licensingdiag[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

licensingdiag.exe
Size

221KB
MD5

7db967fa1abf5c637afdd41df6aefc43
SHA1

405a49315ce12219b2e4ccd92cda6c6674ea2403
SHA256

ad50d6f3f21a34d2fe251d5c3cc0e0f42170e2c70e45b7712bdbda0543b8bbf8
SHA512

42aae30e2a08450770d7045ca10b14adb6613cff7604a7521d049c93e0f642b14fe0af46070a60cd5aeedfcc35e8bb19034e1553fd90a44b08d4ad6765bc9346
SSDEEP

6144:YVtC3MmyBfL0HlMfMezbQOS3mJUd/Wo+1ghgFxS:aQmfL06bzbQN3gUwophgFxS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
licensingdiag.exe

Files

licensingdiag.exe
.exe windows x64

60dbed06c36ee4441dd6d6c5db80f524

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

__dllonexit
_setmode
_getwch
wprintf
_onexit
_wcmdln
_fileno
_unlock
_amsg_exit
_lock
_wsetlocale
__set_app_type
exit
_fmode
_wtoi
_commode
_exit
?terminate@@YAXXZ
_open
_cexit
memset
memmove
memcpy
__wgetmainargs
_XcptFilter
_wcsicmp
_vsnwprintf
_sopen_s
free
_tempnam
remove
__iob_func
_lseek
__setusermatherr
_close
_write
_read
_initterm
_errno
__C_specific_handler
wcscmp

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap
HeapSetInformation

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetModuleHandleExW
GetModuleHandleW
SizeofResource
GetProcAddress
GetModuleFileNameW
LockResource
LoadResource
FindResourceExW
LoadLibraryExW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-file-l1-1-0

DeleteFileW
SetFileAttributesW
CreateDirectoryW
FindClose
WriteFile
FindFirstFileW
RemoveDirectoryW
FindNextFileW
GetFileAttributesA
FileTimeToLocalFileTime
GetFileInformationByHandle
GetFullPathNameW
GetFileAttributesW
CreateFileW
CreateFileA

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

cabinet

ord13
ord10
ord14
ord11

api-ms-win-core-datetime-l1-1-1

GetDateFormatEx

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-sysinfo-l1-1-0

GetVersionExW
GetSystemTimeAsFileTime
GetSystemTime
GetTickCount

api-ms-win-core-sysinfo-l1-2-0

GetSystemFirmwareTable

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW
GetCommandLineW

api-ms-win-core-memory-l1-1-0

VirtualQuery

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegQueryInfoKeyW
RegEnumValueW

api-ms-win-core-synch-l1-1-0

WaitForSingleObject

api-ms-win-core-processthreads-l1-1-0

GetStartupInfoW
GetExitCodeProcess
TerminateProcess
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
CreateProcessW

api-ms-win-core-version-l1-1-0

GetFileVersionInfoExW
GetFileVersionInfoSizeExW
VerQueryValueW

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoUninitialize

api-ms-win-security-base-l1-1-0

CheckTokenMembership
AllocateAndInitializeSid
FreeSid

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-util-l1-1-0

DecodePointer

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-kernel32-legacy-l1-1-0

GetComputerNameW
FileTimeToDosDateTime

api-ms-win-shcore-obsolete-l1-1-0

CommandLineToArgvW

clipc

ClipGetLicenseAndPolicyForPfn
ClipClose
ClipGenerateDeviceLicenseRequest
ClipGatherDiagnostics
ClipOpen

api-ms-win-core-processthreads-l1-1-1

GetProcessMitigationPolicy

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Sections

.text
Size: 144KB - Virtual size: 144KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 408B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

60dbed06c36ee4441dd6d6c5db80f524

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

ntdll

api-ms-win-core-heap-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

cabinet

api-ms-win-core-datetime-l1-1-1

api-ms-win-core-file-l2-1-2

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-sysinfo-l1-2-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-version-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-file-l1-2-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-0

api-ms-win-shcore-obsolete-l1-1-0

clipc

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

api-ms-win-core-apiquery-l1-1-0

Sections

.text Size: 144KB - Virtual size: 144KB

.rdata Size: 65KB - Virtual size: 64KB

.data Size: 1024B - Virtual size: 2KB

.pdata Size: 2KB - Virtual size: 1KB

.didat Size: 512B - Virtual size: 32B

.rsrc Size: 7KB - Virtual size: 6KB

.reloc Size: 512B - Virtual size: 408B

.text
Size: 144KB - Virtual size: 144KB

.rdata
Size: 65KB - Virtual size: 64KB

.data
Size: 1024B - Virtual size: 2KB

.pdata
Size: 2KB - Virtual size: 1KB

.didat
Size: 512B - Virtual size: 32B

.rsrc
Size: 7KB - Virtual size: 6KB

.reloc
Size: 512B - Virtual size: 408B