Screening-Document[.]img

Resubmissions

Sharing

Copy URL Twitter E-mail

General

Target

Screening-Document.img
Size

3.5MB
MD5

804a814ca53fc7cf32a3b5c59b0a08a8
SHA1

f078c330e852d6922251bf493073e544f5692250
SHA256

c907bd681b08f886b611afacdd57dc54a900338b1ca97f6f390b3e113b11203a
SHA512

ae057a4d2079172683d7133acc5d3e1e49a9665e3f33f8c00d3401c424bdf820974364fb49413ec88ca83224b13a069f2fb70cc8756e375a4bdcd3520850c404
SSDEEP

24576:xodRQ3D2vwpTueXGs/9ByXCbQw4kiT1jAXiy9bIRWhmvDXy3O+abJ1ra+I7uosIu:xoTQoIaSGshdKlACdTt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/symsrv.dll

Files

Screening-Document.img
.iso
Screening Documents.docx.lnk
.lnk
symsrv.dll
.dll windows:6 windows x64

96b129fd0be13d07bbb9c9fea164078b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
RemoveVectoredExceptionHandler
RtlLookupFunctionEntry
AddVectoredExceptionHandler
GetCurrentThread
GetModuleHandleA
ExpandEnvironmentStringsA
GetCurrentProcess
GetModuleHandleW
GetProcAddress
GetModuleHandleExA
GetLastError
GetEnvironmentVariableW
ExitProcess
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
IsDebuggerPresent
GetCurrentProcessId
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
RtlCaptureContext

advapi32

CryptDecrypt
CryptCreateHash
CryptDestroyKey
CryptDestroyHash
CryptReleaseContext
CryptAcquireContextW
CryptDeriveKey
CryptHashData

dnsapi

DnsQuery_A

vcruntime140

__std_type_info_destroy_list
__C_specific_handler
wcsstr
memset
memcpy

api-ms-win-crt-heap-l1-1-0

malloc

api-ms-win-crt-string-l1-1-0

_stricmp
_strdup

api-ms-win-crt-runtime-l1-1-0

_cexit
_execute_onexit_table
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initterm
_errno
_invalid_parameter_noinfo

Exports

Exports

SymbolServerGetIndexString
SymbolServerSetOptions

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 732B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 290KB - Virtual size: 290KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
symstore.exe
.exe windows:10 windows x64

faf8fdaaee079b9001fafcedbefbf131

Code Sign

33:00:00:04:fe:59:ca:b7:e6:2a:a5:22:c1:00:00:00:00:04:fe
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/02/2023, 20:11

Not After

31/01/2024, 20:11

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:ca:bc:71:f4:85:19:fe:93:21:dd:93:5c:62:e3:9f:9c:8f:3e:35:12:19:58:69:73:f5:15:d1:81:5e:8a:cb
Signer

Actual PE Digest

4e:ca:bc:71:f4:85:19:fe:93:21:dd:93:5c:62:e3:9f:9c:8f:3e:35:12:19:58:69:73:f5:15:d1:81:5e:8a:cb

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

msvcrt

?terminate@@YAXXZ
_commode
_fmode
_initterm
__setusermatherr
memcpy
_cexit
_exit
memset
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
_tempnam
sprintf_s
_splitpath_s
getenv
isdigit
strcpy_s
_msize
malloc
strrchr
atol
strncmp
rand
strchr
isspace
strstr
_stricmp
fgets
fclose
fopen
toupper
free
printf
fprintf
_vsnprintf
freopen
exit
__C_specific_handler
__iob_func
srand
realloc
_strnicmp
time
strcmp

dbghelp

ImageDirectoryEntryToData
SymInitialize
SymUnloadModule64
SymGetModuleInfo64
SymLoadModuleEx
SymCleanup
MakeSureDirectoryPathExists
SymSetOptions

symsrv

SymbolServerGetIndexString
SymbolServerSetOptions

cabinet

ord14
ord10
ord13
ord11

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

kernel32

GetFileSizeEx
FileTimeToSystemTime
GetFileTime
GetTickCount
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateThread
GetSystemInfo
WaitForSingleObjectEx
CreateMutexA
WaitForMultipleObjectsEx
FileTimeToDosDateTime
SetFilePointerEx
GetTempFileNameA
FileTimeToLocalFileTime
MoveFileExA
ReadFile
LocalSize
GetPrivateProfileStringA
GetLocalTime
GetFileInformationByHandle
GetPrivateProfileSectionA
GetCurrentThreadId
LocalAlloc
GetModuleFileNameA
RemoveDirectoryA
GetFileSize
SetFileAttributesA
CloseHandle
DeleteFileA
CreateFileA
CopyFileA
Sleep
MultiByteToWideChar
FindClose
SetEndOfFile
SetFilePointer
LoadLibraryExW
GetFullPathNameA
FindNextFileA
MapViewOfFile
CreateFileMappingA
FlushViewOfFile
UnmapViewOfFile
FindFirstFileExA
WriteFile
SetLastError
FindFirstFileA
GetFileAttributesA
SetConsoleCtrlHandler
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
SetErrorMode
WaitForSingleObject
ReleaseMutex
LoadLibraryA
GetProcAddress
LocalFree
DeleteCriticalSection
FreeLibrary
FormatMessageA
GetLastError

shlwapi

PathIsNetworkPathA

Sections

.text
Size: 88KB - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

96b129fd0be13d07bbb9c9fea164078b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

dnsapi

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

Exports

Exports

Sections

.text Size: 11KB - Virtual size: 10KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 1024B - Virtual size: 732B

.rsrc Size: 290KB - Virtual size: 290KB

.reloc Size: 512B - Virtual size: 44B

faf8fdaaee079b9001fafcedbefbf131

Code Sign

33:00:00:04:fe:59:ca:b7:e6:2a:a5:22:c1:00:00:00:00:04:feCertificate

Extended Key Usages

61:0c:52:4c:00:00:00:00:00:03Certificate

Key Usages

4e:ca:bc:71:f4:85:19:fe:93:21:dd:93:5c:62:e3:9f:9c:8f:3e:35:12:19:58:69:73:f5:15:d1:81:5e:8a:cbSigner

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

dbghelp

symsrv

cabinet

ntdll

kernel32

shlwapi

Sections

.text Size: 88KB - Virtual size: 85KB

.rdata Size: 40KB - Virtual size: 38KB

.data Size: 4KB - Virtual size: 10KB

.pdata Size: 4KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 2KB

.reloc Size: 4KB - Virtual size: 108B

.text
Size: 11KB - Virtual size: 10KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 1024B - Virtual size: 732B

.rsrc
Size: 290KB - Virtual size: 290KB

.reloc
Size: 512B - Virtual size: 44B

33:00:00:04:fe:59:ca:b7:e6:2a:a5:22:c1:00:00:00:00:04:fe
Certificate

61:0c:52:4c:00:00:00:00:00:03
Certificate

4e:ca:bc:71:f4:85:19:fe:93:21:dd:93:5c:62:e3:9f:9c:8f:3e:35:12:19:58:69:73:f5:15:d1:81:5e:8a:cb
Signer

.text
Size: 88KB - Virtual size: 85KB

.rdata
Size: 40KB - Virtual size: 38KB

.data
Size: 4KB - Virtual size: 10KB

.pdata
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 108B