abccb1215e8f033f1190aa798b53e0e8

Sharing

Copy URL Twitter E-mail

General

Target

abccb1215e8f033f1190aa798b53e0e8
Size

288KB
MD5

abccb1215e8f033f1190aa798b53e0e8
SHA1

be48d2e510fa84af1ed3a26848c9f3669d3549f5
SHA256

ec86f13b72bb0efba6945f4c865862aa1cc52f51cc8c60004bc3a3b352274201
SHA512

3a6824156bcda0952f17b02206ebe9e9f69f712f8ba861e7c2c0099b0be989f4bfe889faaab3a29b88a03846c51555ce8e5e531f7edce918bc15247ab8187f30
SSDEEP

6144:vozgy8fQC+ne9UYXy2PQkuKxTYVnpvXvZx7cQu1ta0:QxVe9VPQkjYVR/Zxev

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
abccb1215e8f033f1190aa798b53e0e8

Files

abccb1215e8f033f1190aa798b53e0e8
.exe windows:5 windows x86 arch:x86

6088ddd7a7bc6d8a35276db3dbf843c7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\sandbox\83433\Muroc\Wlkeeper_svc\Release\WLKEEPER.pdb

Imports

pfmgrapi

?AuthMode@CPreferredProfile@@QAE?AW4INTEL_AUTHMODE@@XZ
?Ssid@CPreferredProfile@@QAEPADXZ
?AuthAlg@CPreferredProfile@@QAE?AW4INTEL_AUTH_ALG@@XZ
?WepAlgorithm@CPreferredProfile@@QAE?AW4INTEL_ALGORITHM@@XZ
??1CProfileMgr@@QAE@XZ
?Close@CProfileMgr@@QAEJXZ
?GetProfileToApply@CProfileMgr@@QAEJPBDAAUINTEL_WLAN_PROFILE@@K@Z
?Name@CPreferredProfile@@QAEPADXZ
?Open@CProfileMgr@@QAEJK@Z
??0CProfileMgr@@QAE@XZ
?OpMode@CPreferredProfile@@QAE?AW4INTEL_OPMODE@@XZ
?Dot1xEnabled@CPreferredProfile@@QAEHXZ
??1CPreferredProfile@@QAE@XZ
?GetFirstPreferredProfile@CProfileMgr@@QAEJAAVCPreferredProfile@@K@Z
??0CPreferredProfile@@QAE@XZ
?SetDefaults@CProfileMgr@@QAEXAAUINTEL_WLAN_PROFILE@@@Z
?GetNextPreferredProfile@CProfileMgr@@QAEJAAVCPreferredProfile@@K@Z
?PasswordMode@CPreferredProfile@@QAE?AW4INTEL_DOT1X_PASSWORD_MODE@@XZ
?Update@CProfileMgr@@QAEJAAUINTEL_WLAN_PROFILE@@PBDH@Z
?PacExists@CProfileMgr@@QAEJPAEPBDW4INTEL_PAC_TYPE@@@Z
??0CProfileMgr@@QAE@PBD0@Z
?CompareProfiles@CProfileMgr@@QAEHAAUINTEL_WLAN_PROFILE@@0@Z
?MandatoryAp@CPreferredProfile@@QAEPADXZ
?GetLastProfile@CProfileMgr@@QAEJAAUINTEL_WLAN_PROFILE@@@Z
?SaveLastProfile@CProfileMgr@@QAEJAAUINTEL_WLAN_PROFILE@@@Z

murocapi

StopAuthentication
GetTcpipv6ConfigInfo
GetAdapterList
GetScanList
GetConnectionPreference
GetBoolSetting
DisconnectFromWLAN
GetReadyForProfileState
GetRadioState
GetHwRadioState
GetAssociationInfo
GetDwordSetting
Disassociate
GetRegistrationState
GetAdapterState
Get802_1xState
GetAuthenticationStatus
Release1xConfig
GetCurrentProfile
GetAssociationStatus
GetSmartCardList
GetTcpipConfigInfo
SetAdapterState
RegisterProfileService
IsXpZeroConfigEnabled
ApplyProfile
GetSimList
SetDwordSetting
IsTcpIpInstalledAndBound
PromptChangeFastPassword
SaveFastPACAndApply
SetReadyForProfileState
GetProtocolPreference
EnableXpZeroConfig

psregapi

??1CRegistryEx@@UAE@XZ
?GetValue@CRegistryEx@@UAEPBDPBD0K@Z
?Open@CRegistryEx@@UAEHPAUHKEY__@@PBDKK@Z
??0CRegistryEx@@QAE@XZ
?SetValue@CRegistryEx@@UAEHPBD0@Z
?CloseKey@CRegApi@@QAEJXZ
?OpenOnly@CRegistryEx@@QAEHPAUHKEY__@@PBDK@Z
??1CRegApi@@UAE@XZ
?QueryValue@CRegApi@@QAEJPBDAAKPAE1@Z
?OpenKey@CRegApi@@QAEJPAUHKEY__@@PBDK@Z
??0CRegApi@@QAE@XZ

