71b670f17aef0dceeb1143bf22a485395abb24faf29d237b757ccac30cfc7067

Sharing

Copy URL

Twitter E-mail

General

Target

71b670f17aef0dceeb1143bf22a485395abb24faf29d237b757ccac30cfc7067
Size

4.8MB
MD5

1cc4691020904983b0731404e2a7a8d5
SHA1

1bcbb1006aa96a070a85c8e105b8d288fa76622e
SHA256

71b670f17aef0dceeb1143bf22a485395abb24faf29d237b757ccac30cfc7067
SHA512

e1d2e37d43bd6365cf8229c9fd4f0ad6c4a539d6bc45b6235b462163029ef802a405e832777c15d89e0545df09e32e95144752546607fceb4b8f1b36132e4f73
SSDEEP

49152:bJFW1rIwTx+QIA5spjnYcGb1hA/THDJDv1LZo5j4PtUL3Zw1RQs4WS5Weo4NHf:b6cwTxpIA5spTcb8LZS4P+rZW45WZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
71b670f17aef0dceeb1143bf22a485395abb24faf29d237b757ccac30cfc7067

Files

71b670f17aef0dceeb1143bf22a485395abb24faf29d237b757ccac30cfc7067
.exe windows:5 windows x86 arch:x86

c013a6cd2762747cb706c95732d06405

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

hids

hids_upload_file
hids_file_isolate
hids_report_result
hids_report
hids_uninstall
hids_drop_result
hids_request_to_agent
hids_init_logger
hids_status
hids_file_scan
hids_start

tbengine

PESieve_filescan_init2
PESieve_memscan_init2
PESieve_lib_init
PESieve_file_scan
PESieve_memory_scan

shlwapi

PathIsRelativeW
StrStrIA
PathRemoveFileSpecW
PathAppendW

ntdll

strchr
tolower
isupper
_stricmp
memcmp
_allmul
memset
_chkstk
wcslen
strrchr
memmove
strlen
memcpy
_allshl
_aulldiv
_aullshr
VerSetConditionMask
atoi
memchr
_alldiv
RtlInitUnicodeString
_wcsicmp
_fltused
strtol

user32

GetProcessWindowStation
MessageBoxW
GetUserObjectInformationW
MessageBoxA
GetDesktopWindow

advapi32

CloseServiceHandle
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
LookupAccountNameW
GetUserNameW
CryptAcquireContextW
CryptReleaseContext
RegSetValueExW
RegQueryValueExW
RegOpenKeyA
StartServiceW
QueryServiceStatus
OpenServiceA
OpenSCManagerW
DeleteService
CreateServiceA
ControlService
RegSetValueExA
RegFlushKey
RegCreateKeyExA
LookupPrivilegeValueW
AdjustTokenPrivileges
GetTokenInformation
OpenProcessToken
LookupAccountSidW
LookupAccountSidA
GetFileSecurityA
GetSecurityDescriptorOwner
CheckTokenMembership
FreeSid
AllocateAndInitializeSid
RegCloseKey
ReportEventA
RegisterEventSourceA
DeregisterEventSource
CloseTrace
ProcessTrace
OpenTraceW
EnableTraceEx2
ControlTraceW
StartTraceW
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptDecrypt
CryptEncrypt
CryptDestroyKey
CryptDeriveKey
SetSecurityDescriptorDacl

ws2_32

gethostbyname
gethostname
WSACleanup
WSAStartup
inet_ntoa

gdi32

DeleteDC
CreateDCA
DeleteObject
CreateCompatibleBitmap
BitBlt
GetBitmapBits
GetDeviceCaps
SelectObject
CreateCompatibleDC
GetObjectA

