2ca53f0d318b23012dc6999302913bc89ab5c0404217a490ac355a3d7d0ad26a

Sharing

Copy URL Twitter E-mail

General

Target

2ca53f0d318b23012dc6999302913bc89ab5c0404217a490ac355a3d7d0ad26a
Size

2.3MB
MD5

615dd0672ce4b880745e518a54d12e58
SHA1

b3e6af3bc43c1d41a6ce7e463dcc8d51f5d8a7cd
SHA256

2ca53f0d318b23012dc6999302913bc89ab5c0404217a490ac355a3d7d0ad26a
SHA512

4953e410054ae363e0f7bc120e278601291efbb73f6f78706f5b0993218e17f8520ad4f133093728d3cd3961fff0790f25cc87bd8f050612123bebf54c823dcb
SSDEEP

49152:RHrkLEpJJdjPq+zmUhnFnDRCXkaTeEZb5tULNiXicJFFRGNzj3:prkVkaTju7wRGpj3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2ca53f0d318b23012dc6999302913bc89ab5c0404217a490ac355a3d7d0ad26a

Files

2ca53f0d318b23012dc6999302913bc89ab5c0404217a490ac355a3d7d0ad26a
.exe windows:6 windows x64 arch:x64

eaad51f7ddf2c544c096f516c8da0624

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\TCWork\a4aaae7b9e660768\ESIF\Products\ESIF_UF\Sources\win\projs\x64\Win10Release\esif_uf_64.pdb

Imports

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
AcquireSRWLockShared
ReleaseMutex
ReleaseSemaphore
CreateEventW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
WaitForSingleObjectEx
CreateMutexW
CreateMutexA
ReleaseSRWLockShared
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeSRWLock
InitializeCriticalSectionAndSpinCount
ResetEvent
SetEvent

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects
CreateSemaphoreW

api-ms-win-core-processthreads-l1-1-0

GetStartupInfoW
OpenProcessToken
GetCurrentProcess
CreateProcessA
SetPriorityClass
CreateProcessAsUserW
GetThreadId
GetCurrentThread
CreateProcessW
GetExitCodeThread
GetCurrentThreadId
ExitProcess
ExitThread
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetCurrentProcessId
CreateThread
GetExitCodeProcess
TerminateProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-file-l1-1-0

CreateFileW
FlushFileBuffers
FindNextFileA
GetFileInformationByHandle
FindFirstFileA
SetEndOfFile
GetDriveTypeW
GetFileType
WriteFile
DeleteFileW
GetFullPathNameW
GetFullPathNameA
CreateDirectoryW
SetFilePointerEx
GetFileAttributesExW
FindFirstFileExA
CreateFileA
FindFirstFileExW
FindNextFileW
ReadFile
FindClose

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
RaiseException
UnhandledExceptionFilter
SetLastError
GetLastError

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameW
GetModuleHandleW
GetModuleFileNameA
LoadLibraryExW
GetModuleHandleA
GetModuleHandleExW
AddDllDirectory
FreeLibrary
LoadLibraryExA
GetProcAddress

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-localization-l1-2-0

IsValidLocale
LCMapStringW
GetUserDefaultLCID
EnumSystemLocalesW
GetCPInfo
GetOEMCP
IsValidCodePage
FormatMessageA
GetACP
GetLocaleInfoW

powrprof

SetSuspendState
PowerReadPossibleFriendlyName
PowerWritePossibleFriendlyName
PowerWriteSettingAttributes
PowerRemovePowerSetting

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
OutputDebugStringA

api-ms-win-core-sysinfo-l1-1-0

GetSystemWindowsDirectoryA
GetSystemDirectoryA
GetSystemTimeAsFileTime
GetSystemDirectoryW
GetTickCount64

api-ms-win-core-winrt-string-l1-1-0

WindowsDuplicateString
WindowsGetStringRawBuffer
WindowsDeleteString
WindowsCreateStringReference
WindowsCreateString
WindowsCompareStringOrdinal

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-ntuser-sysparams-l1-1-0

GetSystemMetrics

api-ms-win-power-setting-l1-1-0

PowerSettingRegisterNotification
PowerSettingUnregisterNotification
PowerSetActiveScheme
PowerGetActiveScheme

