AlService[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

AlService.exe
Size

71.9MB
MD5

bd62c8ed4ca21cb29236227c9481baf7
SHA1

661d55d3a08a28cfb56fe3915d8b0b31e0717ac0
SHA256

a2f43426f41defd2df3287a2d4517aa978db12bcd32b6811eb11317e76d935d5
SHA512

6dc660137a1effd3bc7df79dbf372f071955582f70bffad9a2be458ec14618feb14531d1be56e2aa0736ecb8bde5c2ec8c5290a3ee53ba8c0d011a373b92521f
SSDEEP

196608:Qdb9C4VATEZMvQd6rKFdu9CwJsv6ttHBicLViSKAt:s9C4tG+iKFdu9CwJsv6ttHJt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
AlService.exe

Files

AlService.exe
.exe windows x64

69f93d6945db9a978ab429ffdd33ed26

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetSystemPowerStatus
GetSystemTimes
WaitForSingleObject
CloseHandle
GetModuleFileNameW
DeleteFileW
MultiByteToWideChar
CreateFileW
VirtualAlloc
VirtualFree
GetCommandLineW
GetFileSize
SetFilePointer
ReadFile
GetModuleHandleA
GetProcessHeap
DeleteCriticalSection
DecodePointer
HeapAlloc
HeapReAlloc
HeapSize
InitializeCriticalSectionEx
HeapFree
FindFirstVolumeA
GetVolumeInformationW
OpenMutexW
LocalFree
ReleaseMutex
LocalAlloc
CreateMutexW
CreateProcessW
GetCurrentProcessId
GetProcAddress
LoadLibraryW
LoadLibraryA
GetLastError
Sleep
ProcessIdToSessionId
TerminateProcess
WideCharToMultiByte
GlobalMemoryStatusEx
Process32FirstW
K32GetProcessMemoryInfo
Process32NextW
CreateToolhelp32Snapshot
OpenProcess
GetCurrentProcess
GetTickCount
CreateDirectoryW
WriteConsoleW
GetOEMCP
GetACP
IsValidCodePage
SetEnvironmentVariableW
GetFileSizeEx
EnumSystemLocalesW
IsValidLocale
LCMapStringW
CompareStringW
SetStdHandle
SetFileAttributesW
GetConsoleOutputCP
GetModuleHandleW
FormatMessageW
WTSGetActiveConsoleSessionId
GlobalAlloc
GlobalSize
GlobalUnlock
GlobalLock
CheckRemoteDebuggerPresent
GetCurrentThreadId
ExpandEnvironmentStringsW
GetLocaleInfoW
GetUserDefaultLocaleName
GetConsoleWindow
GetUserDefaultLangID
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
MapViewOfFile
UnmapViewOfFile
ExitProcess
CompareStringEx
GetSystemTime
GetLocalTime
DuplicateHandle
SetEvent
CreateEventW
WaitForMultipleObjects
CreateThread
GetCurrentThread
SetThreadPriority
GetThreadPriority
TerminateThread
ResumeThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemInfo
WaitForSingleObjectEx
GetNativeSystemInfo
OutputDebugStringW
IsProcessorFeaturePresent
ResetEvent
GetSystemDirectoryW
GetDateFormatW
GetTimeFormatW
GetCurrencyFormatW
GetUserDefaultLCID
GetUserPreferredUILanguages
GetFileAttributesExW
QueryPerformanceCounter
QueryPerformanceFrequency
GetTickCount64
GetCurrentDirectoryW
FindClose
FindFirstFileW
GetFileAttributesW
GetFileInformationByHandle
GetFullPathNameW
GetLogicalDrives
GetLongPathNameW
RemoveDirectoryW
SetFileTime
GetTempPathW
GetVolumePathNamesForVolumeNameW
SetErrorMode
DeviceIoControl
CopyFileW
MoveFileW
MoveFileExW
TzSpecificLocalTimeToSystemTime
FileTimeToSystemTime
SystemTimeToFileTime
GetFileInformationByHandleEx
FlushFileBuffers
GetDriveTypeW
GetFileType
SetEndOfFile
SetFilePointerEx
WriteFile
CreateFileMappingW
FindCloseChangeNotification
FindFirstChangeNotificationW
FindNextChangeNotification
FreeLibrary
GetModuleHandleExW
GetStdHandle
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetExitCodeProcess
UnregisterWaitEx
RegisterWaitForSingleObject
FindFirstFileExW
FindNextFileW
GetTimeZoneInformation
GetGeoInfoW
GetUserGeoID
ReadFileEx
PeekNamedPipe
CancelIoEx
SleepEx
WriteFileEx
CreateMutexA
SetLastError
DebugBreak
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
IsDebuggerPresent
GetStartupInfoW
GetSystemTimeAsFileTime
InitializeSListHead
RaiseException
EncodePointer
LCMapStringEx
GetStringTypeW
GetCPInfo
RtlUnwindEx
RtlUnwind
LoadLibraryExW
ExitThread
FreeLibraryAndExitThread
GetCommandLineA
GetConsoleMode
ReadConsoleW

