6953b5f98b441599b53aeb52b584ba54c5c4af74c1d1442feab61e4cfd290661

Sharing

Copy URL Twitter E-mail

General

Target

6953b5f98b441599b53aeb52b584ba54c5c4af74c1d1442feab61e4cfd290661
Size

5.3MB
MD5

03094de2b973baba85767213d17c6ad2
SHA1

b660c3437661cee65e885ba7dbf82d7211385afb
SHA256

6953b5f98b441599b53aeb52b584ba54c5c4af74c1d1442feab61e4cfd290661
SHA512

a026f2dd9a4e6b200ddce2bc98dc308a89d361ffca4fa3f0a95071e09788b09b7d3e027cf0a5c54a735726e198f1a6eff7752aebc23072721352255c7361a957
SSDEEP

98304:mpvhZI2HESG5dMrDKNyHay3V9m0w3GK2JXJU2hr75qAqnvItlrvG:mpvhZI2kSGorDKaay3V9m0w3z2fXhrkE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6953b5f98b441599b53aeb52b584ba54c5c4af74c1d1442feab61e4cfd290661

Files

6953b5f98b441599b53aeb52b584ba54c5c4af74c1d1442feab61e4cfd290661
.exe windows:6 windows x86 arch:x86

d84e52345da32522eacabf139a60fb63

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\VFS\VTP\last_managed_build\5.2.48.0\ControlService\bin\Release32\ControlServer.pdb

Imports

netapi32

NetShareCheck

setupapi

SetupDiOpenDeviceInfoA
SetupDiCreateDeviceInfoList
SetupDiGetDeviceRegistryPropertyA

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

bcrypt

BCryptOpenAlgorithmProvider
BCryptGenRandom
BCryptCloseAlgorithmProvider
BCryptEncrypt
BCryptDestroyKey
BCryptDecrypt
BCryptGenerateSymmetricKey

userenv

GetUserProfileDirectoryW

crypt32

CertFreeCertificateContext
CertVerifyTimeValidity
CertCompareIntegerBlob
CertFindCertificateInStore
CertOpenSystemStoreW
CertEnumCertificatesInStore
CertGetNameStringW
CertCloseStore
CertOpenStore
CryptBinaryToStringW
CertDeleteCertificateFromStore
PFXImportCertStore
CryptSignMessage
CryptVerifyMessageSignature
CertGetCertificateChain
CertFreeCertificateChain
CertVerifyCertificateChainPolicy
CertGetCertificateContextProperty

ws2_32

select
__WSAFDIsSet
getsockopt
setsockopt
send
recv
ioctlsocket
WSASend
WSASendTo
WSASocketW
WSACleanup
WSAStringToAddressW
accept
connect
WSAEnumNetworkEvents
WSAEventSelect
WSACreateEvent
listen
WSAIoctl
WSAStartup
socket
htonl
htons
bind
closesocket
inet_addr
ntohs
WSAGetLastError
freeaddrinfo
inet_ntop
WSAAddressToStringW
getaddrinfo
inet_pton
WSASetLastError
ntohl
WSACloseEvent
getsockname
WSARecvFrom
shutdown