kernel32

GetThreadPriority
SetLastError
GetThreadContext
EncodePointer
DecodePointer
GetProcessAffinityMask
InterlockedExchangeAdd
InterlockedExchange
InterlockedIncrement
SetThreadContext
ResumeThread
SetEvent
WaitForMultipleObjects
DuplicateHandle
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetProcessAffinityMask
VirtualQuery
GetStringTypeW
LoadLibraryExW
GetDriveTypeA
CreateFileA
GetFullPathNameW
CloseHandle
SetUnhandledExceptionFilter
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
WaitForSingleObject
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
OpenThread
SuspendThread
CreateProcessW
GetModuleFileNameW
CreateToolhelp32Snapshot
Thread32First
Thread32Next
GetLastError
GetCurrentThread
SetThreadPriority
CheckRemoteDebuggerPresent
GetProcessId
OpenProcess
QueryFullProcessImageNameA
K32GetProcessImageFileNameA
CreateFileW
GetFileInformationByHandle
GetTickCount
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
LocalAlloc
LocalFree
QueryDosDeviceA
GetModuleHandleA
GetProcAddress
SetProcessWorkingSetSize
K32GetMappedFileNameA
CreateMutexA
OpenMutexA
IsDebuggerPresent
WriteFile
ConnectNamedPipe
SetNamedPipeHandleState
CreateNamedPipeW
WaitNamedPipeW
CreateThread
GetSystemDirectoryW
ReleaseSemaphore
CreateSemaphoreW
GetNativeSystemInfo
GetModuleHandleW
VerifyVersionInfoW
GetSystemTime
SystemTimeToFileTime
GetStdHandle
GetFileType
GetVersion
MultiByteToWideChar
QueryPerformanceCounter
GetVersionExA
FreeLibrary
GlobalMemoryStatus
LoadLibraryA
FlushConsoleInputBuffer
TerminateProcess
Sleep
GetLogicalDrives
GetSystemInfo
GetModuleFileNameA
ReadFile
GetDiskFreeSpaceExA
FindClose
SetCurrentDirectoryA
RemoveDirectoryA
GetFileAttributesA
DeleteFileA
FindFirstFileA
FindNextFileA
CreateSymbolicLinkA
GetACP
WideCharToMultiByte
ExpandEnvironmentStringsA
GetThreadTimes
GetFileTime
HeapAlloc
HeapReAlloc
HeapFree
GetProcessHeap
GetLongPathNameW
GetProcessTimes
GetExitCodeProcess
ReadProcessMemory
GetSystemTimeAsFileTime
CreatePipe
CreateProcessA
GetStartupInfoA
QueryDosDeviceW
IsWow64Process
Process32FirstW
Process32NextW
GetFileSize
SetEndOfFile
SetFilePointer
SetFilePointerEx
GetFileAttributesExA
CopyFileA
MoveFileA
GetFullPathNameA
GetCurrentDirectoryA
CreateDirectoryA
AreFileApisANSI
GetTempPathA
DeleteFileW
OutputDebugStringA
GetFileAttributesExW
GetDiskFreeSpaceA
CreateFileMappingA
GetDiskFreeSpaceW
LockFileEx
HeapSize
GetTempPathW
FlushFileBuffers
GetFileAttributesW
HeapValidate
HeapCreate
HeapDestroy
GetVersionExW
FormatMessageW
LoadLibraryW
FormatMessageA
UnlockFileEx
OutputDebugStringW
LockFile
UnlockFile
InterlockedCompareExchange
HeapCompact
CreateMutexW
TryEnterCriticalSection
GetOverlappedResult
ResetEvent
CreateEventW
IsProcessorFeaturePresent
RaiseException

ole32

CoUninitialize
CoCreateInstance
CoInitialize
CoCreateGuid

dbghelp

MiniDumpWriteDump

crypt32

CryptMsgClose
CryptMsgGetParam
CertCloseStore
CertFindCertificateInStore
CertFreeCertificateContext
CertGetCertificateContextProperty
CertGetNameStringA
CryptQueryObject
CertGetNameStringW

wintrust

WinVerifyTrust
CryptCATAdminAcquireContext
CryptCATAdminReleaseContext
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminEnumCatalogFromHash
CryptCATCatalogInfoFromContext
CryptCATAdminReleaseCatalogContext