user32

ClientToScreen
ScreenToClient
WindowFromPoint
ChildWindowFromPointEx
GetSysColorBrush
GetWindowLongPtrW
GetParent
LoadImageW
RegisterClipboardFormatW
GetClipboardFormatNameW
RegisterClassW
EnumDisplayDevicesW
IsHungAppWindow
SendMessageW
PostMessageW
SetClipboardViewer
ChangeClipboardChain
GetWindowThreadProcessId
AttachThreadInput
IsChild
ShowWindow
UpdateLayeredWindow
SetLayeredWindowAttributes
FlashWindowEx
MoveWindow
SetWindowPlacement
IsWindowVisible
IsIconic
SetFocus
RegisterTouchWindow
UnregisterTouchWindow
IsTouchWindow
GetCapture
SetCapture
ReleaseCapture
GetMenu
GetSystemMenu
EnableMenuItem
GetForegroundWindow
SetForegroundWindow
BeginPaint
EndPaint
GetUpdateRect
SetWindowRgn
SetWindowTextW
GetWindowRect
AdjustWindowRectEx
SetCursor
GetWindowLongW
SetWindowLongW
SetWindowLongPtrW
SetParent
GetWindow
DestroyCursor
GetWindowPlacement
MonitorFromPoint
GetAncestor
SetMenu
DrawMenuBar
CreateMenu
CreatePopupMenu
SetWindowPos
InsertMenuW
AppendMenuW
ModifyMenuW
RemoveMenu
TrackPopupMenu
GetMenuItemInfoW
GetCursorPos
GetDisplayConfigBufferSizes
QueryDisplayConfig
DisplayConfigGetDeviceInfo
MonitorFromWindow
GetMonitorInfoW
EnumDisplayMonitors
GetSysColor
LoadIconW
GetKeyboardLayout
RegisterWindowMessageW
IsWindowEnabled
CreateCaret
DestroyCaret
HideCaret
ShowCaret
SetCaretPos
FindWindowA
PeekMessageW
IsZoomed
GetKeyState
GetKeyboardState
ToAscii
ToUnicode
MapVirtualKeyW
TrackPopupMenuEx
SetCursorPos
GetCursor
LoadCursorW
CreateCursor
CreateIconIndirect
GetIconInfo
GetCursorInfo
TrackMouseEvent
GetMessageExtraInfo
GetAsyncKeyState
GetTouchInputInfo
CloseTouchInputHandle
GetWindowTextW
EnumWindows
RealGetWindowClassW
ChangeWindowMessageFilterEx
DrawIconEx
TranslateMessage
DispatchMessageW
GetQueueStatus
MsgWaitForMultipleObjectsEx
SetTimer
KillTimer
CharNextExA
RegisterDeviceNotificationW
UnregisterDeviceNotification
PostThreadMessageW
DestroyWindow
CreateWindowExW
RegisterClassExW
GetClassInfoW
UnregisterPowerSettingNotification
RegisterPowerSettingNotification
GetKeyboardLayoutList
UpdateLayeredWindowIndirect
UnregisterClassW
SystemParametersInfoW
GetDesktopWindow
GetClientRect
GetCaretBlinkTime
MessageBeep
IsWindow
GetDoubleClickTime
InvalidateRect
ReleaseDC
GetDC
GetSystemMetrics
SetMenuItemInfoW
GetFocus
DefWindowProcW
DestroyMenu
DestroyIcon

advapi32

LsaClose
CopySid
DuplicateToken
GetLengthSid
MapGenericMask
GetEffectiveRightsFromAclW
BuildTrusteeWithSidW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
LsaOpenPolicy
LsaAddAccountRights
GetSecurityDescriptorDacl
BuildExplicitAccessWithNameW
ConvertStringSidToSidW
RegSetKeySecurity
LookupAccountSidW
RegOpenKeyW
RegQueryValueExA
SetSecurityDescriptorDacl
SetEntriesInAclW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
InitializeSecurityDescriptor
LookupPrivilegeValueW
AdjustTokenPrivileges
CreateProcessAsUserA
AllocateAndInitializeSid
FreeSid
CreateProcessAsUserW
DuplicateTokenEx
GetTokenInformation
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegFlushKey
RegQueryInfoKeyW
RegSetValueExW
OpenProcessToken
SystemFunction036
RegQueryValueExW
GetSidSubAuthorityCount
GetSidSubAuthority
AccessCheck

