57efd59e512a5fa3154f20c80595e581f583492a418fda5eaa5ccab879e520df

Sharing

Copy URL Twitter E-mail

General

Target

57efd59e512a5fa3154f20c80595e581f583492a418fda5eaa5ccab879e520df
Size

1.9MB
MD5

e05a6312619fb91fe378f845573c22e4
SHA1

542004d96e0d276c09625e56fa0d048b938be658
SHA256

57efd59e512a5fa3154f20c80595e581f583492a418fda5eaa5ccab879e520df
SHA512

0df6cfb91130c92709f5c4e1699f45a067f7193fa5b21daad30a56e40448a82a11b7dea4cdfd01650238f7ce6df54528b5201bd9e3dd5204506feb4d0a129e6f
SSDEEP

49152:gpOIX8NLqPK+Hf3fFqN4YnN7U83RhowcDLxalmH3XeD:gpOIsNuC+HHQ6YnN7ywcxaIH3uD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
57efd59e512a5fa3154f20c80595e581f583492a418fda5eaa5ccab879e520df

Files

57efd59e512a5fa3154f20c80595e581f583492a418fda5eaa5ccab879e520df
.exe windows:5 windows x86 arch:x86

4ce07350adfb4047725cb4bf673f7ac1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\autobuild_sesvc_13\360sesvc\bin\Release\sesvc.pdb

Imports

kernel32

FlushFileBuffers
QueryPerformanceCounter
MapViewOfFile
CreateFileMappingW
FormatMessageA
GetSystemTime
GetSystemTimeAsFileTime
SystemTimeToFileTime
GetProcessHeap
GetCurrentProcessId
LockFileEx
LocalFree
CreateFileMappingA
UnlockFile
HeapDestroy
HeapCompact
HeapAlloc
GetSystemInfo
HeapReAlloc
DeleteFileA
GetVersionExA
WaitForSingleObjectEx
LoadLibraryA
CreateFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
FormatMessageW
GetTempPathA
HeapSize
HeapValidate
UnmapViewOfFile
GetVersionExW
GetFileAttributesW
GetTempPathW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
GetDiskFreeSpaceW
InterlockedCompareExchange
GetFullPathNameW
HeapFree
HeapCreate
AreFileApisANSI
TryEnterCriticalSection
GetPrivateProfileStringW
WritePrivateProfileStringW
CopyFileW
OpenProcess
DebugBreak
lstrlenA
lstrlenW
GetDiskFreeSpaceExW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
OpenMutexW
GetCommandLineW
GetCurrentThread
WaitForMultipleObjects
CreateProcessW
GetPrivateProfileIntW
GetSystemDirectoryW
VirtualAlloc
VirtualFree
GetTempFileNameW
QueryDosDeviceW
GetFileType
SetFileTime
DuplicateHandle
DosDateTimeToFileTime
GetCurrentDirectoryW
GetSystemTimes
LockResource
MoveFileW
VirtualQuery
SetUnhandledExceptionFilter
WritePrivateProfileStructW
DeviceIoControl
TlsAlloc
TlsSetValue
TlsFree
CreateWaitableTimerW
SetWaitableTimer
CancelWaitableTimer
IsBadReadPtr
IsBadWritePtr
GetShortPathNameW
lstrcpynW
TerminateThread
SuspendThread
lstrcmpA
lstrcmpiA
GetFileSizeEx
GetExitCodeProcess
ExitProcess
GetModuleHandleA
SetLastError
MultiByteToWideChar
IsProcessInJob
QueryInformationJobObject
FindResourceW
OutputDebugStringA
GetModuleHandleW
LoadLibraryExW
CreateMutexW
lstrcmpiW
SizeofResource
LoadResource
Sleep
SetErrorMode
GetCurrentThreadId
TerminateProcess
GetCurrentProcess
InterlockedDecrement
InterlockedIncrement
GetTickCount
GlobalUnlock
GlobalLock
GlobalAlloc
FindNextFileW
FindFirstFileW
RemoveDirectoryW
FindClose
FreeLibrary
ReadFile
GetFileSize
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
ExitThread
MoveFileExW
DeleteFileW
SetFileAttributesW
CreateFileW
WriteConsoleW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
SetStdHandle
ReadConsoleW
GetTimeZoneInformation
GetConsoleMode
GetConsoleCP
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetStdHandle
GetModuleFileNameA
QueryPerformanceFrequency
GetModuleHandleExW
FreeLibraryAndExitThread
ResumeThread
RtlUnwind
ReleaseMutex
OpenThread
HeapWalk
HeapUnlock
HeapLock
SetFilePointerEx
LocalFileTimeToFileTime
GetStartupInfoW
UnhandledExceptionFilter
GetCPInfo
GetStringTypeW
DecodePointer
GetLocaleInfoW
LCMapStringW
CompareStringW
TlsGetValue
SwitchToThread
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
CreateDirectoryW
GetModuleFileNameW
LoadLibraryW
CreateEventW
CloseHandle
WriteFile
WaitForSingleObject
SetEvent
IsDebuggerPresent
LoadLibraryExA
VirtualProtect
GetLocalTime
MulDiv
FreeResource
GetACP
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
WideCharToMultiByte
GetLastError
CreateThread
RaiseException
GetProcAddress
ResetEvent

