8f165719a34ea21d64db7e240b110dd70367ac4e22a2350acde381dae79081d1

Sharing

Copy URL

Twitter E-mail

General

Target

8f165719a34ea21d64db7e240b110dd70367ac4e22a2350acde381dae79081d1
Size

1.3MB
MD5

babe1bd1aecee69d415734200b789e0d
SHA1

262d88d7da58698e2d14af99e8d67f72714e787b
SHA256

8f165719a34ea21d64db7e240b110dd70367ac4e22a2350acde381dae79081d1
SHA512

b65f943ffd19b3a65cdd1785afac0cc6dd3f7f924a944365c6a7b18f36742006ffd505014a985a84e10c8088a8a1d0e03f1f63f7b0519b01c2658eca557e287a
SSDEEP

24576:AhwX5Yo0xUTptt92v7sJmUndrlrmFNtzq:4wX5Yf+9ttg4JbRrmvlq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8f165719a34ea21d64db7e240b110dd70367ac4e22a2350acde381dae79081d1

Files

8f165719a34ea21d64db7e240b110dd70367ac4e22a2350acde381dae79081d1
.exe windows:6 windows x64 arch:x64

a80f0fb8145f57e066b748dfa475b948

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

PDB Paths

C:\Users\UX534FAC\Downloads\AsusLinkRemote(1)\AsusLinkRemote\Output\Service\Release\AsusLinkRemote.pdb

Imports

rpcrt4

RpcServerUseProtseqEpW
I_RpcBindingInqLocalClientPID
RpcServerRegisterIf3
RpcAsyncCompleteCall
RpcMgmtWaitServerListen
RpcServerListen
RpcEpUnregister
RpcEpRegisterW
RpcServerInqCallAttributesW
RpcServerInqBindings
RpcMgmtStopServerListening
RpcBindingVectorFree
Ndr64AsyncServerCallAll
NdrClientCall3
NdrAsyncServerCall
NdrServerCall2
RpcServerUnregisterIf
NdrServerCallAll

api-ms-win-core-errorhandling-l1-1-0

SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException
GetLastError

api-ms-win-core-file-l1-1-0

FindNextFileW
FileTimeToLocalFileTime
SetFilePointerEx
SetEndOfFile
GetFileType
FindFirstFileExW
WriteFile
ReadFileEx
CreateDirectoryW
FindClose
GetFileAttributesW
ReadFile
FlushFileBuffers
CreateFileW
FindFirstFileW

api-ms-win-core-localization-l1-2-0

GetLocaleInfoW
FormatMessageW
GetLocaleInfoEx
LCMapStringEx
EnumSystemLocalesW
GetACP
LCMapStringW
GetCPInfo
GetUserDefaultLCID
IsValidLocale
IsValidCodePage
GetOEMCP

api-ms-win-core-handle-l1-1-0

CloseHandle
SetHandleInformation

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
LoadLibraryExW
FreeLibrary
GetProcAddress
GetModuleHandleExW
GetModuleFileNameW

crypt32

CertFindCertificateInStore
CryptMsgOpenToDecode
CryptFindOIDInfo
CertCloseStore
CertOpenStore
CryptQueryObject
CryptMsgGetParam
CryptDecodeObjectEx
CryptDecodeObject
CryptMsgUpdate
CertGetNameStringW
CryptMsgClose

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
ResetEvent
SetEvent
CreateEventW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
OpenEventW
CreateMutexW
DeleteCriticalSection
TryEnterCriticalSection
TryAcquireSRWLockExclusive
InitializeSRWLock
InitializeCriticalSectionEx
WaitForSingleObject
InitializeCriticalSectionAndSpinCount

api-ms-win-security-base-l1-1-0

GetTokenInformation
SetTokenInformation
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
DuplicateTokenEx
FreeSid
CreateWellKnownSid
AllocateAndInitializeSid

oleaut32

VariantClear
SysFreeString
VariantInit
VarBstrCmp
VariantChangeType
SysAllocString

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegCloseKey
RegOpenKeyExW

api-ms-win-core-processthreads-l1-1-0

TerminateThread
OpenProcessToken
GetStartupInfoW
CreateProcessW
CreateThread
TlsGetValue
TlsAlloc
GetCurrentProcess
TlsSetValue
CreateProcessAsUserW
GetExitCodeProcess
TerminateProcess
TlsFree
ProcessIdToSessionId
ExitProcess
GetCurrentProcessId
GetCurrentThreadId

api-ms-win-core-processenvironment-l1-1-0

SetEnvironmentVariableW
SetStdHandle
GetEnvironmentStringsW
GetStdHandle
GetCommandLineW
FreeEnvironmentStringsW
GetCommandLineA
SetCurrentDirectoryW

api-ms-win-core-namedpipe-l1-1-0

WaitNamedPipeW
CreatePipe
PeekNamedPipe

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-toolhelp-l1-1-0

Process32NextW
CreateToolhelp32Snapshot
Process32FirstW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringW
WideCharToMultiByte
CompareStringEx
GetStringTypeW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-kernel32-legacy-l1-1-0

WTSGetActiveConsoleSessionId

userenv

CreateEnvironmentBlock

api-ms-win-core-com-l1-1-0

CoInitializeSecurity
CoSetProxyBlanket
CoCreateInstance
CoTaskMemFree
CoInitializeEx
CoUninitialize

