appidpolicyconverter[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

appidpolicyconverter.exe
Size

193KB
MD5

aa27a60e9856d3a7e4f07470ed5ee64a
SHA1

58a34f35ba7b7527f515782d5c607a5bd3645c75
SHA256

c8895dbbd0bf9cf64165614db3b13d916c8b6975d972c065ef95a88b4830dbd1
SHA512

ac120cb22faa3d3ab2790b61753b368327ed78b6c4ea1649774fb57eac3ec3a32e103028b4b458529e08e045d2c7d059433aeca8966b689aa78379c491e1d23f
SSDEEP

3072:U+MMjXLD9VsiEWeEAGMXgUs9Hov1DVS4PQxyrkln76Zyk:am3EWeRTgjs1D04Psyrq76Zy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
appidpolicyconverter.exe

Files

appidpolicyconverter.exe
.exe windows:6 windows x64

bc461e1930d17a8bfcd2b7f849009ded

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

_vsnwprintf_s
_wtoi
towupper
__CxxFrameHandler3
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
_amsg_exit
_XcptFilter
??0exception@@QEAA@XZ
_onexit
memmove_s
??0exception@@QEAA@AEBQEBD@Z
memcpy_s
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
malloc
free
_callnewh
_wcsnicmp
qsort
wcsstr
_wcsicmp
strchr
_fmode
_commode
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
_lock
wcstol
memset
memcpy
__RTDynamicCast
_unlock
__dllonexit
_ui64tow_s
__wgetmainargs
_purecall
_wsetlocale
wcscmp

ntdll

RtlFreeHeap
RtlAllocateHeap
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
EtwEventUnregister
EtwEventWrite
RtlNtStatusToDosErrorNoTeb
EtwEventRegister
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwTraceMessage

api-ms-win-core-registry-l1-1-0

RegQueryInfoKeyW
RegDeleteTreeW
RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
RegEnumKeyExW

userenv

EnterCriticalPolicySection
LeaveCriticalPolicySection

kernel32

CreateBoundaryDescriptorW
AddSIDToBoundaryDescriptor
CreatePrivateNamespaceW
OpenPrivateNamespaceW
DeleteBoundaryDescriptor
DelayLoadFailureHook
ResolveDelayLoadedAPI
GetProcAddress
GetModuleHandleExW
LocalAlloc
SetLastError
GetModuleFileNameW
GetProcessHeap
HeapFree
HeapAlloc
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
GetModuleHandleW
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FindClose
FindNextFileW
FindFirstFileW
MoveFileExW
FlushFileBuffers
WriteFile
Sleep
DeleteFileW
GetWindowsDirectoryW
DeviceIoControl
CreateFileW
LocalFree
ClosePrivateNamespace
CloseHandle
GetCurrentProcessId
ReleaseMutex
HeapSetInformation
GetLastError
CreateMutexExW
WaitForSingleObject
SleepEx

appidapi

AppIDEncodeAttributeString
AppIDFreeAttributeString

rpcrt4

UuidToStringW
RpcStringFreeW
UuidFromStringW

Sections

.text
Size: 176KB - Virtual size: 175KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 560B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bc461e1930d17a8bfcd2b7f849009ded

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

ntdll

api-ms-win-core-registry-l1-1-0

userenv

kernel32

appidapi

rpcrt4

Sections

.text Size: 176KB - Virtual size: 175KB

.data Size: 3KB - Virtual size: 4KB

.pdata Size: 5KB - Virtual size: 4KB

.idata Size: 4KB - Virtual size: 4KB

.didat Size: 512B - Virtual size: 136B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 560B

.text
Size: 176KB - Virtual size: 175KB

.data
Size: 3KB - Virtual size: 4KB

.pdata
Size: 5KB - Virtual size: 4KB

.idata
Size: 4KB - Virtual size: 4KB

.didat
Size: 512B - Virtual size: 136B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 560B