEventW
TlsGetValue
TlsSetValue
GetSystemTimeAsFileTime
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
IsDebuggerPresent
OutputDebugStringW
SleepEx
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetExitCodeProcess
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
OpenFileMappingW
GetUserGeoID
GetGeoInfoW
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
SetThreadExecutionState
GetConsoleWindow
CreateDirectoryW
InterlockedCompareExchange
CreateIoCompletionPort
SetWaitableTimer
GetQueuedCompletionStatus
VerSetConditionMask
VerifyVersionInfoW
CompareFileTime
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
SetCurrentDirectoryW
LocalAlloc
GetFileAttributesW
OutputDebugStringA
FreeConsole
SetConsoleCtrlHandler
GenerateConsoleCtrlEvent
GetThreadTimes
DeviceIoControl
SetPriorityClass
HeapAlloc
GetProcessHeap
HeapFree
GetComputerNameW
GetUserDefaultUILanguage
FindResourceW
LockResource
LoadResource
SizeofResource
MoveFileW
GetLogicalDriveStringsW
GetVolumeInformationW
GetDiskFreeSpaceExW
FindFirstFileW
FindNextFileW
FindClose
RemoveDirectoryW
GetFileAttributesExW
SetFileTime
SetFilePointer
SetEndOfFile
ResetEvent
InitializeSListHead
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
CreateTimerQueue
SignalObjectAndWait
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
FreeLibraryAndExitThread
GetModuleHandleA
LoadLibraryExW
VirtualAlloc
VirtualProtect
VirtualFree
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
RtlUnwind
ExitProcess
GetModuleHandleExW
ExitThread
GetModuleFileNameA
GetStdHandle
VirtualQuery
user32
EmptyClipboard
SetClipboardData
CloseClipboard
LoadCursorW
SetCursor
SetClassLongW
wsprintfW
ExitWindowsEx
ChangeDisplaySettingsW
LockWorkStation
SendInput
GetDC
ReleaseDC
mouse_event
EnumDisplayDevicesW
EnumDisplaySettingsW
ChangeDisplaySettingsExW
GetClipboardData
OpenDesktopW
SetThreadDesktop
CloseDesktop
MapVirtualKeyW
SystemParametersInfoW
EnableWindow
GetDlgItem
GetWindowRect
GetAsyncKeyState
SetMenu
GetClientRect
InvalidateRect
AdjustWindowRect
SetFocus
GetKeyState
SetWindowPos
EnableMenuItem
GetSystemMenu
GetWindowTextW
MoveWindow
FillRect
UpdateWindow
ScreenToClient
DrawTextW
CallNextHookEx
ClientToScreen
SetWindowsHookExW
BroadcastSystemMessageW
UnhookWindowsHookEx
SetWindowTextA
GetWindowTextA
IsDlgButtonChecked
GetMenu
DrawEdge
DestroyWindow
DrawFrameControl
GetParent
SendMessageW
ToAscii
SetScrollPos
ShowScrollBar
SetScrollRange
HideCaret
ShowCaret
MessageBeep
SetCaretPos
RegisterClassW
BeginPaint
EndPaint
GetFocus
GetScrollPos
GetScrollRange
CreateCaret
DestroyCaret
GetWindowPlacement
DrawIconEx
DestroyIcon
GetDesktopWindow
GetMonitorInfoW
OpenWindowStationW
SetProcessWindowStation
CloseWindowStation
OpenInputDesktop
GetUserObjectInformationW
EnumDisplayMonitors
GetCursorInfo
GetIconInfo
GetWindowDC
DestroyCursor
CreateIconIndirect
InsertMenuItemW
CreateMenu
PostQuitMessage
RemoveMenu
GetMenuBarInfo
GetDCEx
SetMenuItemInfoW
LoadIconW
MapWindowPoints
CallWindowProcW
GetWindowLongW
ShowWindow
SetForegroundWindow
DefWindowProcW
GetCursorPos
CreatePopupMenu
InsertMenuW
TrackPopupMenu
DestroyMenu
FindWindowW
GetSystemMetrics
RegisterClassExW
CreateWindowExW
DrawMenuBar
LoadImageW
GetGuiResources
SetWindowTextW
PostMessageW
MessageBoxW
TranslateMessage
PeekMessageW
