9566200911e9bc1e9aacb6830d8566f40ad3aca739a156749e90f118a5d84bfb

Sharing

Copy URL Twitter E-mail

General

Target

9566200911e9bc1e9aacb6830d8566f40ad3aca739a156749e90f118a5d84bfb
Size

816KB
MD5

aa0b073caf8c12b1df8bdd92f3e9d409
SHA1

09887682b336efb14fa325544881ec2da6769758
SHA256

9566200911e9bc1e9aacb6830d8566f40ad3aca739a156749e90f118a5d84bfb
SHA512

a132392477e82e1e9ffe4d2dd4d45b54297d0c24ba3c256c34a5224508fa7f005753869f05118e362ea99c2b9805c7ecce5c58e5775c29db857a582f1f6ad6fd
SSDEEP

12288:OeHJ6WGKHLyNAlSXHZgV+3KbiVP83SrvwbW6IvZbxpG9Oqt6xDkwMHElTahT+M:wKGuu6WZPHxDkwMHElTkT+M

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9566200911e9bc1e9aacb6830d8566f40ad3aca739a156749e90f118a5d84bfb

Files

9566200911e9bc1e9aacb6830d8566f40ad3aca739a156749e90f118a5d84bfb
.exe windows:5 windows x86 arch:x86

f598bcf585e1b222e12b8e9f418524ba

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\jenkins-node\trunk_full_build\src\inst\bin\reboot.pdb

Imports

mgscmn

ord5
ord6
ord3
ord2
ord7

kernel32

Sleep
CreateMutexA
ReleaseMutex
PeekNamedPipe
CreateProcessW
TerminateProcess
GetStdHandle
GetWindowsDirectoryA
LoadLibraryW
GetCommandLineA
ExitProcess
GetModuleHandleExW
AreFileApisANSI
GetCurrentDirectoryW
IsDebuggerPresent
IsProcessorFeaturePresent
HeapFree
HeapAlloc
CreateDirectoryW
RemoveDirectoryW
FileTimeToLocalFileTime
FindClose
FindFirstFileExW
GetDriveTypeW
FileTimeToSystemTime
DeleteFileW
GetSystemTimeAsFileTime
EnterCriticalSection
LeaveCriticalSection
GetFullPathNameA
HeapReAlloc
GetConsoleMode
ReadConsoleW
GetFileType
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetStartupInfoW
RaiseException
GetModuleFileNameW
GetProcessHeap
IsDBCSLeadByteEx
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
IsValidCodePage
GetACP
GetOEMCP
GetConsoleCP
LoadLibraryExW
HeapSize
GetFileInformationByHandle
RtlUnwind
SetFilePointerEx
SetEnvironmentVariableA
SetEnvironmentVariableW
SetStdHandle
OutputDebugStringW
GetStringTypeW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
WriteConsoleW
MultiByteToWideChar
WideCharToMultiByte
GetCPInfo
InterlockedDecrement
InterlockedIncrement
FlushFileBuffers
ReadFile
WriteFile
SetEndOfFile
SetFilePointer
GetFileSize
SetFileAttributesW
GetDiskFreeSpaceExW
GetFileAttributesExW
GetFileTime
SetCurrentDirectoryW
lstrlenW
SystemTimeToTzSpecificLocalTime
CreateFileW
GetFileAttributesW
lstrcpynW
CreateDirectoryExW
SetFileTime
GetLogicalDrives
MoveFileExW
CopyFileExW
GetFullPathNameW
GetShortPathNameW
SetLastError
CloseHandle
GetVersionExA
GetProcAddress
FreeLibrary
GetCurrentProcessId
GetLocalTime
GetTimeZoneInformation
GetProcessTimes
GetSystemInfo
CreatePipe
SetHandleInformation
GetFileAttributesA
LocalFree
GetModuleFileNameA
GetExitCodeProcess
OpenProcess
WaitForSingleObject
GetTempPathA
SetConsoleCtrlHandler
GetLastError
GetCurrentProcess
GetModuleHandleA
MulDiv
GetCurrentThreadId
CreateEventA
GetCurrentThread
FindNextFileW
QueryPerformanceCounter

