442f63fc802afa5057251a8fa28761d52ca95dbb02c4d870ccd3faba6b3907e9

Sharing

Copy URL Twitter E-mail

General

Target

442f63fc802afa5057251a8fa28761d52ca95dbb02c4d870ccd3faba6b3907e9
Size

2.1MB
MD5

5ce6e5bc5d607ba81de62b5c476ab5fa
SHA1

e6cad74ccb6fe6f3e0018347f79e0b3e282a4bf3
SHA256

442f63fc802afa5057251a8fa28761d52ca95dbb02c4d870ccd3faba6b3907e9
SHA512

79645fea9435dfee4eacdb5d437e182e255fdfda230f01de6c24b7b8eff51194f550fbb69805a8a7e8b506aad968601c52961b4ff731582856af930f08045251
SSDEEP

49152:EiZu4xegDvGDt6LDOuR0PUAmtBLeCSJleSlmHvym5:EiZTxbiR6LD7GPgeFeSIHl5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
442f63fc802afa5057251a8fa28761d52ca95dbb02c4d870ccd3faba6b3907e9

Files

442f63fc802afa5057251a8fa28761d52ca95dbb02c4d870ccd3faba6b3907e9
.exe windows:5 windows x86 arch:x86

9e4eaf0145d7ac3a2a021d9576c7cf80

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\autobuild_sesvc_13\360sesvc\bin\Release\sesvc.pdb

Imports

kernel32

UnlockFile
HeapDestroy
HeapCompact
HeapAlloc
GetSystemInfo
HeapReAlloc
DeleteFileA
GetVersionExA
WaitForSingleObjectEx
LoadLibraryA
CreateFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
FormatMessageW
GetTempPathA
HeapSize
HeapValidate
UnmapViewOfFile
GetVersionExW
GetFileAttributesW
GetTempPathW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
GetDiskFreeSpaceW
InterlockedCompareExchange
GetFullPathNameW
HeapFree
HeapCreate
AreFileApisANSI
TryEnterCriticalSection
GetPrivateProfileStringW
WritePrivateProfileStringW
CopyFileW
OpenProcess
DebugBreak
lstrlenA
lstrlenW
GetDiskFreeSpaceExW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
OpenMutexW
GetCurrentThread
WaitForMultipleObjects
CreateProcessW
GetPrivateProfileIntW
GetSystemDirectoryW
VirtualAlloc
VirtualFree
GetTempFileNameW
QueryDosDeviceW
GetFileType
SetFileTime
DuplicateHandle
DosDateTimeToFileTime
GetCurrentDirectoryW
GetExitCodeProcess
GetSystemTimes
LockResource
VirtualQuery
SetUnhandledExceptionFilter
GetCommandLineW
WritePrivateProfileStructW
DeviceIoControl
ResetEvent
TlsAlloc
TlsSetValue
TlsFree
CreateWaitableTimerW
SetWaitableTimer
CancelWaitableTimer
IsBadReadPtr
IsBadWritePtr
GetModuleHandleA
GetSystemTimeAsFileTime
lstrcpynW
TerminateThread
SuspendThread
lstrcmpA
lstrcmpiA
GetFileSizeEx
ExitProcess
GetSystemTime
FormatMessageA
CreateFileMappingW
MapViewOfFile
QueryPerformanceCounter
FlushFileBuffers
LocalFree
SetLastError
IsProcessInJob
QueryInformationJobObject
FindResourceW
OutputDebugStringA
GetModuleHandleW
LoadLibraryExW
CreateMutexW
lstrcmpiW
SizeofResource
LoadResource
Sleep
SetErrorMode
GetCurrentThreadId
TerminateProcess
GetCurrentProcess
InterlockedDecrement
InterlockedIncrement
GetTickCount
GlobalUnlock
GlobalLock
GlobalAlloc
FindNextFileW
FindFirstFileW
RemoveDirectoryW
FindClose
FreeLibrary
ReadFile
GetFileSize
LeaveCriticalSection
WriteConsoleW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
SetStdHandle
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetConsoleCP
ReadConsoleW
GetConsoleMode
GetModuleFileNameA
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
GetModuleHandleExW
FreeLibraryAndExitThread
ResumeThread
RtlUnwind
ReleaseMutex
OpenThread
HeapWalk
HeapUnlock
HeapLock
SetFilePointerEx
LocalFileTimeToFileTime
GetStartupInfoW
UnhandledExceptionFilter
GetCPInfo
GetLocaleInfoW
LCMapStringW
CompareStringW
GetStringTypeW
EnterCriticalSection
InitializeCriticalSection
ExitThread
LockFileEx
MoveFileExW
SetFileAttributesW
CreateFileW
TlsGetValue
SwitchToThread
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
IsDebuggerPresent
LoadLibraryExA
VirtualProtect
VerifyVersionInfoA
VerSetConditionMask
PeekNamedPipe
GetStdHandle
GetEnvironmentVariableA
MoveFileExA
GetSystemDirectoryA
QueryPerformanceFrequency
DecodePointer
SleepEx
GetLocalTime
MulDiv
FreeResource
GetACP
CreateFileMappingA
GetCurrentProcessId
GetProcessHeap
SystemTimeToFileTime
CreateDirectoryW
GetModuleFileNameW
LoadLibraryW
WriteFile
CreateThread
GetProcAddress
CreateEventW
CloseHandle
WaitForSingleObject
SetEvent
WideCharToMultiByte
MultiByteToWideChar
DeleteFileW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
RaiseException