OpenClipboard
GetKeyboardState
DispatchMessageW
DrawTextExW
SetWindowLongW
gdi32
CreateSolidBrush
DeleteObject
CreateCompatibleDC
CreateDIBSection
SelectObject
BitBlt
SetBrushOrgEx
SetBkMode
CreateFontIndirectW
SetTextColor
Rectangle
CreatePen
GetROP2
SetROP2
CreateFontW
GetTextMetricsW
CreateDIBitmap
CreatePatternBrush
CreateCompatibleBitmap
DeleteDC
GetDIBits
GetObjectW
StretchBlt
SaveDC
RestoreDC
GetBitmapBits
CreateBitmap
SetBkColor
ExtTextOutW
GetTextExtentPoint32W
GetDeviceCaps
GetStockObject
shell32
SHGetFileInfoW
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFolderPathW
ShellExecuteW
SHGetSpecialFolderPathW
Shell_NotifyIconW
CommandLineToArgvW
ShellExecuteExW
ord47
SHGetMalloc
ole32
CoInitializeEx
CreateStreamOnHGlobal
CoInitialize
CoCreateInstance
CoUninitialize
oleaut32
SysAllocString
SysFreeString
SysStringLen
VariantInit
VariantClear
ws2_32
listen
ioctlsocket
accept
freeaddrinfo
getsockopt
connect
WSASend
WSARecv
WSAStartup
WSACleanup
closesocket
shutdown
WSASetLastError
gethostname
ntohl
WSAConnect
WSASocketW
inet_ntoa
gethostbyname
recv
select
send
setsockopt
WSAGetLastError
getaddrinfo
socket
bind
getpeername
urlmon
URLDownloadToFileW
URLOpenBlockingStreamW
winmm
waveInStart
waveInClose
waveOutOpen
waveInPrepareHeader
waveOutUnprepareHeader
waveOutPrepareHeader
waveOutWrite
waveOutClose
timeBeginPeriod
timeEndPeriod
waveInOpen
waveInGetDevCapsW
waveInGetNumDevs
waveInAddBuffer
waveInReset
waveInUnprepareHeader
wtsapi32
WTSFreeMemory
WTSQuerySessionInformationW
WTSEnumerateSessionsW
userenv
DestroyEnvironmentBlock
CreateEnvironmentBlock
winhttp
WinHttpCloseHandle
WinHttpOpen
WinHttpConnect
WinHttpOpenRequest
WinHttpReceiveResponse
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpWriteData
WinHttpSendRequest
WinHttpAddRequestHeaders
iphlpapi
GetBestInterface
IcmpSendEcho
IcmpCreateFile
GetAdaptersAddresses
mpr
WNetEnumResourceW
WNetOpenEnumW
WNetCloseEnum
gdiplus
GdipDisposeImage
GdipCloneImage
GdiplusShutdown
GdipSaveImageToStream
GdipAlloc
GdipFree
GdipCreateBitmapFromHBITMAP
GdipGetImageEncodersSize
GdipGetImageEncoders
GdiplusStartup
msimg32
AlphaBlend
comctl32
InitCommonControlsEx
ord17
comdlg32
GetOpenFileNameW
advapi32
DuplicateTokenEx
LookupAccountSidW
GetTokenInformation
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegDeleteValueW
RegCloseKey
OpenProcessToken
LookupPrivilegeValueW
CryptAcquireContextW
SetTokenInformation
AdjustTokenPrivileges
CreateProcessAsUserW
SetServiceStatus
RegisterServiceCtrlHandlerExW
OpenSCManagerW
CreateServiceW
ChangeServiceConfig2W
CloseServiceHandle
RegCreateKeyExW
OpenServiceW
DeleteService
StartServiceW
StartServiceCtrlDispatcherW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
SetSecurityInfo
SetEntriesInAclW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetFileSecurityW
CryptReleaseContext
CryptGenRandom
Sections
.text Size: 1.9MB - Virtual size: 1.9MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 353KB - Virtual size: 352KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 616KB - Virtual size: 833KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 145KB - Virtual size: 144KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 98KB - Virtual size: 98KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