930b0e23b359ac1b3040550f2e17776d

Sharing

Copy URL

Twitter E-mail

General

Target

930b0e23b359ac1b3040550f2e17776d
Size

1.6MB
MD5

930b0e23b359ac1b3040550f2e17776d
SHA1

9a395c9e5328f00be3592e60708f1c2812383844
SHA256

48da635f6bd03875e7e5ac88feea9a4ffe6d26bac96b1450d4b697bb6e34e58a
SHA512

fbde5d62dff038156edb7bb1c19ed5ff1cc0ba64bcd490e4abb64d3a02dc3253a1cc5197d72a6faeb38e8a2a37d7ce30bd0b0932ed805d4ff70235f82d98b1dc
SSDEEP

24576:Mp2QujLtjBVNdZaRPE1Zmi6tn0Zcp0YqU0rUkPC:gu9jJdZ0E1Ui6V6cp0XTrUkPC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
930b0e23b359ac1b3040550f2e17776d

Files

930b0e23b359ac1b3040550f2e17776d
.exe windows:10 windows x64 arch:x64

166be62bd40d6ed590a552de4a74ad73

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

_fmode
__wgetmainargs
free
memmove_s
swprintf_s
wcscpy_s
_snwprintf_s
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
_vsnwprintf_s
_wcsicmp
sprintf
realloc
__C_specific_handler
?terminate@@YAXXZ
_amsg_exit
_initterm
_wcsnicmp
_vsnprintf_s
memcpy_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
_vsnwprintf
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@XZ
__CxxFrameHandler3
_unlock
__dllonexit
_onexit
_callnewh
??1type_info@@UEAA@XZ
memcmp
__set_app_type
_CxxThrowException
__setusermatherr
??_V@YAXPEAX@Z
exit
malloc
wprintf_s
_XcptFilter
_cexit
_purecall
_exit
_lock
memcpy
??3@YAXPEAX@Z
memmove
_commode
??8type_info@@QEBAHAEBV0@@Z
memset

api-ms-win-core-string-l1-1-0

CompareStringW

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
LoadStringW
RemoveDllDirectory
AddDllDirectory
GetModuleHandleExW
FreeLibrary
GetProcAddress
GetModuleHandleW
LoadLibraryExW
GetModuleFileNameW

api-ms-win-core-errorhandling-l1-1-0

RaiseException
SetUnhandledExceptionFilter
SetLastError
GetLastError
UnhandledExceptionFilter

api-ms-win-service-core-l1-1-0

RegisterServiceCtrlHandlerExW
SetServiceStatus
StartServiceCtrlDispatcherW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
OpenProcessToken

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemInfo
GetTickCount64
GetTickCount

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventActivityIdControl
EventSetInformation
EventRegister
EventWriteTransfer

api-ms-win-service-management-l1-1-0

StartServiceW
CloseServiceHandle
OpenSCManagerW
DeleteService
CreateServiceW
OpenServiceW

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-winrt-l1-1-0

RoInitialize
RoActivateInstance
RoUninitialize
RoGetActivationFactory

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockExclusive
InitializeSRWLock
InitializeCriticalSectionEx
DeleteCriticalSection
OpenSemaphoreW
WaitForSingleObjectEx
AcquireSRWLockExclusive
CreateEventExW
CreateMutexExW
WaitForSingleObject
ReleaseMutex
LeaveCriticalSection
EnterCriticalSection
ReleaseSemaphore
ResetEvent
CreateSemaphoreExW
AcquireSRWLockShared
ReleaseSRWLockShared
SetEvent

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegCreateKeyExW
RegGetValueW
RegNotifyChangeKeyValue
RegEnumKeyExW

api-ms-win-service-management-l2-1-0

ChangeServiceConfig2W
QueryServiceStatusEx

api-ms-win-service-winsvc-l1-1-0

ControlService

api-ms-win-core-winrt-error-l1-1-0

SetRestrictedErrorInfo
RoTransformError
RoOriginateError

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoGetApartmentType
CoTaskMemFree
CoCreateFreeThreadedMarshaler
CoCreateInstance

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-winrt-string-l1-1-0

WindowsCompareStringOrdinal
WindowsIsStringEmpty
WindowsCreateString
WindowsDuplicateString
WindowsGetStringRawBuffer
WindowsCreateStringReference
WindowsStringHasEmbeddedNull
WindowsDeleteString

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-security-base-l1-1-0

GetTokenInformation
CheckTokenMembership
FreeSid
DuplicateToken
AllocateAndInitializeSid

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertStringSidToSidW
ConvertSidToStringSidW

api-ms-win-security-base-l1-2-0

CheckTokenCapability

api-ms-win-core-version-l1-1-0

VerQueryValueW
GetFileVersionInfoSizeExW
GetFileVersionInfoExW

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFindFileNameW

ntdll

RtlSubscribeWnfStateChangeNotification
RtlUnsubscribeWnfNotificationWaitForCompletion

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolIo
CreateThreadpoolTimer
SubmitThreadpoolWork
CloseThreadpoolIo
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolWork
CloseThreadpoolWait
WaitForThreadpoolWaitCallbacks
CreateThreadpool
WaitForThreadpoolIoCallbacks
SetThreadpoolWait
CreateThreadpoolWait
WaitForThreadpoolWorkCallbacks
StartThreadpoolIo
CancelThreadpoolIo
CloseThreadpool
CloseThreadpoolWork
FreeLibraryWhenCallbackReturns
SetThreadpoolThreadMaximum
SetThreadpoolTimer

api-ms-win-core-namedpipe-l1-1-0

CreateNamedPipeW
ConnectNamedPipe

api-ms-win-core-io-l1-1-0

GetOverlappedResult

api-ms-win-core-file-l1-1-0

WriteFile
ReadFile

api-ms-win-core-kernel32-legacy-l1-1-0

GetNamedPipeClientProcessId

Sections

.text
Size: 835KB - Virtual size: 835KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 358KB - Virtual size: 357KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 400KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

166be62bd40d6ed590a552de4a74ad73

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

api-ms-win-core-string-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-service-core-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-service-management-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-service-management-l2-1-0

api-ms-win-service-winsvc-l1-1-0

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-psapi-l1-1-0

api-ms-win-security-sddl-l1-1-0

api-ms-win-security-base-l1-2-0

api-ms-win-core-version-l1-1-0

api-ms-win-core-winrt-error-l1-1-1

api-ms-win-core-registry-l1-1-1

api-ms-win-core-shlwapi-legacy-l1-1-0

ntdll

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-namedpipe-l1-1-0

api-ms-win-core-io-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-0

Sections

.text Size: 835KB - Virtual size: 835KB

.rdata Size: 358KB - Virtual size: 357KB

.data Size: 6KB - Virtual size: 69KB

.pdata Size: 37KB - Virtual size: 36KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 400KB - Virtual size: 1.1MB

.text
Size: 835KB - Virtual size: 835KB

.rdata
Size: 358KB - Virtual size: 357KB

.data
Size: 6KB - Virtual size: 69KB

.pdata
Size: 37KB - Virtual size: 36KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 400KB - Virtual size: 1.1MB