17e93b7860af8e667c39852889d9c527

Sharing

Copy URL

Twitter E-mail

General

Target

17e93b7860af8e667c39852889d9c527
Size

1.1MB
MD5

17e93b7860af8e667c39852889d9c527
SHA1

d9dbc84f42979e8624c8269133200e3c58960016
SHA256

cafc1db9b089ca682f01d317647e05a3e759dfefbef6226ae7641ca7421a4147
SHA512

3a85cf27d5c46dcce46a428d0a2ec30336d98386b3c8f062e0507ab9fe21c2acf1881b90fa93a1f2b4676d43f8efdc82330f64c4fb7aeceb2c33fb4fe0bd5e28
SSDEEP

24576:kbCpdbcghypRD+4dmmCETtvx4zsPjzDxXIw:kbR/DL0ETteanlXIw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
17e93b7860af8e667c39852889d9c527

Files

17e93b7860af8e667c39852889d9c527
.exe windows:6 windows x64 arch:x64

0b01da733c3b842263c2201c4b62ee7e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

cppmicroservices4

?GetBundleContext@Bundle@cppmicroservices@@QEBA?AVBundleContext@2@XZ
?GetVersion@Bundle@cppmicroservices@@QEBA?AVBundleVersion@2@XZ
?Start@Bundle@cppmicroservices@@QEAAXXZ
?Stop@Bundle@cppmicroservices@@QEAAXXZ
??0ServiceException@cppmicroservices@@QEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBW4Type@01@@Z
?GetDemangledName@detail@cppmicroservices@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBVtype_info@@@Z
??0ServiceReferenceBase@cppmicroservices@@QEAA@AEBV01@@Z
??BServiceReferenceBase@cppmicroservices@@QEBA_NXZ
??4ServiceReferenceBase@cppmicroservices@@QEAAAEAV01@$$T@Z
??1ServiceReferenceBase@cppmicroservices@@QEAA@XZ
?GetBundle@ServiceReferenceBase@cppmicroservices@@QEBA?AVBundle@2@XZ
?GetInterfaceId@ServiceReferenceBase@cppmicroservices@@QEBA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?IsConvertibleTo@ServiceReferenceBase@cppmicroservices@@QEBA_NAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetInterfaceId@ServiceReferenceBase@cppmicroservices@@AEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??1Bundle@cppmicroservices@@UEAA@XZ
??BBundleContext@cppmicroservices@@QEBA_NXZ
?GetBundles@BundleContext@cppmicroservices@@QEBA?AV?$vector@VBundle@cppmicroservices@@V?$allocator@VBundle@cppmicroservices@@@std@@@std@@XZ
?GetServiceReference@BundleContext@cppmicroservices@@QEAA?AV?$ServiceReference@X@2@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?GetService@BundleContext@cppmicroservices@@QEAA?AV?$shared_ptr@X@std@@AEBVServiceReferenceBase@2@@Z
?InstallBundles@BundleContext@cppmicroservices@@QEAA?AV?$vector@VBundle@cppmicroservices@@V?$allocator@VBundle@cppmicroservices@@@std@@@std@@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@4@@Z
??1BundleContext@cppmicroservices@@QEAA@XZ
??4BundleContext@cppmicroservices@@QEAAAEAV01@$$QEAV01@@Z
?Init@Framework@cppmicroservices@@QEAAXXZ
?WaitForStop@Framework@cppmicroservices@@QEAA?AVFrameworkEvent@2@AEBV?$duration@_JU?$ratio@$00$0DOI@@std@@@chrono@std@@@Z
??1Framework@cppmicroservices@@UEAA@XZ
?NewFramework@FrameworkFactory@cppmicroservices@@QEAA?AVFramework@2@XZ
??1FrameworkEvent@cppmicroservices@@QEAA@XZ
??0ServiceException@cppmicroservices@@QEAA@AEBV01@@Z
??1ServiceException@cppmicroservices@@UEAA@XZ
??BBundle@cppmicroservices@@QEBA_NXZ
??1BundleVersion@cppmicroservices@@QEAA@XZ
??0BundleContext@cppmicroservices@@QEAA@XZ
?GetMajor@BundleVersion@cppmicroservices@@QEBAIXZ

oal

ord27
ord30
ord26
ord28

rpcrt4

NdrAsyncServerCall
RpcServerUnregisterIf
RpcServerUseProtseqEpW
RpcEpUnregister
RpcAsyncCompleteCall
RpcServerRegisterIf3
Ndr64AsyncServerCallAll

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-errorhandling-l1-1-0

GetLastError
RaiseException
UnhandledExceptionFilter
SetLastError
SetUnhandledExceptionFilter

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionEx
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
CreateEventW
ResetEvent
WaitForSingleObject

oleaut32

VarUI4FromStr
SysFreeString

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle
SetEnvironmentVariableW
SetStdHandle
SetEnvironmentVariableA
GetEnvironmentStringsW
GetCommandLineA
FreeEnvironmentStringsW
GetCommandLineW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-2-0

