694a4a373c4dbaae000ad8a452c7677e2f36eb2a1a4c47fc444bc8a32199a673[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

694a4a373c4dbaae000ad8a452c7677e2f36eb2a1a4c47fc444bc8a32199a673.exe
Size

265KB
MD5

0a4df1d4146950ef76d93f70aafc0190
SHA1

09c9b55504407a654058b4c8bb0ce9a60b8baa77
SHA256

694a4a373c4dbaae000ad8a452c7677e2f36eb2a1a4c47fc444bc8a32199a673
SHA512

265b1836ba51c2dfcf0dbc60bb578e3e871944c3af9191c3ceb4fb43d7e8a3c5d0d8e9fe13ad816d44513bfc58f379f7a00fe169828b634ee8b2a55666af9f9a
SSDEEP

3072:Z9uIOlAf7wVzvKmbnR3GuF13W3hl8eBVtvGEBDToeOLlk1lHgQNvBbxAcuYysyXN:Ztz7wVz7YOWRlxHHoehSQN5qcQcc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
694a4a373c4dbaae000ad8a452c7677e2f36eb2a1a4c47fc444bc8a32199a673.exe

Files

694a4a373c4dbaae000ad8a452c7677e2f36eb2a1a4c47fc444bc8a32199a673.exe
.dll windows:6 windows x64 arch:x64

8ca3a9f7fd467c1fbe3b80abf9ce78c6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\lev\Projects\tap-windows6\msm\x64\Release\installer.pdb

Imports

cfgmgr32

CM_Get_DevNode_Status

crypt32

CertOpenStore
CertFindCertificateInStore
CertFindExtension
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertCloseStore
CryptQueryObject

msi

ord17
ord125
ord103
ord8
ord74
ord49
ord32
ord159
ord143
ord34
ord145
ord51
ord118
ord160

newdev

UpdateDriverForPlugAndPlayDevicesW

ntdll

RtlGetNtVersionNumbers
RtlUnwindEx
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

setupapi

SetupDiBuildDriverInfoList
SetupDiEnumDriverInfoW
SetupDiGetClassDevsW
SetupCopyOEMInfW
SetupDiGetDriverInfoDetailW
SetupUninstallOEMInfW
SetupDiDestroyDriverInfoList
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsExW
SetupDiCallClassInstaller
SetupDiSetClassInstallParamsW
SetupDiEnumDeviceInfo

shlwapi

PathStripPathW
PathCombineW

kernel32

GetProcessHeap
LCMapStringW
WriteConsoleW
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
GetStringTypeW
FindFirstFileExW
FindClose
GetFileType
GetStdHandle
GetLastError
FormatMessageW
LocalFree
K32EnumDeviceDrivers
K32GetDeviceDriverBaseNameW
Sleep
FindResourceW
SizeofResource
LoadResource
LockResource
CreateFileW
WriteFile
CloseHandle
SetLastError
GetWindowsDirectoryW
CreateDirectoryW
DeleteFileW
RemoveDirectoryW
HeapAlloc
SetFilePointerEx
SetStdHandle
HeapSize
HeapReAlloc
FlushFileBuffers
FindNextFileW
GetConsoleOutputCP
GetCPInfo
HeapFree
GetModuleFileNameW
GetModuleHandleExW
ExitProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
InterlockedFlushSList
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
RaiseException
GetConsoleMode

advapi32

RegCloseKey
RegDeleteKeyExW
RegSetValueExW
RegCreateKeyExW
SystemFunction036
RegQueryValueExW
RegOpenKeyExW
ConvertStringSecurityDescriptorToSecurityDescriptorW

ole32

CoInitialize
CoUninitialize

Exports

Exports

MsiEvaluate
MsiProcess

Sections

.text
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 106KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8ca3a9f7fd467c1fbe3b80abf9ce78c6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

cfgmgr32

crypt32

msi

newdev

ntdll

setupapi

shlwapi

kernel32

advapi32

ole32

Exports

Exports

Sections

.text Size: 99KB - Virtual size: 99KB

.rdata Size: 47KB - Virtual size: 47KB

.data Size: 3KB - Virtual size: 7KB

.pdata Size: 5KB - Virtual size: 4KB

_RDATA Size: 512B - Virtual size: 252B

.rsrc Size: 106KB - Virtual size: 106KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 99KB - Virtual size: 99KB

.rdata
Size: 47KB - Virtual size: 47KB

.data
Size: 3KB - Virtual size: 7KB

.pdata
Size: 5KB - Virtual size: 4KB

_RDATA
Size: 512B - Virtual size: 252B

.rsrc
Size: 106KB - Virtual size: 106KB

.reloc
Size: 2KB - Virtual size: 1KB