malware1[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

malware1.exe
Size

174KB
MD5

d90ddc1c4b740e4725cd250dd2503ccb
SHA1

4164af66cd4825e3cc9dbcdca21ac9e38a95875c
SHA256

7f5013ff6e53fec5144fb7306994676f558145f1976c50b840b62361efd85363
SHA512

176ac9e40ae838e1195d95c50d958a05c2f429757fc723371f28700a39cbd72da93705311570ae7f0f40b08b34f3d72c7545d72f69a0db9dfa0cf6633002e2ec
SSDEEP

3072:ln1lndJVY02twoTeZknWB4/A69Z+X6rNh0yQNWLoq59rs3tv53AdF5GLjNxi6zvw:ln1bE9PkXQNh0yNoqDs5xzD1O

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
malware1.exe

Files

malware1.exe
.exe windows:6 windows x86 arch:x86

ad560534aea4f1d3cf692f4d70b265ac

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\work\7714ea6888591698\Hostcore\Management\src\Stack\PD\encsvc\Release\Win32\WS\pdb\full\exe\encsvc.pdb

Imports

advapi32

RegQueryValueExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
OpenServiceW
StartServiceCtrlDispatcherW
RegOpenKeyExW
StartServiceW
RegSetValueExW
ControlService
RegisterServiceCtrlHandlerW
DeleteService
RegCreateKeyExW
SetServiceStatus
OpenSCManagerW
CloseServiceHandle
RegCloseKey
CreateServiceW
CryptReleaseContext
CryptGenRandom
CryptAcquireContextW

kernel32

GetModuleFileNameW
SetThreadPriority
WaitForSingleObject
CreateEventW
FormatMessageW
GetLastError
SetEvent
CloseHandle
CreateThread
LocalFree
ExitProcess
SleepEx
GetTickCount
LocalAlloc
LocalReAlloc
GetLocaleInfoW
GetFileAttributesW
FreeLibrary
GetModuleHandleW
LoadLibraryExW
CreateDirectoryW
RemoveVectoredExceptionHandler
CompareFileTime
FindFirstFileW
HeapFree
EnterCriticalSection
FindNextFileW
ExpandEnvironmentStringsW
GetThreadLocale
LeaveCriticalSection
InitializeCriticalSection
FindClose
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
OutputDebugStringW
SetUnhandledExceptionFilter
MapViewOfFile
CreateFileMappingW
CreateProcessW
GetProcessHeap
GetCurrentProcessId
MoveFileExW
GetProcAddress
AddVectoredExceptionHandler
HeapAlloc
LoadLibraryW
OpenProcess
UnmapViewOfFile
GetCurrentThreadId
CreateFileW

vcruntime140

__std_exception_destroy
_CxxThrowException
memcpy
memset
_except_handler4_common
__std_terminate
wcsstr
__CxxFrameHandler3
wcsrchr
memmove
__std_exception_copy

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode
__acrt_iob_func
__stdio_common_vswprintf
__stdio_common_vsprintf
__stdio_common_vfprintf
__stdio_common_vfwprintf_s
__stdio_common_vfwscanf
__stdio_common_vsnwprintf_s
__stdio_common_vswprintf_s
__stdio_common_vfwprintf
__stdio_common_vswscanf
_wfopen_s
fclose

api-ms-win-crt-string-l1-1-0

_wcsicmp
_wcsdup
_wcslwr_s
_wcsnicmp
wcsncpy_s
iswctype
_wcslwr
wcscpy_s
wcsncpy

api-ms-win-crt-runtime-l1-1-0

_errno
_invalid_parameter_noinfo
_register_onexit_function
terminate
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
__p___wargv
__p___argc
_controlfp_s
_exit
exit
_initterm
_get_initial_wide_environment
_initialize_wide_environment
_configure_wide_argv
_initialize_onexit_table
_set_app_type
_seh_filter_exe
_crt_atexit
_initterm_e

api-ms-win-crt-heap-l1-1-0

malloc
free
_callnewh
_set_new_mode

api-ms-win-crt-convert-l1-1-0

wcstoul
wcstol

api-ms-win-crt-math-l1-1-0

_fdopen
__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

user32

wsprintfW
LoadStringW

Sections

.text
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 89KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.extrada
Size: 512B - Virtual size: 498B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.extrada
Size: 512B - Virtual size: 494B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.extrada
Size: 512B - Virtual size: 501B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.extrada
Size: 512B - Virtual size: 502B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.extrada
Size: 512B - Virtual size: 292B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.extrada
Size: 512B - Virtual size: 158B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ad560534aea4f1d3cf692f4d70b265ac

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

user32

Sections

.text Size: 62KB - Virtual size: 61KB

.rdata Size: 9KB - Virtual size: 8KB

.data Size: 1KB - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 89KB - Virtual size: 88KB

.extrada Size: 512B - Virtual size: 498B

.extrada Size: 512B - Virtual size: 494B

.extrada Size: 512B - Virtual size: 501B

.extrada Size: 512B - Virtual size: 502B

.extrada Size: 512B - Virtual size: 292B

.extrada Size: 512B - Virtual size: 158B

.text
Size: 62KB - Virtual size: 61KB

.rdata
Size: 9KB - Virtual size: 8KB

.data
Size: 1KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 89KB - Virtual size: 88KB

.extrada
Size: 512B - Virtual size: 498B

.extrada
Size: 512B - Virtual size: 494B

.extrada
Size: 512B - Virtual size: 501B

.extrada
Size: 512B - Virtual size: 502B

.extrada
Size: 512B - Virtual size: 292B

.extrada
Size: 512B - Virtual size: 158B