autoconv[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

autoconv.exe
Size

909KB
MD5

657d1214ff5cd6248f75e66e388a8dde
SHA1

28e7e436296d83ececae06a7ba7131c96cef9bcf
SHA256

f23c921451a0f5cd4095a2f7244a8f55a47b1b13ef847ad26dec89318a4b55ed
SHA512

8daaac57373da2dec663cdeb6a6467b392842d060c9dd0d823389dc55e03e4f3856c96806deb92a6d3f9f4604bde065057e0a054f6d082464c892996a022ea0a
SSDEEP

24576:/DgwNfdoMZZ0pLQrTL9aBAjP1iqtC/DV:/hGMfjha3aCrV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
autoconv.exe

Files

autoconv.exe
.exe windows x64

8be61045829921d740dca13576d33fa7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntdll

_wcsicmp
_wcsupr
LdrSetMUICacheType
RtlInitUnicodeString
NtSetInformationFile
NtDelayExecution
NtClose
RtlAdjustPrivilege
_stricmp
NtOpenFile
NtLoadDriver
NtTerminateProcess
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnhandledExceptionFilter
memset
RtlFreeAnsiString
RtlAllocateHeap
RtlNormalizeProcessParams
RtlUnicodeStringToAnsiString
isspace
_vsnprintf
_vsnwprintf
RtlMultiByteToUnicodeN
RtlOemToUnicodeN
RtlUnicodeToMultiByteN
RtlUnicodeToOemN
_wcslwr
wcschr
NtQueryInformationFile
NtFsControlFile
NtDeviceIoControlFile
NtQueryVolumeInformationFile
wcstoul
_wcstoui64
NtWriteFile
NtCreateFile
NtReadFile
RtlRaiseStatus
NtQuerySystemInformation
RtlSizeHeap
RtlFreeHeap
RtlFreeUnicodeString
NtOpenProcessToken
NtAdjustPrivilegesToken
NtShutdownSystem
NtQuerySystemTime
NtOpenSymbolicLinkObject
NtQuerySymbolicLinkObject
NtQuerySystemEnvironmentValue
RtlValidRelativeSecurityDescriptor
RtlGetVersion
RtlTimeToTimeFields
VerSetConditionMask
RtlVerifyVersionInfo
NtDisplayString
NtSerializeBoot
swprintf_s
NtCreateEvent
NtClearEvent
NtSetThreadExecutionState
NtWaitForMultipleObjects
NtCancelIoFile
__C_specific_handler
RtlQueryRegistryValuesEx
RtlRandomEx
NtQueryPerformanceCounter
isprint
qsort
RtlLengthRequiredSid
RtlInitializeSid
RtlSubAuthoritySid
RtlLengthSid
RtlCopySid
RtlAddAce
RtlCreateAcl
RtlQueryInformationAcl
RtlCreateSecurityDescriptor
RtlSetGroupSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlNewSecurityObject
RtlValidSecurityDescriptor
RtlLengthSecurityDescriptor
RtlAddAccessAllowedAce
RtlInitializeGenericTable
RtlInsertElementGenericTable
RtlInitializeBitMap
RtlSetBits
RtlLookupElementGenericTable
RtlClearBits
RtlFindSetBits
RtlDeleteElementGenericTable
RtlEnumerateGenericTableWithoutSplaying
RtlNumberOfSetBits
RtlInitializeGenericTableAvl
RtlEnumerateGenericTableAvl
RtlLookupFirstMatchingElementGenericTableAvl
RtlEnumerateGenericTableWithoutSplayingAvl
RtlDeleteElementGenericTableAvl
RtlLookupElementGenericTableFullAvl
RtlInsertElementGenericTableFullAvl
RtlDeleteElementGenericTableAvlEx
RtlInsertElementGenericTableAvl
RtlLookupElementGenericTableAvl
RtlWriteRegistryValue
RtlTimeFieldsToTime
RtlSystemTimeToLocalTime
RtlFindMessage
wcsncmp
RtlInitAnsiStringEx
RtlAnsiStringToUnicodeString
RtlFormatMessage
RtlNumberGenericTableElementsAvl
RtlComputeCrc32
DbgPrint
RtlCrc64
RtlUpcaseUnicodeString
EtwEventUnregister
EtwEventRegister
EtwEventSetInformation
EtwEventWriteTransfer
DbgPrintEx
NtFlushBuffersFile
NtQueryAttributesFile
RtlLocalTimeToSystemTime
__chkstk
memcmp
memcpy
memmove
wcscmp

Sections

.text
Size: 575KB - Virtual size: 574KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 271KB - Virtual size: 270KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8be61045829921d740dca13576d33fa7

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

Sections

.text Size: 575KB - Virtual size: 574KB

.rdata Size: 38KB - Virtual size: 37KB

.data Size: 11KB - Virtual size: 13KB

.pdata Size: 11KB - Virtual size: 11KB

.rsrc Size: 271KB - Virtual size: 270KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 575KB - Virtual size: 574KB

.rdata
Size: 38KB - Virtual size: 37KB

.data
Size: 11KB - Virtual size: 13KB

.pdata
Size: 11KB - Virtual size: 11KB

.rsrc
Size: 271KB - Virtual size: 270KB

.reloc
Size: 1KB - Virtual size: 1KB