f7870a9f4b6bfe5bb786527b2a005e7575aceda168d4dfbf030d84e82fccd597

Sharing

Copy URL

Twitter E-mail

General

Target

f7870a9f4b6bfe5bb786527b2a005e7575aceda168d4dfbf030d84e82fccd597
Size

806KB
MD5

ec30316d9998ff8be323ffb5edf27b63
SHA1

ebc9e487af2692cf906a4b0fc8933d7dbd66aacf
SHA256

f7870a9f4b6bfe5bb786527b2a005e7575aceda168d4dfbf030d84e82fccd597
SHA512

e3f62dbed6990a7dd4529b05ffd30d924b82c8767fefef6d19044f397ae3b2d4672a150e80719925cd84b347ec320c29718355a3ea79744a2e8d183e9c3f4dfb
SSDEEP

12288:EIJf7dcTDvOMf7TgzVddzdhxFE6nBuWsrv2GMgbEIcOuw/vRd4SVXXxNDhaUs2bO:EIJfvMfaZFECIcOlnpvDzs2bsT7r

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f7870a9f4b6bfe5bb786527b2a005e7575aceda168d4dfbf030d84e82fccd597

Files

f7870a9f4b6bfe5bb786527b2a005e7575aceda168d4dfbf030d84e82fccd597
.exe windows:5 windows x86 arch:x86

cd9926343c0184dc34247c7bdaa4fbff

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\SicentCI\jenkins-slave\workspace\advflow2\xIcon\Bin\Release\ShellExe\ShellExe.pdb

Imports

iphlpapi

GetAdaptersInfo

advapi32

CryptReleaseContext
GetUserNameA
OpenProcessToken
CryptGenRandom
RegOpenKeyExW
RegQueryValueExW
CryptAcquireContextA
CryptImportKey
CryptEncrypt
LookupAccountNameA
CryptHashData
ConvertSidToStringSidA
RegQueryValueExA
RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
CryptDestroyKey
CryptGetHashParam
CryptDestroyHash
CryptCreateHash

ws2_32

accept
listen
WSAGetLastError
gethostname
htonl
ntohl
WSAStartup
WSACleanup
freeaddrinfo
getaddrinfo
recvfrom
connect
getpeername
getsockopt
bind
ntohs
getsockname
setsockopt
WSAIoctl
send
recv
select
__WSAFDIsSet
WSASetLastError
htons
sendto
socket
closesocket
ioctlsocket

crypt32

CertFreeCertificateContext

wldap32

ord46
ord41
ord27
ord301
ord33
ord79
ord35
ord32
ord200
ord30
ord26
ord50
ord22
ord211
ord143
ord60

kernel32

QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetLocaleInfoW
GetModuleFileNameW
GetStartupInfoW
SetHandleCount
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeW
GetConsoleCP
GetConsoleMode
FlushFileBuffers
HeapCreate
ExitProcess
HeapSize
IsValidCodePage
GetOEMCP
GetACP
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
LCMapStringW
FindFirstFileExA
GetDriveTypeA
GetFileInformationByHandle
FileTimeToLocalFileTime
ExitThread
HeapReAlloc
LoadLibraryW
SetStdHandle
GetFullPathNameA
GetCurrentDirectoryW
RtlUnwind
RaiseException
HeapSetInformation
WideCharToMultiByte
MultiByteToWideChar
CompareStringW
Sleep
SetCurrentDirectoryA
GetLastError
GetFileSize
CreateDirectoryA
GetModuleFileNameA
GetModuleHandleExA
CloseHandle
SetFilePointer
CreateFileA
SetEndOfFile
SystemTimeToFileTime
WriteConsoleW
FindClose
FindNextFileA
FindFirstFileA
DeleteCriticalSection
InitializeCriticalSection
GetLocalTime
WriteFile
FileTimeToSystemTime
OutputDebugStringA
LeaveCriticalSection
GetCurrentProcessId
GetCurrentThreadId
EnterCriticalSection
GetTickCount
GetProcAddress
GetModuleHandleA
GetNativeSystemInfo
GetComputerNameExA
ExpandEnvironmentStringsA
GetWindowsDirectoryA
QueryDosDeviceA
GetLogicalDriveStringsA
LocalFree
FormatMessageA
GetCurrentProcess
OpenProcess
HeapFree
GetProcessHeap
WaitForSingleObject
CreateToolhelp32Snapshot
ResumeThread
TerminateProcess
CreateProcessA
ReadFile
Process32Next
Process32First
FreeLibrary
LoadLibraryA
Module32Next
Module32First
GetFileAttributesExA
GetFileAttributesA
UnmapViewOfFile
MapViewOfFile
OpenFileMappingA
HeapAlloc
CreateFileW
TlsGetValue
TlsSetValue
TlsAlloc
CreateEventA
SetEvent
TerminateThread
CreateThread
GetModuleHandleW
VirtualFree
VirtualAlloc
CreateFileMappingA
InterlockedExchange
InterlockedIncrement
InterlockedDecrement
TlsFree
PostQueuedCompletionStatus
InterlockedExchangeAdd
WaitForSingleObjectEx
InitializeCriticalSectionAndSpinCount
VerifyVersionInfoA
VerSetConditionMask
SetWaitableTimer
CreateIoCompletionPort
QueueUserAPC
WaitForMultipleObjects
GetQueuedCompletionStatus
SetLastError
InterlockedCompareExchange
GetSystemTimeAsFileTime
ReleaseSemaphore
OpenEventA
ResetEvent
SleepEx
GetSystemDirectoryA
PeekNamedPipe
GetFileType
GetStdHandle
GetCommandLineA
DecodePointer
EncodePointer
GetTimeZoneInformation
SetEnvironmentVariableA
GetDriveTypeW
DeleteFileA
DeviceIoControl

user32

FindWindowA
wsprintfA
GetWindowThreadProcessId

shell32

SHGetSpecialFolderPathA

ole32

CoCreateInstance
CoUninitialize
CoInitialize

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationA

psapi

GetModuleFileNameExA
GetDeviceDriverBaseNameA
EnumDeviceDrivers
GetProcessImageFileNameA

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

userenv

ExpandEnvironmentStringsForUserA

Sections

.text
Size: 598KB - Virtual size: 598KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 137KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cd9926343c0184dc34247c7bdaa4fbff

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

iphlpapi

advapi32

ws2_32

crypt32

wldap32

kernel32

user32

shell32

ole32

wtsapi32

psapi

version

userenv

Sections

.text Size: 598KB - Virtual size: 598KB

.rdata Size: 137KB - Virtual size: 136KB

.data Size: 20KB - Virtual size: 29KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 48KB - Virtual size: 48KB

.text
Size: 598KB - Virtual size: 598KB

.rdata
Size: 137KB - Virtual size: 136KB

.data
Size: 20KB - Virtual size: 29KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 48KB - Virtual size: 48KB