acb6cef36ba7c5c3e49a7b7206ba556c70104a0361f43de4f65fb2649fc4427f

Sharing

Copy URL Twitter E-mail

General

Target

acb6cef36ba7c5c3e49a7b7206ba556c70104a0361f43de4f65fb2649fc4427f
Size

4.9MB
MD5

929d662c294ce5792c16f0892a22f8c2
SHA1

5c2bf918f9ad8875a55083218ab1ef7c52c5fae5
SHA256

acb6cef36ba7c5c3e49a7b7206ba556c70104a0361f43de4f65fb2649fc4427f
SHA512

bdb6a411d1ace4a2efc2431bea910f1e1c017b2e7327fa54a727256bf4dbf88001826a2bf85df5ecfa16884d7a3c0f6a8cf19a6d55405bdc45eb68182968bf68
SSDEEP

49152:B/+l9+PVhtccZf/oDn07ZYNhVD6nMvzLtzKow6xESPiT/woxlR9UisjQ0XfqCZWV:ECJ/Yn08fvEoZihL/IFwwvxjLvRuKIZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
acb6cef36ba7c5c3e49a7b7206ba556c70104a0361f43de4f65fb2649fc4427f

Files

acb6cef36ba7c5c3e49a7b7206ba556c70104a0361f43de4f65fb2649fc4427f
.exe windows:10 windows x64 arch:x64

64b44cdd18ec8a8a9734797ed4e52f53

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

sppsvc.pdb

Imports

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW
OpenThreadToken
RegCloseKey
RegDeleteValueW
FreeSid
ConvertStringSidToSidW
CheckTokenMembership
AllocateAndInitializeSid
RegSetValueExW
RegQueryValueExW
RegQueryInfoKeyW
RegEnumKeyW
RegSetKeySecurity
RegCreateKeyExW
RegOpenKeyExW
RegDeleteKeyW
SetServiceStatus
EventSetInformation
EventRegister
EventUnregister
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerW
EventWriteTransfer
RegisterEventSourceW
ReportEventW
DeregisterEventSource
CryptGenRandom
CryptReleaseContext
CryptAcquireContextW
LsaOpenPolicy
LsaQueryInformationPolicy
CloseServiceHandle
StartServiceW
QueryServiceStatusEx
LsaFreeMemory
ConvertSidToStringSidW
OpenSCManagerW
LookupAccountNameW
NotifyServiceStatusChangeW
GetTokenInformation
EqualSid
OpenProcessToken
OpenServiceW
RegOpenKeyW
RegFlushKey
RegEnumKeyExW
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptDestroyKey
CryptImportKey
CryptGenKey
CryptEncrypt
CryptDecrypt
CryptSignHashA
CryptVerifySignatureA
CryptExportKey
CryptGetHashParam
LsaClose

kernel32

GetFileSize
UnmapViewOfFile
DeleteTimerQueueEx
CreateTimerQueue
GetEnvironmentVariableW
SetEnvironmentVariableW
TerminateProcess
HeapSetInformation
RegisterWaitForSingleObject
UnregisterWaitEx
DeleteTimerQueue
FreeLibrary
LoadLibraryExW
MultiByteToWideChar
ReadFile
SystemTimeToFileTime
CompareFileTime
EncodePointer
QueueUserWorkItem
QueryPerformanceCounter
GetFileAttributesW
GetCurrentProcessId
OpenProcess
SetFileAttributesW
WriteFile
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
GetFileSizeEx
ChangeTimerQueueTimer
GetSystemDirectoryW
GetVersionExA
CreateDirectoryW
GetSystemTimeAsFileTime
WideCharToMultiByte
DecodePointer
SetLastError
VirtualFree
VirtualAlloc
RtlAddFunctionTable
InitializeCriticalSection
LeaveCriticalSection
GetModuleHandleW
RtlDeleteFunctionTable
CreateFileW
InitializeCriticalSectionAndSpinCount
CreateSemaphoreW
CreateEventW
DeleteCriticalSection
GetCurrentThreadId
GetSystemInfo
DeleteTimerQueueTimer
GetVersionExW
LCMapStringW
SetThreadPriority
GetThreadPriority
GetCurrentProcess
GetLocalTime
SetFilePointer
FlushFileBuffers
GetModuleHandleA
CopyFileW
MoveFileExW
DeviceIoControl
GetComputerNameW
GetSystemTime
GetNativeSystemInfo
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
SetEvent
ReleaseSemaphore
RaiseException
VirtualQuery
Sleep
GetModuleFileNameW
ExpandEnvironmentStringsW
DuplicateHandle
GetSystemFirmwareTable
GetLocaleInfoW
SleepEx
GetCurrentThread
OpenThread
ReleaseMutex
WaitForSingleObject
OpenMutexW
CreateMutexW
GetLastError
CloseHandle
LocalAlloc
FileTimeToSystemTime
GetProcessHeap
EnterCriticalSection
CreateTimerQueueTimer
RaiseFailFastException
GetProcAddress
HeapAlloc
GetModuleHandleExW
HeapFree
LocalFree
DeleteFileW