advapi32

OpenProcessToken
LookupPrivilegeValueA
GetUserNameA
AdjustTokenPrivileges
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
GetTokenInformation
EqualSid
FreeSid
OpenThreadToken
GetSecurityDescriptorDacl
GetLengthSid
AddAce
SetSecurityInfo
AddAccessAllowedAce
InitializeAcl
GetAce
LookupPrivilegeValueW
CreateProcessAsUserW
CopySid
GetAclInformation
AddAccessAllowedAceEx
DeleteAce
LogonUserW
AllocateAndInitializeSid
InitiateSystemShutdownA

shell32

SHGetMalloc
SHGetPathFromIDListW
SHGetDesktopFolder

user32

PostQuitMessage
RegisterClassExA
GetClassNameA
DestroyWindow
ClientToScreen
OpenWindowStationA
CloseDesktop
OpenInputDesktop
GetProcessWindowStation
GetClassInfoExA
GetThreadDesktop
GetWindowTextLengthA
GetUserObjectInformationA
CharNextExA
MsgWaitForMultipleObjects
GetUserObjectSecurity
SetCursor
GetFocus
SetFocus
IsWindowEnabled
CloseWindowStation
SendMessageA
LoadImageA
ReleaseDC
GetDC
BeginPaint
OffsetRect
GetWindowTextA
SetWindowLongA
GetWindowLongA
CreateWindowExA
DefWindowProcA
MoveWindow
EnumChildWindows
ShowWindow
IsWindow
IsWindowVisible
SetWindowTextA
UpdateWindow
EnableWindow
LoadCursorA
SetProcessWindowStation
GetSysColor
GetSysColorBrush
SetTimer
GetWindowRect
KillTimer
DrawTextA
SetForegroundWindow
AttachThreadInput
GetForegroundWindow
InvalidateRect
GetDesktopWindow
SetWindowPos
GetWindowThreadProcessId
GetMessageA
IsDialogMessageA
TranslateMessage
PeekMessageA
GetActiveWindow
DispatchMessageA
MessageBoxA
EndPaint
GetClientRect
FillRect

version

GetFileVersionInfoA
GetFileVersionInfoSizeA

userenv

LoadUserProfileW
CreateEnvironmentBlock
DestroyEnvironmentBlock
UnloadUserProfile

oleaut32

SysAllocStringByteLen
SysAllocStringLen
LoadRegTypeLi
SysFreeString
OleLoadPicturePath
SysAllocString

gdi32

SetTextColor
BitBlt
DeleteDC
GetDeviceCaps
DeleteObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
GetObjectType
GetObjectA
SetBkMode
GetStockObject

comctl32

ImageList_Create
ImageList_GetImageInfo
ImageList_GetIconSize
ImageList_AddMasked
ImageList_Add
ImageList_Destroy
ImageList_Draw

Sections

.text
Size: 330KB - Virtual size: 330KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 86KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 337KB - Virtual size: 337KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f598bcf585e1b222e12b8e9f418524ba

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mgscmn

kernel32

advapi32

shell32

user32

version

userenv

oleaut32

gdi32

comctl32

Sections

.text Size: 330KB - Virtual size: 330KB

.rdata Size: 86KB - Virtual size: 86KB

.data Size: 15KB - Virtual size: 25KB

.rsrc Size: 337KB - Virtual size: 337KB

.reloc Size: 45KB - Virtual size: 44KB

.text
Size: 330KB - Virtual size: 330KB

.rdata
Size: 86KB - Virtual size: 86KB

.data
Size: 15KB - Virtual size: 25KB

.rsrc
Size: 337KB - Virtual size: 337KB

.reloc
Size: 45KB - Virtual size: 44KB