logagent[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

logagent.exe
Size

107KB
MD5

8b9d102c2d55446744b68ca31ffb1021
SHA1

a456f5e800371484de9f2e3b2dc16a24502fa7b6
SHA256

f62a22b3b414755f963d42b7063eb98bcb4c58a80d0251a04d3da21f2d75d05f
SHA512

443a803521842f7723f3b2abeaac4f43d216ff2479c55cca5474bc345ea82a0ec26c70e8daf0df9069b10683fde665f9e7c27553c1e82aab8319ff507336970f
SSDEEP

3072:DfHdfYI8gbRoMLruHvUF1SpX26gDpoamCKl:DfRoErevUFkU6QoamCK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
logagent.exe

Files

logagent.exe
.exe windows x64

d41074f30a9619e57b1244ffd6a35b53

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

RegEnumKeyExA
RegDeleteValueA
RegEnumValueA
RegOpenKeyExA
RegQueryInfoKeyA
FreeSid
RegSetValueExA
RegCreateKeyExA
AllocateAndInitializeSid
RegCloseKey
RegDeleteValueW
OpenProcessToken
GetTokenInformation
GetAclInformation
GetAce
EqualSid
DeleteAce
AddAce
AddAccessAllowedAce
GetSecurityDescriptorSacl
SetSecurityDescriptorDacl
GetSecurityDescriptorDacl
SetSecurityDescriptorOwner
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
InitializeSecurityDescriptor
InitializeAcl
GetLengthSid
GetSecurityDescriptorLength
MakeSelfRelativeSD
MakeAbsoluteSD
SetSecurityDescriptorGroup
RegQueryValueExA
RegSetValueExW
RegCreateKeyExW
RegDeleteKeyW
RegQueryValueExW
RegOpenKeyExW

kernel32

RtlCaptureContext
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetStartupInfoW
Sleep
EnterCriticalSection
ReleaseSemaphore
WaitForMultipleObjects
LeaveCriticalSection
InitializeCriticalSection
MultiByteToWideChar
GetVersionExA
FreeLibraryAndExitThread
GetCurrentThread
SetThreadPriority
lstrlenW
GetModuleFileNameW
GetComputerNameW
LoadLibraryA
UnhandledExceptionFilter
HeapFree
GetLastError
LoadLibraryW
CreateEventW
WaitForSingleObject
GetVersionExW
LocalAlloc
LocalFree
CloseHandle
CreateThread
HeapAlloc
DeleteCriticalSection
GetProcessHeap
WideCharToMultiByte
RtlLookupFunctionEntry
CreateEventA
WaitForSingleObjectEx
SetEvent
HeapSize
GetTickCount
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
CreateSemaphoreA
RtlVirtualUnwind
GetModuleFileNameA
SizeofResource
VirtualProtect
VirtualAlloc
VirtualQuery
lstrcmpiA
FreeLibrary
lstrcpynA
GetProcAddress
LoadResource
IsDBCSLeadByte
HeapSetInformation
GetSystemInfo
FindResourceExA
GetCommandLineA
GetModuleHandleA
GetCurrentThreadId
LoadLibraryExA

user32

DispatchMessageA
CharPrevA
PostThreadMessageA
SetWindowLongPtrA
PostQuitMessage
GetWindowLongPtrA
CreateWindowExA
DefWindowProcA
RegisterClassA
PostMessageA
DestroyWindow
CharNextA
GetMessageA

msvcrt

iswdigit
swscanf
_wtoi
sscanf_s
_ultow_s
_stricmp
_vsnprintf
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_commode
wcsrchr
iswalpha
_ultow
towupper
iswcntrl
iswascii
wcsspn
wcscspn
wcschr
strchr
_strnicmp
_wcsicmp
_vsnwprintf
__CxxFrameHandler3
memcmp
memcpy
memset
_fmode
_acmdln
_initterm
__setusermatherr
_ismbblead
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
_callnewh
strcat_s
_purecall
realloc
__C_specific_handler
malloc
_wcsnicmp
free
_beginthreadex
wcscmp

ole32

CoUninitialize
CoInitializeEx
CoInitialize
CoTaskMemAlloc
CoCreateInstance
CoTaskMemFree
CoRegisterClassObject
CoSuspendClassObjects
CoTaskMemRealloc
CoRevokeClassObject
CoCreateGuid

oleaut32

SysFreeString
VarUI4FromStr
SysAllocString

wininet

InternetReadFile
InternetConnectW
InternetCloseHandle
HttpSendRequestExW
InternetCrackUrlW
HttpQueryInfoW
InternetSetOptionA
HttpEndRequestA
InternetOpenW
InternetErrorDlg
InternetQueryDataAvailable
HttpQueryInfoA
HttpOpenRequestW
InternetQueryOptionA

wsock32

shutdown
getsockopt
inet_ntoa
getsockname
closesocket
bind
socket
WSACleanup
WSAStartup
setsockopt
WSAGetLastError
ntohl
htons
ntohs
WSAAsyncSelect
inet_addr
getpeername

Sections

.text
Size: 79KB - Virtual size: 78KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 432B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d41074f30a9619e57b1244ffd6a35b53

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

user32

msvcrt

ole32

oleaut32

wininet

wsock32

Sections

.text Size: 79KB - Virtual size: 78KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 512B - Virtual size: 3KB

.pdata Size: 3KB - Virtual size: 3KB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 432B

.text
Size: 79KB - Virtual size: 78KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 512B - Virtual size: 3KB

.pdata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 432B