8c66228326885928e9eb5db47da52ae96efc13ecba4a0d232dad18f7e9bcca37

Sharing

Copy URL Twitter E-mail

General

Target

8c66228326885928e9eb5db47da52ae96efc13ecba4a0d232dad18f7e9bcca37
Size

175KB
MD5

b1a8a82c1fff358313ec287fbd4dc949
SHA1

591ad6b78c97a9cc1bb3d6b5997adbfdb8bbeeb9
SHA256

8c66228326885928e9eb5db47da52ae96efc13ecba4a0d232dad18f7e9bcca37
SHA512

37bb65603995b4993ac3bb3a6b81eda50a5b2e65c65fbc20c54122fdf7726fdc8d0ed75e4725327aa01edeea8a993aa3250acb04fe5ebc30036df6d666f2fa37
SSDEEP

3072:RtiRacZ4pwUj6VKFRdHdhp28jD5ebhrDwAWKatr+WjGBGAw+Cx:RtiUcZ4p6SvwclShYAWKRGAwl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8c66228326885928e9eb5db47da52ae96efc13ecba4a0d232dad18f7e9bcca37

Files

8c66228326885928e9eb5db47da52ae96efc13ecba4a0d232dad18f7e9bcca37
.exe windows:6 windows x86 arch:x86

d92c80d49382091310fb8db089f856a9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

sctasks.pdb

Imports

msvcrt

_vsnwprintf
_CxxThrowException
__CxxFrameHandler3
wcsrchr
memset
free
memcpy_s
isspace
_wtol
_onexit
_lock
__dllonexit
_unlock
_controlfp
_except_handler4_common
?terminate@@YAXXZ
??1type_info@@UAE@XZ
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
exit
_memicmp
_get_osfhandle
_errno
_fileno
fflush
fprintf
__iob_func
wcstod
wcstoul
wcstol
_purecall
memcpy
srand
_iob
_XcptFilter
_exit
_cexit
__wgetmainargs
_callnewh
malloc
_ultow
_wtoi
iswdigit
wcstok
wcschr
iswpunct
iswspace
wcspbrk

api-ms-win-core-console-l1-1-0

WriteConsoleW
SetConsoleMode
GetConsoleMode
ReadConsoleW

api-ms-win-core-datetime-l1-1-0

GetDateFormatW
GetTimeFormatW

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-file-l1-1-0

CreateFileW
ReadFile
CompareFileTime
SetFilePointer
GetFileSizeEx
WriteFile

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l1-1-0

HeapSetInformation

api-ms-win-core-interlocked-l1-1-0

InterlockedCompareExchange
InterlockedDecrement
InterlockedExchange

api-ms-win-core-libraryloader-l1-1-0

LoadStringW
GetProcAddress
FreeLibrary
LoadLibraryExA
GetModuleHandleA

api-ms-win-core-localization-l1-1-0

GetLocaleInfoW

api-ms-win-core-localregistry-l1-1-0

RegCloseKey
RegOpenKeyExW
RegQueryValueExW

api-ms-win-core-misc-l1-1-0

Sleep
LocalFree
lstrlenW

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
TerminateProcess
GetCurrentProcess
GetCurrentProcessId

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetLocalTime
SystemTimeToFileTime
GetSystemTimeAsFileTime

api-ms-win-security-base-l1-1-0

CreateWellKnownSid
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority

ntdll

EtwTraceMessage
WinSqmAddToStream
RtlNtStatusToDosError
RtlCreateVirtualAccountSid
RtlInitUnicodeString
WinSqmIsOptedIn

user32

CharUpperW
MessageBeep

ole32

IIDFromString
CoUninitialize
StringFromGUID2
CoCreateGuid
CoCreateInstance
CoInitializeSecurity
CoInitializeEx

oleaut32

SysAllocStringByteLen
SysStringByteLen
VariantTimeToSystemTime
SysFreeString
VariantInit
VariantClear
SysAllocStringLen
GetErrorInfo
SysStringLen
VarBstrCat
VariantChangeType
SysAllocString

shlwapi

StrChrW
StrRChrIW
StrStrIW
StrChrIW
StrStrW

kernel32

HeapSize
HeapFree
HeapAlloc
GetProcessHeap
InitializeCriticalSectionAndSpinCount
DebugBreak
HeapValidate
WideCharToMultiByte
RegDeleteKeyExW
DeleteFileTransactedW
DeleteFileW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InterlockedIncrement
InitializeCriticalSection
RegSetValueExW
ExpandEnvironmentStringsW
UnregisterWait
GetComputerNameExW
CompareStringA
GetThreadLocale
CompareStringW
FileTimeToSystemTime
GetModuleFileNameW
ExitProcess
GetConsoleOutputCP
HeapReAlloc
lstrlenA
GetFileType
VerSetConditionMask
VerifyVersionInfoW
FormatMessageW
SetThreadUILanguage
DelayLoadFailureHook
GetComputerNameW

ktmw32

CommitTransaction
RollbackTransaction
CreateTransaction

Sections

.text
Size: 139KB - Virtual size: 139KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d92c80d49382091310fb8db089f856a9

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-console-l1-1-0

api-ms-win-core-datetime-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-libraryloader-l1-1-0

api-ms-win-core-localization-l1-1-0

api-ms-win-core-localregistry-l1-1-0

api-ms-win-core-misc-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-security-base-l1-1-0

ntdll

user32

ole32

oleaut32

shlwapi

kernel32

ktmw32

Sections

.text Size: 139KB - Virtual size: 139KB

.data Size: 24KB - Virtual size: 24KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 8KB - Virtual size: 36KB

.text
Size: 139KB - Virtual size: 139KB

.data
Size: 24KB - Virtual size: 24KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 8KB - Virtual size: 36KB