731dea71b9ff0524a6023c3f09f1d2f75cab09d2eb2c9dd9e94326aaddaa7964

Sharing

Copy URL Twitter E-mail

General

Target

731dea71b9ff0524a6023c3f09f1d2f75cab09d2eb2c9dd9e94326aaddaa7964
Size

1.1MB
MD5

1c5fa9b8cc13c61077d428a7a587a4c1
SHA1

64bd300a94470ae7d5134ced9cdea77dbfa5430b
SHA256

731dea71b9ff0524a6023c3f09f1d2f75cab09d2eb2c9dd9e94326aaddaa7964
SHA512

0690d2606d15ffaf6d505084bc74e7dec2cb3b6eb52cd436482478a21834e8938115c778883a3882643d50cb28e7ad551c1f3faa108996629f192a112709f8c6
SSDEEP

24576:uEOb/p45QSYIVu9O54ElsLonc24/iOaeKqcqly3NLUHIhG7vSwUnX0ea0d:uEUxgau4Ap8/iO8Gy3NLFwjFAXFaU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
731dea71b9ff0524a6023c3f09f1d2f75cab09d2eb2c9dd9e94326aaddaa7964

Files

731dea71b9ff0524a6023c3f09f1d2f75cab09d2eb2c9dd9e94326aaddaa7964
.exe windows:6 windows x64 arch:x64

b0fcf0efdae72f4886c802b0b9448956

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\Recent\PCmover\AsusMigration\x64\Release\AsusSwitch.pdb

Imports

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapSize
HeapReAlloc
HeapAlloc

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentStringsW
GetCommandLineA
SetEnvironmentVariableA
FreeEnvironmentStringsW
SetStdHandle
GetCommandLineW
GetStdHandle

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoUninitialize
CoInitializeSecurity
CoInitializeEx
CoTaskMemFree

api-ms-win-service-core-l1-1-0

SetServiceStatus
RegisterServiceCtrlHandlerExW
StartServiceCtrlDispatcherW

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
WaitForSingleObject
ResetEvent
InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx
OpenEventW
LeaveCriticalSection
SetEvent
CreateMutexW
OpenMutexW
DeleteCriticalSection
CreateEventW
InitializeCriticalSection

api-ms-win-core-processthreads-l1-1-0

GetStartupInfoW
ResumeThread
TlsAlloc
OpenProcessToken
TlsFree
TlsSetValue
CreateProcessW
TerminateProcess
GetCurrentThreadId
GetCurrentProcess
CreateThread
SuspendThread
GetCurrentProcessId
TlsGetValue
ExitProcess

api-ms-win-core-errorhandling-l1-1-0

RaiseException
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc
GlobalFree

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

bcrypt

BCryptDecrypt
BCryptOpenAlgorithmProvider
BCryptDestroyKey
BCryptEncrypt
BCryptSetProperty
BCryptExportKey
BCryptGetProperty
BCryptImportKey
BCryptCloseAlgorithmProvider
BCryptGenerateSymmetricKey

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount
GetTickCount64
GetSystemInfo
GetSystemDirectoryW

api-ms-win-core-file-l1-1-0

CreateFileW
FindVolumeClose
FindClose
GetFileAttributesExW
DeleteFileW
SetEndOfFile
FindNextVolumeW
WriteFile
FindNextFileW
FindFirstVolumeW
FindFirstFileW
GetVolumeInformationW
ReadFile
CreateDirectoryW
SetFilePointerEx
FindFirstFileExW
GetFileType
FlushFileBuffers

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-shell-shdirectory-l1-1-0

ord290

api-ms-win-security-base-l1-1-0

FreeSid
InitializeSecurityDescriptor
AllocateAndInitializeSid
AddAce
GetLengthSid
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl
AdjustTokenPrivileges
IsValidSecurityDescriptor

api-ms-win-core-path-l1-1-0

PathCchAddBackslash
PathCchRemoveFileSpec

api-ms-win-security-provider-l1-1-0

SetEntriesInAclW

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW
FindResourceW

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExA
LoadResource
GetModuleFileNameW
GetProcAddress
GetModuleHandleExW
FreeLibrary
LoadLibraryExW
FreeResource
LockResource
GetModuleHandleW

api-ms-win-core-file-l2-1-2

CopyFileW

rpcrt4

NdrClientCall3
NdrServerCallAll
RpcServerInqCallAttributesW
RpcEpRegisterW
RpcServerListen
RpcServerInqBindings
RpcServerRegisterIf3
RpcServerUnregisterIf
RpcBindingVectorFree
NdrServerCall2
RpcServerUseProtseqEpW
RpcEpUnregister

api-ms-win-core-namedpipe-l1-1-0

CreateNamedPipeW
DisconnectNamedPipe
ConnectNamedPipe
WaitNamedPipeW

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-synch-l1-2-0

InitializeConditionVariable
Sleep
InitOnceExecuteOnce
SleepConditionVariableCS
WakeAllConditionVariable

