7b3255c70f97dd7bfb4b5aa32815653a

Sharing

Copy URL Twitter E-mail

General

Target

7b3255c70f97dd7bfb4b5aa32815653a
Size

258KB
MD5

7b3255c70f97dd7bfb4b5aa32815653a
SHA1

ab83af24979fba7aee5e2fa7160e849fd4d7a5a5
SHA256

c601e0a56932eae8d4699b567f918d559a0aa36f81cd59c4938f37cc5bb5ebbe
SHA512

fe6bb6671b2be480478c9617547feb37982243ffc48fcdc3d1c75453eb38f5498a24580bb53f3156a26f4724fe35a1bc06fb45ada6e101d75f20972e7232f653
SSDEEP

6144:XiCWeNNhdJvu/cPegsmuGn/RnXtAJCHUglRB6mg2DQ2auYeEhRdM/E+cMlB:KWNk1cnCglRsJ2DcuXgq/E+ciB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7b3255c70f97dd7bfb4b5aa32815653a

Files

7b3255c70f97dd7bfb4b5aa32815653a
.exe windows:4 windows x86 arch:x86

c44dc93eb5cb432182220869a1cec2f8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\AuthServer\Sources\ASGHost\Obj\Release\ASGHost.pdb

Imports

kernel32

GetCurrentThreadId
lstrcatW
lstrcpyW
SetProcessShutdownParameters
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
FlushInstructionCache
SetLastError
LoadLibraryW
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
OutputDebugStringA
TryEnterCriticalSection
GetModuleFileNameA
lstrlenA
GetCurrentDirectoryA
GetEnvironmentVariableA
GetCurrentProcessId
SetErrorMode
SetUnhandledExceptionFilter
GetCurrentThread
SetEvent
WideCharToMultiByte
OpenProcess
LocalFree
GetSystemTimeAsFileTime
QueryPerformanceCounter
ExitProcess
GetStartupInfoW
HeapSize
HeapReAlloc
HeapDestroy
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
HeapAlloc
InterlockedCompareExchange
GetProcessHeap
HeapFree
GetVersionExA
GetCommandLineW
OpenMutexW
CompareStringW
LocalAlloc
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetSystemInfo
CreateEventW
GetComputerNameW
ReleaseMutex
CloseHandle
WaitForSingleObject
CreateMutexW
GetCurrentProcess
GetTickCount
LeaveCriticalSection
EnterCriticalSection
lstrlenW
lstrcmpiW
FreeLibrary
GetProcAddress
Sleep
GetLastError
InitializeCriticalSection
LoadLibraryExW
MultiByteToWideChar
ExitThread
lstrcpynW

user32

RegisterWindowMessageW
PostThreadMessageW
BroadcastSystemMessageW
CharNextW
GetMessageW
RegisterClassExW
GetClassInfoExW
wsprintfW
LoadCursorW
DefWindowProcW
DestroyWindow
SetWindowLongW
PeekMessageW
GetWindowLongW
CreateWindowExW
MsgWaitForMultipleObjectsEx
PostMessageW
EnumThreadWindows
IsDialogMessageW
CallWindowProcW
CharUpperBuffW
TranslateMessage
DispatchMessageW
UnregisterClassA
SendMessageW
GetSystemMetrics

advapi32

RegSetValueExW
RegCreateKeyExW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegDeleteValueW
GetSecurityInfo
SetEntriesInAclW
SetSecurityInfo
RegDeleteKeyW
RegQueryInfoKeyW
RegEnumKeyExW

ole32

StringFromGUID2
CoUninitialize
CoSuspendClassObjects
CoRevokeClassObject
CoCreateGuid
CoRegisterClassObject
CoResumeClassObjects
CoCreateInstance
ProgIDFromCLSID
CoInitialize
CLSIDFromString
CoTaskMemRealloc
CoInitializeEx
CoTaskMemFree
CoTaskMemAlloc

oleaut32

VariantInit
SysAllocStringLen
VarBstrCat
VariantClear
SysStringByteLen
SysAllocStringByteLen
UnRegisterTypeLi
RegisterTypeLi
SysAllocString
VarBstrCmp
LoadTypeLi
LoadRegTypeLi
SysFreeString
SysStringLen
VarUI4FromStr

shlwapi

PathAppendW
PathFindExtensionW
SHDeleteKeyW
PathStripPathW

msvcr70

_c_exit
_exit
_XcptFilter
_cexit
exit
_wcmdln
_amsg_exit
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
__security_error_handler
_except_handler3
_controlfp
_CxxThrowException
?terminate@@YAXXZ
_onexit
__CxxFrameHandler
__dllonexit
??1type_info@@UAE@XZ
wcscspn
wcsspn
_mbschr
_mbsinc
_snprintf
sprintf
strncpy
fclose
freopen
ftell
fwrite
_vsnwprintf
fopen
_strdate
_strtime
strcat
strrchr
_purecall
_beginthreadex
memmove
malloc
free
realloc
??2@YAPAXI@Z
_wtol
swprintf
wcscmp
_wcsicmp
wcscat
memcmp
memcpy
strlen
strcpy
memset
??_V@YAXPAX@Z
??_U@YAPAXI@Z
wcslen
wcscpy
??3@YAXPAX@Z

winmm

timeGetTime

itmsg

ord1083
ord1059

Sections

.text
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 194KB - Virtual size: 196KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c44dc93eb5cb432182220869a1cec2f8

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

msvcr70

winmm

itmsg

Sections

.text Size: 40KB - Virtual size: 40KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 6KB - Virtual size: 5KB

.text Size: 194KB - Virtual size: 196KB

.text
Size: 40KB - Virtual size: 40KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 6KB - Virtual size: 5KB

.text
Size: 194KB - Virtual size: 196KB