201f82087c448308a2a39958346d35d11b9222ebad587247e9b705cccfd32c0b

Sharing

Copy URL Twitter E-mail

General

Target

201f82087c448308a2a39958346d35d11b9222ebad587247e9b705cccfd32c0b
Size

1.5MB
MD5

2a860c67d3ba471d55522cfeb684e07f
SHA1

f578336c285666ce479180e858a79f987dc79f66
SHA256

201f82087c448308a2a39958346d35d11b9222ebad587247e9b705cccfd32c0b
SHA512

2dc3970ff1e56835abecff6e7c562f543ebdb9a4de5f44532f499971311ff2636582b69503c30ef4bb324ca03f2300730094539cd742e3c0c9deab8421f81306
SSDEEP

12288:Q/y55eP8GJvqhKKWssjMTmkJR4Do07Y86gw5CtCjX+NLuFhNpBeZT3X:r55eP8G+SkQ/7Gb8NLEbeZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
201f82087c448308a2a39958346d35d11b9222ebad587247e9b705cccfd32c0b

Files

201f82087c448308a2a39958346d35d11b9222ebad587247e9b705cccfd32c0b
.exe windows:10 windows x86 arch:x86

828091e4eb8bc2f38a566c67559fc82d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

vssagent.pdb

Imports

advapi32

OpenEventLogW
ReadEventLogW
CloseEventLog
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegEnumValueW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
OpenSCManagerW
OpenServiceW
QueryServiceStatus
ControlService
CloseServiceHandle
OpenProcessToken
ConvertSidToStringSidW
RegDeleteTreeW
RegQueryValueExW
ReportEventW
RegisterEventSourceW
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceEnableFlags
GetTraceLoggerHandle
TraceEvent
DeregisterEventSource
OpenThreadToken
GetTokenInformation

kernel32

GetSystemInfo
GlobalMemoryStatusEx
QueryDosDeviceW
CloseHandle
CreateFileW
GetVolumeNameForVolumeMountPointW
FindFirstVolumeW
FindNextVolumeW
GetDriveTypeW
GetVolumePathNameW
GetDiskFreeSpaceExW
GetVolumeInformationW
FindVolumeClose
CopyFileW
GetFullPathNameW
ExpandEnvironmentStringsW
FindFirstFileW
FindNextFileW
GetSystemTimeAsFileTime
WideCharToMultiByte
WriteFile
LoadLibraryExW
FindClose
LeaveCriticalSection
EnterCriticalSection
GetVersionExW
SetConsoleCtrlHandler
GetModuleHandleW
InitializeCriticalSection
SetFilePointer
ReadFile
DeleteCriticalSection
CreateMutexW
ReleaseMutex
GetStdHandle
GetConsoleMode
SetConsoleMode
FreeLibrary
GetProcAddress
lstrcmpiW
lstrcpynW
VirtualProtect
VirtualAlloc
VirtualQuery
GetCurrentProcess
LoadResource
FindResourceExW
lstrcpyW
Sleep
HeapDestroy
GetComputerNameExW
AcquireSRWLockShared
ReleaseSRWLockShared
InitializeSRWLock
GetCurrentThread
GetSystemTime
TlsFree
TlsGetValue
TlsAlloc
OutputDebugStringW
TlsSetValue
lstrlenW
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
OutputDebugStringA
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetWindowsDirectoryW
GetModuleFileNameW
DeleteFileW
MultiByteToWideChar
LocalAlloc
GetTimeFormatW
GetThreadLocale
GetDateFormatW
FileTimeToSystemTime
FileTimeToLocalFileTime
LocalFree
GetLastError
DeviceIoControl
FormatMessageW
GetCommandLineW
GetNativeSystemInfo
SizeofResource
IsWow64Process
HeapSetInformation
GetTickCount

msvcrt

memcmp
memcpy
_except_handler4_common
_controlfp
_onexit
__dllonexit
_unlock
_lock
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_initterm
__setusermatherr
__p__fmode
_cexit
_exit
exit
__set_app_type
__wgetmainargs
__p__commode
_XcptFilter
_CxxThrowException
_callnewh
_wtoi
wcscpy_s
wcscat_s
malloc
fflush
??0exception@@QAE@XZ
memmove_s
??0exception@@QAE@ABQBD@Z
memcpy_s
iswalnum
qsort
free
realloc
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
_purecall
wcsncmp
_wcsicmp
wcschr
iswspace
_vsnwprintf
wprintf
__CxxFrameHandler3
__iob_func
_wcsnicmp
_vsnprintf
_amsg_exit
memset

ole32

CoResumeClassObjects
CoRevokeClassObject
CoRegisterClassObject
CoTaskMemRealloc
StringFromGUID2
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CLSIDFromString
CoInitializeSecurity
CoInitializeEx
CoUninitialize

user32

KillTimer
SetTimer
RegisterDeviceNotificationW
PostMessageW
UnregisterClassW
DestroyWindow
CharNextW
TranslateMessage
GetMessageW
CreateWindowExW
RegisterClassW
DefWindowProcW
LoadStringW
FindWindowW
DispatchMessageW
CharPrevW
UnregisterDeviceNotification

oleaut32

VariantClear
SysStringLen
SysAllocString
VariantChangeType
GetErrorInfo
SysFreeString
VarUI4FromStr
RegisterTypeLi
LoadTypeLi

rpcrt4

RpcStringFreeW
UuidToStringW

shlwapi

PathFileExistsW

setupapi

SetupDiGetDeviceRegistryPropertyW
SetupDiGetDeviceInterfaceDetailW
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsW
SetupDiCreateDeviceInfoList
SetupDiOpenDeviceInterfaceW
SetupDiEnumDeviceInterfaces

vssapi

CreateVssBackupComponentsInternal

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

clusapi

OpenCluster
CloseCluster

api-ms-win-security-lsalookup-l1-1-0

LookupAccountSidLocalW

Sections

.text
Size: 304KB - Virtual size: 304KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

828091e4eb8bc2f38a566c67559fc82d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

msvcrt

ole32

user32

oleaut32

rpcrt4

shlwapi

setupapi

vssapi

version

clusapi

api-ms-win-security-lsalookup-l1-1-0

Sections

.text Size: 304KB - Virtual size: 304KB

.data Size: 4KB - Virtual size: 138KB

.idata Size: 6KB - Virtual size: 6KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 1.2MB - Virtual size: 1.2MB

.text
Size: 304KB - Virtual size: 304KB

.data
Size: 4KB - Virtual size: 138KB

.idata
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 1.2MB - Virtual size: 1.2MB