42c9661212176490521a3b2a1c284821c7883a6f67a031cdda38b7ab07118ed4

Sharing

Copy URL

Twitter E-mail

General

Target

42c9661212176490521a3b2a1c284821c7883a6f67a031cdda38b7ab07118ed4
Size

2.5MB
MD5

524965dabe68ee46059785b581fe812e
SHA1

68af961ea62eb460d78eb8a46a79b9c69a392b6a
SHA256

42c9661212176490521a3b2a1c284821c7883a6f67a031cdda38b7ab07118ed4
SHA512

9f9b8f59ff7b6950a840f6b53343e6fe799ea1c5f42a70bef09df5bd7c939174b160056197fd46f2d352ddb54edc4439d55e89dca919429cdd6e13fcbc3216d7
SSDEEP

49152:a7HjYL1C/l4UC+zuoK+FOq0vhS/ATOTJxu5C2+vgdAOc:OcMK+7JxuA2eOc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
42c9661212176490521a3b2a1c284821c7883a6f67a031cdda38b7ab07118ed4

Files

42c9661212176490521a3b2a1c284821c7883a6f67a031cdda38b7ab07118ed4
.dll windows:5 windows x64 arch:x64

073f7b8731b2600df72473e9f2c670e6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\data\landun\workspace\CommonComponent\ACE-SSC\1.compile_source\SOURCE\AceSsc\build64\Release\ACE-SSC64.pdb

Imports

psapi

GetModuleFileNameExW
GetModuleInformation

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

kernel32

WaitForSingleObject
WaitForMultipleObjects
CreateEventW
CreateFileW
GetVersionExW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
VirtualAlloc
VirtualFree
GetFileSizeEx
WriteFile
ReadFile
SetFilePointerEx
GetSystemTime
SystemTimeToFileTime
GetCurrentThreadId
GetTickCount64
FindClose
FindFirstFileW
FindNextFileW
SetEndOfFile
DeleteFileW
FreeLibrary
LoadLibraryW
SleepEx
VerSetConditionMask
GetSystemDirectoryW
QueryPerformanceFrequency
VerifyVersionInfoW
QueryPerformanceCounter
GetFileType
GetStdHandle
PeekNamedPipe
ExpandEnvironmentStringsA
FormatMessageA
VirtualQueryEx
GetProcessTimes
OpenThread
ReadProcessMemory
ReleaseMutex
CreateMutexA
GetLocalTime
GetLogicalDriveStringsW
QueryDosDeviceW
GetTempPathW
GetWindowsDirectoryW
GetModuleFileNameA
GetNativeSystemInfo
InterlockedPopEntrySList
VirtualProtect
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SignalObjectAndWait
DuplicateHandle
SetEvent
SetLastError
CreateThread
Module32FirstW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetModuleHandleW
GetModuleHandleA
lstrlenW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetSystemInfo
CloseHandle
OpenProcess
GetProcAddress
WideCharToMultiByte
MultiByteToWideChar
ExpandEnvironmentStringsW
GetModuleFileNameW
GetTickCount
Sleep
SwitchToThread
GetCurrentProcessId
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
RaiseException
TryEnterCriticalSection
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
CreateSemaphoreW
ReleaseSemaphore
MoveFileExW
CreateFileA
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
lstrcmpA
LocalFree
WriteConsoleW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
EncodePointer
FindFirstFileExA
GetTimeZoneInformation
SetStdHandle
GetFullPathNameW
GetCurrentDirectoryW
GetACP
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetCurrentThread
GetConsoleCP
ReadConsoleW
GetConsoleMode
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
GetStringTypeW
ExitThread
GetFileAttributesExW
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
InterlockedFlushSList
InterlockedPushEntrySList
LoadLibraryExW
RtlUnwindEx
RtlPcToFileHeader
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WaitForSingleObjectEx
ResetEvent
OutputDebugStringW
IsDebuggerPresent
GetLocaleInfoW
LCMapStringW
CompareStringW
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
HeapAlloc
DecodePointer
QueryDepthSList
UnregisterWaitEx
CreateTimerQueue
GetCPInfo
FormatMessageW
TlsAlloc

user32

PostMessageA
FindWindowA
wsprintfW
SendMessageTimeoutW
IsWindowVisible
IsWindowUnicode
GetClientRect
GetWindowLongPtrA
GetWindowLongPtrW
EnumChildWindows
EnumWindows
GetClassNameW
GetWindowThreadProcessId
InternalGetWindowText

ole32

CoTaskMemFree
CLSIDFromString

advapi32

OpenProcessToken
RegCloseKey
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptImportKey
CryptEncrypt
LookupAccountNameW
ConvertSidToStringSidW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegQueryValueExA
RegOpenKeyA
RegEnumKeyExW
RegEnumValueW
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
StartServiceW
QueryServiceStatus
OpenServiceW
OpenSCManagerW
DeleteService
CreateServiceW
ControlService
CloseServiceHandle
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam

shlwapi

PathFindFileNameW
PathRemoveFileSpecW
PathStripPathW
PathAppendW
PathFileExistsW

wintrust

CryptCATAdminAcquireContext
CryptCATAdminCalcHashFromFileHandle
CryptCATCatalogInfoFromContext
CryptCATAdminReleaseCatalogContext
CryptCATAdminReleaseContext
CryptCATAdminEnumCatalogFromHash

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

ws2_32

sendto
recvfrom
freeaddrinfo
accept
listen
ioctlsocket
gethostname
htonl
WSAStringToAddressA
getaddrinfo
WSAGetLastError
recv
send
bind
closesocket
connect
getsockname
getsockopt
htons
ntohs
select
socket
WSASetLastError
WSAIoctl
WSAStartup
WSACleanup
__WSAFDIsSet
setsockopt
getpeername

wldap32

ord127
ord27
ord26
ord118
ord41
ord167
ord216
ord14
ord46
ord219
ord145
ord142
ord79
ord133
ord147
ord301
ord208

winhttp

WinHttpQueryDataAvailable
WinHttpSetOption
WinHttpReadData
WinHttpOpenRequest
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpConnect
WinHttpCloseHandle
WinHttpSetTimeouts
WinHttpOpen

crypt32

CryptMsgClose
CryptMsgGetParam
CertCloseStore
CertFindCertificateInStore
CertFreeCertificateContext
CertGetNameStringW
CryptQueryObject
CryptDecodeObject

Exports

Exports

CreateObject
Init

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 380KB - Virtual size: 379KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 41B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.tvm0
Size: 672KB - Virtual size: 672KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

073f7b8731b2600df72473e9f2c670e6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

psapi

wtsapi32

kernel32

user32

ole32

advapi32

shlwapi

wintrust

version

ws2_32

wldap32

winhttp

crypt32

Exports

Exports

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 380KB - Virtual size: 379KB

.data Size: 56KB - Virtual size: 64KB

.pdata Size: 81KB - Virtual size: 80KB

.gfids Size: 3KB - Virtual size: 2KB

.tls Size: 512B - Virtual size: 41B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 11KB - Virtual size: 10KB

.tvm0 Size: 672KB - Virtual size: 672KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 380KB - Virtual size: 379KB

.data
Size: 56KB - Virtual size: 64KB

.pdata
Size: 81KB - Virtual size: 80KB

.gfids
Size: 3KB - Virtual size: 2KB

.tls
Size: 512B - Virtual size: 41B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 11KB - Virtual size: 10KB

.tvm0
Size: 672KB - Virtual size: 672KB