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount64

ext-ms-win-shell32-shellfolders-l1-1-0

SHGetKnownFolderPath

api-ms-win-core-synch-l1-2-0

WakeAllConditionVariable
Sleep
SleepConditionVariableSRW
InitOnceBeginInitialize
InitOnceComplete
SleepConditionVariableCS
WakeConditionVariable
InitializeConditionVariable

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpA

api-ms-win-core-timezone-l1-1-0

GetTimeZoneInformation
FileTimeToSystemTime

wintrust

WinVerifyTrust

api-ms-win-service-management-l1-1-0

OpenSCManagerW
DeleteService
CreateServiceW
OpenServiceW
CloseServiceHandle

api-ms-win-power-base-l1-1-0

GetPwrCapabilities

api-ms-win-service-management-l2-1-0

ChangeServiceConfig2W

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventRegister
EventSetInformation
EventUnregister

api-ms-win-security-provider-l1-1-0

SetSecurityInfo
SetEntriesInAclW

api-ms-win-core-psapi-l1-1-0

K32GetModuleFileNameExW

api-ms-win-security-base-l1-2-2

DeriveCapabilitySidsFromName

api-ms-win-core-console-l1-1-0

ReadConsoleW
SetConsoleCtrlHandler
WriteConsoleW
GetConsoleCP
GetConsoleMode

api-ms-win-core-version-l1-1-1

GetFileVersionInfoW
GetFileVersionInfoSizeW

api-ms-win-core-version-l1-1-0

VerQueryValueW

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-io-l1-1-0

CancelIoEx

api-ms-win-service-core-l1-1-0

StartServiceCtrlDispatcherW
SetServiceStatus
RegisterServiceCtrlHandlerExW

api-ms-win-service-winsvc-l1-1-0

QueryServiceStatus
ControlService

user32

FindWindowW
LoadCursorW
UpdateWindow
wsprintfW
CreateWindowExW
TranslateMessage
CloseWindow
DefWindowProcW
GetMessageW
RegisterPowerSettingNotification
RegisterSuspendResumeNotification
UnregisterPowerSettingNotification
LoadIconW
DispatchMessageW
ShowWindow
SendMessageTimeoutW
RegisterClassExW

advapi32

ReportEventW
DeregisterEventSource
RegisterEventSourceW

shlwapi

PathFileExistsW

wtsapi32

WTSQueryUserToken

api-ms-win-core-rtlsupport-l1-1-0

RtlPcToFileHeader
RtlVirtualUnwind
RtlUnwind
RtlLookupFunctionEntry
RtlUnwindEx
RtlCaptureContext

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-sysinfo-l1-2-0

GetSystemTimePreciseAsFileTime

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolWork
FreeLibraryWhenCallbackReturns
SubmitThreadpoolWork
CreateThreadpoolWork

api-ms-win-core-fibers-l1-1-0

FlsAlloc
FlsFree
FlsGetValue
FlsSetValue

api-ms-win-core-heap-l1-1-0

HeapFree
HeapSize
GetProcessHeap
HeapAlloc
HeapReAlloc

api-ms-win-core-datetime-l1-1-0

GetTimeFormatW
GetDateFormatW

Sections

.text
Size: 507KB - Virtual size: 507KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 173KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 572KB - Virtual size: 576KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a80f0fb8145f57e066b748dfa475b948

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

rpcrt4

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-libraryloader-l1-2-0

crypt32

api-ms-win-core-synch-l1-1-0

api-ms-win-security-base-l1-1-0

oleaut32

api-ms-win-core-registry-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-namedpipe-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-toolhelp-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-0

userenv

api-ms-win-core-com-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

ext-ms-win-shell32-shellfolders-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-timezone-l1-1-0

wintrust

api-ms-win-service-management-l1-1-0

api-ms-win-power-base-l1-1-0

api-ms-win-service-management-l2-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-security-provider-l1-1-0

api-ms-win-core-psapi-l1-1-0

api-ms-win-security-base-l1-2-2

api-ms-win-core-console-l1-1-0

api-ms-win-core-version-l1-1-1

api-ms-win-core-version-l1-1-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-io-l1-1-0

api-ms-win-service-core-l1-1-0

api-ms-win-service-winsvc-l1-1-0

user32

advapi32

shlwapi

wtsapi32

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-sysinfo-l1-2-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-fibers-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-datetime-l1-1-0

Sections

.text Size: 507KB - Virtual size: 507KB

.rdata Size: 173KB - Virtual size: 172KB

.data Size: 17KB - Virtual size: 97KB

.pdata Size: 23KB - Virtual size: 22KB

_RDATA Size: 512B - Virtual size: 384B

.rsrc Size: 8KB - Virtual size: 8KB

.reloc Size: 572KB - Virtual size: 576KB

.text
Size: 507KB - Virtual size: 507KB

.rdata
Size: 173KB - Virtual size: 172KB

.data
Size: 17KB - Virtual size: 97KB

.pdata
Size: 23KB - Virtual size: 22KB

_RDATA
Size: 512B - Virtual size: 384B

.rsrc
Size: 8KB - Virtual size: 8KB

.reloc
Size: 572KB - Virtual size: 576KB