b5352e40abf1f60425ba5d55400f7e49d95383fd32764f444ccb8402627369c6

Sharing

Copy URL Twitter E-mail

General

Target

b5352e40abf1f60425ba5d55400f7e49d95383fd32764f444ccb8402627369c6
Size

254KB
MD5

3a89703277356c6e2ae3e2e73eea5caf
SHA1

c3a71f1a1454a779f208b42c50d4333bfa1b5186
SHA256

b5352e40abf1f60425ba5d55400f7e49d95383fd32764f444ccb8402627369c6
SHA512

167b2e5adc46ea660428c1b97613ff3e0a4e32e5ef926844449073df1feff58f543ebd8aaaff198e1a59b615ba9fe1f028ce00685b15ff9ca6ef9126ddb2e814
SSDEEP

3072:jSL8hoBY9LV93BAVnQyF6t9Zky0wQ8n0dGHqzqmlZ05jL4+XKG9VIukq3/3fmp1e:JuBOLzx06t9nHIyqzDkLqG9VIo/3fmT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b5352e40abf1f60425ba5d55400f7e49d95383fd32764f444ccb8402627369c6

Files

b5352e40abf1f60425ba5d55400f7e49d95383fd32764f444ccb8402627369c6
.exe windows:6 windows x86 arch:x86

7554e509802ea52a1d02bbb4506cae72

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

services.pdb

Imports

msvcrt

__p__commode
__p__fmode
__set_app_type
_except_handler4_common
?terminate@@YAXXZ
__setusermatherr
_wtol
_initterm
_controlfp
_ltow
wcscspn
exit
_XcptFilter
_exit
_cexit
__getmainargs
_ltow_s
wcschr
_wcslwr
memmove
_ultow_s
time
wcsrchr
_vsnwprintf
_wcsnicmp
memset
wcsstr
wcstoul
memcpy
_wcsicmp
_ultow
wcsncmp
_amsg_exit

rpcrt4

UuidCreate
RpcAsyncAbortCall
RpcServerUnsubscribeForNotification
UuidEqual
RpcServerUseProtseqEpW
RpcServerRegisterIfEx
RpcServerUseProtseqW
RpcServerInqBindings
RpcBindingToStringBindingW
RpcStringBindingParseW
RpcStringFreeW
RpcEpRegisterW
RpcServerInqDefaultPrincNameW
RpcServerRegisterAuthInfoW
UuidCreateNil
I_RpcMapWin32Status
RpcServerInqCallAttributesW
RpcAsyncCompleteCall
RpcServerInqBindingHandle
RpcImpersonateClient
RpcRevertToSelf
I_RpcBindingInqLocalClientPID
I_RpcBindingIsClientLocal
I_RpcSessionStrictContextHandle
NdrServerCall2
NdrAsyncServerCall
RpcSsGetContextBinding
RpcServerInqCallAttributesA
RpcBindingServerFromClient
RpcBindingFree
RpcBindingVectorFree
RpcServerSubscribeForNotification
UuidFromStringW

sspicli

LogonUserExExW

ntdll

EtwRegisterTraceGuidsW
RtlUnicodeStringToInteger
RtlSetLastWin32Error
NtTraceControl
RtlInitializeCriticalSection
NtQueueApcThread
NtOpenThread
EvtIntReportEventAndSourceAsync
RtlSetProcessIsCritical
NtOpenProcessToken
NtSetInformationProcess
NtSetEvent
EtwEventRegister
EtwEventWrite
RtlFreeHeap
NtDeleteFile
NtQueryDirectoryFile
NtWaitForSingleObject
RtlAppendUnicodeToString
RtlAppendUnicodeStringToString
NtQueryInformationFile
NtSetInformationFile
NtFilterToken
RtlCopyUnicodeString
RtlMapGenericMask
RtlValidRelativeSecurityDescriptor
RtlSetSecurityObject
RtlQuerySecurityObject
NtQueryInformationToken
NtDuplicateToken
NtAdjustPrivilegesToken
NtSetInformationThread
NtAccessCheckAndAuditAlarm
NtAccessCheck
NtOpenThreadToken
NtPrivilegeCheck
NtPrivilegeObjectAuditAlarm
WinSqmAddToStream
RtlSetEnvironmentVariable
RtlLengthSecurityDescriptor
RtlValidSecurityDescriptor
RtlSetControlSecurityDescriptor
NtDeleteKey
RtlSubAuthoritySid
NtOpenKey
NtEnumerateKey
NtDeleteValueKey
NtSetValueKey
NtQueryValueKey
NtCreateKey
RtlConvertSharedToExclusive
RtlConvertExclusiveToShared
RtlRegisterWait
RtlCreateServiceSid
RtlGetNtProductType
RtlEqualUnicodeString
RtlLengthSid
RtlCopySid
NtLoadDriver
NtOpenDirectoryObject
NtQueryDirectoryObject
RtlCompareUnicodeString
NtUnloadDriver
DbgPrintEx
RtlAdjustPrivilege
RtlExpandEnvironmentStrings_U
RtlInitializeSRWLock
NtFlushKey
NtOpenFile
RtlDosPathNameToNtPathName_U
NtOpenSymbolicLinkObject
NtQuerySymbolicLinkObject
RtlFreeUnicodeString
RtlAcquireSRWLockShared
NtDeleteObjectAuditAlarm
RtlReleaseSRWLockShared
RtlAreAllAccessesGranted
NtCloseObjectAuditAlarm
RtlDeregisterWait
RtlQueueWorkItem
RtlCopyLuid
RtlDeleteSecurityObject
RtlAcquireSRWLockExclusive
RtlReleaseSRWLockExclusive
RtlReleaseResource
RtlAcquireResourceExclusive
RtlAcquireResourceShared
RtlInitializeResource
NtInitializeRegistry
NtQueryKey
NtClose
RtlInitUnicodeString
NtSetSystemEnvironmentValue
RtlNtStatusToDosError
NtShutdownSystem
EtwTraceMessage
RtlUnhandledExceptionFilter
NtQuerySystemInformation
RtlNtStatusToDosErrorNoTeb
RtlInitializeSid
RtlAllocateHeap
RtlLengthRequiredSid
RtlSubAuthorityCountSid
RtlSetSaclSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlSetGroupSecurityDescriptor
RtlSetOwnerSecurityDescriptor
RtlCreateSecurityDescriptor
RtlAddAce
RtlCreateAcl
RtlNewSecurityObject
RtlAnsiStringToUnicodeString
RtlInitAnsiString
RtlUnicodeStringToAnsiString
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle

profapi

ord105
ord101
ord102
ord106

api-ms-win-security-lsalookup-l1-1-0

LsaLookupFreeMemory
LsaLookupTranslateSids
LsaLookupOpenLocalPolicy
LsaLookupManageSidNameMapping
LsaLookupGetDomainInfo
LsaLookupTranslateNames
LsaLookupClose

api-ms-win-security-sddl-l1-1-0

ConvertSecurityDescriptorToStringSecurityDescriptorW
ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW

cryptbase

SystemFunction005
SystemFunction029

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
SetErrorMode
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-file-l1-1-0

CreateFileW
SetFileInformationByHandle
FindNextFileW
FindClose
CreateDirectoryW
FindFirstFileW

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-heap-l1-1-0

HeapFree
HeapCreate
HeapAlloc
HeapSetInformation

api-ms-win-core-interlocked-l1-1-0

InterlockedCompareExchange
InterlockedExchange
InterlockedCompareExchange64

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-libraryloader-l1-1-0

GetModuleHandleW
GetProcAddress
FreeLibrary
LoadLibraryExW
GetModuleHandleA
LoadStringW

api-ms-win-core-localregistry-l1-1-0

RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegGetKeySecurity
RegSetKeySecurity
RegNotifyChangeKeyValue
RegLoadMUIStringW
RegSetValueExW
RegCreateKeyExW

api-ms-win-core-misc-l1-1-0

LocalFree
Sleep
lstrlenW
LocalAlloc

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentVariableW
ExpandEnvironmentStringsW

api-ms-win-core-processthreads-l1-1-0

CreateProcessW
CreateThread
TerminateProcess
GetCurrentThreadId
OpenThreadToken
GetCurrentThread
GetProcessId
GetCurrentProcess
CreateProcessAsUserW
DeleteProcThreadAttributeList
UpdateProcThreadAttribute
InitializeProcThreadAttributeList
OpenProcessToken
ResumeThread
SetThreadPriority
ExitThread
SetProcessShutdownParameters
GetCurrentProcessId
GetProcessTimes

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-string-l1-1-0

CompareStringW

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
WaitForSingleObject
SetEvent
CreateEventW
ResetEvent
WaitForMultipleObjectsEx
OpenEventW
OpenProcess

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime
GetComputerNameExW
GetSystemTime
GetVersionExW

api-ms-win-security-base-l1-1-0

SetSecurityDescriptorDacl
AdjustTokenPrivileges
EqualSid
ImpersonateLoggedOnUser
RevertToSelf
GetLengthSid
CopySid
CheckTokenMembership
GetTokenInformation
AddAce
InitializeAcl
GetSecurityDescriptorDacl
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
SetTokenInformation
AddAccessAllowedAce
AllocateAndInitializeSid
AllocateLocallyUniqueId
FreeSid
SetKernelObjectSecurity
GetKernelObjectSecurity

Sections

.text
Size: 213KB - Virtual size: 213KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7554e509802ea52a1d02bbb4506cae72

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

rpcrt4

sspicli

ntdll

profapi

api-ms-win-security-lsalookup-l1-1-0

api-ms-win-security-sddl-l1-1-0

cryptbase

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-io-l1-1-0

api-ms-win-core-libraryloader-l1-1-0

api-ms-win-core-localregistry-l1-1-0

api-ms-win-core-misc-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-security-base-l1-1-0

Sections

.text Size: 213KB - Virtual size: 213KB

.data Size: 4KB - Virtual size: 3KB

.rsrc Size: 19KB - Virtual size: 18KB

.reloc Size: 14KB - Virtual size: 14KB

.text
Size: 213KB - Virtual size: 213KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 19KB - Virtual size: 18KB

.reloc
Size: 14KB - Virtual size: 14KB