ab553c763dd1d07add0c65c0e3281182

Sharing

Copy URL Twitter E-mail

General

Target

ab553c763dd1d07add0c65c0e3281182
Size

53KB
MD5

ab553c763dd1d07add0c65c0e3281182
SHA1

c31d629a12fb842d1263ace67f65a5631750d322
SHA256

49c99926f7e58c263c18083d7433cc2ea948364045ee54699d969257e9d369ee
SHA512

0dfde82c723cb17033e774a93850a5f28e3135c1f4eb55c30c8246e485fe55bff7ba1ac5b7919cc78943ef20f82752df3a9ad963c6ff9e1f4c59da2b1c44aa84
SSDEEP

768:RjQ/iStitBmaXWuzQtud0DzF0ZPqOZvu9dv1H9xllMGCaaFyEAjiaKhhp8IeAc4P:RYin2PDzF0ZPqqve1TaHAjEp8Ie/4P

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ab553c763dd1d07add0c65c0e3281182

Files

ab553c763dd1d07add0c65c0e3281182
.exe windows:6 windows x86 arch:x86

06be9d38f28735aea88f958939a332d1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

VaultSysUi.pdb

Imports

kernel32

LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetLastError
UnhandledExceptionFilter
TerminateProcess
CloseHandle
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
GetStartupInfoA
InterlockedCompareExchange
Sleep
InterlockedExchange
HeapSetInformation
GetCurrentProcess
SetPriorityClass
GetModuleHandleW
GetCommandLineW
LocalFree
GetSystemTimeAsFileTime
LocalAlloc
OutputDebugStringA

msvcrt

_snwprintf_s
_vsnwprintf
_unlock
_controlfp
??0exception@@QAE@ABQBD@Z
?terminate@@YAXXZ
_vsnwprintf_s
_except_handler4_common
_onexit
??1type_info@@UAE@XZ
_lock
wcscpy_s
__dllonexit
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
malloc
_callnewh
free
__CxxFrameHandler3
memcpy
_CxxThrowException
swscanf_s
memset
memmove_s
memcpy_s
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@XZ
?what@exception@@UBEPBDXZ

ntdll

RtlNtStatusToDosError
NtReadVirtualMemory
RtlCompareMemory
NtWriteVirtualMemory
NtOpenProcess
WinSqmSetDWORD
WinSqmEndSession
WinSqmStartSession

ole32

CoTaskMemFree

credui

CredUIPromptForWindowsCredentialsW

shell32

CommandLineToArgvW

netapi32

NetApiBufferFree
NetValidatePasswordPolicy

advapi32

TraceMessage

user32

LoadStringW

Sections

.text
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

06be9d38f28735aea88f958939a332d1

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

msvcrt

ntdll

ole32

credui

shell32

netapi32

advapi32

user32

Sections

.text Size: 31KB - Virtual size: 31KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 19KB - Virtual size: 22KB

.text
Size: 31KB - Virtual size: 31KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 19KB - Virtual size: 22KB