7ab82d42b0ec44285b984e84b6f99fec

Sharing

Copy URL Twitter E-mail

General

Target

7ab82d42b0ec44285b984e84b6f99fec
Size

260KB
MD5

7ab82d42b0ec44285b984e84b6f99fec
SHA1

981c04e7761e96f047564d73b00d7e93545f88a6
SHA256

e2305cea13e0da34e88d5ce0a4df1489c360217c2a69f49db08e3c01c0a4f1c4
SHA512

ff2aff97a881d305daf4ecb2f37d8c9f1a774f2f5a8f4329395b29d4c6a67a882429ca46b721c2e16d6126ef42afedbd5ce9693a4157e0b0f95573a9bddc2223
SSDEEP

6144:DEUF6mtB6NM5fh6iTLE3b24GfDyu/74D8U+Obp7B:BFbtB6G5ciTLE3b24aDyu/FUj7B

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7ab82d42b0ec44285b984e84b6f99fec

Files

7ab82d42b0ec44285b984e84b6f99fec
.exe windows:6 windows x86 arch:x86

2f8f72a7d15bd4802aba60b63f990677

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

WLSetupSvc.pdb

Imports

advapi32

SetServiceStatus
DeregisterEventSource
ReportEventW
RegisterEventSourceW
CloseServiceHandle
OpenServiceW
OpenSCManagerW
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
AddAce
InitializeAcl
GetAclInformation
GetSecurityDescriptorControl
MakeAbsoluteSD
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
InitializeSecurityDescriptor
OpenProcessToken
CreateServiceW
DeleteService
ControlService
GetLengthSid
IsValidSid
CopySid
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
RegQueryInfoKeyW
GetSidSubAuthority
InitializeSid
GetSidLengthRequired
GetTokenInformation
LookupAccountSidW
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW
MakeSelfRelativeSD
GetSecurityDescriptorLength
RegEnumKeyExW
SetNamedSecurityInfoW
LookupAccountNameW
OpenThreadToken
CreateProcessAsUserW
DuplicateTokenEx
DuplicateToken
RevertToSelf
ImpersonateLoggedOnUser
ConvertSidToStringSidW
SetThreadToken
TraceMessage

kernel32

EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
CloseHandle
WaitForSingleObject
GetCurrentProcess
GetModuleFileNameW
Sleep
CreateThread
CreateEventW
GetModuleHandleW
GetCurrentThreadId
SetEvent
InterlockedIncrement
InterlockedDecrement
GetSystemDefaultLCID
GetSystemDefaultUILanguage
GlobalMemoryStatusEx
GetSystemInfo
GetProcAddress
GetVersionExW
GetCommandLineW
GetCurrentProcessId
HeapSetInformation
GetProcessHeap
QueryPerformanceFrequency
QueryPerformanceCounter
FindClose
FindFirstFileW
FindNextFileW
InterlockedExchange
lstrcmpiW
CreateFileW
CompareStringW
QueueUserWorkItem
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
VerifyVersionInfoW
VerSetConditionMask
DeviceIoControl
SetFileAttributesW
GetFileAttributesW
CreateDirectoryW
DuplicateHandle
GetCurrentThread
SetLastError
GetLastError
CopyFileW
GetTempFileNameW
LockResource
FindResourceExW
LoadLibraryW
GetSystemDirectoryW
OpenProcess
InterlockedCompareExchange
WideCharToMultiByte
FlushFileBuffers
GetLocalTime
WriteFile
CompareFileTime
CreateSemaphoreW
LocalFree
SetThreadPriorityBoost
GetTickCount
ResetEvent
ReleaseSemaphore
CreateMutexW
ReleaseMutex
Module32NextW
Module32FirstW
CreateToolhelp32Snapshot
MoveFileExW
CreateProcessW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetStartupInfoW
HeapSize
HeapReAlloc
lstrlenW
RaiseException
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
HeapDestroy
HeapAlloc
HeapFree
DeleteFileW

user32

GetMessageW
MsgWaitForMultipleObjectsEx
PeekMessageW
MessageBoxW
CharUpperW
PostThreadMessageW
CharNextW
TranslateMessage
DispatchMessageW
LoadStringW
UnregisterClassA

msvcr80

_putws
_vsnwprintf_s
_purecall
_resetstkoflw
calloc
__CxxFrameHandler3
memset
??2@YAPAXI@Z
realloc
_recalloc
_wcsicmp
memmove
memcpy
_vsnwprintf
_vscwprintf
vswprintf_s
_vsnprintf
iswspace
towlower
towupper
wcschr
_wtoi
_errno
wcsstr
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_wcmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
__set_app_type
?terminate@@YAXXZ
_except_handler4_common
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
_invoke_watson
_controlfp_s
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
wcsncpy_s
wcscpy_s
memmove_s
memcpy_s
_CxxThrowException
free
malloc
??_V@YAXPAX@Z
??3@YAXPAX@Z
wcscat_s

shell32

SHGetFolderPathW

ole32

CoResumeClassObjects
CoCreateInstance
StringFromGUID2
CoRegisterClassObject
CoRevokeClassObject
CoSuspendClassObjects
CoInitializeEx
CoUninitialize
CoAddRefServerProcess
CoReleaseServerProcess
CoWaitForMultipleHandles
CoQueryClientBlanket
CoQueryProxyBlanket
CoCopyProxy
CoSetProxyBlanket
CoImpersonateClient
CoRevertToSelf
CoCreateFreeThreadedMarshaler
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoInitialize
CoInitializeSecurity

oleaut32

VarBstrCmp
SysAllocStringLen
VariantChangeType
VariantCopy
VariantClear
VariantInit
LoadRegTypeLi
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SystemTimeToVariantTime
SysAllocString
SysStringLen
SysFreeString

shlwapi

PathFileExistsW
PathAddBackslashW
PathFindFileNameW
PathIsDirectoryW
PathAppendW
SHCreateStreamOnFileW
SHCreateStreamOnFileEx

msi

ord94
ord96
ord171
ord115
ord88
ord268
ord113
ord116
ord281
ord141
ord118
ord8
ord158
ord169
ord177
ord157
ord92
ord32
ord159
ord266
ord160
ord70
ord173
ord34
ord6

psapi

GetModuleFileNameExW

wintrust

CryptCATCatalogInfoFromContext
WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain
WinVerifyTrustEx
CryptCATAdminEnumCatalogFromHash
CryptCATAdminAcquireContext
CryptCATAdminReleaseContext
CryptCATAdminCalcHashFromFileHandle

userenv

DestroyEnvironmentBlock
UnloadUserProfile
CreateEnvironmentBlock
LoadUserProfileW

crypt32

CertVerifyCertificateChainPolicy

Sections

.text
Size: 226KB - Virtual size: 226KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2f8f72a7d15bd4802aba60b63f990677

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

user32

msvcr80

shell32

ole32

oleaut32

shlwapi

msi

psapi

wintrust

userenv

crypt32

Sections

.text Size: 226KB - Virtual size: 226KB

.data Size: 1KB - Virtual size: 3KB

.rsrc Size: 16KB - Virtual size: 16KB

.reloc Size: 15KB - Virtual size: 34KB

.text
Size: 226KB - Virtual size: 226KB

.data
Size: 1KB - Virtual size: 3KB

.rsrc
Size: 16KB - Virtual size: 16KB

.reloc
Size: 15KB - Virtual size: 34KB