ApproveChildRequest[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

ApproveChildRequest.exe
Size

229KB
MD5

8a9273f02903eaff641334180e9fa312
SHA1

a7d26d1f054a69c0372ffa6ca819484644cc2d37
SHA256

de18aad7759e1daf3fc2174a8d2f822a13523315098a7ac090ba676d810d31c3
SHA512

89b2efd22655e8303c6aac330817a86e82decd39ed684921696246b41b98a0c1a4b932bc66f04e18a37095f2fd97e4bd378369db55d25e4dcd0d4abb8b71911f
SSDEEP

6144:PzmiXVgC+3A4ZmbmTNTGhYa2nfRGKdDPDvV:PDF9+GbmpTGfcnjDt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ApproveChildRequest.exe

Files

ApproveChildRequest.exe
.exe windows x64

a1ef015e6580fdd3894d4bd64c389105

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceEnableFlags
GetTraceLoggerHandle
TraceMessage
EventWriteTransfer
EventActivityIdControl

kernel32

OutputDebugStringW
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
HeapSetInformation
HeapAlloc
GetErrorMode
GetProcAddress
CreateMutexExW
LocalFree
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
DebugBreak
IsDebuggerPresent
CloseThreadpool
SleepConditionVariableSRW
WakeAllConditionVariable
FormatMessageW
DeleteCriticalSection
InitializeCriticalSection
InitializeSRWLock
TlsGetValue
AcquireSRWLockShared
ReleaseSRWLockShared
TlsAlloc
TlsFree
TlsSetValue
ConvertFiberToThread
Sleep
QueueUserAPC
OpenThread
GetTickCount
ReleaseSRWLockExclusive
InitOnceComplete
InitOnceBeginInitialize
AcquireSRWLockExclusive
ReleaseMutex
GetCurrentThreadId
WaitForSingleObject
SetErrorMode
GetModuleHandleExW
ReleaseSemaphore
SetLastError
HeapFree
CreateSemaphoreExW
GetModuleFileNameA
GetLastError
OpenEventW
CreateEventExW

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_function_call@std@@YAXXZ
?_Xbad_alloc@std@@YAXXZ
??0facet@locale@std@@IEAA@_K@Z
??1facet@locale@std@@MEAA@XZ
_Wcsxfrm
_Wcscoll
?_Incref@facet@locale@std@@UEAAXXZ
?_Getcat@?$ctype@G@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?is@?$ctype@G@std@@QEBA_NFG@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
??1_Locinfo@std@@QEAA@XZ
??1_Lockit@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?id@?$ctype@G@std@@2V0locale@2@A
??Bid@locale@std@@QEAA_KXZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?id@?$collate@G@std@@2V0locale@2@A
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?tolower@?$ctype@G@std@@QEBAGG@Z
?tolower@?$ctype@G@std@@QEBAPEBGPEAGPEBG@Z

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_c_exit
_register_thread_local_exe_atexit_callback
_initterm

api-ms-win-crt-private-l1-1-0

_o__errno
_o__exit
_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__itoa_s
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o_exit
_o_free
_o_iswascii
_o_malloc
_o_realloc
_o_terminate
_o_towlower
_o_wcscpy_s
__C_specific_handler
strchr
_CxxThrowException
_o__crt_atexit
_o__configure_wide_argv
_o__configthreadlocale
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_name
_o___std_exception_destroy
_o___std_exception_copy
_o___p__commode
__std_terminate
__CxxFrameHandler4
__CxxFrameHandler3
memcpy
memmove

api-ms-win-crt-string-l1-1-0

memset

oleaut32

SysAllocString
SysFreeString
VariantClear

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetStartupInfoW

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventSetInformation
EventUnregister

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
LeaveCriticalSection

api-ms-win-shcore-obsolete-l1-1-0

CommandLineToArgvW

ole32

CoUninitialize
CoInitializeEx

api-ms-win-core-winrt-l1-1-0

RoInitialize
RoUninitialize

user32

PostThreadMessageW

api-ms-win-core-com-l1-1-0

CoCreateInstance

ntdll

EtwTraceMessage

api-ms-win-crt-math-l1-1-0

ceilf

Sections

.text
Size: 86KB - Virtual size: 86KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 892B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a1ef015e6580fdd3894d4bd64c389105

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcp_win

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-crt-string-l1-1-0

oleaut32

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-shcore-obsolete-l1-1-0

ole32

api-ms-win-core-winrt-l1-1-0

user32

api-ms-win-core-com-l1-1-0

ntdll

api-ms-win-crt-math-l1-1-0

Sections

.text Size: 86KB - Virtual size: 86KB

.rdata Size: 33KB - Virtual size: 33KB

.data Size: 9KB - Virtual size: 11KB

.pdata Size: 5KB - Virtual size: 4KB

.rsrc Size: 93KB - Virtual size: 93KB

.reloc Size: 1024B - Virtual size: 892B

.text
Size: 86KB - Virtual size: 86KB

.rdata
Size: 33KB - Virtual size: 33KB

.data
Size: 9KB - Virtual size: 11KB

.pdata
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 93KB - Virtual size: 93KB

.reloc
Size: 1024B - Virtual size: 892B