permision[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

permision.exe
Size

283KB
MD5

53cdbb093b0aee9fd6cf1cbd25a95077
SHA1

3b90ecc7b40c9c74fd645e9e24ab1d6d8aee6c2d
SHA256

01a2e49f9eed2367545966a0dc0f1d466ff32bd0f2844864ce356b518c49085c
SHA512

7335474d6a4b131576f62726c14148acf666e9a2ce54128b23fe04e78d366aa5bdf428fe68f28a42c2b08598d46cada447a4e67d530529b3e10f4282513a425f
SSDEEP

3072:o856+Aq4WBT5TjbyfQ5d2ap3BES3l+3p7z8p5+cyIqrKMjE3g2AJX5ex4uyj0bOT:P56+Aq4WBTWpSqXhpeEioU2U

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
permision.exe

Files

permision.exe
.exe windows x86

Password: infected

2eaf7681cf60327cff49f2244e0aa8b4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteConsoleOutputW
FormatMessageW
CloseHandle
GetLastError
GetCurrentProcess
GetCurrentThread
GetConsoleScreenBufferInfo
GetStdHandle
SetLastError
MultiByteToWideChar
WriteFile
WriteConsoleW
SetConsoleTextAttribute
GetProcAddress
GetModuleHandleW
LoadLibraryW
GetFileInformationByHandle
CreateFileW
DeviceIoControl
GetCompressedFileSizeW
GetFileSizeEx
GetComputerNameW
WideCharToMultiByte
OpenProcess
GetFullPathNameW
FindClose
FindNextFileW
FindFirstFileW
ExitProcess
ExpandEnvironmentStringsW
GetCommandLineW
SetConsoleCtrlHandler
ReadFile
GetLargestConsoleWindowSize
GetModuleFileNameW
FreeLibrary
FileTimeToSystemTime
FileTimeToLocalFileTime
QueryDosDeviceW
ReadConsoleW
GetSystemTime
GetTickCount
SetConsoleActiveScreenBuffer
LocalFree
SystemTimeToFileTime
SetConsoleScreenBufferSize
CreateConsoleScreenBuffer
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter

mfc42u

ord861
ord800
ord540
ord535
ord3658
ord823
ord538
ord2836
ord825
ord2910
ord858
ord5446
ord6390
ord2099
ord5436
ord6379
ord4199
ord5679
ord4273
ord6279
ord6278
ord5706
ord1863
ord5826
ord3722
ord542
ord802
ord5597
ord6563
ord3898
ord2036
ord5830
ord2440
ord537
ord2756
ord2755
ord2810
ord940
ord925
ord922
ord941
ord942
ord924
ord536
ord4197
ord927
ord4124
ord4272

msvcrt

malloc
wprintf
_getch
wcsstr
_wcsicmp
wcsncat
sprintf
wcschr
_wtoi
__RTDynamicCast
iswprint
printf
_c_exit
_exit
wcsncmp
swscanf
wcsrchr
towupper
_purecall
wcsncpy
wcscmp
fclose
_wfopen
_setmode
fread
fwrite
fseek
swprintf
free
__CxxFrameHandler
_CxxThrowException
_XcptFilter
_cexit
exit
__winitenv
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
??1type_info@@UAE@XZ
?terminate@@YAXXZ
__dllonexit
_onexit
wcscpy
wcslen
wcscat
_controlfp

msvcirt

??6ostream@@QAEAAV0@PBX@Z
?cout@@3Vostream_withassign@@A

msvcp60

?wcout@std@@3V?$basic_ostream@GU?$char_traits@G@std@@@1@A
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV12@XZ
??6std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@PBG@Z
??0?$basic_ifstream@GU?$char_traits@G@std@@@std@@QAE@XZ
?open@?$basic_ifstream@GU?$char_traits@G@std@@@std@@QAEXPBDH@Z
??_D?$basic_ifstream@GU?$char_traits@G@std@@@std@@QAEXXZ
?close@?$basic_ifstream@GU?$char_traits@G@std@@@std@@QAEXXZ
??1?$basic_stringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@UAE@XZ
?wcin@std@@3V?$basic_istream@GU?$char_traits@G@std@@@1@A
?getline@?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV12@PAGH@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IAE@XZ
??0?$basic_stringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@H@Z
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UAE@XZ
??1_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
?wcerr@std@@3V?$basic_ostream@GU?$char_traits@G@std@@@1@A
??5std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@PAG@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@PBX@Z

