a4dceae6d79d1211681ab183e6458e561eefb9b48b740e84ea0e85a3b8f6a7f2

Sharing

Copy URL

Twitter E-mail

General

Target

a4dceae6d79d1211681ab183e6458e561eefb9b48b740e84ea0e85a3b8f6a7f2
Size

734KB
MD5

4b1f5b096ebfffac35478a04bbf8687e
SHA1

78eab37de88b19477af24c414de1c13b32eca649
SHA256

a4dceae6d79d1211681ab183e6458e561eefb9b48b740e84ea0e85a3b8f6a7f2
SHA512

f2b0a2eee55b6f1d5fa1ca8cd5c7e58d3f0e865dfa8c67060b75a45e51a59ed58cbd5fa2964927342ad7916849e220f92dbf0274dc75848fedbda982d8200058
SSDEEP

12288:YrXT0OLNvIgMPStDCf7O4TsH+mGadTSdZKKQWOs5NgsPjYc+igyjj6n4zac:YfIjbpT0rdwQWOwN7PPpgyqn4zv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a4dceae6d79d1211681ab183e6458e561eefb9b48b740e84ea0e85a3b8f6a7f2

Files

a4dceae6d79d1211681ab183e6458e561eefb9b48b740e84ea0e85a3b8f6a7f2
.exe windows:6 windows x64 arch:x64

bad9ca5faf7f7dea4cfeef9025790686

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

PDB Paths

P:\Target\x64\ship\delivery\x-none\ose.pdb

Imports

advapi32

RegCloseKey
RegCreateKeyExW
RegEnumKeyExW
RegOpenKeyExW
SetThreadToken
RegEnumValueW
RegQueryValueExW
RegSetValueExW
RegNotifyChangeKeyValue
SetServiceStatus
StartServiceCtrlDispatcherW
DuplicateToken
GetUserNameA
RegDeleteValueW
RegisterServiceCtrlHandlerW
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
LookupAccountNameW
ConvertStringSecurityDescriptorToSecurityDescriptorW
OpenThreadToken
SetFileSecurityW
RegDeleteKeyW
CryptAcquireContextW
CryptReleaseContext

kernel32

CloseHandle
GetLastError
SetEvent
GetModuleFileNameW
GetDriveTypeW
GetLogicalDrives
lstrcmpW
lstrlenW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
Sleep
ExitProcess
GetCommandLineW
SetErrorMode
ResetEvent
ReleaseMutex
WaitForMultipleObjectsEx
CreateMutexW
CreateEventW
CreateProcessW
GetSystemInfo
GetTickCount
MoveFileExW
CreateFileA
CreateFileW
ReadFile
SetFilePointer
RaiseException
FreeLibrary
GetModuleHandleW
GetProcAddress
LoadLibraryExW
DosDateTimeToFileTime
MultiByteToWideChar
WideCharToMultiByte
ReleaseSemaphore
WaitForSingleObject
CreateThread
WaitForMultipleObjects
CreateSemaphoreW
SetFilePointerEx
VirtualAlloc
VirtualFree
GlobalAlloc
GlobalFree
GetSystemTimeAsFileTime
ExpandEnvironmentStringsW
CompareStringW
SetEndOfFile
SetFileTime
WriteFile
GetSystemTime
SystemTimeToFileTime
GetCommandLineA
GetStartupInfoW
DecodePointer
EncodePointer
SetUnhandledExceptionFilter
GetStdHandle
RtlUnwindEx
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
FlsGetValue
FlsSetValue
FlsFree
SetLastError
GetCurrentThreadId
GetCurrentThread
FlsAlloc
HeapSetInformation
GetVersion
HeapCreate
QueryPerformanceCounter
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
HeapAlloc
RtlPcToFileHeader
HeapFree
LoadLibraryW
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapSize
LCMapStringW
GetStringTypeW
HeapReAlloc
LocalFree
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
FindClose
FindFirstFileW
GetFileSizeEx
CreateDirectoryW
GetFileAttributesW
GetTempPathW
DeleteFileW
FindNextFileW
GetFileAttributesExW
GetFileTime
SetFileAttributesW
GetTempPathA
CopyFileW
CreateHardLinkW
RemoveDirectoryW
FormatMessageA
lstrlenA
GetComputerNameW
GetProcessHeap
FlushFileBuffers
WriteConsoleW
SetStdHandle
GetConsoleMode
GetConsoleCP
LoadLibraryA
LocalAlloc

rpcrt4

RpcRevertToSelf
RpcServerRegisterIfEx
RpcServerUnregisterIf
RpcServerUseProtseqEpW
RpcImpersonateClient
NdrServerCall2

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

wintrust

WinVerifyTrust

Sections

.text
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 568KB - Virtual size: 572KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

bad9ca5faf7f7dea4cfeef9025790686

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

rpcrt4

version

wintrust

Sections

.text Size: 124KB - Virtual size: 123KB

.rdata Size: 28KB - Virtual size: 27KB

.data Size: 5KB - Virtual size: 14KB

.pdata Size: 6KB - Virtual size: 6KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 568KB - Virtual size: 572KB

.text
Size: 124KB - Virtual size: 123KB

.rdata
Size: 28KB - Virtual size: 27KB

.data
Size: 5KB - Virtual size: 14KB

.pdata
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 568KB - Virtual size: 572KB