kernel32

Process32First
CreateToolhelp32Snapshot
GetExitCodeThread
PulseEvent
CreateThread
SetUnhandledExceptionFilter
GetCurrentProcessId
QueryPerformanceCounter
IsBadWritePtr
VirtualFree
HeapCreate
HeapDestroy
HeapSize
HeapReAlloc
GetCommandLineA
GetStartupInfoA
GetSystemTimeAsFileTime
ExitProcess
RtlUnwind
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
HeapFree
FlushFileBuffers
SetFilePointer
GetOEMCP
GetCPInfo
lstrcpyA
GlobalFlags
Process32Next
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcatA
lstrcmpW
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
InterlockedIncrement
SetLastError
lstrcpynA
lstrcmpA
FileTimeToSystemTime
GetDateFormatA
GlobalAlloc
GlobalLock
GlobalHandle
GlobalUnlock
GlobalFree
IsBadCodePtr
IsBadReadPtr
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
ExitThread
LocalFree
CloseHandle
WaitForMultipleObjects
ResetEvent
CreateEventA
LocalAlloc
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
MultiByteToWideChar
WideCharToMultiByte
RaiseException
GetLastError
InitializeCriticalSection
DeleteCriticalSection
GetVersion
lstrcmpiA
TerminateProcess
GetProcessHeap
HeapAlloc
GetComputerNameExA
FormatMessageA
GetSystemPowerStatus
CreateMutexA
ReleaseMutex
GetCurrentThreadId
SetStdHandle
GetStdHandle
GetCurrentProcess
OpenProcess
OutputDebugStringA
SetEvent
InterlockedDecrement
GetModuleHandleA
TerminateThread
GetModuleFileNameA
GetTickCount
WaitForSingleObject
Sleep
DeviceIoControl
LoadLibraryA
GetProcAddress
FreeLibrary
FindResourceA
LoadResource
LockResource
SizeofResource
WriteFile
CreateFileA
ReadFile
lstrlenA

iphlpapi

GetInterfaceInfo
GetAdaptersInfo
GetPerAdapterInfo

wsock32

WSACleanup
WSAStartup

netapi32

NetApiBufferFree
DsGetDcNameA

traceapi

EvTraceString
RegisterEvTrace

winscard

SCardReleaseContext
SCardEstablishContext
SCardListCardsA
SCardListReadersA
SCardGetStatusChangeA
SCardGetCardTypeProviderNameA
SCardFreeMemory

userenv

RefreshPolicy

user32

GetForegroundWindow
GetDlgItem
GetTopWindow
DestroyWindow
RemovePropA
GetPropA
SetPropA
GetClassNameA
GetClassInfoExA
GetClassLongA
GetCapture
WinHelpA
SetWindowTextA
TabbedTextOutA
DrawTextA
DrawTextExA
GrayStringA
ClientToScreen
GetMessageTime
GetMessagePos
LoadIconA
MapWindowPoints
GetClientRect
GetMenu
AdjustWindowRectEx
GetClassInfoA
RegisterClassA
GetDlgCtrlID
CallWindowProcA
SetWindowLongA
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
CopyRect
PtInRect
GetWindow
SetMenuItemBitmaps
GetFocus
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
GetWindowTextA
GetParent
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
EnableWindow
LoadCursorA
GetSystemMetrics
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
UnhookWindowsHookEx
SetWindowsHookExA
CallNextHookEx
SendMessageA
GetKeyState
ValidateRect
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
SetProcessDefaultLayout
wsprintfA
PostQuitMessage
CharNextA
MsgWaitForMultipleObjects
MsgWaitForMultipleObjectsEx
KillTimer
SetTimer
RegisterWindowMessageA
LoadStringA
GetMessageA
RegisterClassExA
CreateWindowExA
DefWindowProcA
PeekMessageA
TranslateMessage
DispatchMessageA
MessageBoxA
PostMessageA
UnregisterClassA
DestroyMenu
SetForegroundWindow

gdi32

DeleteObject
SetViewportOrgEx
SetMapMode
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
GetDeviceCaps
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
DeleteDC
GetStockObject
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
OffsetViewportOrgEx
SelectObject

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

RegDeleteValueA
RegCreateKeyExA
RegDeleteKeyA
CryptGetUserKey
CryptGetKeyParam
LogonUserA
OpenProcessToken
GetTokenInformation
LookupAccountSidA
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
StartServiceA
QueryServiceConfigA
SetServiceStatus
RegisterEventSourceA
ReportEventA
QueryServiceStatus
ControlService
DeleteService
SetSecurityDescriptorDacl
CreateServiceA
RegCreateKeyA
RegSetValueExA
ChangeServiceConfig2A
OpenSCManagerA
OpenServiceA
CloseServiceHandle
RegOpenKeyA
DeregisterEventSource
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
CryptCreateHash
CryptHashData
CryptDeriveKey
CryptDestroyHash
CryptAcquireContextA
CryptDecrypt
CryptDestroyKey
CryptReleaseContext
InitializeSecurityDescriptor

comctl32

ord17

ole32

CoTaskMemAlloc
CoTaskMemFree
CoInitializeEx
CoCreateInstance
CoUninitialize

oleaut32

VariantInit
VariantChangeType
SysFreeString
SysAllocString
VariantClear

crypt32

CertOpenStore
CertCreateCertificateContext
CertFreeCertificateContext
CertCloseStore
CertGetNameStringA
CertGetCertificateContextProperty
CryptDecodeObject
CertFindRDNAttr
CertRDNValueToStrA

Sections

.text
Size: 172KB - Virtual size: 168KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6088ddd7a7bc6d8a35276db3dbf843c7

Headers

File Characteristics

PDB Paths

Imports

pfmgrapi

murocapi

psregapi

kernel32

iphlpapi

wsock32

netapi32

traceapi

winscard

userenv

user32

gdi32

winspool.drv

advapi32

comctl32

ole32

oleaut32

crypt32

Sections

.text Size: 172KB - Virtual size: 168KB

.rdata Size: 76KB - Virtual size: 75KB

.data Size: 8KB - Virtual size: 20KB

.rsrc Size: 28KB - Virtual size: 24KB

.text
Size: 172KB - Virtual size: 168KB

.rdata
Size: 76KB - Virtual size: 75KB

.data
Size: 8KB - Virtual size: 20KB

.rsrc
Size: 28KB - Virtual size: 24KB