8c5ec6c3d3617f203274aa7e8e558b46

Sharing

Copy URL Twitter E-mail

General

Target

8c5ec6c3d3617f203274aa7e8e558b46
Size

213KB
MD5

8c5ec6c3d3617f203274aa7e8e558b46
SHA1

e64885abd6662da25592b18541e94890254d93e8
SHA256

9db865fd3f9ceefb418d043e348e6e5660a93bb4ce0cf5970f7fc4da5b1aed3f
SHA512

34441349379ce8f6c248af76a0cfb9c14b9540e7470c9befdbf5e9e89d6edc25e87141d2f1e6710d1b1b22d60e0dc1ee8612ed6947253ebeb704ca7ffd803c22
SSDEEP

3072:WrWzrkgYF1yGunZZwFrUhxDR1cAoggJAM6PCGowsx:kCzYF1enfwFrUcz6P

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8c5ec6c3d3617f203274aa7e8e558b46

Files

8c5ec6c3d3617f203274aa7e8e558b46
.exe windows:6 windows x64 arch:x64

42dd9b9c7e7238675fee3dba70cb7aa1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

MpCmdRun.pdb

Imports

advapi32

TraceEvent
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
FreeSid
LogonUserW
OpenProcessToken
GetUserNameW
CreateProcessAsUserW
CreateRestrictedToken
RegCloseKey
ReadEventLogW
RegOpenKeyExW
RegQueryValueExW
OpenEventLogW
GetOldestEventLogRecord
GetNumberOfEventLogRecords
CloseEventLog
OpenSCManagerW
OpenServiceW
QueryServiceStatusEx
CloseServiceHandle
CheckTokenMembership
IsValidSid
AllocateAndInitializeSid
RegEnumKeyExW
RegEnumValueW

kernel32

Sleep
SetFileAttributesW
DeleteFileW
HeapFree
HeapAlloc
GetFileInformationByHandle
MultiByteToWideChar
WideCharToMultiByte
FileTimeToDosDateTime
GetSystemPowerStatus
HeapSetInformation
CreateEventW
CreateTimerQueueTimer
GetFileAttributesW
GetSystemDirectoryW
WriteFile
SetFilePointerEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
FreeLibrary
LocalAlloc
LocalFree
LoadLibraryW
GetProcAddress
SetErrorMode
FormatMessageW
GetLastError
SetLastError
GetDateFormatW
GetTimeFormatW
GetLocalTime
LoadLibraryExW
ExpandEnvironmentStringsW
FileTimeToSystemTime
FileTimeToLocalFileTime
FindClose
FindNextFileW
FindFirstFileW
CopyFileW
CreateDirectoryW
DeleteTimerQueueTimer
CreateFileW
GetSystemTime
TerminateProcess
WaitForSingleObject
GetCurrentProcess
SetEvent
CloseHandle
GetTickCount
GetCommandLineW

msvcrt

_initterm
exit
_cexit
_exit
_XcptFilter
__C_specific_handler
__wgetmainargs
__CxxFrameHandler3
_CxxThrowException
_amsg_exit
malloc
free
??0exception@@QEAA@XZ
??0exception@@QEAA@AEBQEBD@Z
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
swscanf
__RTDynamicCast
feof
fgetws
iswspace
fclose
towlower
memmove
_wfopen
_errno
wcsrchr
_vsnprintf
_wopen
__doserrno
_wremove
_wtempnam
_read
_lseek
_write
_close
wprintf
__setusermatherr
_commode
_fmode
__set_app_type
??1type_info@@UEAA@XZ
memmove_s
memcpy_s
_purecall
_getch
wcstoul
swscanf_s
iswprint
vwprintf
wcsstr
?terminate@@YAXXZ
_unlock
__dllonexit
_lock
_onexit
memset
??0exception@@QEAA@AEBQEBDH@Z
wcschr
_vsnwprintf
_wcsicmp
printf
memcpy

ole32

CoUninitialize
StringFromGUID2
CoCreateInstance
CoInitializeEx

oleaut32

SysAllocString
SysFreeString

rpcrt4

UuidFromStringW

userenv

UnloadUserProfile
CreateEnvironmentBlock
LoadUserProfileW
DestroyEnvironmentBlock

mpclient

MpUtilsExportFunctions
MpConfigDelValue
MpConfigIteratorClose
MpConfigIteratorEnum
MpConfigIteratorOpen
MpConfigGetValueAlloc
MpManagerVersionQuery
MpUpdateStart
MpConfigClose
MpConfigGetValue
MpConfigOpen
MpCleanStart
MpCleanOpen
MpScanStart
MpManagerOpen
MpScanResult
MpHandleClose
MpFreeMemory
MpConfigUninitialize
MpConfigInitialize
MpClientUtilExportFunctions

cabinet

ord11
ord13
ord10
ord14

Sections

.text
Size: 172KB - Virtual size: 172KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

42dd9b9c7e7238675fee3dba70cb7aa1

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

msvcrt

ole32

oleaut32

rpcrt4

userenv

mpclient

cabinet

Sections

.text Size: 172KB - Virtual size: 172KB

.data Size: 3KB - Virtual size: 4KB

.pdata Size: 6KB - Virtual size: 6KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 28KB - Virtual size: 29KB

.text
Size: 172KB - Virtual size: 172KB

.data
Size: 3KB - Virtual size: 4KB

.pdata
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 28KB - Virtual size: 29KB