548bff62c3e2256db7ce78bc26d646c6fdc22711f1eecfd1edfe6342c3a62f8a

Sharing

Copy URL

Twitter E-mail

General

Target

548bff62c3e2256db7ce78bc26d646c6fdc22711f1eecfd1edfe6342c3a62f8a
Size

441KB
MD5

cd192f0444d21dfe8c0a04842b605512
SHA1

0f113f2de253713d3335d548c89540e3b107e131
SHA256

548bff62c3e2256db7ce78bc26d646c6fdc22711f1eecfd1edfe6342c3a62f8a
SHA512

d60eb880ab0c5f898bebd8885cc7490635245783a00412c576332048474ceeaaaefd1683b982c868ca5480edc4ee48f52ff3b68ff06a9cd9e0be567555ac488a
SSDEEP

6144:J3oHObvErYVy9sR7URAUUC9nj2zXt/vW9FG:JGOj8YEyoqChj2DBv2FG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
548bff62c3e2256db7ce78bc26d646c6fdc22711f1eecfd1edfe6342c3a62f8a

Files

548bff62c3e2256db7ce78bc26d646c6fdc22711f1eecfd1edfe6342c3a62f8a
.exe windows:6 windows x64 arch:x64

e6eb28d41d742823332eb15fe8d25072

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

DfsSvc.pdb

Imports

msvcrt

_lock
_unlock
_fmode
__dllonexit
?terminate@@YAXXZ
memset
__C_specific_handler
_initterm
memcpy
memcmp
__setusermatherr
_cexit
_exit
exit
strchr
__set_app_type
__wgetmainargs
??_V@YAXPEAX@Z
_amsg_exit
_XcptFilter
??_U@YAPEAX_K@Z
wcsncmp
_commode
_mkgmtime
_wtoi
gmtime
time
_ultow_s
_wcstoui64
_onexit
wcstoul
??3@YAXPEAX@Z
bsearch_s
qsort_s
memcpy_s
memmove
printf
wcschr
_wcsnicmp
wcscspn
_wcsicmp
_purecall
_vsnwprintf
free
malloc
??2@YAPEAX_K@Z
wcscmp

ntdll

RtlUpcaseUnicodeChar
RtlAdjustPrivilege
RtlDnsHostNameToComputerName
RtlSubAuthorityCountSid
RtlValidAcl
RtlIdentifierAuthoritySid
RtlOemStringToUnicodeString
RtlDosPathNameToNtPathName_U
RtlPrefixUnicodeString
RtlFreeUnicodeString
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
RtlIpv6AddressToStringExW
RtlIpv4AddressToStringExW
WinSqmSetIfMaxDWORD
WinSqmAddToStreamEx
WinSqmSetDWORD64
WinSqmSetDWORD
RtlAllocateAndInitializeSid
RtlAppendUnicodeStringToString
NtQueryVolumeInformationFile
NtQueryInformationFile
NtQueryDirectoryFile
NtClose
NtCreateFile
RtlRandomEx
NtQuerySystemTime
EtwEventUnregister
EtwEventRegister
WinSqmIsOptedIn
NtOpenFile
RtlAppendUnicodeToString
NtFsControlFile
RtlEqualUnicodeString
RtlCopyUnicodeString
RtlCompareUnicodeString
RtlInitUnicodeString
RtlInitUnicodeStringEx
EtwEventWrite
EtwTraceMessage
RtlNtStatusToDosError

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-errorhandling-l1-1-1

UnhandledExceptionFilter
GetLastError
SetLastError
SetUnhandledExceptionFilter

api-ms-win-security-base-l1-2-0

AccessCheck
CreateWellKnownSid
GetLengthSid
InitializeAcl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
IsValidSecurityDescriptor
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
GetSecurityDescriptorLength
InitializeSecurityDescriptor
GetSecurityDescriptorSacl
MakeSelfRelativeSD
GetSecurityDescriptorControl
MakeAbsoluteSD
GetSecurityDescriptorDacl
GetAce
DeleteAce
AddAccessAllowedAce
SetSecurityDescriptorDacl
MapGenericMask

rpcrt4

UuidToStringW
RpcImpersonateClient
RpcServerUseProtseqEpW
RpcServerRegisterIf
RpcServerListen
RpcMgmtStopServerListening
RpcMgmtWaitServerListen
RpcServerUnregisterIf
RpcStringFreeW
NdrServerCall2
NdrServerCallAll
UuidCreate
RpcRevertToSelf