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoCreateInstance
CoDecrementMTAUsage
CoUninitialize
StringFromCLSID
CoInitializeEx
CoIncrementMTAUsage

api-ms-win-core-io-l1-1-0

GetOverlappedResult
DeviceIoControl

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentVariableA
SetStdHandle
GetCurrentDirectoryW
FreeEnvironmentStringsW
GetStdHandle
SetEnvironmentVariableA
GetCommandLineA
SetEnvironmentVariableW
SetCurrentDirectoryW
GetCommandLineW
GetEnvironmentStringsW

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-file-l1-2-2

GetTempPathA

api-ms-win-security-base-l1-1-0

AddAccessAllowedAce
AddAce
GetAclInformation
GetLengthSid
GetTokenInformation
InitializeAcl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
AdjustTokenPrivileges
DuplicateTokenEx

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW

api-ms-win-core-console-l2-1-0

WriteConsoleInputW

api-ms-win-core-namedpipe-l1-1-0

ConnectNamedPipe
DisconnectNamedPipe
PeekNamedPipe
SetNamedPipeHandleState
WaitNamedPipeW
CreateNamedPipeW

api-ms-win-security-sddl-l1-1-0

ConvertStringSidToSidW

api-ms-win-core-kernel32-legacy-l1-1-0

WTSGetActiveConsoleSessionId

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-service-management-l2-1-0

QueryServiceConfigW
ChangeServiceConfig2W

api-ms-win-service-management-l1-1-0

CreateServiceW
DeleteService
OpenServiceW
StartServiceW
CloseServiceHandle
OpenSCManagerW

api-ms-win-service-winsvc-l1-1-0

ControlService

api-ms-win-service-core-l1-1-0

StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerExW
SetServiceStatus

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventWrite
EventUnregister

api-ms-win-devices-config-l1-1-1

CM_Get_DevNode_Registry_PropertyW
CM_Get_Device_ID_List_SizeW
CM_Get_Device_ID_ListW
CM_Locate_DevNodeW

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlUnwindEx
RtlPcToFileHeader

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-interlocked-l1-1-0

InterlockedFlushSList
InterlockedPushEntrySList
InitializeSListHead

api-ms-win-core-util-l1-1-0

EncodePointer

api-ms-win-core-string-l1-1-0

GetStringTypeW
CompareStringW
WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-timezone-l1-1-0

SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetTimeZoneInformation

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
HeapSize
GetProcessHeap
HeapReAlloc

api-ms-win-core-datetime-l1-1-0

GetDateFormatW
GetTimeFormatW

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-core-console-l1-1-0

GetConsoleMode
GetConsoleCP
ReadConsoleW
WriteConsoleW
SetConsoleCtrlHandler

Sections

.text
Size: 977KB - Virtual size: 977KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 745KB - Virtual size: 744KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

minATL
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 572KB - Virtual size: 576KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

eaad51f7ddf2c544c096f516c8da0624

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-core-handle-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-synch-l1-2-1

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-localization-l1-2-0

powrprof

api-ms-win-core-debug-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-ntuser-sysparams-l1-1-0

api-ms-win-power-setting-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-io-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-file-l1-2-0

api-ms-win-core-file-l1-2-2

api-ms-win-security-base-l1-1-0

api-ms-win-security-lsalookup-l2-1-0

api-ms-win-core-console-l2-1-0

api-ms-win-core-namedpipe-l1-1-0

api-ms-win-security-sddl-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-0

userenv

api-ms-win-core-file-l2-1-2

api-ms-win-service-management-l2-1-0

api-ms-win-service-management-l1-1-0

api-ms-win-service-winsvc-l1-1-0

api-ms-win-service-core-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-devices-config-l1-1-1

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-datetime-l1-1-0

api-ms-win-core-file-l2-1-0

api-ms-win-core-console-l1-1-0

Sections

.text Size: 977KB - Virtual size: 977KB

.rdata Size: 745KB - Virtual size: 744KB

.data Size: 40KB - Virtual size: 55KB

.pdata Size: 55KB - Virtual size: 55KB

minATL Size: 512B - Virtual size: 24B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 572KB - Virtual size: 576KB

.text
Size: 977KB - Virtual size: 977KB

.rdata
Size: 745KB - Virtual size: 744KB

.data
Size: 40KB - Virtual size: 55KB

.pdata
Size: 55KB - Virtual size: 55KB

minATL
Size: 512B - Virtual size: 24B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 572KB - Virtual size: 576KB