msvcrt

__C_specific_handler
swscanf
free
malloc
_wtoi
_itow
_ui64tow_s
memchr
memcmp
memcpy
_vsnwprintf
?terminate@@YAXXZ
wcscmp
__dllonexit
_unlock
_lock
_commode
_fmode
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
swscanf_s
wcstoul
_errno
_wtof
wcsstr
memmove
memset
_onexit
_XcptFilter
memcpy_s
_wcsnicmp
_purecall
towlower
wcschr
sscanf_s
wcsncmp
_wcsicmp

rpcrt4

RpcStringFreeW
UuidToStringW
RpcServerInqCallAttributesW
I_RpcMapWin32Status
UuidFromStringW
UuidCreate
RpcRevertToSelfEx
RpcImpersonateClient
NdrServerCall2
NdrServerCallAll
RpcServerInterfaceGroupCreateW
RpcServerInterfaceGroupActivate
RpcNetworkIsProtseqValidW
RpcServerInterfaceGroupClose
I_RpcBindingInqLocalClientPID
RpcRaiseException

api-ms-win-core-version-l1-1-0

GetFileVersionInfoSizeExW
GetFileVersionInfoExW
VerQueryValueW

api-ms-win-core-com-l1-1-0

CreateStreamOnHGlobal
CoInitializeEx
CoInitializeSecurity
CoUninitialize

bcrypt

BCryptGenRandom
BCryptDestroyKey

crypt32

CryptQueryObject
CertFreeCertificateContext
CryptImportPublicKeyInfoEx2

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-synch-l1-1-0

AcquireSRWLockExclusive
ReleaseSRWLockExclusive

api-ms-win-core-synch-l1-2-0

SleepConditionVariableSRW
WakeAllConditionVariable

api-ms-win-core-sysinfo-l1-1-0

GetTickCount

cryptxml

CryptXmlOpenToDecode
CryptXmlGetDocContext
CryptXmlVerifySignature
CryptXmlGetStatus
CryptXmlGetSignature
CryptXmlGetReference
CryptXmlClose

ntdll

NtQuerySystemInformation
NtLockProductActivationKeys
NtQueryInformationThread
NtSetInformationThread
RtlQueryPackageClaims
NtQueryObject
RtlInitUnicodeString
RtlEqualUnicodeString

ole32

CoCreateInstance

oleaut32

SysAllocStringLen
SysStringLen
VariantInit
GetErrorInfo
SafeArrayDestroy
SysAllocString
SysFreeString
SafeArrayCreateVector
VariantClear
SafeArrayAccessData
VariantCopy
SafeArrayUnaccessData

xmllite

CreateXmlReader

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage

Sections

.text
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

?g_Encry
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

?g_Encry
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

?g_Encry
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

?g_Encry
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 583KB - Virtual size: 582KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 37KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 596KB - Virtual size: 600KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

64b44cdd18ec8a8a9734797ed4e52f53

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

msvcrt

rpcrt4

api-ms-win-core-version-l1-1-0

api-ms-win-core-com-l1-1-0

bcrypt

crypt32

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-sysinfo-l1-1-0

cryptxml

ntdll

ole32

oleaut32

xmllite

api-ms-win-eventing-classicprovider-l1-1-0

Sections

.text Size: 3.5MB - Virtual size: 3.5MB

?g_Encry Size: 11KB - Virtual size: 11KB

?g_Encry Size: 11KB - Virtual size: 11KB

?g_Encry Size: 12KB - Virtual size: 11KB

?g_Encry Size: 11KB - Virtual size: 11KB

.rdata Size: 583KB - Virtual size: 582KB

.data Size: 37KB - Virtual size: 44KB

.pdata Size: 95KB - Virtual size: 95KB

.rsrc Size: 11KB - Virtual size: 10KB

.reloc Size: 596KB - Virtual size: 600KB

.text
Size: 3.5MB - Virtual size: 3.5MB

?g_Encry
Size: 11KB - Virtual size: 11KB

?g_Encry
Size: 11KB - Virtual size: 11KB

?g_Encry
Size: 12KB - Virtual size: 11KB

?g_Encry
Size: 11KB - Virtual size: 11KB

.rdata
Size: 583KB - Virtual size: 582KB

.data
Size: 37KB - Virtual size: 44KB

.pdata
Size: 95KB - Virtual size: 95KB

.rsrc
Size: 11KB - Virtual size: 10KB

.reloc
Size: 596KB - Virtual size: 600KB