798d7d91437bb05841f03aaf3eb8726c

Sharing

Copy URL

Twitter E-mail

General

Target

798d7d91437bb05841f03aaf3eb8726c
Size

257KB
MD5

798d7d91437bb05841f03aaf3eb8726c
SHA1

fc99d0c36f56248cdef680ab865dbc3d0c78aad5
SHA256

659fa224a3c09b745a137ed462f073905b8c72515f0d2374fdb9309bc2604290
SHA512

835251f0ac56161efbfc33f06e9c9a0a3b6b0e57ba758fc46e57d94ce6277e5f0df44f0520ffce82a960e2cbd86ebd839c96871dab710bb24bdc0d2a76a4e2b4
SSDEEP

3072:HYG1DQgGpj3Cf1K9IBydlk+cvCB8s5bDWuQxOd+0+ga3v/bGNWm7RIzd9KpjLLW:4G1En3Cf1KuydqPvS9DR+XvDGNgOi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
798d7d91437bb05841f03aaf3eb8726c

Files

798d7d91437bb05841f03aaf3eb8726c
.exe windows:5 windows x86 arch:x86

34b5ff520f647e2d2efcbbe4028c21f4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_AGGRESIVE_WS_TRIM
IMAGE_FILE_32BIT_MACHINE

PDB Paths

services.pdb

Imports

advapi32

AllocateLocallyUniqueId
RegOpenKeyW
ConvertSidToStringSidW
AllocateAndInitializeSid
FreeSid
LogonUserExW
LsaStorePrivateData
LsaLookupNames
AddAccessAllowedAce
SetTokenInformation
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerW
SetServiceStatus
SystemFunction029
SystemFunction005
CheckTokenMembership
LsaQueryInformationPolicy
OpenThreadToken
RegNotifyChangeKeyValue
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
GetSecurityDescriptorDacl
GetLengthSid
CopySid
InitializeAcl
AddAce
SetSecurityDescriptorDacl
LsaOpenPolicy
LsaLookupSids
LsaFreeMemory
LsaClose
GetTokenInformation
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
InitiateSystemShutdownW
RevertToSelf
CreateProcessAsUserW
ImpersonateLoggedOnUser

kernel32

GetCurrentThread
CreateMutexW
ReleaseMutex
ExitThread
FormatMessageW
lstrcmpiW
SetProcessShutdownParameters
DelayLoadFailureHook
RaiseException
GetExitCodeThread
SetConsoleCtrlHandler
SetErrorMode
SetUnhandledExceptionFilter
LoadLibraryA
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcess
UnhandledExceptionFilter
GetModuleHandleA
OpenEventW
LocalAlloc
LocalFree
Sleep
LeaveCriticalSection
EnterCriticalSection
SetLastError
CloseHandle
CreateThread
GetLastError
CreateProcessW
ExpandEnvironmentStringsW
InitializeCriticalSection
HeapAlloc
HeapFree
TerminateProcess
WaitForSingleObject
HeapCreate
FreeLibrary
GetProcAddress
GetModuleHandleExW
InterlockedCompareExchange
CreateNamedPipeW
ReadFile
CancelIo
GetOverlappedResult
WaitForMultipleObjects
ConnectNamedPipe
TransactNamedPipe
WriteFile
GetTickCount
GetSystemTimeAsFileTime
GetModuleHandleW
GetComputerNameW
CreateEventW
SetEvent
ResetEvent
DeviceIoControl
CreateFileW
ResumeThread
GetCurrentProcessId
LoadLibraryW
GetDriveTypeW

msvcrt

_itow
wcsrchr
time
_except_handler3
memmove
wcschr
_c_exit
_exit
wcsncmp
_XcptFilter
_cexit
exit
_wcsnicmp
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
_wtol
wcscpy
wcscat
wcsncpy
_wcsicmp
__initenv
wcslen
wcscspn
_ultow

