4d922ff6a2c2e15962b47a0981686edae74f2ce2591cd3a1dbca49214ce81275

Sharing

Copy URL Twitter E-mail

General

Target

4d922ff6a2c2e15962b47a0981686edae74f2ce2591cd3a1dbca49214ce81275
Size

1.9MB
MD5

871bdcfd3866c6645a5c809517136eb9
SHA1

29448ae276193cf7cec8d279e2517b23513cf1b3
SHA256

4d922ff6a2c2e15962b47a0981686edae74f2ce2591cd3a1dbca49214ce81275
SHA512

cb58b68bce9143be70e292127ef0d3af29e00306890972093031065fc1dacd631c9cf43a6fe10a2d30221e141f37f5c4c7d5e4bab1223f68c36505fcfe6d8357
SSDEEP

49152:yAX5triFKB6m4XOW5ndNM4yge30jaNf1TWbdz:piDhnz9U023W

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4d922ff6a2c2e15962b47a0981686edae74f2ce2591cd3a1dbca49214ce81275

Files

4d922ff6a2c2e15962b47a0981686edae74f2ce2591cd3a1dbca49214ce81275
.exe windows:6 windows x64 arch:x64

505b0d49a2c90f022ee9f9ac9b208868

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\BuildServer\D\work-git\wow\BinDir\Utils\WowVoiceProxy.pdb

Imports

wtsapi32

WTSUnRegisterSessionNotification
WTSRegisterSessionNotification

kernel32

QueryFullProcessImageNameW
Process32FirstW
GetModuleHandleW
Process32NextW
WriteConsoleW
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
FindFirstFileExW
GetOEMCP
GetACP
IsValidCodePage
GetStringTypeW
GetCPInfo
GetFileType
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
HeapReAlloc
GetConsoleOutputCP
GetConsoleMode
HeapSize
ExitProcess
GetCommandLineA
GetModuleHandleExW
FreeLibraryAndExitThread
RtlPcToFileHeader
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
EncodePointer
RtlUnwind
RtlUnwindEx
InitializeSListHead
IsProcessorFeaturePresent
GetStartupInfoW
UnhandledExceptionFilter
WaitForSingleObjectEx
InitializeCriticalSectionAndSpinCount
LoadLibraryExW
GetComputerNameW
GetSystemInfo
SetEnvironmentVariableW
DeactivateActCtx
ActivateActCtx
CreateActCtxW
OutputDebugStringW
SetInformationJobObject
AssignProcessToJobObject
CreateJobObjectW
OpenProcess
SetNamedPipeHandleState
CreatePipe
GetStdHandle
SetFilePointerEx
AcquireSRWLockExclusive
VerSetConditionMask
GetCurrentDirectoryW
CreateDirectoryW
CreateFileW
DeleteFileW
FindClose
FindNextFileW
FlushFileBuffers
GetFileAttributesW
GetFileSizeEx
SetFilePointer
WriteFile
CloseHandle
GetLastError
CancelIo
WaitForSingleObject
CreateEventW
VerifyVersionInfoW
WideCharToMultiByte
GetCommandLineW
GetFullPathNameW
SetLastError
DeleteFileA
SetHandleInformation
GetCurrentProcessId
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
CreateFileA
OutputDebugStringA
SetUnhandledExceptionFilter
HeapAlloc
HeapFree
GetProcessHeap
GetCurrentProcess
TerminateProcess
GetCurrentThreadId
ExitThread
VirtualQuery
GetModuleFileNameW
GetModuleHandleA
GetProcAddress
LocalAlloc
LocalFree
SwitchToFiber
CreateFiberEx
ConvertThreadToFiberEx
FormatMessageA
FormatMessageW
CreateDirectoryA
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetLocalTime
GetTickCount
VirtualAlloc
VirtualFree
GetModuleFileNameA
IsDebuggerPresent
DuplicateHandle
RaiseException
GetCurrentThread
ResumeThread
CreateProcessW
TryEnterCriticalSection
SetEvent
ResetEvent
ReleaseSemaphore
ReleaseMutex
CreateEventA
CreateSemaphoreA
GetThreadContext
GlobalMemoryStatusEx
FreeLibrary
LoadLibraryW
K32GetProcessMemoryInfo
RtlCaptureStackBackTrace
CreateThread
OpenThread
SuspendThread
GetProcessId
GetThreadId
VirtualQueryEx
ReadProcessMemory
DeleteFiber
CreateFiber
ConvertThreadToFiber
K32GetModuleFileNameExW
CreateToolhelp32Snapshot
Thread32First
Thread32Next
Module32FirstW
Module32NextW
Sleep
CreateMutexA
QueryPerformanceCounter
QueryPerformanceFrequency
GetSystemTimeAsFileTime
GetTimeZoneInformation
MultiByteToWideChar
VirtualProtect
CreateFileMappingW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
InitializeSRWLock
ReleaseSRWLockExclusive

