dddf6323a6045ca2e29f71b6863ddb8cc9a6a4ff087369392089fc665a8ab5bd

Sharing

Copy URL Twitter E-mail

General

Target

dddf6323a6045ca2e29f71b6863ddb8cc9a6a4ff087369392089fc665a8ab5bd
Size

1.8MB
MD5

71bcf454c78789f4d84d12bf58518dba
SHA1

f3099f24eada3a0b2c2282b93b61805c4d06da65
SHA256

dddf6323a6045ca2e29f71b6863ddb8cc9a6a4ff087369392089fc665a8ab5bd
SHA512

18e8965895690222311c3bf6d8739c114273ba94e356f53860d5ab11f2da8f8db4103241336b9ad3bbad71293a52533cdb046a92b949c69a514fe162cf7f4b0a
SSDEEP

24576:R79JkDnMvE+P7RyrlS9EnyPW3Yz8QEBd6IW+UYSWjYThIK4N9anrVeuXODLx0X/1:rGoP0l6d2Bd6DWjHn6eSMqGRk3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dddf6323a6045ca2e29f71b6863ddb8cc9a6a4ff087369392089fc665a8ab5bd

Files

dddf6323a6045ca2e29f71b6863ddb8cc9a6a4ff087369392089fc665a8ab5bd
.exe windows:5 windows x86 arch:x86

343fe7181151aa1f6b2802e6e2714eab

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Landun\workspace\CommonComponent\ACE-Guard\1.compile_source\output\Win32\Release\SGuardSvc32.pdb

Imports

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

shlwapi

PathFileExistsW
PathFindFileNameA
PathFindFileNameW
PathRemoveFileSpecW
PathAppendW

wtsapi32

WTSQueryUserToken

ws2_32

freeaddrinfo
socket
htonl
WSAStartup
getaddrinfo
WSACleanup
sendto
htons

crypt32

CryptMsgGetParam
CertFreeCertificateContext
CertGetNameStringW
CertFindCertificateInStore
CryptMsgClose
CertCloseStore
CryptQueryObject

kernel32

FreeLibraryAndExitThread
GetCurrentThread
CreateThread
InitializeSListHead
RtlUnwind
ExitThread
CreateFileW
GetFileAttributesW
AreFileApisANSI
CloseHandle
RaiseException
GetLastError
SetLastError
HeapAlloc
HeapReAlloc
HeapFree
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
ReleaseMutex
WaitForSingleObject
WaitForSingleObjectEx
CreateMutexA
CreateMutexW
CreateEventW
Sleep
TerminateProcess
GetCurrentThreadId
GetThreadTimes
GetSystemInfo
GetSystemTimeAsFileTime
GetTickCount
GetSystemDirectoryW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
FreeLibrary
GetModuleFileNameW
GetProcAddress
GetFileAttributesExW
LocalAlloc
LocalFree
CreateFileMappingA
GetTimeZoneInformation
CompareStringW
MultiByteToWideChar
WideCharToMultiByte
LCMapStringW
GetLocaleInfoW
GetUserDefaultLCID
EnumSystemLocalesW
HeapSize
HeapDestroy
DeleteCriticalSection
GetProcessHeap
InterlockedExchange
InterlockedCompareExchange
GetPrivateProfileIntW
WaitForMultipleObjects
GetCurrentProcessId
InterlockedIncrement
OpenEventW
GetExitCodeProcess
GetCurrentProcess
SetCurrentDirectoryW
GetFileSize
CreateDirectoryW
FindNextFileW
GetModuleHandleExW
ExpandEnvironmentStringsW
FindClose
OpenProcess
DeleteFileW
VerSetConditionMask
GetModuleHandleW
VerifyVersionInfoW
Process32NextW
Process32FirstW
WTSGetActiveConsoleSessionId
GetModuleFileNameA
Module32FirstW
Module32NextW
SetUnhandledExceptionFilter
GetCommandLineA
ResumeThread
ReadFile
WriteFile
SetFilePointerEx
SystemTimeToFileTime
GetSystemTime
GetStartupInfoW
IsProcessorFeaturePresent
UnhandledExceptionFilter
OutputDebugStringW
IsDebuggerPresent
GetCPInfo
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetStdHandle
ExitProcess
GetACP
IsValidLocale
GetFileType
FlushFileBuffers
GetConsoleCP
GetConsoleMode
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
OutputDebugStringA
SetStdHandle
WriteConsoleW
ReadConsoleW
SetEndOfFile
HeapCreate
GetFullPathNameW
GetDiskFreeSpaceW
LockFile
InitializeCriticalSection
SetFilePointer
GetFullPathNameA
UnlockFileEx
GetTempPathW
HeapValidate
GetTempPathA
GetDiskFreeSpaceA
GetFileAttributesA
FlushViewOfFile
CreateFileA
LoadLibraryA
DeleteFileA
HeapCompact
UnlockFile
LockFileEx
FormatMessageA
LoadLibraryW
CreateToolhelp32Snapshot
QueryPerformanceCounter
TryEnterCriticalSection
GetStringTypeW
FormatMessageW

advapi32

SetServiceStatus
StartServiceCtrlDispatcherW
CreateServiceW
QueryServiceStatus
CloseServiceHandle
OpenSCManagerW
SetTokenInformation
ChangeServiceConfig2W
DeleteService
ControlService
StartServiceW
CreateProcessAsUserW
ConvertSidToStringSidW
OpenServiceW
DuplicateTokenEx
SetFileSecurityW
AllocateAndInitializeSid
SetEntriesInAclW
FreeSid
GetTokenInformation
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegisterServiceCtrlHandlerExW

wintrust

WinVerifyTrust

Sections

.text
Size: 804KB - Virtual size: 803KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 151KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 33KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 740KB - Virtual size: 739KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 70KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

343fe7181151aa1f6b2802e6e2714eab

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

userenv

shlwapi

wtsapi32

ws2_32

crypt32

kernel32

advapi32

wintrust

Sections

.text Size: 804KB - Virtual size: 803KB

.rdata Size: 151KB - Virtual size: 151KB

.data Size: 33KB - Virtual size: 38KB

.gfids Size: 1024B - Virtual size: 696B

.tls Size: 512B - Virtual size: 9B

.vmp0 Size: 740KB - Virtual size: 739KB

.rsrc Size: 70KB - Virtual size: 72KB

.text
Size: 804KB - Virtual size: 803KB

.rdata
Size: 151KB - Virtual size: 151KB

.data
Size: 33KB - Virtual size: 38KB

.gfids
Size: 1024B - Virtual size: 696B

.tls
Size: 512B - Virtual size: 9B

.vmp0
Size: 740KB - Virtual size: 739KB

.rsrc
Size: 70KB - Virtual size: 72KB