ncobjapi

WmiCreateObjectWithFormat
WmiEventSourceConnect
WmiSetAndCommitObject

ntdll

RtlCreateSecurityDescriptor
RtlAddAccessAllowedAce
RtlCreateAcl
NtCreateKey
NtQueryValueKey
NtSetValueKey
NtDeleteValueKey
NtEnumerateKey
NtQuerySecurityObject
RtlFreeHeap
NtOpenKey
NtDeleteKey
RtlSetControlSecurityDescriptor
RtlValidSecurityDescriptor
RtlLengthSecurityDescriptor
NtPrivilegeObjectAuditAlarm
NtPrivilegeCheck
NtOpenThreadToken
NtAccessCheckAndAuditAlarm
NtSetInformationThread
NtAdjustPrivilegesToken
NtDuplicateToken
NtOpenProcessToken
RtlSetDaclSecurityDescriptor
RtlQuerySecurityObject
RtlSetSecurityObject
RtlValidRelativeSecurityDescriptor
RtlMapGenericMask
RtlCopyUnicodeString
NtSetInformationFile
NtQueryInformationFile
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
NtWaitForSingleObject
NtQueryDirectoryFile
NtDeleteFile
NtSetInformationProcess
RtlUnhandledExceptionFilter
NtSetEvent
RtlGetAce
RtlQueryInformationAcl
RtlGetDaclSecurityDescriptor
RtlAllocateHeap
RtlConvertSharedToExclusive
RtlConvertExclusiveToShared
RtlRegisterWait
RtlGetNtProductType
RtlEqualUnicodeString
RtlLengthSid
RtlCopySid
NtOpenDirectoryObject
NtQueryDirectoryObject
RtlUnicodeStringToAnsiString
RtlInitAnsiString
RtlAnsiStringToUnicodeString
RtlNewSecurityObject
RtlAddAce
RtlSetOwnerSecurityDescriptor
RtlSetGroupSecurityDescriptor
RtlSetSaclSecurityDescriptor
RtlSubAuthorityCountSid
RtlCompareUnicodeString
NtLoadDriver
NtUnloadDriver
RtlExpandEnvironmentStrings_U
RtlAdjustPrivilege
NtFlushKey
NtOpenFile
RtlDosPathNameToNtPathName_U
NtOpenSymbolicLinkObject
NtQuerySymbolicLinkObject
RtlFreeUnicodeString
RtlAreAllAccessesGranted
NtDeleteObjectAuditAlarm
NtCloseObjectAuditAlarm
RtlQueueWorkItem
RtlCopyLuid
RtlDeregisterWait
RtlReleaseResource
RtlAcquireResourceExclusive
RtlAcquireResourceShared
RtlInitializeResource
RtlDeleteSecurityObject
RtlLockBootStatusData
RtlGetSetBootStatusData
RtlUnlockBootStatusData
NtInitializeRegistry
NtQueryKey
NtClose
RtlInitUnicodeString
NtSetSystemEnvironmentValue
RtlNtStatusToDosError
NtShutdownSystem
NtQueryInformationToken
RtlMakeSelfRelativeSD
RtlInitializeSid
RtlLengthRequiredSid
RtlSubAuthoritySid
NtSetSecurityObject

rpcrt4

RpcServerRegisterAuthInfoW
RpcBindingFree
RpcEpResolveBinding
RpcBindingFromStringBindingW
RpcStringBindingComposeW
NdrClientCall2
RpcAsyncCompleteCall
RpcAsyncInitializeHandle
NdrAsyncServerCall
RpcServerListen
RpcMgmtStopServerListening
RpcMgmtWaitServerListen
RpcServerUnregisterIf
NdrAsyncClientCall
NdrServerCall2
I_RpcBindingIsClientLocal
RpcRevertToSelf
I_RpcMapWin32Status
RpcImpersonateClient
RpcStringBindingParseW
RpcStringFreeW
RpcBindingToStringBindingW
RpcServerRegisterIfEx
RpcServerUseProtseqEpW
RpcServerRegisterIf

scesrv

ScesrvInitializeServer
ScesrvTerminateServer

umpnpmgr

RegisterScmCallback
PNP_SetActiveService
PNP_GetDeviceRegProp
PNP_GetDeviceListSize
PNP_GetDeviceList
PNP_HwProfFlags
RegisterServiceNotification
DeleteServicePlugPlayRegKeys

user32

LoadStringW
wsprintfW
BroadcastSystemMessageW
MessageBoxW
RegisterServicesProcess

userenv

UnloadUserProfile
CreateEnvironmentBlock
LoadUserProfileW
DestroyEnvironmentBlock

Sections

.text
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 80KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 61KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

34b5ff520f647e2d2efcbbe4028c21f4

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

msvcrt

ncobjapi

ntdll

rpcrt4

scesrv

umpnpmgr

user32

userenv

Sections

.text Size: 102KB - Virtual size: 101KB

.data Size: 3KB - Virtual size: 2KB

.rsrc Size: 2KB - Virtual size: 1KB

.data Size: 80KB - Virtual size: 128KB

.text Size: 61KB - Virtual size: 160KB

.data Size: 7KB - Virtual size: 7KB

.text
Size: 102KB - Virtual size: 101KB

.data
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 2KB - Virtual size: 1KB

.data
Size: 80KB - Virtual size: 128KB

.text
Size: 61KB - Virtual size: 160KB

.data
Size: 7KB - Virtual size: 7KB