1662641aaaef38bff70add67618bd962dc414554df43f159b56e2508137cb894

Sharing

Copy URL Twitter E-mail

General

Target

1662641aaaef38bff70add67618bd962dc414554df43f159b56e2508137cb894
Size

1.3MB
MD5

dfc9f25b6e907e1d81ba5fcdcc44818a
SHA1

c1a226595b028d438dc8919f0a13ea01f1614c10
SHA256

1662641aaaef38bff70add67618bd962dc414554df43f159b56e2508137cb894
SHA512

3ce329d9cee2e887e2e4105aaf200210535fe77b47ba0511c481671ae42a01e326ee413baedbbc6d761eef8793586c884523eccdfa6fa366840f3fee568148ec
SSDEEP

24576:iO/Mdi1GIzjpN+L6EZXgXe4i7ojhsP5Lgrk1TWb4AN5:1+GdNM6EZee30jaNf1TWbdz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1662641aaaef38bff70add67618bd962dc414554df43f159b56e2508137cb894

Files

1662641aaaef38bff70add67618bd962dc414554df43f159b56e2508137cb894
.exe windows:6 windows x64 arch:x64

aae3a725988fadb96c0defca26b9edad

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\jk_kan\Desktop\Gerrit\diagnosisV3\AsusSystemDiagnosisV2\x64\Release\AsusSystemDiagnosis.pdb

Imports

kernel32

FindNextFileW
FindClose
OutputDebugStringA
OutputDebugStringW
GetProcessWorkingSetSize
VirtualFree
GetCurrentProcess
VirtualAlloc
VirtualUnlock
VirtualLock
SetProcessWorkingSetSize
WTSGetActiveConsoleSessionId
GetModuleFileNameA
GetModuleFileNameW
FileTimeToSystemTime
WritePrivateProfileStringW
GetPrivateProfileIntW
LoadLibraryW
HeapAlloc
GetProcessHeap
SetEndOfFile
WriteConsoleW
SetFilePointerEx
FlushFileBuffers
HeapSize
SetStdHandle
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
CreateProcessW
PeekNamedPipe
CreatePipe
WriteFile
ReadFile
GetStartupInfoW
K32EnumProcessModules
GetCurrentProcessId
K32EnumProcesses
K32GetModuleBaseNameW
OpenProcess
K32GetModuleFileNameExW
GetProcessId
TerminateProcess
WideCharToMultiByte
GlobalMemoryStatusEx
DeleteCriticalSection
LocalFree
DecodePointer
ResetEvent
CreateThread
RaiseException
GetNativeSystemInfo
SetEvent
Sleep
GetPrivateProfileStringW
GetExitCodeThread
MultiByteToWideChar
CreateEventW
GetPrivateProfileSectionNamesW
LocalAlloc
WaitForSingleObject
GetPrivateProfileSectionW
InitializeCriticalSectionEx
GetDiskFreeSpaceExW
GetLastError
FreeLibrary
GetProcAddress
LoadLibraryA
CreateDirectoryW
CloseHandle
CreateFileW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
HeapReAlloc
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
ReadConsoleW
PeekConsoleInputA
GetNumberOfConsoleInputEvents
GetConsoleMode
GetExitCodeProcess
GetTimeZoneInformation
GetFileType
HeapFree
GetCommandLineW
GetCommandLineA
GetStdHandle
GetModuleHandleExW
ExitProcess
FindFirstFileExW
GetFileAttributesExW
GetConsoleCP
DuplicateHandle
LoadLibraryExW
RtlPcToFileHeader
RtlUnwindEx
DeviceIoControl

user32

wsprintfW
EnumDisplayDevicesW

advapi32

RegOpenKeyExA
ReadEventLogW
CreateServiceA
StartServiceCtrlDispatcherA
CloseServiceHandle
SetServiceStatus
ChangeServiceConfig2W
OpenSCManagerA
RegisterServiceCtrlHandlerExA
DeleteService
ControlService
StartServiceA
ChangeServiceConfig2A
OpenServiceA
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
EqualSid
SetTokenInformation
OpenProcessToken
CreateProcessAsUserW
DuplicateTokenEx
GetTokenInformation
EventWriteTransfer
EventRegister
EventSetInformation
AllocateAndInitializeSid
SetEntriesInAclW
FreeSid
SetSecurityDescriptorDacl
RegCloseKey
RegQueryValueExA
InitializeSecurityDescriptor
CloseEventLog
OpenEventLogW

