clocksvc[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

clocksvc.exe
Size

56KB
MD5

9812a5c5a89b6287c8893d3651b981a0
SHA1

da7bf0b2339f4e39dee9d0a90236f8ab4d374519
SHA256

c1bcd04b41c6b574a5c9367b777efc8b95fe6cc4e526978b7e8e09214337fac1
SHA512

0439b8da5b38a4b7987c136cf747d4e293c3cf779cfa0f3c9b6307074138b6d07d6b40b65eb00f48ad16b6249152a15bd9532604c4a7c299cbd33579522bccb0
SSDEEP

768:dzoV9wufu3dtthu9FDFd0pO/+ee++tu+lHZI+TMRoLZw:xaUNtthu9FBdYOyQo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
clocksvc.exe

Files

clocksvc.exe
.exe windows:4 windows x86 arch:x86

34ccfd798ed8a94608b3c3d17bb27165

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAllocEx
VirtualProtectEx
GetModuleHandleA
OpenProcess
GetVersionExA
WriteProcessMemory
GetProcAddress
GetLocaleInfoA
ReadProcessMemory
Sleep
ReadFile
SetFilePointer
GetFileSize
CreateFileA
TerminateProcess
GetEnvironmentVariableA
GetExitCodeThread
GetTempFileNameA
GetTempPathA
DeleteFileA
VirtualFree
ReleaseMutex
SetPriorityClass
GetCurrentProcess
CreateThread
GetLastError
CreateMutexA
GetCommandLineA
WriteFile
LocalFree
LocalAlloc
WideCharToMultiByte
CreateRemoteThread
WaitForSingleObject
GetCurrentThread
CloseHandle
VirtualFreeEx
GetCurrentThreadId
GetThreadTimes
GetCurrentProcessId
GetDiskFreeSpaceExA
GetTickCount
QueryPerformanceCounter
VirtualAlloc
GlobalMemoryStatus
GetSystemTimeAsFileTime
ExitProcess
CreateProcessA
CreateMailslotA

user32

CreateWindowExA
DestroyWindow
GetCursorPos
GetWindowLongA
GetActiveWindow
SetPropA

advapi32

AddAce
SetSecurityInfo
GetAce
SetSecurityDescriptorDacl
RegSetValueExA
InitializeSecurityDescriptor
RegQueryValueExA
RegCloseKey
RegOpenKeyExA
AddAccessAllowedAce
InitializeAcl
GetUserNameA
GetAclInformation
GetSecurityInfo
GetLengthSid
LookupAccountNameA

msvcrt

__getmainargs
_initterm
__setusermatherr
__p___initenv
_exit
_XcptFilter
__p__fmode
__set_app_type
_controlfp
_onexit
__dllonexit
malloc
free
_strnicmp
wcslen
__CxxFrameHandler
strrchr
localtime
asctime
fseek
ftell
fread
time
swprintf
sprintf
fopen
fwrite
fclose
wcscat
wcscmp
exit
atoi
_except_handler3
wcscpy
??3@YAXPAX@Z
sscanf
_adjust_fdiv
__p__commode
fprintf
atol
_strcmpi
_stricmp

mfc42

ord2781
ord2770
ord540
ord356
ord3811
ord858
ord3310
ord3178
ord800
ord3337
ord5572
ord2915
ord3319
ord1980
ord668
ord1575
ord1247
ord2077
ord2029
ord815
ord561
ord791
ord523
ord3717
ord967
ord1995
ord5479
ord5797
ord4919
ord4975
ord4863
ord4335
ord4447
ord4411
ord2032
ord5482
ord5811
ord4779
ord5308

wsock32

listen
setsockopt
gethostname
shutdown

Sections

.text
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 4.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

34ccfd798ed8a94608b3c3d17bb27165

Headers

File Characteristics

Imports

kernel32

user32

advapi32

msvcrt

mfc42

wsock32

Sections

.text Size: 40KB - Virtual size: 37KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 8KB - Virtual size: 4.0MB

.text
Size: 40KB - Virtual size: 37KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 8KB - Virtual size: 4.0MB