Static task
static1
General
-
Target
autoconv.exe
-
Size
818KB
-
MD5
26e60ba376f020e4357dcb3efcf78f42
-
SHA1
0e794cf269ee3ad14d9c04effaf479747ac8e015
-
SHA256
50b933a5b3ec2c3cbf95efd1e1f5b4fe664b06f55eb2b7277b14ef8d07cd5820
-
SHA512
fd557524e6a27cf8c0ebd6f02eee35e952eddb3b09a7049bfaf065a095ff6c8ae98a700ffe8e3b16802dacde87ea881dd13776a310d848e43291ec84f733abe0
-
SSDEEP
24576:NR7C+uj9Pf6G5EhDvjoz3MhtNKWUexvRvD:Po9PyG50vjoz3MhtNKW5lFD
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource autoconv.exe
Files
-
autoconv.exe.sys windows:6 windows x86
57214f68d52d93f5b7468e6c7e18e1fa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
ntdll
_stricmp
_wcsicmp
RtlInitUnicodeString
NtSetInformationFile
NtClose
RtlAdjustPrivilege
NtDelayExecution
_wcsupr
LdrSetMUICacheType
NtLoadDriver
NtOpenFile
NtTerminateProcess
RtlCaptureContext
RtlUnhandledExceptionFilter
_aullshr
isspace
RtlUnicodeStringToAnsiString
RtlAllocateHeap
RtlFreeAnsiString
RtlNormalizeProcessParams
NtQueryAttributesFile
NtQuerySystemInformation
NtSetThreadExecutionState
NtQueryInformationFile
NtFsControlFile
NtDeviceIoControlFile
NtQueryVolumeInformationFile
wcstoul
_wcstoui64
NtCreateFile
NtReadFile
RtlRaiseStatus
NtWriteFile
memmove
RtlQueryRegistryValuesEx
RtlRandomEx
NtQueryPerformanceCounter
NtOpenKey
NtQueryValueKey
RtlPrefixUnicodeString
_vsnprintf
_vsnwprintf
RtlMultiByteToUnicodeN
RtlOemToUnicodeN
RtlUnicodeToMultiByteN
RtlUnicodeToOemN
_wcslwr
wcschr
NtDisplayString
NtSerializeBoot
swprintf_s
NtCreateEvent
NtWaitForMultipleObjects
NtCancelIoFile
isprint
RtlDosPathNameToNtPathName_U
RtlFreeUnicodeString
NtOpenProcessToken
NtAdjustPrivilegesToken
NtShutdownSystem
NtQuerySystemTime
NtOpenSymbolicLinkObject
NtQuerySymbolicLinkObject
RtlExpandEnvironmentStrings_U
RtlValidRelativeSecurityDescriptor
RtlGetVersion
RtlTimeToTimeFields
VerSetConditionMask
RtlVerifyVersionInfo
RtlSizeHeap
RtlFreeHeap
RtlLocalTimeToSystemTime
wcsncmp
RtlFindMessage
RtlInitAnsiStringEx
RtlAnsiStringToUnicodeString
RtlFormatMessage
qsort
RtlWriteRegistryValue
RtlInitializeGenericTableAvl
RtlEnumerateGenericTableAvl
RtlLookupFirstMatchingElementGenericTableAvl
RtlEnumerateGenericTableWithoutSplayingAvl
RtlDeleteElementGenericTableAvl
RtlLookupElementGenericTableFullAvl
RtlInsertElementGenericTableFullAvl
RtlDeleteElementGenericTableAvlEx
RtlInsertElementGenericTableAvl
RtlLookupElementGenericTableAvl
RtlNumberGenericTableElementsAvl
RtlComputeCrc32
DbgPrint
RtlCrc64
RtlUpcaseUnicodeString
RtlTimeFieldsToTime
RtlSystemTimeToLocalTime
RtlLengthRequiredSid
RtlInitializeSid
RtlSubAuthoritySid
RtlLengthSid
RtlCopySid
RtlAddAce
RtlCreateAcl
RtlQueryInformationAcl
RtlCreateSecurityDescriptor
RtlSetGroupSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlNewSecurityObject
RtlValidSecurityDescriptor
RtlLengthSecurityDescriptor
RtlAddAccessAllowedAce
RtlInitializeGenericTable
RtlInsertElementGenericTable
RtlInitializeBitMap
RtlSetBits
RtlLookupElementGenericTable
RtlClearBits
RtlFindSetBits
RtlDeleteElementGenericTable
RtlEnumerateGenericTableWithoutSplaying
RtlNumberOfSetBits
DbgPrintEx
NtFlushBuffersFile
_alldiv
_allmul
_allrem
_allshl
_aulldiv
_aulldvrm
_chkstk
memcmp
memcpy
memset
RtlUnwind
Sections
.text Size: 524KB - Virtual size: 523KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 11KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 265KB - Virtual size: 265KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 12KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