4a079b7169d587f92e46425f57295e60c16212fc3c64c2ef218c84f6e6ed3973

Sharing

Copy URL Twitter E-mail

General

Target

4a079b7169d587f92e46425f57295e60c16212fc3c64c2ef218c84f6e6ed3973
Size

451KB
MD5

a10ff34b512516bbdbd22bf68af415ff
SHA1

28daf3f45902b144d09ae0279d47e27daf3a9d5f
SHA256

4a079b7169d587f92e46425f57295e60c16212fc3c64c2ef218c84f6e6ed3973
SHA512

bd5e7db97ff4323a8600bbe0a00e2ae8a0600b8f54bd866384c1b763d0da7e384d85b907e58485527089390660def23d01519ed4438f010a2525664a996f48cb
SSDEEP

12288:+geVjprbj/2D9EnzdXbp2FbrL4ojgSpQFXb6:yVjdbyZEnzdXbp2FfL4oj7QFL6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4a079b7169d587f92e46425f57295e60c16212fc3c64c2ef218c84f6e6ed3973

Files

4a079b7169d587f92e46425f57295e60c16212fc3c64c2ef218c84f6e6ed3973
.exe windows:5 windows x64 arch:x64

60d1eea8d98155fcb71a3e7a4edc00a3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\docker\Documents\workspace\build-v2\common\hrkill\bin\usysdiag-helper-x64.pdb

Imports

kernel32

CreateToolhelp32Snapshot
GetCommandLineW
WaitForSingleObject
CreateThread
ExitProcess
SetProcessWorkingSetSize
TlsSetValue
HeapFree
SetLastError
InitializeCriticalSectionAndSpinCount
GetQueuedCompletionStatus
LocalAlloc
GetCurrentThreadId
HeapSize
PostQueuedCompletionStatus
GetExitCodeThread
GetLastError
SetEvent
TlsAlloc
HeapReAlloc
RaiseException
GetSystemInfo
ResetEvent
HeapAlloc
DecodePointer
HeapDestroy
GetProcessHeap
Module32First
TlsFree
CreateEventA
CreateIoCompletionPort
VirtualQuery
WriteConsoleW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
SetStdHandle
OutputDebugStringA
SetConsoleCtrlHandler
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
Module32Next
VirtualQueryEx
OpenThread
TerminateThread
TerminateProcess
FreeLibrary
LoadLibraryA
GetCurrentDirectoryW
CreateFileA
GetCurrentDirectoryA
SetFilePointer
WriteFile
SearchPathW
ExpandEnvironmentStringsA
ReadFile
DeviceIoControl
IsBadReadPtr
SearchPathA
CreateFileW
GetProcAddress
GetModuleHandleA
GetTickCount
WideCharToMultiByte
DeleteCriticalSection
LocalFree
GetWindowsDirectoryW
CloseHandle
Sleep
MultiByteToWideChar
OpenProcess
InitializeCriticalSection
LeaveCriticalSection
GetOEMCP
IsValidCodePage
FindNextFileW
FindNextFileA
FindFirstFileExW
FindFirstFileExA
FindClose
EnumSystemLocalesW
GetUserDefaultLCID
GetCurrentProcess
GetLongPathNameW
EnterCriticalSection
VirtualAlloc
VirtualFree
VirtualProtect
GetFileAttributesA
TlsGetValue
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
OutputDebugStringW
RtlPcToFileHeader
EncodePointer
RtlUnwindEx
LoadLibraryExW
InterlockedPushEntrySList
InterlockedFlushSList
GetCommandLineA
ExitThread
ResumeThread
FreeLibraryAndExitThread
GetModuleHandleExW
GetModuleFileNameA
GetModuleFileNameW
GetStdHandle
GetACP
GetStringTypeW
GetCurrentThread
GetFileType
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
ReadConsoleW

user32

EnumDesktopWindows
GetParent
GetWindowRect
UnregisterClassA
OpenDesktopA
EnumWindowStationsA
GetWindowThreadProcessId
IsWindowVisible
CloseWindowStation
EnumDesktopsA
CloseDesktop
OpenWindowStationA

advapi32

RegSetValueExA
RegOpenKeyW
ConvertSidToStringSidW
OpenProcessToken
RegCloseKey
RegEnumKeyExA
RegQueryValueExW
RegSaveKeyA
AdjustTokenPrivileges
LookupPrivilegeValueA
GetSidSubAuthorityCount
GetSidSubAuthority
GetUserNameW
LookupAccountNameW
GetSidIdentifierAuthority
BuildExplicitAccessWithNameA
SetSecurityDescriptorDacl
SetEntriesInAclA
GetSecurityDescriptorDacl
RegGetKeySecurity
RegDeleteKeyA
RegQueryValueExA
RegCreateKeyExA
RegSetKeySecurity
RegSetValueExW
RegLoadKeyA
InitializeSecurityDescriptor
RegOpenKeyExA
RegEnumValueA
RegDeleteValueA
GetTokenInformation

shell32

CommandLineToArgvW
SHGetSpecialFolderPathA

ole32

CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

SysFreeString

crypt32

CryptQueryObject
CertCloseStore
CryptMsgGetParam
CertFindCertificateInStore
CertGetNameStringW
CertFreeCertificateContext
CryptMsgClose

Sections

.text
Size: 322KB - Virtual size: 321KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 484B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

60d1eea8d98155fcb71a3e7a4edc00a3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

crypt32

Sections

.text Size: 322KB - Virtual size: 321KB

.rdata Size: 96KB - Virtual size: 96KB

.data Size: 4KB - Virtual size: 13KB

.pdata Size: 21KB - Virtual size: 20KB

.tls Size: 512B - Virtual size: 9B

.gfids Size: 512B - Virtual size: 484B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 7KB

.text
Size: 322KB - Virtual size: 321KB

.rdata
Size: 96KB - Virtual size: 96KB

.data
Size: 4KB - Virtual size: 13KB

.pdata
Size: 21KB - Virtual size: 20KB

.tls
Size: 512B - Virtual size: 9B

.gfids
Size: 512B - Virtual size: 484B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 7KB