api-ms-win-core-registry-l1-1-0

RegNotifyChangeKeyValue
RegQueryInfoKeyW
RegEnumKeyExW
RegEnumValueW
RegOpenKeyExW
RegGetKeySecurity
RegDeleteTreeW
RegCreateKeyExW
RegCloseKey
RegDeleteKeyExW
RegSetValueExW
RegGetValueW

api-ms-win-core-synch-l1-2-0

ResetEvent
WaitForMultipleObjectsEx
InitializeSRWLock
ReleaseSRWLockShared
Sleep
InitializeCriticalSection
ReleaseSRWLockExclusive
SetWaitableTimer
CreateEventW
WaitForSingleObject
SetEvent
CreateWaitableTimerExW
EnterCriticalSection
AcquireSRWLockShared
AcquireSRWLockExclusive
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
DeleteCriticalSection

api-ms-win-core-heap-l1-2-0

GetProcessHeap
HeapCreate
HeapAlloc
HeapFree

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolCleanupGroup
CloseThreadpoolCleanupGroup
SetThreadpoolThreadMaximum
SetThreadpoolThreadMinimum
CloseThreadpool
CreateThreadpool
CloseThreadpoolCleanupGroupMembers
TrySubmitThreadpoolCallback

api-ms-win-core-sysinfo-l1-2-1

GetSystemTime
GetTickCount64
GetTickCount
GetSystemInfo
GetComputerNameExW
GetSystemTimeAsFileTime
GetLocalTime

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

api-ms-win-core-processthreads-l1-1-2

TlsSetValue
TlsGetValue
TerminateProcess
TlsFree
GetCurrentProcess
CreateThread
ResumeThread
GetCurrentThread
OpenThreadToken
TlsAlloc
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-file-l1-2-1

CreateFileW
GetVolumeNameForVolumeMountPointW
GetVolumePathNameW

api-ms-win-core-file-l2-1-1

MoveFileExW

api-ms-win-core-processenvironment-l1-2-0

GetEnvironmentVariableW

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW

api-ms-win-core-kernel32-legacy-l1-1-1

DnsHostnameToComputerNameW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathAddBackslashW

api-ms-win-core-heap-obsolete-l1-1-0

LocalAlloc
LocalFree

clusapi

ClusterGroupEnum
ClusterGroupOpenEnum
GetNodeClusterState
ClusterRegCloseKey
ClusterRegOpenKey
GetClusterResourceKey
ClusterControl
GetClusterResourceNetworkName
CloseClusterResource
ClusterResourceControl
CloseCluster
OpenCluster
OpenClusterResource
ClusterGroupCloseEnum
ClusterOpenEnum
ClusterEnum
OpenClusterGroup
CloseClusterGroup
ClusterCloseEnum
GetClusterResourceState
CreateClusterResource
AddClusterResourceDependency
OnlineClusterResource
OfflineClusterResource
DeleteClusterResource

ntdsapi

DsBindW
DsBindingSetTimeout
DsQuerySitesByCostW
DsQuerySitesFree
DsGetDomainControllerInfoW
DsFreeDomainControllerInfoW
DsUnBindW

resutils

ResUtilGetResourceDependency
ResUtilFindSzProperty
ResUtilGetSzValue
ResUtilEnumResources
ResUtilGetResourceName
ResUtilPropertyListFromParameterBlock
ResUtilResourceTypesEqual

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI
DelayLoadFailureHook

Sections

.text
Size: 386KB - Virtual size: 386KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 17B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e6eb28d41d742823332eb15fe8d25072

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

api-ms-win-core-profile-l1-1-0

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-security-base-l1-2-0

rpcrt4

api-ms-win-core-registry-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-heap-l1-2-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-file-l1-2-1

api-ms-win-core-file-l2-1-1

api-ms-win-core-processenvironment-l1-2-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-kernel32-legacy-l1-1-1

api-ms-win-core-shlwapi-legacy-l1-1-0

api-ms-win-core-heap-obsolete-l1-1-0

clusapi

ntdsapi

resutils

api-ms-win-core-delayload-l1-1-1

Sections

.text Size: 386KB - Virtual size: 386KB

.data Size: 4KB - Virtual size: 6KB

.pdata Size: 9KB - Virtual size: 9KB

.idata Size: 11KB - Virtual size: 10KB

.tls Size: 512B - Virtual size: 17B

.rsrc Size: 25KB - Virtual size: 24KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 386KB - Virtual size: 386KB

.data
Size: 4KB - Virtual size: 6KB

.pdata
Size: 9KB - Virtual size: 9KB

.idata
Size: 11KB - Virtual size: 10KB

.tls
Size: 512B - Virtual size: 17B

.rsrc
Size: 25KB - Virtual size: 24KB

.reloc
Size: 3KB - Virtual size: 3KB