a4dc89c484188141b7c627fc86ee967da3298f9b905762dce3d5acc03d021184

Sharing

Copy URL Twitter E-mail

General

Target

a4dc89c484188141b7c627fc86ee967da3298f9b905762dce3d5acc03d021184
Size

2.5MB
MD5

66f59c51e548362c3deb73e5d284b471
SHA1

fe2badaf7bdf59f9edd5e933c7d035b7ba6b646e
SHA256

a4dc89c484188141b7c627fc86ee967da3298f9b905762dce3d5acc03d021184
SHA512

fe25c422285f1253902109ee76097cc8f5926a84cb3d1066bbc886134909c1ff1de32d222c0a759209eafcdb943faade3663dd110a854b3e990920d2e9adb64e
SSDEEP

49152:DbNBfg/evwCzzQlQbCvuKiTjvF55E2brCVNJT0zcT/nDzxILkS:y+CvuKir5E2br0v0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a4dc89c484188141b7c627fc86ee967da3298f9b905762dce3d5acc03d021184

Files

a4dc89c484188141b7c627fc86ee967da3298f9b905762dce3d5acc03d021184
.exe windows:6 windows x86 arch:x86

4e4f88ee53aa3574fe2fa02946718e2e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\workspace\src\tool\XBC\Release\Win32\EndpointBasecamp.exe.pdb

Imports

bcrypt

BCryptOpenAlgorithmProvider
BCryptCloseAlgorithmProvider
BCryptGenRandom

advapi32

GetLengthSid
RegOpenKeyExA
CryptAcquireContextA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
OpenProcessToken
FreeSid
GetTokenInformation
RegCloseKey
RegCreateKeyExW
RegDeleteValueW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegDeleteKeyW
RegEnumKeyExW
RegNotifyChangeKeyValue
RegQueryValueExA
RegSetValueExA
ImpersonateLoggedOnUser
RevertToSelf
LookupAccountSidW
CryptReleaseContext
CryptGetHashParam
SetServiceStatus
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW
OpenServiceW
OpenSCManagerW
SetServiceObjectSecurity
AddAccessAllowedAceEx
InitializeAcl
IsValidSid
ConvertStringSidToSidW
ChangeServiceConfig2W
QueryServiceStatusEx
ControlService
StartServiceW
DeleteService
CreateServiceW
CloseServiceHandle
RegDeleteTreeA
RegDeleteKeyA
RegDeleteTreeW
RegDeleteValueA
RegEnumKeyExA
CryptDestroyHash
CryptHashData
CryptCreateHash
RegCreateKeyExA

shlwapi

PathAppendW
PathRemoveFileSpecW
PathFileExistsW

winhttp

WinHttpSetStatusCallback
WinHttpQueryAuthSchemes
WinHttpSetCredentials
WinHttpCrackUrl
WinHttpOpen
WinHttpCloseHandle
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpAddRequestHeaders
WinHttpOpenRequest
WinHttpSetOption
WinHttpQueryOption
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpConnect

kernel32

RaiseException
HeapDestroy
HeapReAlloc
HeapSize
InitializeCriticalSectionEx
DeleteCriticalSection
DeleteFileA
GetTempPathA
GetTempFileNameA
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateFileA
WriteFile
LocalFree
GetCurrentDirectoryW
GetTempFileNameW
GetTempPathW
WaitForSingleObject
GetWindowsDirectoryW
ReleaseMutex
WaitForSingleObjectEx
SetEvent
WaitForMultipleObjects
MoveFileExW
ResetEvent
TerminateProcess
GetExitCodeProcess
SetCurrentDirectoryW
GetCurrentProcessId
LoadLibraryExW
LoadResource
LockResource
SizeofResource
FindResourceW
CreateProcessW
GetSystemTimeAsFileTime
FileTimeToSystemTime
SetConsoleCtrlHandler
InterlockedFlushSList
InterlockedPushEntrySList
DecodePointer
ReleaseSemaphore
DuplicateHandle
VirtualFree
VirtualProtect
VirtualAlloc
FreeLibraryAndExitThread
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
SetLastError
GetCurrentThread
GetThreadTimes
GetModuleFileNameA
CreateFileW
SetNamedPipeHandleState
WaitNamedPipeW
ReadFile
ConnectNamedPipe
DisconnectNamedPipe
CreateNamedPipeW
GetOverlappedResult
SetWaitableTimer
GetCurrentThreadId
FileTimeToLocalFileTime
FindClose
FindFirstFileW
FindNextFileW
GetFileAttributesW
GetFileTime
SystemTimeToFileTime
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
WTSGetActiveConsoleSessionId
OpenProcess
GlobalFree
LoadLibraryA
GetACP
WideCharToMultiByte
MultiByteToWideChar
GetModuleFileNameW
WriteConsoleW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
CreateThread
SignalObjectAndWait
CreateTimerQueue
OutputDebugStringW
GetStartupInfoW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
IsDebuggerPresent
IsProcessorFeaturePresent
UnhandledExceptionFilter
InitializeSListHead
GetSystemDirectoryW
LoadLibraryW
FreeLibrary
GetVersionExW
GetCurrentProcess
CreateEventW
GetProcessHeap
HeapFree
HeapAlloc
GetLastError
CloseHandle
CreateMutexW
GetProcAddress
GetModuleHandleA
GetTickCount
GetSystemInfo
SwitchToThread
Sleep
QueryPerformanceFrequency
QueryPerformanceCounter
QueryDepthSList
UnregisterWaitEx
RtlUnwind
ExitThread
GetModuleHandleExW
ExitProcess
GetStdHandle
GetCommandLineA
GetCommandLineW
GetFileType
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetConsoleMode
ReadConsoleW
FlushFileBuffers
GetConsoleCP
InterlockedPopEntrySList
CreatePipe
DeleteFileW
GetFileSizeEx
LocalAlloc
QueryFullProcessImageNameW
GetLocalTime
GetDiskFreeSpaceExW
SetUnhandledExceptionFilter
LocalFileTimeToFileTime
SetFileTime
VerSetConditionMask
GetComputerNameExW
IsWow64Process
VerifyVersionInfoW
FormatMessageA
CreateDirectoryW
FindFirstFileExW
GetFileAttributesExW
GetFileInformationByHandle
GetFullPathNameW
RemoveDirectoryW
SetEndOfFile
SetFilePointerEx
AreFileApisANSI
DeviceIoControl
GetModuleHandleW
CopyFileW
CreateHardLinkW
TryEnterCriticalSection
GetStringTypeW
GetExitCodeThread
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
GetCPInfo
CompareStringW
LCMapStringW
GetLocaleInfoW
GetTimeZoneInformation

shell32

SHGetFolderPathW
SHGetKnownFolderPath
SHGetFolderPathA

ole32

CoUninitialize
CoTaskMemFree
CoCreateInstance
CoInitializeSecurity
CoInitializeEx

oleaut32

VariantClear
VariantInit
SysAllocString
SysFreeString

crypt32

CryptMsgControl
CryptMsgGetParam
CertVerifyCertificateChainPolicy
CertCloseStore
CertFreeCertificateChain
CertGetCertificateChain
CryptQueryObject
CertGetNameStringW
CertFreeCertificateContext
CertFindCertificateInStore
CryptMsgClose

wtsapi32

WTSQueryUserToken

urlmon

URLDownloadToFileA

wintrust

CryptCATCatalogInfoFromContext
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminEnumCatalogFromHash
CryptCATAdminReleaseCatalogContext
CryptCATAdminReleaseContext
CryptCATAdminAcquireContext
WTHelperProvDataFromStateData
WTHelperGetProvCertFromChain
WTHelperGetProvSignerFromChain
WinVerifyTrust

ws2_32

InetNtopW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

iphlpapi

GetAdaptersAddresses
GetBestInterface

dbghelp

ImageNtHeader
MiniDumpWriteDump

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 395KB - Virtual size: 394KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 108KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 130KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4e4f88ee53aa3574fe2fa02946718e2e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

bcrypt

advapi32

shlwapi

winhttp

kernel32

shell32

ole32

oleaut32

crypt32

wtsapi32

urlmon

wintrust

ws2_32

version

iphlpapi

dbghelp

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rdata Size: 395KB - Virtual size: 394KB

.data Size: 108KB - Virtual size: 147KB

.rsrc Size: 11KB - Virtual size: 10KB

.reloc Size: 130KB - Virtual size: 130KB

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 395KB - Virtual size: 394KB

.data
Size: 108KB - Virtual size: 147KB

.rsrc
Size: 11KB - Virtual size: 10KB

.reloc
Size: 130KB - Virtual size: 130KB