api-ms-win-core-privateprofile-l1-1-0

GetPrivateProfileIntW
WritePrivateProfileStringW
GetPrivateProfileStringW

api-ms-win-power-setting-l1-1-0

PowerSettingUnregisterNotification
PowerSettingRegisterNotification

api-ms-win-core-shutdown-l1-1-0

InitiateSystemShutdownExW

api-ms-win-power-base-l1-1-0

GetPwrCapabilities

api-ms-win-core-kernel32-legacy-l1-1-5

SetThreadExecutionState

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW
LookupAccountNameW
LookupAccountSidW

ext-ms-win-shell32-shellfolders-l1-1-0

SHGetKnownFolderPath

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegCreateKeyExW

api-ms-win-core-psapi-l1-1-0

K32GetModuleFileNameExW

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-sysinfo-l1-2-0

GetSystemFirmwareTable

oleaut32

SysFreeString
SysAllocString
VariantClear
VariantInit

api-ms-win-service-management-l1-1-0

OpenServiceW
OpenSCManagerW
CloseServiceHandle

api-ms-win-security-sddl-l1-1-0

ConvertStringSidToSidW
ConvertSidToStringSidW

api-ms-win-core-version-l1-1-0

VerQueryValueW

samcli

NetQueryDisplayInformation

api-ms-win-service-management-l2-1-0

ChangeServiceConfig2W

netutils

NetApiBufferFree

api-ms-win-core-firmware-l1-1-0

GetFirmwareEnvironmentVariableW

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableLevel
TraceMessage
GetTraceLoggerHandle
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableFlags

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringEx
GetStringTypeW
WideCharToMultiByte
CompareStringW

shell32

CommandLineToArgvW

api-ms-win-core-memory-l1-1-0

VirtualQuery
VirtualProtect

api-ms-win-core-rtlsupport-l1-1-0

RtlUnwindEx
RtlUnwind
RtlCaptureContext
RtlLookupFunctionEntry
RtlPcToFileHeader
RtlVirtualUnwind

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-localization-l1-2-0

EnumSystemLocalesW
LCMapStringEx
IsValidCodePage
GetUserDefaultLCID
GetACP
GetOEMCP
GetCPInfo
IsValidLocale
GetLocaleInfoW
GetLocaleInfoEx
LCMapStringW

api-ms-win-core-fibers-l1-1-0

FlsSetValue
FlsFree
FlsAlloc
FlsGetValue

api-ms-win-core-console-l1-1-0

GetConsoleCP
ReadConsoleW
WriteConsoleW
GetConsoleMode

api-ms-win-core-datetime-l1-1-0

GetTimeFormatW
GetDateFormatW

api-ms-win-core-timezone-l1-1-0

GetTimeZoneInformation

Sections

.text
Size: 428KB - Virtual size: 428KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 141KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 568KB - Virtual size: 572KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b0fcf0efdae72f4886c802b0b9448956

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-core-heap-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-service-core-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-util-l1-1-0

bcrypt

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-io-l1-1-0

api-ms-win-shell-shdirectory-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-path-l1-1-0

api-ms-win-security-provider-l1-1-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-file-l2-1-2

rpcrt4

api-ms-win-core-namedpipe-l1-1-0

api-ms-win-core-synch-l1-2-1

api-ms-win-core-synch-l1-2-0

api-ms-win-core-privateprofile-l1-1-0

api-ms-win-power-setting-l1-1-0

api-ms-win-core-shutdown-l1-1-0

api-ms-win-power-base-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-5

api-ms-win-security-lsalookup-l2-1-0

ext-ms-win-shell32-shellfolders-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-psapi-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-sysinfo-l1-2-0

oleaut32

api-ms-win-service-management-l1-1-0

api-ms-win-security-sddl-l1-1-0

api-ms-win-core-version-l1-1-0

samcli

api-ms-win-service-management-l2-1-0

netutils

api-ms-win-core-firmware-l1-1-0

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-string-l1-1-0

shell32

api-ms-win-core-memory-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-fibers-l1-1-0

api-ms-win-core-console-l1-1-0

api-ms-win-core-datetime-l1-1-0

api-ms-win-core-timezone-l1-1-0

Sections

.text Size: 428KB - Virtual size: 428KB

.rdata Size: 141KB - Virtual size: 141KB

.data Size: 7KB - Virtual size: 60KB

.pdata Size: 18KB - Virtual size: 18KB

.rsrc Size: 6KB - Virtual size: 6KB

.reloc Size: 568KB - Virtual size: 572KB

.text
Size: 428KB - Virtual size: 428KB

.rdata
Size: 141KB - Virtual size: 141KB

.data
Size: 7KB - Virtual size: 60KB

.pdata
Size: 18KB - Virtual size: 18KB

.rsrc
Size: 6KB - Virtual size: 6KB

.reloc
Size: 568KB - Virtual size: 572KB