SplanSvc[.]exe

Resubmissions

03/04/2024, 07:57

240403-jtd71sbd34 3

29/03/2024, 10:14

240329-l9ql4afe25 3

Sharing

Copy URL Twitter E-mail

General

Target

SplanSvc.exe
Size

124KB
MD5

14b5045db54c657e19d5d6755700852b
SHA1

107283f95f297dc6aaa0211ba531ca0992323fa0
SHA256

ad8e5180bce10e0835905a55667771db0fa82da7450287e5292505b3345755e9
SHA512

76d5b51d01e13b19a9e019ed9ee8b023c0aabfddab9afa9421ab7b350a770aab7a084d6b9c2daa82071c7dc2f5fd8a3c34738c91c0dfcc46094ad1b1295f0e4b
SSDEEP

3072:nLF/B7l/9pTyDC2lX62soWyLUhBiBlZzZmoaXVIEBKX:nB/w5uoWJhBUZIIX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SplanSvc.exe

Files

SplanSvc.exe
.exe windows:4 windows x86 arch:x86

Password: ciao

fbca85be08072f836eb9efda13786848

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

spevent

SP_EventMgr_Change_Task
SP_EventMgr_Get_Task_Count
SP_EventMgr_Remove_Task
SP_EventMgr_Lock_Task
SP_EventMgr_Unlock_Task
SP_EventMgr_GetRunMode
SP_EventMgr_Get_Task
SP_EventMgr_Get_Task_ListEx
SP_EventMgr_Add_Task
SP_EventMgr_End
SP_EventMgr_Enable_Task
SP_EventMgr_Suspend_Task
SP_EventMgr_Get_Running_Task
_SP_EventMgr_GetRunModeEx@12
SP_EventMgr_Inititialize

rasapi32

RasHangUpA
RasDialA

atl

ord32
ord30
ord58
ord18
ord16
ord57
ord23
ord20
ord17

kernel32

OpenProcess
WideCharToMultiByte
lstrlenW
InterlockedDecrement
GetCurrentProcess
DuplicateHandle
GetCurrentThread
GetCurrentThreadId
lstrcmpiA
GetCommandLineA
lstrlenA
MultiByteToWideChar
GetModuleFileNameA
InterlockedIncrement
DeleteCriticalSection
SystemTimeToFileTime
GetCurrentDirectoryA
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetLocaleInfoW
GetTimeZoneInformation
EnterCriticalSection
LeaveCriticalSection
SetEvent
InitializeCriticalSection
CreateEventA
GetLastError
FormatMessageA
LocalFree
CloseHandle
WaitForSingleObject
WaitForMultipleObjects
SetStdHandle
GetVersion
ExitProcess
TlsSetValue
SetConsoleCtrlHandler
LoadLibraryA
SetFilePointer
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
WriteFile
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetUserDefaultLCID
EnumSystemLocalesA
GetLocaleInfoA
IsValidCodePage
IsValidLocale
FlushFileBuffers
Sleep
TlsGetValue
SetLastError
GetProcAddress
FatalAppExitA
IsBadWritePtr
VirtualAlloc
CreateThread
GetEnvironmentStrings
ExitThread
RtlUnwind
HeapFree
HeapAlloc
GetModuleHandleA
GetStartupInfoA
FreeEnvironmentStringsW
FreeEnvironmentStringsA
TlsAlloc
TlsFree
VirtualFree
GetACP
TerminateProcess
UnhandledExceptionFilter
HeapReAlloc
HeapSize
GetCPInfo
GetOEMCP
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate

user32

wsprintfA
CharNextA
LoadStringA
MessageBoxA

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CreateServiceA
RegisterServiceCtrlHandlerA
GetTokenInformation
OpenThreadToken
OpenProcessToken
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
GetLengthSid
CopySid
RegOpenKeyExA
StartServiceCtrlDispatcherA
ControlService
DeleteService
RegDeleteValueA
RegQueryValueExA
SetServiceStatus
OpenServiceA
CloseServiceHandle
RegDeleteKeyA
OpenSCManagerA
RegOpenKeyA
ReportEventA
RegisterEventSourceA
RegSetValueExA
RegCreateKeyA
DeregisterEventSource
RegCloseKey

ole32

CoInitialize
CoResumeClassObjects
CoInitializeSecurity
CoInitializeEx
CoSuspendClassObjects
CoUninitialize

oleaut32

SysAllocStringLen
SystemTimeToVariantTime
SysStringLen
LoadRegTypeLi
SysFreeString

Sections

.text
Size: 76KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: ciao

fbca85be08072f836eb9efda13786848

Headers

File Characteristics

Imports

spevent

rasapi32

atl

kernel32

user32

advapi32

ole32

oleaut32

Sections

.text Size: 76KB - Virtual size: 73KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 20KB - Virtual size: 25KB

.rsrc Size: 12KB - Virtual size: 11KB

.text
Size: 76KB - Virtual size: 73KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 20KB - Virtual size: 25KB

.rsrc
Size: 12KB - Virtual size: 11KB