d27b81f371f98c4e3cb567229641025e5b9a6bc45f43e07ba92c3820baabff17

Sharing

Copy URL Twitter E-mail

General

Target

d27b81f371f98c4e3cb567229641025e5b9a6bc45f43e07ba92c3820baabff17
Size

359KB
MD5

6b2f65245edfbdd48486789f6d0385ab
SHA1

ed579523b2dd57e57e9cb7d7cf5ac007ebac4890
SHA256

d27b81f371f98c4e3cb567229641025e5b9a6bc45f43e07ba92c3820baabff17
SHA512

17d5e0ed3190d70c23d03821a75c22b15541347cc87586161b4bb2935092c458d00e3e427f5c8d8c57a27304a30af6ed56d8454e08687647c49891faa488d913
SSDEEP

6144:culqRuPcdDh6WLCXhHhWj9BMHmD1tYFLqY/W5R02qO7VKCVUQpe:cuMRuqdLIhsj9+aYFLq3nV2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d27b81f371f98c4e3cb567229641025e5b9a6bc45f43e07ba92c3820baabff17

Files

d27b81f371f98c4e3cb567229641025e5b9a6bc45f43e07ba92c3820baabff17
.exe windows:6 windows x64 arch:x64

ead113fe73ef4bc3720944b58dc17956

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

SLUI.pdb

Imports

advapi32

RegisterEventSourceW
ReportEventW
DeregisterEventSource
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
RegCreateKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyW
RegDeleteKeyW

kernel32

GetModuleHandleW
GetProcAddress
FreeLibrary
OpenMutexW
Sleep
GetModuleHandleExW
GetLastError
GetUserDefaultLCID
QueryInformationJobObject
SetEvent
EncodePointer
GetVersionExW
RegisterApplicationRestart
GetProductInfo
VirtualQuery
DecodePointer
SetLastError
GetSystemDirectoryW
GetModuleFileNameW
GetProcessHeaps
HeapQueryInformation
HeapSetInformation
GetLocalTime
CreateMutexW
ExpandEnvironmentStringsW
SystemTimeToFileTime
CloseHandle
LockResource
LoadResource
LocalFree
FormatMessageW
WaitForSingleObject
CreateEventW
FindResourceExW
CreateThread
LocalAlloc
LoadLibraryExW
GetCurrentThreadId
InitializeCriticalSectionAndSpinCount
CreateProcessW
GetWindowsDirectoryW
EnterCriticalSection
LeaveCriticalSection
GetCommandLineW
LoadLibraryW
HeapFree
GetProcessHeap
CheckElevationEnabled
GetStartupInfoW
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime

user32

DestroyIcon
CallWindowProcW
DestroyWindow
SetWindowLongPtrW
GetSystemMetrics
GetDesktopWindow
GetWindowLongW
SetForegroundWindow
RegisterClassW
DefWindowProcW
CreateWindowExW
GetWindowLongPtrW
PostMessageW
LoadIconW
SetCursor
LoadCursorW
LoadStringW
FindWindowW

msvcrt

wcschr
??3@YAXPEAX@Z
swscanf_s
_wtoi
_vsnwprintf
_wcsicmp
wcsstr
??2@YAPEAX_K@Z
_waccess_s
towupper
__getmainargs
__C_specific_handler
_XcptFilter
_exit
_ismbblead
_cexit
exit
_acmdln
memcpy
memcmp
?terminate@@YAXXZ
_onexit
_lock
__dllonexit
_unlock
__set_app_type
_fmode
_commode
__setusermatherr
_amsg_exit
_initterm
memmove
memset

slc

SLGetSLIDList
SLGetLicensingStatusInformation
SLUnregisterEvent
SLRegisterEvent
SLGetWindowsInformation
SLGetProductSkuInformation
SLClose
SLGetWindowsInformationDWORD
SLOpen
SLGenerateOfflineInstallationId
SLGetGenuineInformation

slcommdlg

SLUX_ActivationWizardEx

winbrand

BrandingLoadString

ntdll

WinSqmAddToStream

ole32

CoAddRefServerProcess
CoRevokeClassObject
CoResumeClassObjects
CoRegisterClassObject
CoReleaseServerProcess
CoUninitialize
CoInitializeEx
CoMarshalInterThreadInterfaceInStream
CoGetInterfaceAndReleaseStream
CoSuspendClassObjects
CoInitializeSecurity
CoGetObject
StringFromGUID2
CoCreateInstance

oleaut32

SafeArrayDestroy
SysAllocString
SafeArrayCreateVector
SysFreeString
SafeArrayAccessData
VariantInit
SafeArrayUnaccessData
LoadTypeLi
RegisterTypeLi
UnRegisterTypeLi

rpcrt4

I_RpcMapWin32Status
UuidFromStringW
UuidToStringW
RpcStringFreeW

setupapi

SetupGetStringFieldW
SetupFindFirstLineW
SetupOpenInfFileW
SetupGetLineCountW
SetupGetLineByIndexW
SetupCloseInfFile

shell32

CommandLineToArgvW
ShellExecuteExW
SHGetSpecialFolderPathW

slcext

SLGetReferralInformation

tapi32

tapiGetLocationInfoW

slwga

SLIsGenuineLocal

Sections

.text
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 280KB - Virtual size: 279KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ead113fe73ef4bc3720944b58dc17956

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

user32

msvcrt

slc

slcommdlg

winbrand

ntdll

ole32

oleaut32

rpcrt4

setupapi

shell32

slcext

tapi32

slwga

Sections

.text Size: 74KB - Virtual size: 73KB

.data Size: 1024B - Virtual size: 3KB

.pdata Size: 2KB - Virtual size: 1KB

.rsrc Size: 280KB - Virtual size: 279KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 74KB - Virtual size: 73KB

.data
Size: 1024B - Virtual size: 3KB

.pdata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 280KB - Virtual size: 279KB

.reloc
Size: 1KB - Virtual size: 1KB