Sleep
SleepConditionVariableCS
WakeAllConditionVariable
InitializeConditionVariable

api-ms-win-core-processthreads-l1-1-0

GetCurrentThread
TlsGetValue
TlsAlloc
GetCurrentThreadId
TlsFree
TlsSetValue
GetCurrentProcessId
ExitProcess
TerminateProcess
GetCurrentProcess
GetStartupInfoW

api-ms-win-core-libraryloader-l1-2-0

LoadStringW
SizeofResource
GetModuleFileNameA
GetModuleHandleExW
FreeLibrary
LoadLibraryExW
GetProcAddress
GetModuleFileNameW
GetModuleHandleW
LoadResource

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW
FindResourceW

api-ms-win-security-base-l1-1-0

AllocateAndInitializeSid
FreeSid
InitializeSecurityDescriptor
SetSecurityDescriptorDacl

api-ms-win-security-base-l1-2-2

DeriveCapabilitySidsFromName

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-string-l2-1-0

CharUpperW
CharNextW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringW
WideCharToMultiByte
GetStringTypeW

api-ms-win-core-registry-l1-1-0

RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryValueExW
RegDeleteValueW
RegCreateKeyExW
RegCloseKey
RegGetValueW

api-ms-win-core-registry-l2-1-0

RegDeleteKeyW

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoCreateInstance
CoTaskMemFree
CoAddRefServerProcess
CoReleaseServerProcess
CoTaskMemRealloc

api-ms-win-service-management-l2-1-0

ChangeServiceConfigW
ChangeServiceConfig2W

api-ms-win-service-management-l1-1-0

OpenSCManagerW
CloseServiceHandle
CreateServiceW
OpenServiceW
DeleteService

api-ms-win-service-winsvc-l1-1-0

ControlService
RegisterServiceCtrlHandlerW

api-ms-win-service-core-l1-1-0

SetServiceStatus
StartServiceCtrlDispatcherW

api-ms-win-security-provider-l1-1-0

SetEntriesInAclW

api-ms-win-core-file-l1-1-0

WriteFile
FindClose
FindNextFileW
GetFullPathNameW
CreateFileW
FlushFileBuffers
SetFilePointerEx
FindNextFileA
FindFirstFileExW
FindFirstFileExA
GetFileType
FindFirstFileW

user32

PostThreadMessageW
GetMessageW
UnregisterClassW
DispatchMessageW
TranslateMessage
MessageBoxW

advapi32

DeregisterEventSource
ReportEventW
RegisterEventSourceW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringA
OutputDebugStringW

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlPcToFileHeader
RtlUnwind
RtlUnwindEx
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InterlockedPushEntrySList
InitializeSListHead
InterlockedFlushSList

api-ms-win-core-fibers-l1-1-0

FlsAlloc
FlsGetValue
FlsSetValue
FlsFree

api-ms-win-core-localization-l1-2-0

GetACP
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
LCMapStringW
GetCPInfo
GetOEMCP
IsValidCodePage

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap
HeapSize
HeapReAlloc

api-ms-win-core-datetime-l1-1-0

GetTimeFormatW
GetDateFormatW

api-ms-win-core-console-l1-1-0

GetConsoleCP
GetConsoleMode
SetConsoleCtrlHandler
WriteConsoleW

Sections

.text
Size: 500KB - Virtual size: 499KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 283B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 400KB - Virtual size: 740KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0b01da733c3b842263c2201c4b62ee7e

Headers

DLL Characteristics

File Characteristics

Imports

cppmicroservices4

oal

rpcrt4

api-ms-win-core-util-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-synch-l1-1-0

oleaut32

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-security-base-l1-1-0

api-ms-win-security-base-l1-2-2

api-ms-win-core-heap-l2-1-0

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-registry-l2-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-service-management-l2-1-0

api-ms-win-service-management-l1-1-0

api-ms-win-service-winsvc-l1-1-0

api-ms-win-service-core-l1-1-0

api-ms-win-security-provider-l1-1-0

api-ms-win-core-file-l1-1-0

user32

advapi32

api-ms-win-core-debug-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-fibers-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-datetime-l1-1-0

api-ms-win-core-console-l1-1-0

Sections

.text Size: 500KB - Virtual size: 499KB

.rdata Size: 120KB - Virtual size: 119KB

.data Size: 6KB - Virtual size: 15KB

.pdata Size: 24KB - Virtual size: 23KB

.idata Size: 19KB - Virtual size: 19KB

.tls Size: 1024B - Virtual size: 777B

.00cfg Size: 512B - Virtual size: 283B

.rsrc Size: 6KB - Virtual size: 6KB

.reloc Size: 400KB - Virtual size: 740KB

.text
Size: 500KB - Virtual size: 499KB

.rdata
Size: 120KB - Virtual size: 119KB

.data
Size: 6KB - Virtual size: 15KB

.pdata
Size: 24KB - Virtual size: 23KB

.idata
Size: 19KB - Virtual size: 19KB

.tls
Size: 1024B - Virtual size: 777B

.00cfg
Size: 512B - Virtual size: 283B

.rsrc
Size: 6KB - Virtual size: 6KB

.reloc
Size: 400KB - Virtual size: 740KB