702c416ced7219e2d432ec7c3bff58baa7662ad1d6afcfed58d30273957b271f

Sharing

Copy URL

Twitter E-mail

General

Target

702c416ced7219e2d432ec7c3bff58baa7662ad1d6afcfed58d30273957b271f
Size

1.8MB
MD5

1a7534868d739f870ca41de450ff72da
SHA1

a3e31f5c563f7333020b2e0e20dfadba325abdf3
SHA256

702c416ced7219e2d432ec7c3bff58baa7662ad1d6afcfed58d30273957b271f
SHA512

c1236a02ceed984a00149787285d8ae2a332d8459973614512e2e4a10d6da1a7c77f1f972771de965bd351406ce5d9a3aaf30fdd5ed93b7ecdf764ce957b44d0
SSDEEP

24576:lNHSe843Ga6e2/C/Nzpk3ZGMC8CEwOz7O3JDvudsqjnhMgeiCl7G0nehbGZpbD:vHSe84waiZ37OJYDmg27RnWGj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
702c416ced7219e2d432ec7c3bff58baa7662ad1d6afcfed58d30273957b271f

Files

702c416ced7219e2d432ec7c3bff58baa7662ad1d6afcfed58d30273957b271f
.exe windows:10 windows x64 arch:x64

7bff568394d9ebb657ca17abd8292547

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

SensorDataService.pdb

Imports

msvcrt

??1exception@@UEAA@XZ
??8type_info@@QEBAHAEBV0@@Z
memcpy_s
?what@exception@@UEBAPEBDXZ
_vsnwprintf
??_V@YAXPEAX@Z
__wgetmainargs
memcmp
??0exception@@QEAA@AEBV0@@Z
_vsnwprintf_s
_wcsicmp
free
__set_app_type
_vsnprintf_s
exit
_fmode
memcpy
_wcsnicmp
?terminate@@YAXXZ
_lock
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
memmove
??0exception@@QEAA@XZ
_callnewh
_exit
_cexit
_snwprintf_s
__setusermatherr
malloc
_initterm
wcscpy_s
_XcptFilter
__C_specific_handler
_CxxThrowException
swprintf_s
_unlock
_amsg_exit
__dllonexit
memmove_s
_commode
__CxxFrameHandler3
wprintf_s
sprintf
realloc
_purecall
??3@YAXPEAX@Z
??1type_info@@UEAA@XZ
_onexit
memset

api-ms-win-core-string-l1-1-0

CompareStringW

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleExW
FreeLibrary
LoadStringW
GetProcAddress
LoadLibraryExW
RemoveDllDirectory
AddDllDirectory
GetModuleHandleW

api-ms-win-core-errorhandling-l1-1-1

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
SetLastError
RaiseException

api-ms-win-service-core-l1-1-1

SetServiceStatus
RegisterServiceCtrlHandlerExW
StartServiceCtrlDispatcherW

api-ms-win-core-synch-l1-2-0

ReleaseSRWLockExclusive
InitializeSRWLock
AcquireSRWLockExclusive
CreateMutexExW
ReleaseSRWLockShared
AcquireSRWLockShared
InitializeCriticalSectionEx
DeleteCriticalSection
WaitForSingleObjectEx
ReleaseMutex
Sleep
CreateEventExW
ResetEvent
WaitForSingleObject
ReleaseSemaphore
LeaveCriticalSection
EnterCriticalSection
CreateSemaphoreExW
OpenSemaphoreW
SetEvent

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-2

OpenProcess
TerminateProcess
GetCurrentThreadId
GetCurrentProcess
OpenProcessToken
GetCurrentProcessId

api-ms-win-core-sysinfo-l1-2-1

GetTickCount
GetTickCount64
GetSystemInfo
GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-2-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl
EventUnregister
EventRegister
EventSetInformation
EventWriteTransfer

api-ms-win-service-management-l1-1-0

OpenSCManagerW
CloseServiceHandle
OpenServiceW
DeleteService
CreateServiceW
StartServiceW

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoInitialize
RoGetActivationFactory
RoUninitialize

