9a87b59dabf265d46325caf5056ce103

Sharing

Copy URL Twitter E-mail

General

Target

9a87b59dabf265d46325caf5056ce103
Size

321KB
MD5

9a87b59dabf265d46325caf5056ce103
SHA1

9eda3a1919092d937a985b09b01f12a86d010e06
SHA256

07cb05f72ad3be4f58378a618eef1b957b9a5a57d6fc6e0f15e850aca5d5161b
SHA512

8e4f43c1b527cbb1f7a1a1e262cb8063aacd5760165283f5ee918ab4228281f6b4cad9b2260ff3c1f01c69ce5d953acfb8daa9aa02848b593f12553010615ea6
SSDEEP

6144:eJKwh22mUAioTvDpfwkV1X55yn+Y0cnJ2da20BKLILm:eMe26Svx00KcNI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9a87b59dabf265d46325caf5056ce103

Files

9a87b59dabf265d46325caf5056ce103
.exe windows:6 windows x64 arch:x64

99f403a8d271c481e1abdb2a65909791

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

services.pdb

Imports

msvcrt

_cexit
_exit
_XcptFilter
__C_specific_handler
_initterm
_amsg_exit
__setusermatherr
exit
_fmode
__set_app_type
?terminate@@YAXXZ
_commode
memset
memcpy
_ltow
wcscspn
__getmainargs
_ltow_s
wcschr
_wcslwr
_ultow_s
time
wcsrchr
_vsnwprintf
_wcsnicmp
wcstoul
wcsstr
_wcsicmp
_wtol
wcsncmp
_ultow

rpcrt4

UuidCreate
UuidCreateNil
UuidEqual
RpcServerUnsubscribeForNotification
RpcServerSubscribeForNotification
RpcBindingVectorFree
RpcServerRegisterAuthInfoW
RpcServerInqDefaultPrincNameW
RpcEpRegisterW
RpcStringFreeW
RpcStringBindingParseW
RpcBindingToStringBindingW
RpcServerInqBindings
RpcServerUseProtseqW
RpcServerUseProtseqEpW
I_RpcMapWin32Status
RpcServerInqCallAttributesW
RpcAsyncCompleteCall
RpcRevertToSelf
RpcImpersonateClient
RpcServerInqBindingHandle
I_RpcBindingInqLocalClientPID
I_RpcSessionStrictContextHandle
I_RpcBindingIsClientLocal
NdrServerCall2
NdrAsyncServerCall
UuidFromStringW
RpcBindingFree
RpcServerInqCallAttributesA
RpcServerRegisterIfEx
RpcAsyncAbortCall

sspicli

LogonUserExExW

ntdll

RtlLengthSid
EtwTraceMessage
NtTraceControl
RtlSetLastWin32Error
EtwGetTraceLoggerHandle
RtlInitializeCriticalSection
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
NtOpenThread
NtQueueApcThread
RtlQueueApcWow64Thread
EvtIntReportEventAndSourceAsync
EtwEventWrite
EtwEventRegister
RtlUnhandledExceptionFilter
RtlFreeHeap
NtSetEvent
NtSetInformationProcess
NtOpenProcessToken
RtlSetProcessIsCritical
NtQueryInformationFile
NtSetInformationFile
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
NtWaitForSingleObject
NtQueryDirectoryFile
NtDeleteFile
RtlCopyUnicodeString
NtFilterToken
NtQueryInformationToken
NtSetInformationThread
NtAdjustPrivilegesToken
NtDuplicateToken
NtAccessCheckAndAuditAlarm
NtAccessCheck
NtPrivilegeObjectAuditAlarm
NtPrivilegeCheck
RtlMapGenericMask
RtlSetSecurityObject
NtOpenThreadToken
RtlValidRelativeSecurityDescriptor
RtlQuerySecurityObject
RtlSubAuthoritySid
WinSqmAddToStream
RtlSetControlSecurityDescriptor
NtDeleteKey
NtEnumerateKey
NtDeleteValueKey
NtSetValueKey
NtQueryValueKey
NtOpenKey
NtCreateKey
RtlLengthSecurityDescriptor
RtlValidSecurityDescriptor
RtlSetEnvironmentVariable
RtlConvertExclusiveToShared
RtlConvertSharedToExclusive
RtlCreateServiceSid
RtlRegisterWait
RtlEqualUnicodeString
RtlGetNtProductType
RtlCopySid
NtUnloadDriver
RtlCompareUnicodeString
NtQueryDirectoryObject
NtOpenDirectoryObject
NtLoadDriver
DbgPrintEx
RtlAdjustPrivilege
RtlExpandEnvironmentStrings_U
RtlInitializeSRWLock
NtOpenFile
NtQuerySymbolicLinkObject
NtOpenSymbolicLinkObject
RtlFreeUnicodeString
RtlDosPathNameToNtPathName_U
RtlReleaseSRWLockShared
NtDeleteObjectAuditAlarm
RtlAcquireSRWLockShared
NtFlushKey
RtlAreAllAccessesGranted
NtCloseObjectAuditAlarm
RtlReleaseSRWLockExclusive
RtlAcquireSRWLockExclusive
RtlDeregisterWait
RtlAcquireResourceShared
RtlInitializeResource
RtlQueueWorkItem
RtlDeleteSecurityObject
RtlReleaseResource
RtlAcquireResourceExclusive
RtlCopyLuid
NtQueryKey
NtShutdownSystem
NtInitializeRegistry
NtSetSystemEnvironmentValue
RtlInitUnicodeString
NtClose
RtlNtStatusToDosError
NtQuerySystemInformation
RtlNtStatusToDosErrorNoTeb
RtlLengthRequiredSid
RtlAddAce
RtlCreateAcl
RtlSetDaclSecurityDescriptor
RtlNewSecurityObject
RtlSetGroupSecurityDescriptor
RtlSetSaclSecurityDescriptor
RtlAllocateHeap
RtlInitializeSid
RtlSubAuthorityCountSid
RtlCreateSecurityDescriptor
RtlSetOwnerSecurityDescriptor
RtlAnsiStringToUnicodeString
RtlInitAnsiString
RtlUnicodeStringToAnsiString
EtwGetTraceEnableLevel
EtwGetTraceEnableFlags
EtwRegisterTraceGuidsW
RtlUnicodeStringToInteger