shell32

CommandLineToArgvW
SHGetPathFromIDListW
Shell_NotifyIconGetRect
Shell_NotifyIconW
SHGetSpecialFolderPathW
SHGetFolderPathW
SHBrowseForFolderW
SHGetFileInfoW
SHGetStockIconInfo
ord727
ShellExecuteW
SHCreateItemFromIDList
SHCreateItemFromParsingName
SHGetMalloc
SHGetKnownFolderIDList

ole32

OleUninitialize
CoTaskMemFree
ReleaseStgMedium
OleSetClipboard
OleGetClipboard
OleFlushClipboard
OleIsCurrentClipboard
CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
CoInitialize
DoDragDrop
CoGetMalloc
CoCreateGuid
CoUninitialize
CoCreateInstance
CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
OleInitialize

oleaut32

SafeArrayCreateVector
SysFreeString
SysAllocString
VariantClear
SafeArrayPutElement

dwmapi

DwmIsCompositionEnabled
DwmSetWindowAttribute
DwmGetWindowAttribute
DwmEnableBlurBehindWindow

imm32

ImmSetCandidateWindow
ImmSetCompositionWindow
ImmNotifyIME
ImmGetVirtualKey
ImmReleaseContext
ImmGetOpenStatus
ImmGetDefaultIMEWnd
ImmGetContext
ImmAssociateContextEx
ImmAssociateContext
ImmGetCompositionStringW

shlwapi

PathAppendW
PathRemoveFileSpecW
SHGetValueW
SHSetValueW

wtsapi32

WTSEnumerateSessionsW
WTSQuerySessionInformationW
WTSFreeMemory
WTSQueryUserToken

userenv

DestroyEnvironmentBlock
GetUserProfileDirectoryW

netapi32

NetApiBufferFree
NetShareEnum

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

winmm

timeSetEvent
PlaySoundW
timeKillEvent

ws2_32

WSAAsyncSelect

ntdll

NtQuerySystemTime
LdrLockLoaderLock
RtlPcToFileHeader
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlImageNtHeader
RtlNtStatusToDosError
LdrUnlockLoaderLock
LdrUnloadDll
RtlHashUnicodeString
RtlFreeHeap
NtProtectVirtualMemory
NtQueryVirtualMemory
RtlRaiseStatus
RtlCompareMemory

gdi32

SetTextAlign
SetTextColor
SetGraphicsMode
SetBkMode
GetCharABCWidthsI
GetTextExtentPoint32W
GetOutlineTextMetricsW
GetGlyphOutlineW
GetCharABCWidthsFloatW
GetCharABCWidthsW
GetStockObject
GetDIBits
GdiFlush
CreateDIBSection
GetTextFaceW
GetTextMetricsW
ExtTextOutW
AddFontMemResourceEx
RemoveFontResourceExW
AddFontResourceExW
GetFontData
EnumFontFamiliesExW
CreateFontIndirectW
GetObjectW
GetBitmapBits
SwapBuffers
GetPixelFormat
DescribePixelFormat
CreateBitmap
SelectObject
DeleteDC
BitBlt
CreateDCW
CreateCompatibleDC
RemoveFontMemResourceEx
CreateCompatibleBitmap
SetLayout
SelectClipRgn
OffsetRgn
DeleteObject
CreateRectRgn
CombineRgn
SetPixelFormat
ChoosePixelFormat
GetDeviceCaps
SetWorldTransform

Exports

Exports

??$nativeInterface@UQWGLContext@QNativeInterface@@@QOpenGLContext@@QEBAPEAUQWGLContext@QNativeInterface@@XZ

Sections

.text
Size: 6.1MB - Virtual size: 6.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 75KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 273KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qtmetad
Size: 1024B - Virtual size: 565B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qtmimed
Size: 326KB - Virtual size: 325KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

69f93d6945db9a978ab429ffdd33ed26

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

dwmapi

imm32

shlwapi

wtsapi32

userenv

netapi32

version

winmm

ws2_32

ntdll

gdi32

Exports

Exports

Sections

.text Size: 6.1MB - Virtual size: 6.1MB

.rdata Size: 2.1MB - Virtual size: 2.1MB

.data Size: 75KB - Virtual size: 149KB

.pdata Size: 273KB - Virtual size: 272KB

.qtmetad Size: 1024B - Virtual size: 565B

.qtmimed Size: 326KB - Virtual size: 325KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 27KB - Virtual size: 26KB

.text
Size: 6.1MB - Virtual size: 6.1MB

.rdata
Size: 2.1MB - Virtual size: 2.1MB

.data
Size: 75KB - Virtual size: 149KB

.pdata
Size: 273KB - Virtual size: 272KB

.qtmetad
Size: 1024B - Virtual size: 565B

.qtmimed
Size: 326KB - Virtual size: 325KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 27KB - Virtual size: 26KB