580e334a9fd92f01406519e2b370294ed1804f6402919d9c79c65e7e50e4677a[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

580e334a9fd92f01406519e2b370294ed1804f6402919d9c79c65e7e50e4677a.exe
Size

1.4MB
MD5

7fa6e8ee5187c1b86f67fe74ca0836c3
SHA1

d3a6503fb7a5070853c7e99124bd0ad16be9a0ea
SHA256

580e334a9fd92f01406519e2b370294ed1804f6402919d9c79c65e7e50e4677a
SHA512

20495df940d29b58c235ad4673d5fe99a54757ab9766ea0cc3a8d33ae4ccc66ece444d441054c52253ea52089776255d177219cd1d1add349a32babdab0822ce
SSDEEP

24576:mWy2ao//M5fgXe4i7ojhsP5Lgrk1TWb4AN5:mWyP4U52e30jaNf1TWbdz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
580e334a9fd92f01406519e2b370294ed1804f6402919d9c79c65e7e50e4677a.exe

Files

580e334a9fd92f01406519e2b370294ed1804f6402919d9c79c65e7e50e4677a.exe
.exe windows:5 windows x64 arch:x64

44fdab8d0f326e93fd3d8a50badf6cbc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

G:\Checkpoints\TPDrv\builderDerek2\Install\WinNT5\SynTPEnhService\SynTPEnhService\x64\Release\SynTPEnhService.pdb

Imports

kernel32

ActivateActCtx
OpenProcess
LoadLibraryW
GetExitCodeProcess
GetModuleFileNameW
DeactivateActCtx
ReleaseActCtx
GetProcAddress
GetProcessId
WaitForMultipleObjects
TlsSetValue
TlsAlloc
GetFileType
GetStdHandle
GetStringTypeW
CreateActCtxW
GetCurrentProcess
FreeLibrary
TlsGetValue
LockResource
lstrlenW
MultiByteToWideChar
GetFileAttributesW
SizeofResource
LoadResource
FindResourceW
FindResourceExW
CreateThread
ReleaseMutex
ResetEvent
GetOverlappedResult
WaitForMultipleObjectsEx
SetEvent
WaitForSingleObject
CreateMutexW
CloseHandle
DeleteCriticalSection
DecodePointer
CreateEventW
GetModuleHandleW
GetStartupInfoW
TlsFree
ReadFileEx
HeapSize
HeapReAlloc
GetLastError
RaiseException
FlushFileBuffers
DisconnectNamedPipe
CreateFileW
ReadFile
HeapDestroy
Sleep
InitializeCriticalSectionAndSpinCount
WriteFile
GetProcessHeap
CreateNamedPipeW
ConnectNamedPipe
HeapFree
HeapAlloc
QueueUserWorkItem
SetEndOfFile
ReadConsoleW
WriteConsoleW
SetStdHandle
SetFilePointerEx
GetConsoleMode
GetConsoleCP
LCMapStringW
LoadLibraryExW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlCaptureContext
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
LocalFree
TerminateProcess
GetCurrentThreadId
GetModuleHandleExW
IsWow64Process
EnterCriticalSection
LeaveCriticalSection
QueryPerformanceCounter
QueryPerformanceFrequency
WideCharToMultiByte
ExpandEnvironmentStringsW
IsDebuggerPresent
OutputDebugStringW
EncodePointer
IsProcessorFeaturePresent
GetCommandLineW
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
ExitProcess
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
GetCurrentProcessId

user32

RegisterPowerSettingNotification

advapi32

RegisterTraceGuidsW
UnregisterTraceGuids
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
TraceMessage
RegCreateKeyW
RegCreateKeyExW
ControlService
ChangeServiceConfigW
QueryServiceStatus
OpenServiceW
OpenSCManagerW
DeleteService
CloseServiceHandle
CreateServiceW
ReportEventW
SetServiceStatus
DeregisterEventSource
RegisterServiceCtrlHandlerExW
StartServiceCtrlDispatcherW
RegisterEventSourceW
AdjustTokenPrivileges
RegNotifyChangeKeyValue
RegOpenKeyExW
DuplicateTokenEx
LookupAccountSidW
LookupPrivilegeValueW
SetTokenInformation
CreateProcessAsUserW
GetTokenInformation
OpenProcessToken
RegSetValueExW
RegCloseKey
RegQueryValueExW
ConvertStringSecurityDescriptorToSecurityDescriptorW

newdev

DiUninstallDevice
UpdateDriverForPlugAndPlayDevicesW

setupapi

SetupDiGetINFClassW
SetupGetLineTextW
SetupGetLineCountW
SetupOpenInfFileW
SetupDiCallClassInstaller
SetupDiClassGuidsFromNameW
CM_Get_DevNode_Status
SetupGetLineByIndexW
SetupDiSetClassInstallParamsW
SetupDiGetClassDevsW
SetupCloseInfFile
SetupDiGetDeviceRegistryPropertyW
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo

ole32

CoInitialize
CLSIDFromProgID
CoCreateInstance

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

wtsapi32

WTSQueryUserToken
WTSFreeMemory
WTSEnumerateSessionsW

powrprof

CallNtPowerInformation

Sections

.text
Size: 142KB - Virtual size: 142KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.2MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

44fdab8d0f326e93fd3d8a50badf6cbc

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

newdev

setupapi

ole32

userenv

wtsapi32

powrprof

Sections

.text Size: 142KB - Virtual size: 142KB

.rdata Size: 68KB - Virtual size: 67KB

.data Size: 9KB - Virtual size: 20KB

.pdata Size: 8KB - Virtual size: 7KB

.rsrc Size: 28KB - Virtual size: 28KB

.reloc Size: 1.2MB - Virtual size: 1.8MB

.text
Size: 142KB - Virtual size: 142KB

.rdata
Size: 68KB - Virtual size: 67KB

.data
Size: 9KB - Virtual size: 20KB

.pdata
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 28KB - Virtual size: 28KB

.reloc
Size: 1.2MB - Virtual size: 1.8MB