Static task
static1
General
-
Target
winservices.exe
-
Size
2.2MB
-
MD5
3e9161c04f171db253b980d547692732
-
SHA1
a0dea436d8b0543d6ce52b9267bfbc25b698a3f1
-
SHA256
ed96096ac258b000b243394cdd390bf8bdcc5c4d5e22610e6837902051bdc3a1
-
SHA512
2d1e08186527aa65e269efb1f55f08b9f244e41791729dd1f8359e8b270cf39489bf4e12ce565b0f30512ae03e4857c0e936a454a57fbee612038a06255ea682
-
SSDEEP
24576:QyfUjqZlFf2YNPgsuUgxQiG5eW79fQFHlQJ3uvUkZYAly9xFjBnyfpGL3Ooc8iHd:Q4ZHflxUU5eWZ+2uJZDlCZyU5oqhzK
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource winservices.exe
Files
-
winservices.exe.exe windows:4 windows x86 arch:x86
010c627d63999ae88e74fc3ba73294be
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
IsWow64Process
GetCurrentProcess
GetVersionExA
DeviceIoControl
lstrcpyn
CreateFileA
OutputDebugStringA
IsDebuggerPresent
GetEnvironmentStrings
CreateWaitableTimerA
GetTempPathA
ExitProcess
WideCharToMultiByte
WaitForSingleObject
CreateMutexA
GetACP
HeapSize
RaiseException
TerminateProcess
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
LCMapStringW
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
IsBadCodePtr
SetStdHandle
GetModuleFileNameA
CreateThread
DeleteFileA
GetProcessHeap
HeapAlloc
LCMapStringA
LoadLibraryA
GetProcAddress
FreeLibrary
Sleep
GetFileSize
ReadFile
SetFilePointer
GetTickCount
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetUserDefaultLCID
WriteFile
CreateDirectoryA
GetStartupInfoA
CreateProcessA
IsBadReadPtr
HeapReAlloc
GetModuleHandleA
VirtualFreeEx
VirtualAllocEx
ReadProcessMemory
WriteProcessMemory
FindClose
FindNextFileA
FindFirstFileA
FindCloseChangeNotification
FindNextChangeNotification
FindFirstChangeNotificationA
TerminateThread
OpenProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
RtlMoveMemory
VirtualAlloc
SetWaitableTimer
HeapFree
RtlUnwind
GetCommandLineA
ReleaseMutex
MultiByteToWideChar
GetOEMCP
GetCPInfo
FlushFileBuffers
SetErrorMode
GetProcessVersion
FindResourceA
LoadResource
LockResource
GetVersion
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GetLastError
SetLastError
InterlockedIncrement
lstrcpyA
lstrcatA
WritePrivateProfileStringA
InterlockedDecrement
GlobalFlags
MulDiv
lstrcpynA
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GetCurrentThreadId
GetCurrentThread
lstrcmpiA
lstrcmpA
GlobalDeleteAtom
lstrlenA
LocalAlloc
LocalFree
InitializeCriticalSection
TlsAlloc
DeleteCriticalSection
GlobalHandle
TlsFree
LeaveCriticalSection
GlobalReAlloc
CloseHandle
shell32
SHGetSpecialFolderPathA
ShellExecuteA
ole32
OleIsCurrentClipboard
OleFlushClipboard
CoRevokeClassObject
CoFreeUnusedLibraries
OleUninitialize
OleInitialize
OleRun
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
CoUninitialize
CoInitialize
CoRegisterMessageFilter
user32
PeekMessageA
wsprintfA
MessageBoxA
SendMessageA
FindWindowExA
FindWindowA
MoveWindow
CreateDialogIndirectParamA
GetWindowLongA
GetWindow
GetDesktopWindow
SetWindowPos
GetWindowThreadProcessId
DispatchMessageA
TranslateMessage
GetMessageA
DefWindowProcA
PostQuitMessage
UpdateWindow
ShowWindow
CreateWindowExA
EndDialog
MsgWaitForMultipleObjects
DestroyMenu
PostThreadMessageA
UnregisterClassA
LoadStringA
GetSysColorBrush
GetWindowRect
LoadCursorA
LoadIconA
MapWindowPoints
GetSysColor
SetActiveWindow
IsWindow
AdjustWindowRectEx
GetClientRect
CopyRect
GetTopWindow
GetCapture
PostMessageA
SetCursor
EnableWindow
IsWindowEnabled
RegisterClassA
GetParent
SetWindowsHookExA
GetCursorPos
IsWindowVisible
ValidateRect
CallNextHookEx
GetKeyState
GetActiveWindow
GetNextDlgTabItem
GetFocus
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
LoadBitmapA
GetMenuCheckMarkDimensions
RegisterClipboardFormatA
GetClassNameA
PtInRect
GetDlgCtrlID
ClientToScreen
SetWindowTextA
GetWindowTextA
UnhookWindowsHookEx
GetMenuItemCount
GetDC
ReleaseDC
TabbedTextOutA
DrawTextA
GrayStringA
GetDlgItem
SendDlgItemMessageA
IsDialogMessageA
SetWindowLongA
SetFocus
GetSystemMetrics
GetWindowPlacement
IsIconic
SystemParametersInfoA
RegisterWindowMessageA
SetForegroundWindow
GetForegroundWindow
GetMessagePos
GetMessageTime
RemovePropA
CallWindowProcA
GetPropA
SetPropA
GetClassLongA
DestroyWindow
GetMenuItemID
GetSubMenu
GetMenu
GetClassInfoA
WinHelpA
GetLastActivePopup
advapi32
RegEnumKeyExA
RegDeleteKeyA
RegNotifyChangeKeyValue
RegOpenKeyExA
RegSetValueExA
RegCloseKey
RegQueryValueExA
RegOpenKeyA
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptReleaseContext
CryptCreateHash
CryptAcquireContextA
RegCreateKeyExA
shlwapi
PathRemoveExtensionA
PathIsURLA
PathFileExistsA
PathFindFileNameA
psapi
EmptyWorkingSet
gdi32
GetObjectA
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetDeviceCaps
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetTextColor
SetBkColor
GetStockObject
SelectObject
RestoreDC
SaveDC
DeleteDC
DeleteObject
CreateBitmap
winspool.drv
OpenPrinterA
DocumentPropertiesA
ClosePrinter
comctl32
ord17
oledlg
ord8
oleaut32
LoadTypeLi
LHashValOfNameSys
RegisterTypeLi
SafeArrayCreate
SysAllocString
VariantClear
SafeArrayDestroy
Sections
.text Size: 156KB - Virtual size: 153KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 24KB - Virtual size: 21KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2.0MB - Virtual size: 2.1MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