Configure-SMRemoting[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Configure-SMRemoting.exe
Size

44KB
MD5

b2fa87e8f814bf08e1599b6b2fdc9720
SHA1

98429424a6dbfc101e8fba95f6b794f5a4587901
SHA256

63be7455e335d9ae93f0b0c6c16355b85da0a25f83a85a84e81ced287bb4cff8
SHA512

64790ef5065c698c1676185125937ba03a263fd091336ea297526a82e3003b134f0f1646d0bdc557f535c0a00f1e31b22a9573c53676579e12556ffc16ad40be
SSDEEP

768:LJbkYLEzXQbUXZEbfSHYiVxQxd0Eb5juotuuDvwpFibaHoL1zkHoAECq638K/:L2nS2Qxd0EbBu09vEFibeo9Ar

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Configure-SMRemoting.exe

Files

Configure-SMRemoting.exe
.exe windows:6 windows x64

f7aaed6565fe0179ad38a6c6da67032f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

EventWrite
RegCreateKeyExW
RegQueryInfoKeyW
EventUnregister
RegDeleteValueW
RegOpenKeyExW
EventRegister
RegEnumKeyExW
RegCloseKey
RegSetValueExW

kernel32

GetEnvironmentVariableW
FindResourceExW
FreeLibrary
LoadResource
CreateProcessW
LoadLibraryExW
GetCurrentProcess
GlobalLock
WaitForSingleObject
GetModuleHandleW
SetThreadUILanguage
WriteFile
InitializeCriticalSection
GetPriorityClass
GlobalAlloc
WideCharToMultiByte
LoadLibraryW
Sleep
SizeofResource
FormatMessageW
LeaveCriticalSection
GetExitCodeProcess
WriteConsoleW
GetModuleFileNameW
CompareStringW
MultiByteToWideChar
GlobalUnlock
RaiseException
GetConsoleOutputCP
GetStdHandle
GetLastError
GetProcAddress
EnterCriticalSection
GetFileType
LockResource
lstrcmpiW
DeleteCriticalSection
CloseHandle
LocalFree
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
UnhandledExceptionFilter
HeapAlloc
HeapDestroy
SetUnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
OutputDebugStringA

msvcrt

__set_app_type
_XcptFilter
_amsg_exit
__wgetmainargs
_exit
?terminate@@YAXXZ
realloc
_cexit
_errno
_onexit
__dllonexit
_unlock
_lock
_commode
_fmode
_initterm
__setusermatherr
memset
exit
memcpy_s
??_V@YAXPEAX@Z
wcsstr
malloc
free
_wtoi
??_U@YAPEAX_K@Z
wcsncpy_s
_wcsicmp
??3@YAXPEAX@Z
__C_specific_handler
memcpy

ole32

CoInitializeEx
CoTaskMemAlloc
CoTaskMemFree
CreateStreamOnHGlobal
CoTaskMemRealloc
CoUninitialize
CoCreateInstance

xmllite

CreateXmlReader

oleaut32

SysAllocStringLen
SysStringLen
VariantClear
VarBstrCat
VarUI4FromStr
SysFreeString
SysAllocString

user32

UnregisterClassA
CharNextW

Sections

.text
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 486B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f7aaed6565fe0179ad38a6c6da67032f

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

ole32

xmllite

oleaut32

user32

Sections

.text Size: 31KB - Virtual size: 31KB

.data Size: 512B - Virtual size: 2KB

.pdata Size: 1KB - Virtual size: 1KB

.idata Size: 4KB - Virtual size: 3KB

.rsrc Size: 5KB - Virtual size: 5KB

.reloc Size: 512B - Virtual size: 486B

.text
Size: 31KB - Virtual size: 31KB

.data
Size: 512B - Virtual size: 2KB

.pdata
Size: 1KB - Virtual size: 1KB

.idata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 5KB - Virtual size: 5KB

.reloc
Size: 512B - Virtual size: 486B