ole32

CoCreateInstance
StringFromGUID2
CoSetProxyBlanket
CoUninitialize
CoInitialize

oleaut32

SafeArrayGetElement
VariantInit
SysFreeString
SysAllocString
VariantClear

setupapi

CM_Get_Parent
CM_Open_DevNode_Key
SetupDiGetDevicePropertyW
CM_Disable_DevNode
CM_Enable_DevNode
CM_Get_Device_Interface_List_SizeW
CM_Get_Device_Interface_ListW
SetupDiRemoveDevice
SetupDiGetDeviceRegistryPropertyW
SetupDiEnumDeviceInfo
CM_Get_Device_ID_ListW
CM_Locate_DevNodeW
CM_Get_Device_ID_List_SizeA
CM_Get_Device_IDW
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsA
SetupDiGetDeviceInstanceIdW

shlwapi

PathFileExistsW

bthprops.cpl

BluetoothFindFirstRadio
BluetoothFindRadioClose
BluetoothFindNextDevice
BluetoothFindFirstDevice
BluetoothFindNextRadio
BluetoothFindDeviceClose
BluetoothGetRadioInfo

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

pdh

PdhCollectQueryData
PdhOpenQueryA
PdhAddEnglishCounterW
PdhCloseQuery
PdhGetFormattedCounterValue

rpcrt4

RpcBindingVectorFree
RpcServerUseProtseqEpW
RpcServerUnregisterIf
RpcServerRegisterIf3
RpcEpRegisterA
RpcServerInqCallAttributesA
RpcServerListen
RpcEpUnregister
RpcServerInqBindings
NdrServerCall2
UuidToStringW
RpcStringFreeW
RpcMgmtStopServerListening
NdrServerCallAll

api-ms-win-security-base-l1-2-2

DeriveCapabilitySidsFromName

iphlpapi

GetAdaptersInfo

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

api-ms-win-devices-config-l1-1-1

CM_Get_DevNode_PropertyW

ext-ms-win-networking-wlanapi-l1-1-0

WlanCloseHandle
WlanEnumInterfaces
WlanFreeMemory
WlanQueryInterface
WlanOpenHandle
WlanGetAvailableNetworkList

wlanapi

WlanGetInterfaceCapability
WlanScan
WlanGetNetworkBssList
WlanSetInterface

api-ms-win-core-synch-l1-1-0

WaitForSingleObjectEx
InitializeCriticalSectionAndSpinCount

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-errorhandling-l1-1-0

SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-localization-l1-2-0

GetLocaleInfoW
LCMapStringW
GetCPInfo

api-ms-win-core-string-l1-1-0

CompareStringW
GetStringTypeW

api-ms-win-core-util-l1-1-0

EncodePointer

wtsapi32

WTSQueryUserToken

Sections

.text
Size: 547KB - Virtual size: 546KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 215KB - Virtual size: 215KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 572KB - Virtual size: 576KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

aae3a725988fadb96c0defca26b9edad

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

oleaut32

setupapi

shlwapi

bthprops.cpl

version

pdh

rpcrt4

api-ms-win-security-base-l1-2-2

iphlpapi

userenv

api-ms-win-devices-config-l1-1-1

ext-ms-win-networking-wlanapi-l1-1-0

wlanapi

api-ms-win-core-synch-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-debug-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-util-l1-1-0

wtsapi32

Sections

.text Size: 547KB - Virtual size: 546KB

.rdata Size: 215KB - Virtual size: 215KB

.data Size: 8KB - Virtual size: 20KB

.pdata Size: 23KB - Virtual size: 23KB

.rsrc Size: 6KB - Virtual size: 5KB

.reloc Size: 572KB - Virtual size: 576KB

.text
Size: 547KB - Virtual size: 546KB

.rdata
Size: 215KB - Virtual size: 215KB

.data
Size: 8KB - Virtual size: 20KB

.pdata
Size: 23KB - Virtual size: 23KB

.rsrc
Size: 6KB - Virtual size: 5KB

.reloc
Size: 572KB - Virtual size: 576KB