user32

SetClipboardViewer
ChangeClipboardChain
OpenClipboard
IsWindow
SendMessageW
CreateWindowExW
RegisterClassExW
SetClipboardData
GetClipboardData
EmptyClipboard
IsClipboardFormatAvailable
GetForegroundWindow
GetClassNameW
DestroyWindow
SetWindowPos
IsWindowVisible
SetTimer
KillTimer
GetSystemMetrics
PostQuitMessage
DefWindowProcW
PostMessageW
DispatchMessageW
TranslateMessage
GetMessageW
CloseClipboard
UnregisterClassW
GetDC
GetShellWindow
SetRect
FillRect
InvalidateRect
DrawTextW
DestroyIcon
FlashWindow
CreateIconIndirect
MsgWaitForMultipleObjects
CloseWindow
SystemParametersInfoW
WindowFromPoint
GetLastInputInfo
wsprintfW
EnumDisplayDevicesW
EnumDisplaySettingsW
CharLowerW
PostThreadMessageW
GetWindow
EnumWindows
LoadIconW
GetWindowThreadProcessId
SetClassLongW
SetWindowTextW
GetAsyncKeyState
SendMessageTimeoutW
GetMessagePos
GetWindowTextW
wvsprintfW
ShowWindow
GetMonitorInfoW
MonitorFromWindow
LoadCursorW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
FindWindowExW
GetDesktopWindow
SetWindowLongW
GetWindowLongW
GetKeyState
GetClassInfoExW
CallWindowProcW
FindWindowW
SetForegroundWindow
SetCursor
UnionRect
OffsetRect
SetFocus
GetActiveWindow
GetFocus
SetCapture
ReleaseCapture
BeginPaint
EndPaint
GetUpdateRect
GetClientRect
ScreenToClient
MapWindowPoints
IntersectRect
IsRectEmpty
PtInRect
RegisterClassW
SetPropW
GetPropW
IsZoomed
SetWindowRgn
MessageBoxW
CharPrevW
CreateCaret
GetCaretBlinkTime
HideCaret
ShowCaret
SetCaretPos
GetCaretPos
ClientToScreen
GetSysColor
GetWindowTextLengthW
CreateAcceleratorTableW
InvalidateRgn
GetGUIThreadInfo
CharNextW
BringWindowToTop
IsIconic
PeekMessageW
EnableWindow
MoveWindow
GetCursorPos
GetWindowRect
ReleaseDC
GetParent

gdi32

MoveToEx
TextOutW
ExtTextOutW
CreatePatternBrush
GetObjectA
CreateDIBSection
CreateSolidBrush
DeleteObject
CreateBitmap
GetDeviceCaps
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateFontIndirectW
CreatePen
DeleteDC
GetStockObject
Rectangle
RestoreDC
SaveDC
SelectObject
GetTextMetricsW
GetObjectW
SetWindowOrgEx
CreateRoundRectRgn
CombineRgn
CreateDCW
CreatePenIndirect
CreateRectRgnIndirect
GetCharABCWidthsW
GetClipBox
GetDIBits
GetTextExtentPoint32W
LineTo
RoundRect
SelectClipRgn
ExtSelectClipRgn
SetBkColor
SetBkMode
StretchBlt
SetStretchBltMode
SetTextColor
GdiFlush

shell32

ShellExecuteW
SHFileOperationW
SHAppBarMessage
ord680
SHGetFolderPathW
ord165
SHGetSpecialFolderPathW

shlwapi

PathFindExtensionW
SHGetValueA
PathIsRootW
PathGetDriveNumberW
ord12
PathAddBackslashW
StrStrIW
PathFindFileNameA
StrStrIA
SHDeleteValueW
PathFindFileNameW
StrCmpIW
SHGetValueW
PathCombineW
PathRemoveFileSpecW
PathFileExistsW
StrDupW
SHStrDupW
PathAppendW
SHSetValueW

psapi

GetModuleFileNameExW
GetProcessImageFileNameW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

wtsapi32

WTSRegisterSessionNotification
WTSFreeMemory
WTSQuerySessionInformationW

imm32

ImmReleaseContext
ImmGetContext
ImmSetCompositionFontW
ImmSetCompositionWindow
ImmDisableIME

setupapi

SetupIterateCabinetW

netapi32

NetUserChangePassword
Netbios

Exports

Exports

??4ShellResourceRequestDetails@@QAEAAU0@ABU0@@Z

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 304KB - Virtual size: 304KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 47KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 297KB - Virtual size: 300KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4ce07350adfb4047725cb4bf673f7ac1

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

shell32

shlwapi

psapi

version

wtsapi32

imm32

setupapi

netapi32

Exports

Exports

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 304KB - Virtual size: 304KB

.data Size: 47KB - Virtual size: 143KB

.rsrc Size: 297KB - Virtual size: 300KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 304KB - Virtual size: 304KB

.data
Size: 47KB - Virtual size: 143KB

.rsrc
Size: 297KB - Virtual size: 300KB