profapi

ord101
ord102
ord105
ord106

api-ms-win-security-lsalookup-l1-1-0

LsaLookupTranslateSids
LsaLookupFreeMemory
LsaLookupClose
LsaLookupManageSidNameMapping
LsaLookupGetDomainInfo
LsaLookupTranslateNames
LsaLookupOpenLocalPolicy

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSecurityDescriptorToStringSecurityDescriptorW
ConvertSidToStringSidW

cryptbase

SystemFunction029
SystemFunction005

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
SetUnhandledExceptionFilter
SetErrorMode
UnhandledExceptionFilter

api-ms-win-core-file-l1-1-0

SetFileInformationByHandle
CreateDirectoryW
FindFirstFileW
CreateFileW
FindClose
FindNextFileW

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
HeapCreate
HeapSetInformation

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-libraryloader-l1-1-0

GetModuleHandleW
GetProcAddress
LoadLibraryExW
FreeLibrary
LoadStringW

api-ms-win-core-localregistry-l1-1-0

RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegNotifyChangeKeyValue
RegSetKeySecurity
RegGetKeySecurity
RegLoadMUIStringW
RegCreateKeyExW
RegSetValueExW

api-ms-win-core-misc-l1-1-0

LocalAlloc
LocalFree
Sleep
IsWow64Process
lstrlenW

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentVariableW
ExpandEnvironmentStringsW

api-ms-win-core-processthreads-l1-1-0

CreateThread
CreateProcessW
TerminateProcess
GetCurrentThreadId
GetProcessId
OpenThreadToken
GetCurrentThread
GetCurrentProcess
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
DeleteProcThreadAttributeList
CreateProcessAsUserW
ResumeThread
OpenProcessToken
GetCurrentProcessId
SetProcessShutdownParameters
ExitThread
SetThreadPriority
GetProcessTimes

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-string-l1-1-0

CompareStringW

api-ms-win-core-synch-l1-1-0

InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObject
SetEvent
CreateEventW
WaitForMultipleObjectsEx
ResetEvent
OpenEventW
OpenProcess

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime
GetSystemDirectoryW
GetComputerNameExW
GetVersionExW
GetSystemTime

api-ms-win-security-base-l1-1-0

GetSecurityDescriptorDacl
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
EqualSid
AdjustTokenPrivileges
RevertToSelf
ImpersonateLoggedOnUser
CopySid
GetLengthSid
CheckTokenMembership
GetTokenInformation
InitializeAcl
AddAce
SetSecurityDescriptorDacl
AllocateLocallyUniqueId
AllocateAndInitializeSid
FreeSid
GetKernelObjectSecurity
SetKernelObjectSecurity
AddAccessAllowedAce
SetTokenInformation

Sections

.text
Size: 243KB - Virtual size: 242KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

99f403a8d271c481e1abdb2a65909791

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

rpcrt4

sspicli

ntdll

profapi

api-ms-win-security-lsalookup-l1-1-0

api-ms-win-security-sddl-l1-1-0

cryptbase

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-io-l1-1-0

api-ms-win-core-libraryloader-l1-1-0

api-ms-win-core-localregistry-l1-1-0

api-ms-win-core-misc-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-security-base-l1-1-0

Sections

.text Size: 243KB - Virtual size: 242KB

.rdata Size: 39KB - Virtual size: 38KB

.data Size: 6KB - Virtual size: 5KB

.pdata Size: 11KB - Virtual size: 10KB

.rsrc Size: 19KB - Virtual size: 18KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 243KB - Virtual size: 242KB

.rdata
Size: 39KB - Virtual size: 38KB

.data
Size: 6KB - Virtual size: 5KB

.pdata
Size: 11KB - Virtual size: 10KB

.rsrc
Size: 19KB - Virtual size: 18KB

.reloc
Size: 1KB - Virtual size: 1KB