kernel32

PostQueuedCompletionStatus
GetQueuedCompletionStatus
SetLastError
SetWaitableTimer
TlsSetValue
TlsGetValue
WaitForSingleObject
SleepEx
CreateEventW
CreateIoCompletionPort
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
VerifyVersionInfoW
VerSetConditionMask
QueueUserAPC
TerminateThread
WaitForMultipleObjects
RegisterWaitForSingleObject
UnregisterWait
GetLocalTime
GetDynamicTimeZoneInformation
SetLocalTime
SetDynamicTimeZoneInformation
GetDiskFreeSpaceExW
CreateFileW
DeviceIoControl
GetExitCodeProcess
OpenEventW
TerminateProcess
CreateProcessW
GetSystemDirectoryW
AreFileApisANSI
MultiByteToWideChar
QueryPerformanceCounter
QueryPerformanceFrequency
GetCurrentProcessId
GetProcAddress
LoadLibraryW
GetEnvironmentVariableW
GetModuleFileNameW
FreeLibrary
WaitForSingleObjectEx
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
FileTimeToSystemTime
CreateSemaphoreA
DuplicateHandle
ReleaseSemaphore
DeleteTimerQueueTimer
CreateTimerQueueTimer
GetTickCount
LocalAlloc
GetCurrentThreadId
OpenEventA
ResetEvent
SetComputerNameExA
GetLogicalDriveStringsW
GetVolumeInformationW
GetFileAttributesExW
ReadFile
WriteFile
CreatePipe
SetHandleInformation
GetComputerNameExW
GetDriveTypeW
GetVersionExW
GetModuleHandleW
GetSystemInfo
SystemTimeToFileTime
OpenProcess
CreateWaitableTimerW
UnregisterWaitEx
ExitProcess
SetErrorMode
SetConsoleCtrlHandler
SetProcessShutdownParameters
GetConsoleWindow
DeleteFileW
InitializeCriticalSectionEx
RaiseException
DecodePointer
LoadLibraryExW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
InitializeSRWLock
OutputDebugStringA
WaitForMultipleObjectsEx
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockShared
EnterCriticalSection
GetSystemTimeAsFileTime
CreateDirectoryW
CreateFileA
FlushFileBuffers
SetEndOfFile
CopyFileW
GetTempPathW
K32GetModuleFileNameExA
GetWindowsDirectoryW
K32EnumProcessModules
InitializeCriticalSection
WakeAllConditionVariable
SleepConditionVariableSRW
ResumeThread
GetLogicalProcessorInformation
GetModuleHandleA
CreateWaitableTimerA
GetCurrentDirectoryW
GetFileAttributesW
GetFileInformationByHandle
GetFileTime
GetFullPathNameW
RemoveDirectoryW
SetFileAttributesW
SetFilePointerEx
SetFileTime
CreateDirectoryExW
CopyFileExW
MoveFileExW
GetExitCodeThread
LeaveCriticalSection
MoveFileW
GetSystemTime
FindFirstFileW
SetFilePointer
WriteConsoleW
SetStdHandle
FindNextFileW
FindFirstFileExW
TlsAlloc
TlsFree
GetLastError
Sleep
FormatMessageA
FormatMessageW
LocalFree
WideCharToMultiByte
FindClose
HeapSize
GetOEMCP
GetACP
IsValidCodePage
HeapReAlloc
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
ReadConsoleW
GetConsoleMode
GetConsoleCP
GetFileType
GetCommandLineW
GetCommandLineA
GetStdHandle
ExitThread
RtlUnwind
GetStartupInfoW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
SwitchToThread
UnhandledExceptionFilter
CreateTimerQueue
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
VirtualFree
VirtualProtect
VirtualAlloc
FreeLibraryAndExitThread
GetThreadTimes
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
ChangeTimerQueueTimer
GetThreadPriority
SetThreadPriority
CreateThread
SetEvent
CreateEventA
CloseHandle
HeapFree
GetProcessHeap
HeapAlloc
GetModuleFileNameA
GetModuleHandleExW
lstrcpyA
GetCurrentThread
AcquireSRWLockShared
GetCurrentProcess
SignalObjectAndWait
GetLocaleInfoEx
GetCPInfo
CompareStringEx
LCMapStringEx
EncodePointer
CloseThreadpoolWait
SetThreadpoolWait
CreateThreadpoolWait
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CreateThreadpoolTimer
FreeLibraryWhenCallbackReturns
GetTickCount64
GetCurrentProcessorNumber
FlushProcessWriteBuffers
CreateSemaphoreExW
CreateEventExW
SleepConditionVariableCS
WakeConditionVariable
InitializeConditionVariable
GetStringTypeW
GetFileSizeEx
IsDebuggerPresent
OutputDebugStringW
TryEnterCriticalSection

user32

PostMessageW
PeekMessageW
GetWindowThreadProcessId
EnumWindows
SendMessageTimeoutW
ShowWindow
MsgWaitForMultipleObjectsEx

advapi32

RegCloseKey
LookupPrivilegeValueW
AdjustTokenPrivileges
InitiateSystemShutdownExW
RegCreateKeyExW
RegSetValueExW
CryptDuplicateHash
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptDecrypt
CryptEncrypt
CryptImportKey
CryptGetHashParam
CryptSetHashParam
CryptSetKeyParam
CryptDestroyKey
CryptAcquireContextA
RegOpenKeyExW
RegDeleteValueW
RegSetValueExA
RegFlushKey
RegQueryInfoKeyW
RegEnumKeyExW
RegQueryValueExW
OpenSCManagerW
OpenServiceW
OpenProcessToken
QueryServiceConfigW
CloseServiceHandle
RegGetValueW
RegOpenKeyW
CryptGenRandom
CryptReleaseContext

shell32

SHGetSpecialFolderPathW
SHGetFolderPathA

ole32

StringFromGUID2
CoCreateInstance
CoInitializeEx
CoUninitialize
CoSetProxyBlanket
CoTaskMemFree

oleaut32

SysFreeString
VariantInit
VariantClear
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayDestroy
SafeArrayGetVartype
SafeArrayCopy
SafeArrayUnlock
SafeArrayLock
SysAllocString
SafeArrayCreate
VarBstrCmp
SysAllocStringByteLen
SysStringByteLen
SafeArrayGetElement
SysAllocStringLen
SysStringLen

shlwapi

SHDeleteKeyW
PathUnquoteSpacesW

cryptui

CryptUIWizImport

iphlpapi

GetAdaptersAddresses
GetUdpTable
CancelIPChangeNotify
NotifyAddrChange
GetAdaptersInfo
GetTcpTable

msi

ord88
ord70
ord205
ord113

dbghelp

SymFromAddr
SymInitialize
SymGetModuleBase64
SymFunctionTableAccess64
SymGetLineFromAddr64
StackWalk64

Sections

.text
Size: 4.4MB - Virtual size: 4.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 686KB - Virtual size: 685KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 63KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 188KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d84e52345da32522eacabf139a60fb63

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

netapi32

setupapi

version

bcrypt

userenv

crypt32

ws2_32

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

cryptui

iphlpapi

msi

dbghelp

Sections

.text Size: 4.4MB - Virtual size: 4.4MB

.rdata Size: 686KB - Virtual size: 685KB

.data Size: 63KB - Virtual size: 72KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 188KB - Virtual size: 188KB

.text
Size: 4.4MB - Virtual size: 4.4MB

.rdata
Size: 686KB - Virtual size: 685KB

.data
Size: 63KB - Virtual size: 72KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 188KB - Virtual size: 188KB