bee6d450d1de2e565dfd7dba229e169ae9e0560f17378ef43edbe895c642124e

Sharing

Copy URL Twitter E-mail

General

Target

bee6d450d1de2e565dfd7dba229e169ae9e0560f17378ef43edbe895c642124e
Size

1.3MB
MD5

3569567c5860ca02b9a6f77ec8bc30f6
SHA1

bbefb76753ce13167ba478c42aca475c78586d7b
SHA256

bee6d450d1de2e565dfd7dba229e169ae9e0560f17378ef43edbe895c642124e
SHA512

207bd24f4454208c6a1ab9898a5fd4955476f31616d312d003bec05648d8966a1b599fac8af178e9b611795707e344fb14cf7db6755e3bd19c61c565661d19f1
SSDEEP

24576:6BXkTP72gjOrF7hlUM3R7uBatr0zAiX90z/F0jsFB3SQkL:+kTDN27hlU8waB0zj0yjoB2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bee6d450d1de2e565dfd7dba229e169ae9e0560f17378ef43edbe895c642124e

Files

bee6d450d1de2e565dfd7dba229e169ae9e0560f17378ef43edbe895c642124e
.exe windows:6 windows x64 arch:x64

1c6725566fb8dead72ec59ce75f03765

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\jenkins\workspace\AsusUpdateCheck\x64\Release\AsusUpdateCheck.pdb

Imports

kernel32

ProcessIdToSessionId
Process32NextW
Process32FirstW
WTSGetActiveConsoleSessionId
CreateProcessW
GetExitCodeProcess
GetModuleHandleW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
CreateDirectoryW
FindFirstFileExW
FindFirstFileExA
RemoveDirectoryW
FindNextFileA
GetFileAttributesW
GetFileAttributesA
GetLogicalProcessorInformation
GetProcAddress
GetSystemFirmwareTable
InitializeCriticalSectionEx
HeapSize
HeapReAlloc
RaiseException
FindResourceExW
DecodePointer
HeapDestroy
GetStdHandle
LoadLibraryW
FreeLibrary
GetSystemDirectoryW
GetCurrentProcessId
SetEndOfFile
WriteConsoleW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
ReadConsoleW
SetFilePointerEx
GetFileAttributesExW
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
FindResourceW
GetFileType
GetCommandLineA
GetModuleHandleExW
LoadResource
CreateToolhelp32Snapshot
FreeResource
SizeofResource
QueueUserWorkItem
GetCurrentThreadId
ResetEvent
CreateThread
DeleteFileW
WaitForMultipleObjects
GetProcessHeap
HeapAlloc
HeapFree
FlushFileBuffers
WideCharToMultiByte
GetWindowsDirectoryW
DeleteFileA
lstrcatW
OutputDebugStringW
FormatMessageW
MultiByteToWideChar
LocalAlloc
OutputDebugStringA
lstrcpynW
GetCommandLineW
LocalFree
Sleep
CreateEventW
WaitForSingleObject
SetEvent
MoveFileW
lstrcmpW
lstrcpyW
GetFileSize
CloseHandle
ReadFile
CreateFileA
GetLastError
CreateFileW
FindClose
SetFilePointer
ExitProcess
RtlPcToFileHeader
RtlUnwindEx
LoadLibraryExW
GetThreadTimes
OpenProcess
TerminateProcess
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
GetFileSizeEx
GetCurrentProcess
LockResource
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
GetCPInfo
EncodePointer
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
SetLastError
QueryPerformanceCounter
GetCurrentThread
SwitchToThread
WaitForSingleObjectEx
GetModuleFileNameW
WriteFile
lstrlenW
FindNextFileW
FindFirstFileW
RtlUnwind

user32

IsWindowVisible
FindWindowExW
GetWindow
GetWindowThreadProcessId
SendMessageW
TranslateMessage
GetMessageW
DispatchMessageW

advapi32

RegCreateKeyExW
RegGetValueW
RegCloseKey
OpenServiceW
CryptAcquireContextA
CryptDeriveKey
CryptReleaseContext
RegSetValueExW
RegOpenKeyExW
RegDeleteValueW
RegQueryValueExW
CreateProcessAsUserW
DuplicateTokenEx
CryptDestroyKey
CryptAcquireContextW
CryptDecrypt
CryptVerifySignatureW
CryptCreateHash
CryptHashData
CryptDestroyHash
DeregisterEventSource
RegisterServiceCtrlHandlerExW
SetServiceStatus
StartServiceCtrlDispatcherW
RegisterEventSourceW
ReportEventW
SetSecurityDescriptorDacl
OpenProcessToken
InitializeSecurityDescriptor
CreateServiceW
QueryServiceStatus
CloseServiceHandle
OpenSCManagerW
DeleteService
ControlService
FreeSid

shell32

ShellExecuteExW
Shell_NotifyIconW

ole32

CoInitializeEx
CoSetProxyBlanket
CoInitializeSecurity
CoCreateInstance
CoUninitialize

oleaut32

SysAllocString
VariantClear
VariantInit
SysFreeString

iphlpapi

NotifyRouteChange2
CancelMibChangeNotify2
GetAdaptersInfo

setupapi

SetupDiDestroyDeviceInfoList
SetupDiOpenDevRegKey
SetupDiGetDeviceInstanceIdW
SetupDiEnumDeviceInfo
SetupDiGetClassDevsW

winhttp

WinHttpReceiveResponse
WinHttpOpen
WinHttpAddRequestHeaders
WinHttpQueryHeaders
WinHttpReadData
WinHttpOpenRequest
WinHttpSetOption
WinHttpCloseHandle
WinHttpSendRequest
WinHttpSetTimeouts
WinHttpConnect
WinHttpQueryDataAvailable
WinHttpCrackUrl

ws2_32

WSAGetLastError
freeaddrinfo
listen
getaddrinfo
accept
bind
setsockopt
recv
socket
send
WSAStartup
closesocket
WSACleanup

crypt32

CryptImportPublicKeyInfo
CryptDecodeObjectEx

netapi32

NetApiBufferFree
NetUserGetInfo

userenv

DestroyEnvironmentBlock
GetUserProfileDirectoryW
CreateEnvironmentBlock
GetAllUsersProfileDirectoryW

wtsapi32

WTSQueryUserToken
WTSQuerySessionInformationW
WTSFreeMemory

Sections

.text
Size: 298KB - Virtual size: 298KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 153KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 331KB - Virtual size: 331KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 572KB - Virtual size: 576KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1c6725566fb8dead72ec59ce75f03765

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

iphlpapi

setupapi

winhttp

ws2_32

crypt32

netapi32

userenv

wtsapi32

Sections

.text Size: 298KB - Virtual size: 298KB

.rdata Size: 153KB - Virtual size: 152KB

.data Size: 6KB - Virtual size: 19KB

.pdata Size: 16KB - Virtual size: 15KB

.rsrc Size: 331KB - Virtual size: 331KB

.reloc Size: 572KB - Virtual size: 576KB

.text
Size: 298KB - Virtual size: 298KB

.rdata
Size: 153KB - Virtual size: 152KB

.data
Size: 6KB - Virtual size: 19KB

.pdata
Size: 16KB - Virtual size: 15KB

.rsrc
Size: 331KB - Virtual size: 331KB

.reloc
Size: 572KB - Virtual size: 576KB