984ee7322b8d487c48fdb977d5aee02322f943b897c4f5ca0896e48891d2bf8e

Sharing

Copy URL Twitter E-mail

General

Target

984ee7322b8d487c48fdb977d5aee02322f943b897c4f5ca0896e48891d2bf8e
Size

1.2MB
MD5

b348e2560d12b7defef4db9c138a2282
SHA1

86f61a8b2a910bbeaef84ba4aab3ad524a4609f3
SHA256

984ee7322b8d487c48fdb977d5aee02322f943b897c4f5ca0896e48891d2bf8e
SHA512

49cc400b73e6e224f1651e5b87d5cb4be20066e8c2581211c7204cc3f374aa61d29ad637d9304bef0cbb78ee16c7d47834f4dc9b3a7a5a32ff666dd052f54599
SSDEEP

12288:7LV7d0NxksRpWE9FRHSfNm1wgbIxnBw7dzE+e3gxZC6LgjigDy5fdv8fWi+Q:7hCks7WE9F5pwg8zmdqQjC60jiHkU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
984ee7322b8d487c48fdb977d5aee02322f943b897c4f5ca0896e48891d2bf8e

Files

984ee7322b8d487c48fdb977d5aee02322f943b897c4f5ca0896e48891d2bf8e
.exe windows:6 windows x64 arch:x64

3b7b1a21ae97452075482f3b8e7da6ac

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\workBuild\PCManager\output_temp\pdb\PerfWndMonHelper.pdb

Imports

shlwapi

PathRemoveFileSpecW

wintrust

WinVerifyTrust
WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData
WTHelperGetProvCertFromChain

kernel32

CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
DeleteCriticalSection
GetCurrentThreadId
GetLastError
GetModuleHandleW
GetModuleFileNameW
MultiByteToWideChar
CloseHandle
LoadLibraryW
GetLocalTime
GetProcAddress
FreeLibrary
GetCurrentProcess
TerminateProcess
RtlCaptureContext
LocalAlloc
RtlVirtualUnwind
InitializeSListHead
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
RtlLookupFunctionEntry
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LocalFree

user32

ChangeWindowMessageFilter
DispatchMessageW
RegisterClassExW
GetWindowLongPtrW
TranslateMessage
PostQuitMessage
FindWindowExW
SendMessageTimeoutW
GetMessageW
DefWindowProcW
DestroyWindow
SetWindowLongPtrW
CreateWindowExW
SendMessageW
UnregisterClassW

wmiutil

?ExcuteQueryImpl@WmiQuery@HwSDK@@AEAAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0_NV?$function@$$A6AXAEAUtagVARIANT@@@Z@4@@Z
?GetResult@WmiQuery@HwSDK@@AEAAXAEBUtagVARIANT@@AEAV?$vector@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@std@@@Z

msvcp140

??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@K@Z
?_Execute_once@std@@YAHAEAUonce_flag@1@P6AHPEAX1PEAPEAX@Z1@Z
_Cnd_init_in_situ
_Mtx_current_owns
_Xtime_get_ticks
_To_wide
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
_Cnd_destroy_in_situ
_Mtx_init_in_situ
_Mtx_destroy_in_situ
_Cnd_timedwait
?_Syserror_map@std@@YAPEBDH@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Winerror_map@std@@YAHH@Z
?_Winerror_message@std@@YAKKPEADK@Z
?_Xinvalid_argument@std@@YAXPEBD@Z
_Cnd_signal
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Throw_Cpp_error@std@@YAXH@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?uncaught_exception@std@@YA_NXZ
?id@?$ctype@_W@std@@2V0locale@2@A
?_Throw_C_error@std@@YAXH@Z
_Mtx_lock
_Cnd_do_broadcast_at_thread_exit
_Cnd_destroy
_Cnd_wait
_Mtx_init
_Thrd_start
_Thrd_detach
_Mtx_destroy
_Cnd_init
_Mtx_unlock
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?widen@?$ctype@_W@std@@QEBA_WD@Z
??Bid@locale@std@@QEAA_KXZ
_Stat

loghelper

?InitProcessLogger@HwLogger@@QEAAXXZ
?GetInstance@HwLogger@@SAPEAV1@XZ
?Log@HwLogger@@QEAAXW4LOG_MESSAGE_LEVEL@@AEAV?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

crypt32

CertGetNameStringW

vcruntime140

__std_exception_copy
memset
__std_exception_destroy
__C_specific_handler
_CxxThrowException
__std_terminate
memcpy
__CxxFrameHandler3
memmove

api-ms-win-crt-heap-l1-1-0

_callnewh
free
_set_new_mode
malloc

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e
exit
_initialize_wide_environment
_c_exit
_register_thread_local_exe_atexit_callback
_set_app_type
_seh_filter_exe
_cexit
_crt_atexit
terminate
_register_onexit_function
_configure_wide_argv
_exit
_initialize_onexit_table
_get_wide_winmain_command_line
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vswprintf
__p__commode
_set_fmode

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Exports

Exports

??$ExcuteQuery@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@WmiQuery@HwSDK@@QEAAHAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0AEAV?$vector@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@3@_N@Z
??0WmiQuery@HwSDK@@QEAA@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
??1WmiQuery@HwSDK@@QEAA@XZ

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.2MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3b7b1a21ae97452075482f3b8e7da6ac

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

wintrust

kernel32

user32

wmiutil

msvcp140

loghelper

crypt32

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Exports

Exports

Sections

.text Size: 24KB - Virtual size: 23KB

.rdata Size: 19KB - Virtual size: 19KB

.data Size: 2KB - Virtual size: 3KB

.pdata Size: 2KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1.2MB - Virtual size: 1.8MB

.text
Size: 24KB - Virtual size: 23KB

.rdata
Size: 19KB - Virtual size: 19KB

.data
Size: 2KB - Virtual size: 3KB

.pdata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1.2MB - Virtual size: 1.8MB