56a3018be40e121188e3190f7fdf09674408af0aa2f2acf47a5702b41d3f429d

Sharing

Copy URL Twitter E-mail

General

Target

56a3018be40e121188e3190f7fdf09674408af0aa2f2acf47a5702b41d3f429d
Size

1.3MB
MD5

f72120a49fd414a6f094d76780d27993
SHA1

4940b1a0b22c0b09a1cf2f29f07cb0fc6ea29ec2
SHA256

56a3018be40e121188e3190f7fdf09674408af0aa2f2acf47a5702b41d3f429d
SHA512

a178b3c47e5a60ab327e05c49720b31b9b5d84640651baca76f000ee02c7c2856d7787c645c22d1f8246cf14eb4c80d752d2dbd5a4bd4c1ad8dd5476e3de42fd
SSDEEP

24576:CRJlClkSXNhvHt9gQcVFeKqcqly3NLUHIhG7vSwUnX0ea0d:6YvN9gQ4Gy3NLFwjFAXFaU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
56a3018be40e121188e3190f7fdf09674408af0aa2f2acf47a5702b41d3f429d

Files

56a3018be40e121188e3190f7fdf09674408af0aa2f2acf47a5702b41d3f429d
.exe windows:6 windows x64 arch:x64

0458f0a4972dfcb08a647e9fef9b9f9e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\jk_kan\Desktop\Gerrit\diagnosisV3\AsusSystemDiagnosisV2\x64\Release\AsusSystemDiagnosis.pdb

Imports

kernel32

FindNextFileW
FindClose
OutputDebugStringA
OutputDebugStringW
GetProcessWorkingSetSize
VirtualFree
GetCurrentProcess
VirtualAlloc
VirtualUnlock
VirtualLock
SetProcessWorkingSetSize
WTSGetActiveConsoleSessionId
GetModuleFileNameA
GetModuleFileNameW
FileTimeToSystemTime
WritePrivateProfileStringW
GetPrivateProfileIntW
LoadLibraryW
HeapAlloc
GetProcessHeap
SetEndOfFile
WriteConsoleW
SetFilePointerEx
FlushFileBuffers
HeapSize
SetStdHandle
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
CreateProcessW
PeekNamedPipe
CreatePipe
WriteFile
ReadFile
GetStartupInfoW
K32EnumProcessModules
GetCurrentProcessId
K32EnumProcesses
K32GetModuleBaseNameW
OpenProcess
K32GetModuleFileNameExW
GetProcessId
TerminateProcess
WideCharToMultiByte
GlobalMemoryStatusEx
DeleteCriticalSection
LocalFree
DecodePointer
ResetEvent
CreateThread
RaiseException
GetNativeSystemInfo
SetEvent
Sleep
GetPrivateProfileStringW
GetExitCodeThread
MultiByteToWideChar
CreateEventW
GetPrivateProfileSectionNamesW
LocalAlloc
WaitForSingleObject
GetPrivateProfileSectionW
InitializeCriticalSectionEx
GetDiskFreeSpaceExW
GetLastError
FreeLibrary
GetProcAddress
LoadLibraryA
CreateDirectoryW
CloseHandle
CreateFileW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
HeapReAlloc
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
ReadConsoleW
PeekConsoleInputA
GetNumberOfConsoleInputEvents
GetConsoleMode
GetExitCodeProcess
GetTimeZoneInformation
GetFileType
HeapFree
GetCommandLineW
GetCommandLineA
GetStdHandle
GetModuleHandleExW
ExitProcess
FindFirstFileExW
GetFileAttributesExW
GetConsoleCP
DuplicateHandle
LoadLibraryExW
RtlPcToFileHeader
RtlUnwindEx
DeviceIoControl

user32

wsprintfW
EnumDisplayDevicesW

advapi32

RegOpenKeyExA
ReadEventLogW
CreateServiceA
StartServiceCtrlDispatcherA
CloseServiceHandle
SetServiceStatus
ChangeServiceConfig2W
OpenSCManagerA
RegisterServiceCtrlHandlerExA
DeleteService
ControlService
StartServiceA
ChangeServiceConfig2A
OpenServiceA
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
EqualSid
SetTokenInformation
OpenProcessToken
CreateProcessAsUserW
DuplicateTokenEx
GetTokenInformation
EventWriteTransfer
EventRegister
EventSetInformation
AllocateAndInitializeSid
SetEntriesInAclW
FreeSid
SetSecurityDescriptorDacl
RegCloseKey
RegQueryValueExA
InitializeSecurityDescriptor
CloseEventLog
OpenEventLogW

