3bc39deddeccc908b71dcdbb08fdfaae3ee27bd29686708cfb7e8537da29926e

Sharing

Copy URL

Twitter E-mail

General

Target

3bc39deddeccc908b71dcdbb08fdfaae3ee27bd29686708cfb7e8537da29926e
Size

2.5MB
MD5

7c53a2bd5d9c529c87ec8715697ed6a9
SHA1

47094ddaf6699c55864efa51dc44a7cd5bed1a2a
SHA256

3bc39deddeccc908b71dcdbb08fdfaae3ee27bd29686708cfb7e8537da29926e
SHA512

695270d0ab87503d7206a6ec0d3b0dba1c83e63d3005b27ad6d225be24f2ed918e1897e8aaac16ec35b705e4523226888d7035d4bd9ae2cc3d570ec93426f1bb
SSDEEP

49152:soMG/OJ0kBCEgMve/yTI9n3rS5Rew7lmHl9ofxDhF6PYlLCj:soMGGykQ6ve/dwew7IHl94xDX6P0W

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3bc39deddeccc908b71dcdbb08fdfaae3ee27bd29686708cfb7e8537da29926e

Files

3bc39deddeccc908b71dcdbb08fdfaae3ee27bd29686708cfb7e8537da29926e
.exe windows:5 windows x86 arch:x86

2990db4813d0f449803000e49fee9306

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\autobuild_sesvc_13\360sesvc\bin\Release\sesvc.pdb

Imports

kernel32

IsProcessInJob
FlushFileBuffers
QueryPerformanceCounter
FormatMessageA
GetSystemTime
GetSystemTimeAsFileTime
SystemTimeToFileTime
GetProcessHeap
GetCurrentProcessId
LockFileEx
LocalFree
CreateFileMappingA
UnlockFile
HeapDestroy
HeapCompact
HeapAlloc
GetSystemInfo
HeapReAlloc
DeleteFileA
GetVersionExA
WaitForSingleObjectEx
LoadLibraryA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
FormatMessageW
GetTempPathA
HeapSize
HeapValidate
GetTempPathW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
LockFile
GetDiskFreeSpaceW
InterlockedCompareExchange
GetFullPathNameW
HeapFree
HeapCreate
AreFileApisANSI
TryEnterCriticalSection
GetPrivateProfileStringW
WritePrivateProfileStringW
CopyFileW
OpenProcess
DebugBreak
lstrlenA
lstrlenW
GetDiskFreeSpaceExW
OpenMutexW
GetCurrentThread
WaitForMultipleObjects
CreateProcessW
GetPrivateProfileIntW
GetSystemDirectoryW
GetTempFileNameW
QueryDosDeviceW
GetFileType
DuplicateHandle
DosDateTimeToFileTime
GetCurrentDirectoryW
GetExitCodeProcess
ReleaseMutex
GetSystemTimes
VirtualQuery
SetUnhandledExceptionFilter
GetCommandLineW
WritePrivateProfileStructW
DeviceIoControl
ResetEvent
TlsAlloc
TlsSetValue
TlsFree
CreateWaitableTimerW
SetWaitableTimer
CancelWaitableTimer
IsBadReadPtr
IsBadWritePtr
TerminateProcess
lstrcpynW
TerminateThread
SuspendThread
lstrcmpA
lstrcmpiA
GetFileSizeEx
ExitProcess
GetCurrentProcess
InterlockedDecrement
InterlockedIncrement
GetTickCount
OutputDebugStringA
FindNextFileW
FindFirstFileW
RemoveDirectoryW
FindClose
FreeLibrary
InitializeCriticalSection
ExitThread
MoveFileExW
SetFileAttributesW
GetModuleFileNameW
CreateThread
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GlobalAddAtomW
FindResourceW
GetModuleHandleW
LoadLibraryW
SizeofResource
LoadResource
GetProcAddress
LockResource
CreateMutexW
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
CreateEventW
WaitForSingleObject
SetEvent
WideCharToMultiByte
MultiByteToWideChar
WriteConsoleW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
SetStdHandle
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetConsoleCP
ReadConsoleW
GetConsoleMode
GetModuleFileNameA
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
GetModuleHandleExW
FreeLibraryAndExitThread
ResumeThread
RtlUnwind
OpenThread
HeapWalk
HeapUnlock
HeapLock
SetFilePointerEx
LocalFileTimeToFileTime
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
UnhandledExceptionFilter
GetCPInfo
GetLocaleInfoW
LCMapStringW
CompareStringW
GetStringTypeW
TlsGetValue
SwitchToThread
EncodePointer
LoadLibraryExA
DeleteFileW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LoadLibraryExW
RaiseException
DecodePointer
GetFileAttributesW
VirtualProtect
VerifyVersionInfoA
VerSetConditionMask
PeekNamedPipe
GetStdHandle
GetEnvironmentVariableA
MoveFileExA
GetSystemDirectoryA
QueryPerformanceFrequency
SleepEx
GetLongPathNameW
GetACP
QueryInformationJobObject
lstrcmpiW
Sleep
SetErrorMode
CreateDirectoryW
SetFileTime
SetLastError
GetVersionExW
VirtualFree
VirtualAlloc
CreateFileA
SetFilePointer
ReadFile
WriteFile
GetFileSize
GetLastError
CreateFileW
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
CloseHandle
GetModuleHandleA

user32

GetDesktopWindow
DispatchMessageW
TranslateMessage
GetWindowThreadProcessId
FindWindowExW
SetForegroundWindow
GetForegroundWindow
SetActiveWindow
SetFocus
AttachThreadInput
UnregisterHotKey
RegisterHotKey
GetMonitorInfoW
MonitorFromWindow
SetWindowLongW
GetWindowLongW
GetWindowRect
SetWindowTextW
KillTimer
SetTimer
GetAsyncKeyState
GetKeyState
SetWindowPos
ShowWindow
IsWindow
CreateWindowExW
GetClassInfoExW
RegisterClassExW
CallWindowProcW
PostQuitMessage
DefWindowProcW
PostMessageW
GetMessagePos
PostThreadMessageW
GetMessageW
UnregisterClassW
LoadCursorW
GetShellWindow
MsgWaitForMultipleObjects
CloseWindow
RealGetWindowClassW
SystemParametersInfoW
WindowFromPoint
GetLastInputInfo
SendMessageTimeoutW
wsprintfW
EnumDisplayDevicesW
EnumDisplaySettingsW
CharLowerW
EnumDisplayMonitors
GetWindowTextW
wvsprintfW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
FindWindowW
CharNextW
PeekMessageW
ReleaseDC
GetDC
GetSystemMetrics
DestroyWindow
GetClassNameW
SendMessageW

gdi32

GetDeviceCaps

shell32

SHFileOperationW
ord680
SHGetFolderPathW
ShellExecuteExW
SHAppBarMessage
SHGetSpecialFolderPathW
ord165
ShellExecuteW

ws2_32

WSAWaitForMultipleEvents
WSAGetLastError
bind
connect
getpeername
getsockname
getsockopt
ntohs
setsockopt
WSASetLastError
WSAIoctl
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
WSAStartup
freeaddrinfo
getaddrinfo
select
__WSAFDIsSet
socket
send
recv
listen
htons
htonl
closesocket
accept
WSAResetEvent
recvfrom
gethostname
ioctlsocket
sendto
WSACleanup

wldap32

ord211
ord26
ord22
ord41
ord50
ord27
ord32
ord33
ord35
ord45
ord46
ord217
ord60
ord79
ord30
ord200
ord301
ord143

crypt32

CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptStringToBinaryA
PFXImportCertStore
CryptDecodeObjectEx
CertCloseStore
CertFindExtension
CertGetNameStringA
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CertOpenStore
CertAddCertificateContextToStore

shlwapi

PathFindExtensionW
PathFindFileNameA
SHGetValueA
PathIsRootW
PathGetDriveNumberW
PathAddBackslashW
StrDupW
StrStrIW
StrStrIA
SHDeleteValueW
PathFindFileNameW
StrCmpIW
PathAppendW
PathFileExistsW
PathRemoveFileSpecW
PathCombineW
SHGetValueW
SHSetValueW

psapi

GetProcessImageFileNameW
GetModuleFileNameExW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

setupapi

SetupIterateCabinetW

netapi32

NetUserChangePassword
Netbios

Exports

Exports

??4ShellResourceRequestDetails@@QAEAAU0@ABU0@@Z

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 305KB - Virtual size: 305KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 42KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 823KB - Virtual size: 824KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2990db4813d0f449803000e49fee9306

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

shell32

ws2_32

wldap32

crypt32

shlwapi

psapi

version

wtsapi32

setupapi

netapi32

Exports

Exports

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 305KB - Virtual size: 305KB

.data Size: 42KB - Virtual size: 146KB

.rsrc Size: 823KB - Virtual size: 824KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 305KB - Virtual size: 305KB

.data
Size: 42KB - Virtual size: 146KB

.rsrc
Size: 823KB - Virtual size: 824KB