user32

SetClipboardData
ChangeClipboardChain
SetClipboardViewer
CloseClipboard
OpenClipboard
IsWindow
SendMessageW
CreateWindowExW
RegisterClassExW
PostQuitMessage
DefWindowProcW
GetClipboardData
PostMessageW
DispatchMessageW
TranslateMessage
PostThreadMessageW
GetMessageW
UnregisterClassW
SetPropW
RegisterClassW
PtInRect
IsRectEmpty
EmptyClipboard
IsClipboardFormatAvailable
GetForegroundWindow
GetClassNameW
GetPropW
IntersectRect
MapWindowPoints
ScreenToClient
GetClientRect
GetUpdateRect
EndPaint
BeginPaint
ReleaseCapture
IsZoomed
SetWindowRgn
DestroyWindow
SetWindowPos
IsWindowVisible
SetTimer
KillTimer
GetSystemMetrics
GetDC
ReleaseDC
GetWindowRect
GetWindowTextLengthW
MoveWindow
EnableWindow
PeekMessageW
CharNextW
CallWindowProcW
GetGUIThreadInfo
InvalidateRgn
CreateAcceleratorTableW
MessageBoxW
CharPrevW
CreateCaret
GetCaretBlinkTime
HideCaret
ShowCaret
SetCaretPos
GetCaretPos
ClientToScreen
GetSysColor
SetWindowTextW
GetCursorPos
SetCapture
GetShellWindow
SetRect
FillRect
InvalidateRect
IsIconic
DrawTextW
GetParent
MsgWaitForMultipleObjects
CloseWindow
RealGetWindowClassW
SystemParametersInfoW
GetWindowThreadProcessId
WindowFromPoint
GetLastInputInfo
SendMessageTimeoutW
wsprintfW
EnumDisplayDevicesW
EnumDisplaySettingsW
CharLowerW
GetWindow
GetWindowTextW
wvsprintfW
ShowWindow
GetMonitorInfoW
MonitorFromWindow
LoadCursorW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
FindWindowExW
FindWindowW
GetDesktopWindow
SetWindowLongW
GetWindowLongW
SetForegroundWindow
GetKeyState
GetClassInfoExW
SetCursor
UnionRect
OffsetRect
SetFocus
GetActiveWindow
GetFocus

gdi32

DeleteObject
CreateSolidBrush
GetDeviceCaps
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateFontIndirectW
CreatePen
DeleteDC
GetStockObject
Rectangle
RestoreDC
SaveDC
SelectObject
GetTextMetricsW
GetObjectW
SetWindowOrgEx
CreateRoundRectRgn
CombineRgn
CreateDCW
CreatePenIndirect
CreateRectRgnIndirect
GetCharABCWidthsW
GetClipBox
GetDIBits
GetTextExtentPoint32W
LineTo
RoundRect
SelectClipRgn
ExtSelectClipRgn
SetBkColor
SetBkMode
StretchBlt
SetStretchBltMode
SetTextColor
CreateDIBSection
GetObjectA
MoveToEx
TextOutW
ExtTextOutW
GdiFlush
CreatePatternBrush

shell32

ord680
SHGetSpecialFolderPathW
SHFileOperationW
SHGetFolderPathW
ShellExecuteW
SHAppBarMessage
ord165

ws2_32

closesocket
htonl
htons
listen
recv
socket
WSAStartup
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAResetEvent
WSAWaitForMultipleEvents
WSAGetLastError
bind
accept
gethostname
ioctlsocket
send
connect
getpeername
getsockname
getsockopt
ntohs
setsockopt
WSASetLastError
WSAIoctl
WSACleanup
__WSAFDIsSet
select
getaddrinfo
freeaddrinfo
recvfrom
sendto

wldap32

ord301
ord200
ord30
ord79
ord35
ord33
ord32
ord27
ord26
ord22
ord41
ord50
ord45
ord60
ord211
ord46
ord217
ord143

crypt32

CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptStringToBinaryA
PFXImportCertStore
CryptDecodeObjectEx
CertCloseStore
CertFindExtension
CertGetNameStringA
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CertOpenStore
CertAddCertificateContextToStore

shlwapi

PathFindExtensionW
SHGetValueA
PathIsRootW
PathGetDriveNumberW
PathAddBackslashW
StrDupW
PathFileExistsW
PathRemoveFileSpecW
PathCombineW
SHGetValueW
SHSetValueW
PathAppendW
StrCmpIW
PathFindFileNameW
SHDeleteValueW
StrStrIA
PathFindFileNameA
StrStrIW

psapi

GetProcessImageFileNameW
GetModuleFileNameExW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory

setupapi

SetupIterateCabinetW

netapi32

NetUserChangePassword
Netbios

imm32

ImmSetCompositionWindow
ImmSetCompositionFontW
ImmGetContext
ImmReleaseContext

Exports

Exports

??4ShellResourceRequestDetails@@QAEAAU0@ABU0@@Z

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 342KB - Virtual size: 342KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 45KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 233KB - Virtual size: 236KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9e4eaf0145d7ac3a2a021d9576c7cf80

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

shell32

ws2_32

wldap32

crypt32

shlwapi

psapi

version

wtsapi32

setupapi

netapi32

imm32

Exports

Exports

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 342KB - Virtual size: 342KB

.data Size: 45KB - Virtual size: 141KB

.rsrc Size: 233KB - Virtual size: 236KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 342KB - Virtual size: 342KB

.data
Size: 45KB - Virtual size: 141KB

.rsrc
Size: 233KB - Virtual size: 236KB