msvcr120d

exit
_cexit
_configthreadlocale
__setusermatherr
_initterm_e
_initterm
_wsplitpath_s
_wmakepath_s
_controlfp_s
_invoke_watson
__crtSetUnhandledExceptionFilter
_setjmp3
_except1
_except_handler4_common
__crtTerminateProcess
__crtUnhandledException
_crt_debugger_hook
_commode
_fmode
_CrtSetCheckCount
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_set_errno
_get_errno
calloc
_strdup
wcsncat_s
longjmp
_beginthreadex
_endthreadex
_ftime64_s
__initenv
_CRT_RTC_INITW
_onexit
__dllonexit
_tzset
_mkdir
_write
__crtLCMapStringW
__crtCompareStringW
_purecall
??2@YAPAXI@Z
??3@YAXPAX@Z
_invalid_parameter
_hypot
swprintf_s
_set_invalid_parameter_handler
_CrtDbgReportW
_time64
_CxxThrowException
__CxxFrameHandler3
_wassert
_errno
fclose
ferror
fopen_s
fread
fseek
ftell
_snprintf_s
sscanf_s
free
malloc
fputs
vsprintf_s
??_V@YAXPAX@Z
_mbsicmp
wcscpy_s
rand
srand
memcpy_s
realloc
_exit
wcsstr
__iob_func
vfprintf
_vsnprintf
raise
strerror
strncpy
fprintf
strcmp
qsort
isdigit
isspace
isalnum
_localtime64
getenv
isxdigit
feof
fflush
fgets
_fileno
fopen
fwrite
_wfopen
_setmode
sscanf
strncmp
_strnicmp
strtoul
_gmtime64
sprintf
strstr
signal
_getch
modf
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABV01@@Z
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
_free_dbg
??0bad_cast@std@@QAE@PBD@Z
??0bad_cast@std@@QAE@ABV01@@Z
??1bad_cast@std@@UAE@XZ
abort
_strtoi64
_strtoui64
strtod
strcspn
sprintf_s
localeconv
strpbrk
_vacopy
isalpha
_snprintf
ldexp
vprintf
toupper
fgetc
fgetpos
fputc
fsetpos
_fseeki64
setvbuf
ungetc
_lock_file
_unlock_file
_get_timezone
strftime
_localtime64_s
printf
_access
_chmod
__RTDynamicCast
_msize
wcscat
wcscpy
_lock
_unlock
??0exception@std@@QAE@XZ
??0exception@std@@QAE@ABQBDH@Z
__uncaught_exception
__pctype_func
_wcsdup
___lc_locale_name_func
___lc_codepage_func
__crtLCMapStringA
_calloc_dbg
islower
_malloc_dbg
setlocale
___mb_cur_max_func
_ismbblead
_fsopen
_wfsopen
__crtInitializeCriticalSectionEx
__crtSleep
_realloc_dbg
sqrt
_Getdays
_Getmonths
_W_Getdays
_W_Getmonths
_W_Gettnames
_Wcsftime
_Gettnames
_Strftime
___lc_collate_cp_func
__crtCompareStringA
__crtGetLocaleInfoEx

psapi

GetProcessMemoryInfo
GetProcessImageFileNameW
GetModuleFileNameExW

wtsapi32

WTSQueryUserToken
WTSFreeMemory
WTSEnumerateSessionsW

userenv

ExpandEnvironmentStringsForUserA

fltlib

FilterReplyMessage
FilterSendMessage
FilterGetMessage
FilterConnectCommunicationPort

Sections

.textbss
Size: - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 619KB - Virtual size: 619KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 62KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 514B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 130KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c013a6cd2762747cb706c95732d06405

Headers

DLL Characteristics

File Characteristics

Imports

hids

tbengine

shlwapi

ntdll

user32

advapi32

ws2_32

gdi32

kernel32

ole32

dbghelp

crypt32

wintrust

msvcr120d

psapi

wtsapi32

userenv

fltlib

Sections

.textbss Size: - Virtual size: 1.9MB

.text Size: 4.0MB - Virtual size: 4.0MB

.rdata Size: 619KB - Virtual size: 619KB

.data Size: 62KB - Virtual size: 75KB

.idata Size: 16KB - Virtual size: 16KB

.tls Size: 1024B - Virtual size: 514B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 130KB - Virtual size: 130KB

.textbss
Size: - Virtual size: 1.9MB

.text
Size: 4.0MB - Virtual size: 4.0MB

.rdata
Size: 619KB - Virtual size: 619KB

.data
Size: 62KB - Virtual size: 75KB

.idata
Size: 16KB - Virtual size: 16KB

.tls
Size: 1024B - Virtual size: 514B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 130KB - Virtual size: 130KB