auditpol[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

auditpol.exe
Size

32KB
MD5

df7cd9aa34252dd4e0330fe964d5bdf7
SHA1

eb4d9079a1d8900265df59686644386698b6de18
SHA256

6a6c7fa1890dfb36f31780eabab1a42fbbfac43bc2df14b97bf49b1e3eb1dec6
SHA512

31a5603e8ed686d90e1cf932af64db1c1f78d8efe303e2ec1079c06ae44845d2681fbebb11c1128738dde101e7b27f38704bdc72023a3ab90072c8606cd2b2a1
SSDEEP

768:kF76lUg5sRF057jvykFalDtqQ4pd5C2NWUQ:Ke+FRi7W+ADtqQ4X5C2NWUQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
auditpol.exe

Files

auditpol.exe
.exe windows:10 windows x86 arch:x86

0c4b99beea5b3b9367b087a10a48bd92

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

auditpol.pdb

Imports

msvcrt

_initterm
__setusermatherr
__p__fmode
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__p__commode
__dllonexit
_XcptFilter
_onexit
memmove
memcpy
_CxxThrowException
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@ABQBDH@Z
??0exception@@QAE@ABQBD@Z
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_purecall
_callnewh
malloc
_controlfp
_except_handler4_common
_wcsnicmp
_wsetlocale
??_V@YAXPAX@Z
_lock
_unlock
__CxxFrameHandler3
_wcsicmp
??3@YAXPAX@Z
wprintf
__iob_func
_vsnwprintf

auditpolcore

AdtListSubCategories
AdtClearPolicy
SetDisplayPolicy
AuditPolicyData_DeleteAuditDataInstance
AdtEnableSinglePrivilege
AdtLoadStringEx
AdtGetOption
AdtSetPerUserPolicy
AdtRemoveAllUsers
AdtBackupPolicy
AdtGetPerUserPolicy
AdtSetOption
DisplayMessageToSpecificConsoleHandle
AdtGetSystemPolicy
AdtRestorePolicy
AdtParseAuditOptionName
AdtParseGuidOrNameArray
LoadFormatStringAndPrintToConsole
DisplayMessage
GetDisplayPolicy
AdtRemoveBasePolicy
AdtListCategories
AdtSetSystemPolicy

api-ms-win-core-string-l1-1-0

CompareStringW

api-ms-win-core-console-l1-1-0

GetConsoleOutputCP

api-ms-win-core-heap-l1-1-0

HeapSetInformation

api-ms-win-core-localization-l1-2-0

SetThreadPreferredUILanguages
FormatMessageW

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
SetLastError

api-ms-win-security-lsalookup-l2-1-0

LookupAccountNameW
LookupAccountSidW

api-ms-win-security-base-l1-1-0

DeleteAce
SetSecurityDescriptorSacl
InitializeSecurityDescriptor
GetLengthSid
GetSecurityDescriptorSacl
EqualSid
GetAce
GetAclInformation

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSecurityDescriptorToStringSecurityDescriptorW
ConvertStringSidToSidW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TerminateProcess
GetCurrentProcess
GetCurrentThreadId

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-security-audit-l1-1-1

AuditEnumeratePerUserPolicy
AuditSetSecurity
AuditQueryGlobalSaclW
AuditSetGlobalSaclW
AuditQuerySecurity

api-ms-win-security-lsapolicy-l1-1-0

LsaLookupSids
LsaClose
LsaOpenPolicy
LsaFreeMemory

api-ms-win-security-audit-l1-1-0

AuditFree

api-ms-win-security-sddlparsecond-l1-1-0

LocalGetStringForCondition

ntdll

RtlNtStatusToDosError
RtlImageNtHeader

Sections

.text
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0c4b99beea5b3b9367b087a10a48bd92

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

auditpolcore

api-ms-win-core-string-l1-1-0

api-ms-win-core-console-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-security-lsalookup-l2-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-security-sddl-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-security-audit-l1-1-1

api-ms-win-security-lsapolicy-l1-1-0

api-ms-win-security-audit-l1-1-0

api-ms-win-security-sddlparsecond-l1-1-0

ntdll

Sections

.text Size: 21KB - Virtual size: 20KB

.data Size: 1KB - Virtual size: 2KB

.idata Size: 4KB - Virtual size: 4KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 21KB - Virtual size: 20KB

.data
Size: 1KB - Virtual size: 2KB

.idata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB