09947d5f6e1df84668da567a2e1c62bd98ccf15681f20bc3728f70ca0fdf61ee

Sharing

Copy URL

Twitter E-mail

General

Target

09947d5f6e1df84668da567a2e1c62bd98ccf15681f20bc3728f70ca0fdf61ee
Size

1.3MB
MD5

6fc38571a1fcbde16f0737ded703d7cf
SHA1

25c9db60a03318f09add5c7106abd80fa027b357
SHA256

09947d5f6e1df84668da567a2e1c62bd98ccf15681f20bc3728f70ca0fdf61ee
SHA512

6819d1698c411104a960e65619e49306df19f3e0feb7adac33fd507dc6eb98798d9f6fb6065bf5cd39d1defc2a1fe389e27cb076820f94a72d16c4e26b4572da
SSDEEP

12288:oJXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:oJsqjnhMgeiCl7G0nehbGZpbD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
09947d5f6e1df84668da567a2e1c62bd98ccf15681f20bc3728f70ca0fdf61ee

Files

09947d5f6e1df84668da567a2e1c62bd98ccf15681f20bc3728f70ca0fdf61ee
.exe windows:6 windows x64

c0d3373c3a2ff72156cdf339b706b41b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

shlwapi

PathCombineW
PathFileExistsW

ts_base

?GetFilePath@TSPath@core@libts@@SAHW4_TSPathType@123@PEB_WPEA_W@Z
?ws2s@TSStringHelper@core@libts@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@5@I@Z
?Dispose@TSLogger@core@libts@@SAXXZ
?Init@TSLogger@core@libts@@SAHPEA_WK@Z
?Write@TSLogger@core@libts@@SAXPEB_WZZ
?GetCurrentFolder@TSFolder@core@libts@@SA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ

itunes_manager

?GetInstance@TSServiceFactory@itunes@service@libts@@SAPEAV1234@XZ

ios_manager

?GetInstance@TSSystemFactory@ios@service@libts@@SAPEAV1234@XZ
?DeviceUniqueId2DeviceId@TSDeviceInfo@ios@service@libts@@SAH_JAEAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

kernel32

SetEvent
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
GetModuleHandleW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
CloseHandle
CreateEventW
CreateFileW
GetLastError
WaitNamedPipeW
SetNamedPipeHandleState
CreateThread
WaitForSingleObject
WriteFile
HeapAlloc
GetProcessHeap
RtlCaptureContext
lstrcmpiW
SetUnhandledExceptionFilter

shell32

CommandLineToArgvW

ole32

CoInitialize
CoUninitialize

msvcp140

?_Xlength_error@std@@YAXPEBD@Z

vcruntime140

__std_terminate
__C_specific_handler
__CxxFrameHandler3
__std_exception_destroy
_CxxThrowException
memset
memcpy
__std_exception_copy
memmove

api-ms-win-crt-runtime-l1-1-0

_initterm_e
exit
_exit
_get_wide_winmain_command_line
_cexit
_configure_wide_argv
_register_thread_local_exe_atexit_callback
_initterm
_initialize_wide_environment
_set_app_type
_initialize_onexit_table
_register_onexit_function
_seh_filter_exe
_crt_atexit
terminate
_c_exit
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode
__stdio_common_vsprintf
__stdio_common_vswprintf_s

api-ms-win-crt-heap-l1-1-0

_callnewh
malloc
_set_new_mode
free

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c0d3373c3a2ff72156cdf339b706b41b

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

ts_base

itunes_manager

ios_manager

kernel32

shell32

ole32

msvcp140

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 20KB - Virtual size: 20KB

.rdata Size: 17KB - Virtual size: 16KB

.data Size: 1024B - Virtual size: 2KB

.pdata Size: 1KB - Virtual size: 1KB

.rsrc Size: 93KB - Virtual size: 92KB

.reloc Size: 1.2MB - Virtual size: 1.2MB

.text
Size: 20KB - Virtual size: 20KB

.rdata
Size: 17KB - Virtual size: 16KB

.data
Size: 1024B - Virtual size: 2KB

.pdata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 93KB - Virtual size: 92KB

.reloc
Size: 1.2MB - Virtual size: 1.2MB