advapi32

SetSecurityDescriptorGroup
RegGetKeySecurity
GetNamedSecurityInfoW
InitializeSecurityDescriptor
SetSecurityDescriptorSacl
SetSecurityDescriptorDacl
GetAclInformation
GetAce
InitializeAcl
AddAce
RegConnectRegistryW
SetNamedSecurityInfoW
SetSecurityInfo
EnumServicesStatusW
OpenServiceW
RegSetKeySecurity
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
MakeSelfRelativeSD
GetSecurityDescriptorLength
SetKernelObjectSecurity
QueryUsersOnEncryptedFile
QueryRecoveryAgentsOnEncryptedFile
FreeEncryptionCertificateHashList
ConvertSecurityDescriptorToStringSecurityDescriptorW
EqualSid
LookupPrivilegeValueW
AdjustTokenPrivileges
PrivilegeCheck
LookupAccountSidW
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
OpenThreadToken
OpenProcessToken
SetSecurityDescriptorOwner
GetSecurityInfo
AddAccessAllowedAce
InitializeSid
GetKernelObjectSecurity
GetSecurityDescriptorControl
CopySid
GetLengthSid
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
AccessCheck
MapGenericMask
DeleteAce
FreeSid
EqualPrefixSid
AllocateAndInitializeSid
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
IsValidSid
LookupAccountNameW
ConvertSidToStringSidW
RegEnumKeyExW
RegQueryInfoKeyW
OpenSCManagerW
LogonUserW
ConvertStringSecurityDescriptorToSecurityDescriptorW
LsaFreeMemory
LsaClose
LsaQueryInformationPolicy
LsaOpenPolicy

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

netapi32

NetShareSetInfo
NetApiBufferFree
NetWkstaGetInfo
NetGetAnyDCName
NetServerGetInfo
NetUserModalsGet

mpr

WNetOpenEnumW
WNetEnumResourceW
WNetCloseEnum

winspool.drv

ClosePrinter
EnumPrintersW
GetPrinterW
OpenPrinterW
SetPrinterW

clusapi

CloseCluster
CloseClusterResource
ClusterCloseEnum
ClusterResourceControl
OpenClusterResource
ClusterEnum
ClusterOpenEnum
OpenCluster

ole32

CoInitialize
CoCreateInstanceEx

user32

wsprintfW

samlib

SamSetSecurityObject
SamLookupNamesInDomain
SamOpenUser
SamOpenAlias
SamOpenGroup
SamOpenDomain
SamCloseHandle
SamEnumerateGroupsInDomain
SamEnumerateUsersInDomain
SamEnumerateAliasesInDomain
SamFreeMemory
SamConnect
SamQuerySecurityObject

ntdll

RtlInitUnicodeString
RtlNtStatusToDosError

shell32

CommandLineToArgvW

Sections

.text
Size: 274KB - Virtual size: 274KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

2eaf7681cf60327cff49f2244e0aa8b4

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

mfc42u

msvcrt

msvcirt

msvcp60

advapi32

version

netapi32

mpr

winspool.drv

clusapi

ole32

user32

samlib

ntdll

shell32

Sections

.text Size: 274KB - Virtual size: 274KB

.data Size: 4KB - Virtual size: 53KB

.rsrc Size: 4KB - Virtual size: 3KB

.text
Size: 274KB - Virtual size: 274KB

.data
Size: 4KB - Virtual size: 53KB

.rsrc
Size: 4KB - Virtual size: 3KB