Static task
static1
General
-
Target
unsecapp.exe
-
Size
72KB
-
MD5
38d6866dbaa6e48d3935947e8f266c4b
-
SHA1
c04c580e0bea40c00b8c9893fe068a8fbab80d53
-
SHA256
e70f79e779b88bf7a7f28d857390799d746688b50ca32ca1fce10d8f929090fa
-
SHA512
c83bec1caddace316014fb49ec13c3d655b4352505562cfe4dc3b806f791a1d69f38f5a45976e495678c02c50ec9c1b99c12a353b3314cc11a4dab8f97ff7bfd
-
SSDEEP
1536:xfxKz6y+8TC1lr91IE9HF4Ai+Bwc1peAf61QP:xpi6ygr91bX4Ai+BwApew5
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unsecapp.exe
Files
-
unsecapp.exe.exe windows:10 windows x64 arch:x64
9656e21ed232ddc034de628b1e2968ad
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
msvcrt
memmove
memcpy
_onexit
_XcptFilter
_amsg_exit
__set_app_type
__CxxFrameHandler3
exit
_CxxThrowException
?terminate@@YAXXZ
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
_exit
_cexit
__dllonexit
__setusermatherr
_initterm
__getmainargs
__C_specific_handler
??0exception@@QEAA@AEBQEBD@Z
_fmode
_commode
_callnewh
malloc
_purecall
??3@YAXPEAX@Z
??1type_info@@UEAA@XZ
_lock
__CxxFrameHandler4
_unlock
printf
wcsstr
??_V@YAXPEAX@Z
_vsnwprintf
api-ms-win-core-com-l1-1-0
StringFromGUID2
CoRevertToSelf
CoImpersonateClient
CoInitializeSecurity
CoInitializeEx
CoRegisterClassObject
CoRevokeClassObject
api-ms-win-security-base-l1-1-0
EqualSid
IsValidSid
GetLengthSid
api-ms-win-core-synch-l1-2-0
Sleep
api-ms-win-core-errorhandling-l1-1-0
UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter
api-ms-win-core-libraryloader-l1-2-0
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
LoadLibraryExW
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
api-ms-win-core-processthreads-l1-1-0
GetCurrentProcess
ExitProcess
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
api-ms-win-core-sysinfo-l1-1-0
GetSystemTimeAsFileTime
GetTickCount
api-ms-win-core-rtlsupport-l1-1-0
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
api-ms-win-core-apiquery-l1-1-0
ApiSetQueryApiSetPresence
wbemcomn
??0CInCritSec@@QEAA@PEAU_RTL_CRITICAL_SECTION@@@Z
??1CInCritSec@@QEAA@XZ
??0CNtSid@@QEAA@AEBV0@@Z
?GetDWORDStr@Registry@@QEAAHPEBGPEAK@Z
??1Registry@@QEAA@XZ
??0Registry@@QEAA@PEBGK@Z
??0CNtSid@@QEAA@PEAX@Z
?GetTextSid@CNtSid@@QEAAHPEAGPEAK@Z
??8CNtSid@@QEAAHAEAV0@@Z
??1CNtSid@@QEAA@XZ
??1CCritSec@@QEAA@XZ
ErrorTrace
_ThrowMemoryException_
?OnInitialize@CUnk@@UEAAHXZ
??0CUnkInternal@@QEAA@PEAVCLifeControl@@@Z
??1CUnkInternal@@UEAA@XZ
?QueryInterface@CUnkInternal@@UEAAJAEBU_GUID@@PEAPEAX@Z
?AddRef@CUnkInternal@@UEAAKXZ
?Release@CUnkInternal@@UEAAKXZ
?Initialize@CUnk@@UEAAHXZ
?AddRef@CUnk@@UEAAKXZ
??0CCritSec@@QEAA@XZ
?Write@CMemoryLog@@QEAAXJ@Z
GetMemLogObject
?InternalRelease@CUnkInternal@@QEAAKXZ
?InternalQueryInterface@CUnkInternal@@QEAAJAEBU_GUID@@PEAPEAX@Z
??0CLifeControl@@QEAA@XZ
??0CNtSid@@QEAA@W4SidType@0@@Z
?Release@CUnk@@UEAAKXZ
?QueryInterface@CUnk@@UEAAJAEBU_GUID@@PEAPEAX@Z
??1CUnk@@UEAA@XZ
??0CUnk@@QEAA@PEAVCLifeControl@@PEAUIUnknown@@@Z
??_7CUnkInternal@@6B@
api-ms-win-core-synch-l1-1-0
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetEvent
CreateEventW
InitializeCriticalSectionAndSpinCount
api-ms-win-core-debug-l1-1-0
DebugBreak
api-ms-win-core-localization-l1-2-0
LCMapStringW
api-ms-win-service-core-l1-1-0
StartServiceCtrlDispatcherW
SetServiceStatus
api-ms-win-service-winsvc-l1-1-0
RegisterServiceCtrlHandlerW
api-ms-win-service-management-l1-1-0
OpenServiceW
DeleteService
CreateServiceW
OpenSCManagerW
api-ms-win-core-processenvironment-l1-1-0
GetCommandLineW
ntdll
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwTraceMessage
EtwUnregisterTraceGuids
api-ms-win-core-delayload-l1-1-1
ResolveDelayLoadedAPI
api-ms-win-core-delayload-l1-1-0
DelayLoadFailureHook
Sections
.text Size: 28KB - Virtual size: 24KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 20KB - Virtual size: 19KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 4KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 4KB - Virtual size: 64B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 660B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