TokenBroker[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

TokenBroker.exe
Size

10.7MB
MD5

71b2c3a776043b80069b34b10e0b3186
SHA1

e1f8e1151833d4a7330a1d5bbff7f3b65283c274
SHA256

58980f48d4f767250e8b420d1f72f601a8870019ba4e3bf071492d110d6ce4bd
SHA512

096c0b61455c937832860807ca9ee9e09ee2e6b55f8263d646ad67c9496e1f5b2d8d9bea2742f8b23a3231032af124ad32eb60b6d31c64214260c0658afbe7f1
SSDEEP

196608:L507el5HuekaQYpRzVLAuNDavyUaKLg/8AQuA5k5mL1lqWhsp:LeCvuD3YTzzNDavyKLg/Wu6TTmp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
TokenBroker.exe

Files

TokenBroker.exe
.exe windows:6 windows x64 arch:x64

70bc450eb5b0415d46b2520722f448c2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

FreeSid

kernel32

WriteProcessMemory
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
GetModuleHandleA
LoadLibraryA
GetProcAddress

user32

ShowWindow

msvcp140

?good@ios_base@std@@QEBA_NXZ

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__std_terminate

api-ms-win-crt-runtime-l1-1-0

__p___argc

api-ms-win-crt-heap-l1-1-0

free

api-ms-win-crt-string-l1-1-0

towlower

api-ms-win-crt-stdio-l1-1-0

__p__commode

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 691KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.lLZ
Size: - Virtual size: 6.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.2J)
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.*3!
Size: 10.7MB - Virtual size: 10.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 469B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

70bc450eb5b0415d46b2520722f448c2

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

user32

msvcp140

vcruntime140_1

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: - Virtual size: 10KB

.rdata Size: - Virtual size: 8KB

.data Size: - Virtual size: 691KB

.pdata Size: - Virtual size: 696B

.lLZ Size: - Virtual size: 6.3MB

.2J) Size: 3KB - Virtual size: 2KB

.*3! Size: 10.7MB - Virtual size: 10.7MB

.reloc Size: 512B - Virtual size: 264B

.rsrc Size: 512B - Virtual size: 469B

.text
Size: - Virtual size: 10KB

.rdata
Size: - Virtual size: 8KB

.data
Size: - Virtual size: 691KB

.pdata
Size: - Virtual size: 696B

.lLZ
Size: - Virtual size: 6.3MB

.2J)
Size: 3KB - Virtual size: 2KB

.*3!
Size: 10.7MB - Virtual size: 10.7MB

.reloc
Size: 512B - Virtual size: 264B

.rsrc
Size: 512B - Virtual size: 469B