17153c7beeaa040d43a5a31cd28767475d3e488c472f48bd95213609d7a5f2ec

Sharing

Copy URL Twitter E-mail

General

Target

17153c7beeaa040d43a5a31cd28767475d3e488c472f48bd95213609d7a5f2ec
Size

1.4MB
MD5

70062e61e30af2f46e52e21d8a471ada
SHA1

f11d15a492b53e83615469f303027ebd72a0e027
SHA256

17153c7beeaa040d43a5a31cd28767475d3e488c472f48bd95213609d7a5f2ec
SHA512

4d8b4475508d7ed9f4dc931f937c80506308fa6a14876185394590533124d4ce4153668f124f7dca50dd147c4790a83b5da703cd029ae6f1803bf11225b3249b
SSDEEP

24576:9+LGQb0/HELyxjb/BcHofe3y1sInB2COzRq8DvFqt:9+iQUELyxjVCP4suIRbDv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
17153c7beeaa040d43a5a31cd28767475d3e488c472f48bd95213609d7a5f2ec

Files

17153c7beeaa040d43a5a31cd28767475d3e488c472f48bd95213609d7a5f2ec
.exe windows:10 windows x64 arch:x64

5983ecee2610945955cbb48db42e1ddd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

tracefmt.pdb

Imports

advapi32

OpenTraceW
CloseTrace
ProcessTrace
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
ConvertSidToStringSidW
RegEnumKeyExW
GetLengthSid
LookupAccountSidW

kernel32

GetModuleHandleExW
GetModuleFileNameW
CompareStringOrdinal
CreateFileW
GetVersionExW
MultiByteToWideChar
GetLastError
FileTimeToSystemTime
CloseHandle
HeapSetInformation
FileTimeToLocalFileTime
GetProcAddress
FreeLibrary
WideCharToMultiByte
GetSystemInfo
SetDllDirectoryW
GetDllDirectoryW
VirtualProtect
HeapFree
LoadLibraryExA
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
RaiseException
HeapAlloc
GetProcessHeap
VirtualQuery
GetFileSizeEx
SystemTimeToFileTime
CopyFileW
GetFileAttributesW
CreateDirectoryW
OutputDebugStringW
CompareFileTime
GetPrivateProfileStringW
GetFileTime
GetFileSize
LoadLibraryExW
LocalFree
FormatMessageW
SetLastError
DeleteCriticalSection
GetCurrentDirectoryW
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
SearchPathW
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
Sleep
GetEnvironmentVariableA
GetEnvironmentVariableW
HeapDestroy
HeapReAlloc
HeapSize
ReadFile
GetFullPathNameW

msvcrt

strcmp
??1type_info@@UEAA@XZ
_onexit
_commode
_fmode
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
memset
memcmp
memchr
strnlen
fputws
fputwc
strtok_s
sprintf_s
_splitpath_s
strrchr
strchr
_initterm
__setusermatherr
_cexit
_exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
memmove
memcpy
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBQEBD@Z
_callnewh
malloc
wcscpy_s
__C_specific_handler
memmove_s
wcsrchr
memcpy_s
vfwprintf
_wfullpath
atoi
free
printf
_errno
fwrite
fgets
_purecall
wcstok_s
??3@YAXPEAX@Z
wcstoul
strtoul
_vsnprintf
fclose
_wcsicmp
_wfsopen
_vsnwprintf
strtok
??_V@YAXPEAX@Z
exit
wprintf
__CxxFrameHandler3
__iob_func
_wfopen
wcsstr
wcsspn
fgetws
wcschr
iswspace
_wtoi
wcscspn
_snwprintf_s
wcstol
swscanf
_vsnwprintf_s
strncmp
wcsnlen
vsprintf_s
fopen
vfprintf
strncpy_s
_wsplitpath_s
fprintf
_vscprintf
strcpy_s
fputs
strstr
wcscmp

version

VerQueryValueW
GetFileVersionInfoExW
GetFileVersionInfoSizeExW

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlIpv4AddressToStringExW
RtlIpv6AddressToStringExW

tdh

TdhLoadManifestFromBinary
TdhGetEventInformation
TdhGetEventMapInformation
TdhLoadManifest

Sections

.text
Size: 144KB - Virtual size: 144KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 455KB - Virtual size: 455KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 205KB - Virtual size: 249KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 592KB - Virtual size: 596KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5983ecee2610945955cbb48db42e1ddd

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

msvcrt

version

ntdll

tdh

Sections

.text Size: 144KB - Virtual size: 144KB

.rdata Size: 455KB - Virtual size: 455KB

.data Size: 205KB - Virtual size: 249KB

.pdata Size: 4KB - Virtual size: 4KB

.didat Size: 512B - Virtual size: 232B

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 592KB - Virtual size: 596KB

.text
Size: 144KB - Virtual size: 144KB

.rdata
Size: 455KB - Virtual size: 455KB

.data
Size: 205KB - Virtual size: 249KB

.pdata
Size: 4KB - Virtual size: 4KB

.didat
Size: 512B - Virtual size: 232B

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 592KB - Virtual size: 596KB