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegEnumKeyExW
RegCreateKeyExW
RegNotifyChangeKeyValue
RegCloseKey

api-ms-win-service-management-l2-1-0

ChangeServiceConfig2W
QueryServiceStatusEx

api-ms-win-service-winsvc-l1-2-0

ControlService

api-ms-win-core-winrt-error-l1-1-1

RoOriginateError
RoTransformError

api-ms-win-core-com-l1-1-1

CoGetApartmentType
CoCreateInstance
CoCreateFreeThreadedMarshaler
CoTaskMemFree
CoTaskMemAlloc

api-ms-win-core-heap-l1-2-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-localization-l1-2-1

FormatMessageW

api-ms-win-core-debug-l1-1-1

OutputDebugStringW

api-ms-win-core-winrt-string-l1-1-0

WindowsDuplicateString
WindowsStringHasEmbeddedNull
WindowsGetStringRawBuffer
WindowsDeleteString
WindowsIsStringEmpty
WindowsCreateString
WindowsCreateStringReference
WindowsCompareStringOrdinal

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-security-base-l1-2-0

AllocateAndInitializeSid
FreeSid
DuplicateToken
CheckTokenCapability
CheckTokenMembership
GetTokenInformation

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertStringSidToSidW

api-ms-win-core-version-l1-1-0

GetFileVersionInfoExW
GetFileVersionInfoSizeExW
VerQueryValueW

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFindFileNameW

ntdll

RtlSubscribeWnfStateChangeNotification
RtlUnsubscribeWnfNotificationWaitForCompletion

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolIo
CreateThreadpool
SetThreadpoolThreadMaximum
CreateThreadpoolIo
WaitForThreadpoolIoCallbacks
CloseThreadpoolWait
WaitForThreadpoolWaitCallbacks
SetThreadpoolWait
CreateThreadpoolWait
CreateThreadpoolTimer
WaitForThreadpoolWorkCallbacks
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
StartThreadpoolIo
CancelThreadpoolIo
CloseThreadpoolTimer
SubmitThreadpoolWork
CloseThreadpool
CloseThreadpoolWork
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork

api-ms-win-core-namedpipe-l1-2-0

CreateNamedPipeW
ConnectNamedPipe

api-ms-win-core-io-l1-1-1

GetOverlappedResult

api-ms-win-core-file-l1-2-1

WriteFile
ReadFile

api-ms-win-core-kernel32-legacy-l1-1-1

GetNamedPipeClientProcessId

Sections

.text
Size: 872KB - Virtual size: 872KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 356KB - Virtual size: 356KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 572KB - Virtual size: 576KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7bff568394d9ebb657ca17abd8292547

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-string-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-service-core-l1-1-1

api-ms-win-core-synch-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-rtlsupport-l1-2-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-service-management-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-service-management-l2-1-0

api-ms-win-service-winsvc-l1-2-0

api-ms-win-core-winrt-error-l1-1-1

api-ms-win-core-com-l1-1-1

api-ms-win-core-heap-l1-2-0

api-ms-win-core-localization-l1-2-1

api-ms-win-core-debug-l1-1-1

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-security-base-l1-2-0

api-ms-win-core-psapi-l1-1-0

api-ms-win-security-sddl-l1-1-0

api-ms-win-core-version-l1-1-0

api-ms-win-core-registry-l1-1-1

api-ms-win-core-shlwapi-legacy-l1-1-0

ntdll

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-namedpipe-l1-2-0

api-ms-win-core-io-l1-1-1

api-ms-win-core-file-l1-2-1

api-ms-win-core-kernel32-legacy-l1-1-1

Sections

.text Size: 872KB - Virtual size: 872KB

.rdata Size: 356KB - Virtual size: 356KB

.data Size: 6KB - Virtual size: 69KB

.pdata Size: 39KB - Virtual size: 39KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 572KB - Virtual size: 576KB

.text
Size: 872KB - Virtual size: 872KB

.rdata
Size: 356KB - Virtual size: 356KB

.data
Size: 6KB - Virtual size: 69KB

.pdata
Size: 39KB - Virtual size: 39KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 572KB - Virtual size: 576KB