ole32

CoCreateInstance
StringFromGUID2
CoSetProxyBlanket
CoUninitialize
CoInitialize

oleaut32

SafeArrayGetElement
VariantInit
SysFreeString
SysAllocString
VariantClear

setupapi

CM_Get_Parent
CM_Open_DevNode_Key
SetupDiGetDevicePropertyW
CM_Disable_DevNode
CM_Enable_DevNode
CM_Get_Device_Interface_List_SizeW
CM_Get_Device_Interface_ListW
SetupDiRemoveDevice
SetupDiGetDeviceRegistryPropertyW
SetupDiEnumDeviceInfo
CM_Get_Device_ID_ListW
CM_Locate_DevNodeW
CM_Get_Device_ID_List_SizeA
CM_Get_Device_IDW
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsA
SetupDiGetDeviceInstanceIdW

shlwapi

PathFileExistsW

bthprops.cpl

BluetoothFindFirstRadio
BluetoothFindRadioClose
BluetoothFindNextDevice
BluetoothFindFirstDevice
BluetoothFindNextRadio
BluetoothFindDeviceClose
BluetoothGetRadioInfo

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

pdh

PdhCollectQueryData
PdhOpenQueryA
PdhAddEnglishCounterW
PdhCloseQuery
PdhGetFormattedCounterValue

rpcrt4

RpcBindingVectorFree
RpcServerUseProtseqEpW
RpcServerUnregisterIf
RpcServerRegisterIf3
RpcEpRegisterA
RpcServerInqCallAttributesA
RpcServerListen
RpcEpUnregister
RpcServerInqBindings
NdrServerCall2
UuidToStringW
RpcStringFreeW
RpcMgmtStopServerListening
NdrServerCallAll

api-ms-win-security-base-l1-2-2

DeriveCapabilitySidsFromName

iphlpapi

GetAdaptersInfo

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

api-ms-win-devices-config-l1-1-1

CM_Get_DevNode_PropertyW

ext-ms-win-networking-wlanapi-l1-1-0

WlanCloseHandle
WlanEnumInterfaces
WlanFreeMemory
WlanQueryInterface
WlanOpenHandle
WlanGetAvailableNetworkList

wlanapi

WlanGetInterfaceCapability
WlanScan
WlanGetNetworkBssList
WlanSetInterface

api-ms-win-core-synch-l1-1-0

WaitForSingleObjectEx
InitializeCriticalSectionAndSpinCount

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-errorhandling-l1-1-0

SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-localization-l1-2-0

GetLocaleInfoW
LCMapStringW
GetCPInfo

api-ms-win-core-string-l1-1-0

CompareStringW
GetStringTypeW

api-ms-win-core-util-l1-1-0

EncodePointer

wtsapi32

WTSQueryUserToken

Sections

.text
Size: 545KB - Virtual size: 545KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 215KB - Virtual size: 215KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 572KB - Virtual size: 576KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0458f0a4972dfcb08a647e9fef9b9f9e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

oleaut32

setupapi

shlwapi

bthprops.cpl

version

pdh

rpcrt4

api-ms-win-security-base-l1-2-2

iphlpapi

userenv

api-ms-win-devices-config-l1-1-1

ext-ms-win-networking-wlanapi-l1-1-0

wlanapi

api-ms-win-core-synch-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-debug-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-util-l1-1-0

wtsapi32

Sections

.text Size: 545KB - Virtual size: 545KB

.rdata Size: 215KB - Virtual size: 215KB

.data Size: 8KB - Virtual size: 20KB

.pdata Size: 23KB - Virtual size: 23KB

.rsrc Size: 6KB - Virtual size: 5KB

.reloc Size: 572KB - Virtual size: 576KB

.text
Size: 545KB - Virtual size: 545KB

.rdata
Size: 215KB - Virtual size: 215KB

.data
Size: 8KB - Virtual size: 20KB

.pdata
Size: 23KB - Virtual size: 23KB

.rsrc
Size: 6KB - Virtual size: 5KB

.reloc
Size: 572KB - Virtual size: 576KB