user32

TranslateMessage
DispatchMessageW
PeekMessageW
DefWindowProcW
RegisterClassW
DestroyWindow
MapVirtualKeyW
SetWinEventHook
UnhookWinEvent
GetRawInputBuffer
RegisterRawInputDevices
ShowWindow
IsWindowVisible
GetDesktopWindow
EnumThreadWindows
GetWindow
wsprintfA
CreateWindowExW
LoadStringA
MessageBoxW

advapi32

GetUserNameW
RegGetValueW
RegQueryValueExW
RegQueryInfoKeyA
RegOpenKeyExW
RegEnumValueA
RegEnumKeyExA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
AllocateLocallyUniqueId

shell32

ShellExecuteW
CommandLineToArgvW

ws2_32

ntohs
htons
inet_ntoa
ntohl
__WSAFDIsSet
htonl
accept
WSACleanup
WSAStartup
freeaddrinfo
getaddrinfo
WSAAddressToStringA
WSASocketW
WSASend
WSAIoctl
WSADuplicateSocketW
WSAGetLastError
WSASetLastError
socket
setsockopt
send
bind
recv
listen
getsockopt
getsockname
getpeername
ioctlsocket
connect
closesocket
select

vivoxsdk

vx_tts_cancel_all
vx_strdup
vx_get_message
vx_issue_request3
vx_get_sdk_version_info
vx_initialize3
vx_is_initialized
vx_get_default_config3
vx_uninitialize
vx_destroy_message
vx_req_connector_create_create
vx_req_connector_initiate_shutdown_create
vx_req_account_anonymous_login_create
vx_req_account_logout_create
vx_req_sessiongroup_add_session_create
vx_req_sessiongroup_remove_session_create
vx_req_sessiongroup_set_tx_session_create
vx_tts_cancel_utterance
vx_tts_speak
vx_tts_shutdown
vx_req_session_mute_local_speaker_create
vx_req_session_set_participant_volume_for_me_create
vx_req_session_set_participant_mute_for_me_create
vx_req_connector_mute_local_mic_create
vx_req_connector_mute_local_speaker_create
vx_req_connector_get_local_audio_info_create
vx_req_aux_get_render_devices_create
vx_req_aux_get_capture_devices_create
vx_req_aux_set_render_device_create
vx_req_aux_set_capture_device_create
vx_req_aux_get_mic_level_create
vx_req_aux_get_speaker_level_create
vx_req_aux_set_mic_level_create
vx_tts_get_voices
vx_req_aux_set_speaker_level_create
vx_req_aux_get_vad_properties_create
vx_req_aux_set_vad_properties_create
vx_req_aux_get_derumbler_properties_create
vx_req_aux_set_derumbler_properties_create
vx_req_aux_capture_audio_start_create
vx_req_aux_capture_audio_stop_create
vx_req_session_transcription_control_create
vx_get_error_string
vx_req_sessiongroup_set_tx_no_session_create
vx_tts_initialize

Sections

.text
Size: 875KB - Virtual size: 874KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 207KB - Virtual size: 206KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 98KB - Virtual size: 786KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 170KB - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 572KB - Virtual size: 576KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

505b0d49a2c90f022ee9f9ac9b208868

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wtsapi32

kernel32

user32

advapi32

shell32

ws2_32

vivoxsdk

Sections

.text Size: 875KB - Virtual size: 874KB

.rdata Size: 207KB - Virtual size: 206KB

.data Size: 98KB - Virtual size: 786KB

.pdata Size: 54KB - Virtual size: 53KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 170KB - Virtual size: 170KB

.reloc Size: 572KB - Virtual size: 576KB

.text
Size: 875KB - Virtual size: 874KB

.rdata
Size: 207KB - Virtual size: 206KB

.data
Size: 98KB - Virtual size: 786KB

.pdata
Size: 54KB - Virtual size: 53KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 170KB - Virtual size: 170KB

.reloc
Size: 572KB - Virtual size: 576KB