appidpolicyconverter[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

appidpolicyconverter.exe
Size

196KB
MD5

8fed6cca850ce46033410deb5dc73f27
SHA1

c6450ff97921256a6f7fe9477596806ed51783de
SHA256

703c9c7b32286e596c23ab0fbb58138e301374b74543b84aa88666bd3c922dc5
SHA512

b83462c653b8611e1d2b8d3effb8c9fb574a7d1ef56153c4c467e80875f92ffd31f1f3341a9410ecfb73affb3931df86886baf133e65de99d27d5d43709bc538
SSDEEP

3072:JWITB7w0SvoCo9nJDQaPJllHvONRgRb3NQGRiNfvuuR3j9SYW:h7pCBo9JzPJllHvONCF3mBouR3j9SY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
appidpolicyconverter.exe

Files

appidpolicyconverter.exe
.exe windows:10 windows x64 arch:x64

dd2e79e052770acfa6ae845dc4ac5389

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcp110_win

?_Xout_of_range@std@@YAXPEBD@Z
?_Winerror_map@std@@YAPEBDH@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Swap_all@_Container_base0@std@@QEAAXAEAU12@@Z
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Orphan_all@_Container_base0@std@@QEAAXXZ

msvcrt

_onexit
__dllonexit
_unlock
_lock
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
_commode
_fmode
__C_specific_handler
_initterm
__setusermatherr
_cexit
memmove
memcpy
memcmp
__RTDynamicCast
wcstol
_ui64tow_s
_vsnwprintf_s
_wtoi
towupper
memset
__CxxFrameHandler4
_vsnwprintf
memcpy_s
_vsnprintf_s
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
memmove_s
wcsncmp
_wsetlocale
_wcsicmp
wcscpy_s
wcsstr
qsort
_wcsnicmp
swscanf_s
_purecall
_callnewh
free
malloc
??0exception@@QEAA@AEBQEBDH@Z
?what@exception@@UEBAPEBDXZ
_CxxThrowException
_XcptFilter
_amsg_exit
__wgetmainargs
__set_app_type
exit
_exit

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentThreadId
GetCurrentProcess
GetCurrentProcessId

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapSetInformation
HeapAlloc
HeapFree

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleHandleW
GetModuleFileNameA
GetModuleHandleExW

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter
SetLastError

api-ms-win-core-synch-l1-1-0

ReleaseSemaphore
AcquireSRWLockShared
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeCriticalSectionEx
CreateSemaphoreExW
LeaveCriticalSection
WaitForSingleObject
OpenSemaphoreW
ReleaseMutex
SleepEx
WaitForSingleObjectEx
DeleteCriticalSection
EnterCriticalSection
ReleaseSRWLockShared
CreateMutexExW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventSetInformation
EventWriteTransfer
EventRegister
EventActivityIdControl

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegOpenKeyExW
RegGetValueW
RegQueryValueExW
RegCloseKey
RegCreateKeyExW
RegQueryInfoKeyW
RegDeleteTreeW
RegSetValueExW

api-ms-win-core-file-l1-1-0

DeleteFileW
WriteFile
FlushFileBuffers
FindClose
FindNextFileW
CreateFileW
FindFirstFileW

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoInitializeSecurity
CoUninitialize

api-ms-win-core-namespace-l1-1-0

OpenPrivateNamespaceW
CreatePrivateNamespaceW
DeleteBoundaryDescriptor
AddSIDToBoundaryDescriptor
CreateBoundaryDescriptorW
ClosePrivateNamespace

api-ms-win-security-base-l1-1-0

GetAce
GetSecurityDescriptorDacl

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-service-management-l1-1-0

OpenServiceW
CloseServiceHandle
OpenSCManagerW

api-ms-win-service-management-l2-1-0

ChangeServiceConfigW
QueryServiceConfigW

userenv

LeaveCriticalPolicySection
EnterCriticalPolicySection

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetWindowsDirectoryW
GetSystemTimeAsFileTime

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

ntdll

EtwTraceMessage
NtSetValueKey
NtClose
NtOpenKey
EtwEventWriteTransfer
NtQueryLicenseValue
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwGetTraceEnableFlags
EtwRegisterTraceGuidsW
RtlFreeHeap
RtlAllocateHeap
EtwEventUnregister
EtwEventWrite
RtlNtStatusToDosErrorNoTeb
EtwEventRegister
EtwUnregisterTraceGuids

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

rpcrt4

RpcStringFreeW
UuidFromStringW
UuidToStringW

api-ms-win-appmodel-runtime-l1-1-0

PackageNameAndPublisherIdFromFamilyName
PackageFamilyNameFromId

srpapi

AppIDFreeAttributeString
AppIDEncodeAttributeString

Sections

.text
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 560B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dd2e79e052770acfa6ae845dc4ac5389

Headers

DLL Characteristics

File Characteristics

Imports

msvcp110_win

msvcrt

api-ms-win-core-localization-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-namespace-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-service-management-l1-1-0

api-ms-win-service-management-l2-1-0

userenv

api-ms-win-core-io-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-file-l2-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-profile-l1-1-0

ntdll

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

rpcrt4

api-ms-win-appmodel-runtime-l1-1-0

srpapi

Sections

.text Size: 120KB - Virtual size: 119KB

.rdata Size: 44KB - Virtual size: 42KB

.data Size: 4KB - Virtual size: 5KB

.pdata Size: 12KB - Virtual size: 8KB

.didat Size: 4KB - Virtual size: 88B

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 560B

.text
Size: 120KB - Virtual size: 119KB

.rdata
Size: 44KB - Virtual size: 42KB

.data
Size: 4KB - Virtual size: 5KB

.pdata
Size: 12KB - Virtual size: 8KB

.didat
Size: 4KB - Virtual size: 88B

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 560B