cc32ea03291e092c8d8a50b8a54168660a87971da5fe62136ac3047f7924aa72

Sharing

Copy URL

Twitter E-mail

General

Target

cc32ea03291e092c8d8a50b8a54168660a87971da5fe62136ac3047f7924aa72
Size

1.4MB
MD5

d5720e7873a171a33ae6dfa12a00f866
SHA1

e3cb17237b6af68eea875c406da0bb86fb27d942
SHA256

cc32ea03291e092c8d8a50b8a54168660a87971da5fe62136ac3047f7924aa72
SHA512

f325501147f33a745a7955eb9ade65041d5e486d3a0576e37828f75a2a2b37b777a94a8f4ee6f4415168c1bcc006d945dfddab9ab83f4263608fea788ae48096
SSDEEP

24576:pOo5yT/tMbHWc8eC9TqOUk12+lm/HIpUqp91kVlFo1UcPTpNifog4ykK94y9REq:pOowTKbHqlcBInp3kDGZtN5yrJ4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cc32ea03291e092c8d8a50b8a54168660a87971da5fe62136ac3047f7924aa72

Files

cc32ea03291e092c8d8a50b8a54168660a87971da5fe62136ac3047f7924aa72
.exe windows:5 windows x86 arch:x86

fcba64ab59805c9dd7c85bcc7682c93b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\winapps\gu6\Build\GUBootService\Release\GUBootService.pdb

Imports

kernel32

SetEvent
GetVersionExW
GetCommandLineW
GetWindowsDirectoryW
OutputDebugStringW
DeviceIoControl
CreateFileW
WriteFile
SetFilePointer
SetEndOfFile
GetFileSize
FileTimeToSystemTime
FileTimeToLocalFileTime
WideCharToMultiByte
QueryDosDeviceW
lstrlenA
LoadLibraryW
GetEnvironmentVariableA
SystemTimeToFileTime
FindClose
FindFirstFileW
GetStdHandle
FlushViewOfFile
InterlockedCompareExchange
GetProcessHeap
OutputDebugStringA
WaitForSingleObjectEx
UnmapViewOfFile
UnlockFileEx
UnlockFile
ReadFile
QueryPerformanceCounter
MapViewOfFile
LockFileEx
LockFile
LoadLibraryA
HeapCompact
HeapValidate
HeapSize
HeapReAlloc
HeapFree
LocalFree
HeapCreate
HeapAlloc
GetVersionExA
GetTempPathW
GetTempPathA
GetSystemTimeAsFileTime
GetSystemInfo
GetFullPathNameW
GetFullPathNameA
GetFileAttributesExW
GetFileAttributesW
GetFileAttributesA
GetDiskFreeSpaceW
GetDiskFreeSpaceA
GetCurrentProcessId
FormatMessageW
FormatMessageA
FlushFileBuffers
DeleteFileA
CreateMutexW
CreateFileMappingW
CreateFileMappingA
CreateFileA
AreFileApisANSI
TryEnterCriticalSection
SetEnvironmentVariableA
CompareStringW
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
GetCurrentDirectoryA
InitializeCriticalSectionAndSpinCount
DeleteFileW
lstrcpyW
GetPrivateProfileStringW
lstrcmpW
WritePrivateProfileStringW
ExpandEnvironmentStringsW
WTSGetActiveConsoleSessionId
GetSystemTime
CreateEventW
CreateThread
WaitForSingleObject
lstrlenW
GetCurrentThreadId
Sleep
GetCurrentProcess
CloseHandle
GetVersion
FindResourceExW
LockResource
LeaveCriticalSection
EnterCriticalSection
GetModuleFileNameW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
FreeLibrary
InterlockedDecrement
InterlockedIncrement
lstrcmpiW
GetModuleHandleW
GetProcAddress
GetTickCount
ProcessIdToSessionId
GetLastError
DeleteCriticalSection
InitializeCriticalSection
RaiseException
HeapDestroy
SetStdHandle
GetConsoleMode
GetConsoleCP
IsValidCodePage
GetOEMCP
GetACP
GetTimeZoneInformation
GetModuleHandleA
VirtualAlloc
VirtualFree
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStartupInfoA
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetCPInfo
LCMapStringW
LCMapStringA
GetDriveTypeA
FindNextFileA
FindFirstFileA
ExitProcess
ExitThread
RtlUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW

user32

TranslateMessage
DispatchMessageW
GetMessageW
MessageBoxW
CharNextW
LoadStringW
CharUpperW
PostThreadMessageW

advapi32

OpenProcessToken
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerExW
LookupAccountNameW
ConvertSidToStringSidW
RegEnumKeyW
DuplicateTokenEx
ImpersonateLoggedOnUser
CreateProcessAsUserW
RevertToSelf
ChangeServiceConfigW
ChangeServiceConfig2W
OpenEventLogW
GetOldestEventLogRecord
GetNumberOfEventLogRecords
ReadEventLogW
CloseEventLog
RegOpenKeyW
ControlService
DeleteService
CreateServiceW
SetServiceStatus
RegisterEventSourceW
ReportEventW
DeregisterEventSource
OpenSCManagerW
OpenServiceW
CloseServiceHandle
LookupPrivilegeValueW
AdjustTokenPrivileges
RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoRevokeClassObject
CoCreateInstance
CoRegisterClassObject
CoInitializeSecurity
CoInitialize
CoUninitialize
StringFromGUID2

shell32

SHGetFolderPathW
ord165

oleaut32

SysFreeString
VarUI4FromStr
SysStringLen
LoadRegTypeLi
LoadTypeLi
VariantTimeToSystemTime
SystemTimeToVariantTime
VariantInit
VariantClear
SysAllocString
UnRegisterTypeLi
RegisterTypeLi
SysAllocStringLen

shlwapi

PathMatchSpecW
PathFileExistsW
SHRegGetPathW

userenv

CreateEnvironmentBlock
UnloadUserProfile
GetUserProfileDirectoryW
LoadUserProfileW
DestroyEnvironmentBlock

wtsapi32

WTSQuerySessionInformationW
WTSQueryUserToken
WTSFreeMemory

pdh

PdhCollectQueryData
PdhAddCounterW
PdhEnumObjectItemsW
PdhOpenQueryW
PdhCloseQuery
PdhRemoveCounter
PdhGetFormattedCounterValue

Sections

.text
Size: 707KB - Virtual size: 707KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 596KB - Virtual size: 600KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

fcba64ab59805c9dd7c85bcc7682c93b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

shell32

oleaut32

shlwapi

userenv

wtsapi32

pdh

Sections

.text Size: 707KB - Virtual size: 707KB

.rdata Size: 82KB - Virtual size: 82KB

.data Size: 17KB - Virtual size: 59KB

.rsrc Size: 7KB - Virtual size: 6KB

.reloc Size: 596KB - Virtual size: 600KB

.text
Size: 707KB - Virtual size: 707KB

.rdata
Size: 82KB - Virtual size: 82KB

.data
Size: 17KB - Virtual size: 59KB

.rsrc
Size: 7KB - Virtual size: 6KB

.reloc
Size: 596KB - Virtual size: 600KB