1d7eb2f2f7538168f622cfd9e43c4c9b134c4d20a4c65f14da7fff065dc829a9

Sharing

Copy URL

Twitter E-mail

General

Target

1d7eb2f2f7538168f622cfd9e43c4c9b134c4d20a4c65f14da7fff065dc829a9
Size

869KB
MD5

78f0d6c124a1af02b5e484ee1f5d3143
SHA1

29fd634b942c33f4c13f7fcfc641b2c5eaa7c949
SHA256

1d7eb2f2f7538168f622cfd9e43c4c9b134c4d20a4c65f14da7fff065dc829a9
SHA512

9d560e086d51b9a275ccc0321284bab5ec3956c3222b506fc8c60b86e64db147ad3be5fba08c295c57ceec5ffcb9cb34d99c4ee9443f73af3a2b1fdc1c5c065b
SSDEEP

12288:LMc9Xn4oKcpKIui2jwkmqmFrfBCgiw4bivhqGoj85sVPL5qw+DH:gc9XnacpKIuefqMrfUgYbkhqfj8uqw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1d7eb2f2f7538168f622cfd9e43c4c9b134c4d20a4c65f14da7fff065dc829a9

Files

1d7eb2f2f7538168f622cfd9e43c4c9b134c4d20a4c65f14da7fff065dc829a9
.exe windows:10 windows x86 arch:x86

f769684ca47c350eea891ad5839dff5d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

vswriter.pdb

Imports

kernel32

GetVolumePathNameW
GetFileTime
GetFileSize
FindVolumeClose
FindNextFileW
FindFirstFileW
FindFirstVolumeMountPointW
DeleteFileW
CreateFileW
CreateDirectoryW
CompareFileTime
ExpandEnvironmentStringsW
GetTimeFormatW
GetDateFormatW
GetTimeZoneInformation
ReadFile
FileTimeToSystemTime
TzSpecificLocalTimeToSystemTime
AcquireSRWLockShared
ReleaseSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
LoadLibraryExW
FreeLibrary
LocalFree
CloseHandle
GetCurrentThread
FormatMessageW
GetCommandLineW
FindNextVolumeMountPointW
FindVolumeMountPointClose
RemoveDirectoryW
SetFilePointer
WriteFile
GetVolumeNameForVolumeMountPointW
SystemTimeToFileTime
CopyFileW
SetConsoleCtrlHandler
WideCharToMultiByte
CreateEventW
WaitForSingleObject
SetEvent
DeleteCriticalSection
InitializeCriticalSection
HeapSetInformation
GetLastError
FindClose
GetFileAttributesW
MultiByteToWideChar
EnterCriticalSection
LeaveCriticalSection
Sleep
OutputDebugStringA
SetUnhandledExceptionFilter
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
TlsSetValue
OutputDebugStringW
TlsAlloc
GetProcAddress
TlsGetValue
GetSystemTime

msvcrt

__p__commode
_XcptFilter
abort
setlocale
__crtLCMapStringW
__crtGetStringTypeW
__mb_cur_max
_errno
___mb_cur_max_func
___lc_codepage_func
___lc_handle_func
__pctype_func
_callnewh
_vsnwprintf
wprintf
_wcsicmp
wcschr
_wcsnicmp
_vsnprintf
wcstol
wcstoul
printf
sprintf
swprintf
towupper
rand
strstr
_amsg_exit
srand
time
memcpy
malloc
_except_handler4_common
__wgetmainargs
__set_app_type
_purecall
memset
memcpy_s
??1type_info@@UAE@XZ
_lock
_unlock
__dllonexit
_onexit
_controlfp
memmove_s
_exit
_cexit
__p__fmode
__setusermatherr
_initterm
?terminate@@YAXXZ
strcspn
exit
free
sprintf_s
??0exception@@QAE@XZ
??0exception@@QAE@ABQBD@Z
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
memchr
__CxxFrameHandler3
_CxxThrowException
localeconv
wcscpy_s
__uncaught_exception
??1bad_cast@@UAE@XZ
??0bad_cast@@QAE@ABV0@@Z

ole32

StringFromCLSID
CoInitializeEx
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree
CoInitializeSecurity
CoTaskMemRealloc

oleaut32

SysAllocString
SysFreeString
GetErrorInfo
SysAllocStringLen
VariantClear
SysStringLen

advapi32

CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
OpenProcessToken
ConvertSidToStringSidW
OpenThreadToken
GetTokenInformation
DeregisterEventSource
RegEnumValueW
RegQueryInfoKeyW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
TraceEvent
GetTraceLoggerHandle
GetTraceEnableFlags
GetTraceEnableLevel
RegisterTraceGuidsW
RegisterEventSourceW
ReportEventW

atl

ord30

user32

LoadStringW

rpcrt4

UuidToStringW
RpcStringFreeW
UuidFromStringW

vssapi

CreateWriterEx

api-ms-win-security-lsalookup-l1-1-0

LookupAccountSidLocalW

Sections

.text
Size: 222KB - Virtual size: 221KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 576KB - Virtual size: 580KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f769684ca47c350eea891ad5839dff5d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

msvcrt

ole32

oleaut32

advapi32

atl

user32

rpcrt4

vssapi

api-ms-win-security-lsalookup-l1-1-0

Sections

.text Size: 222KB - Virtual size: 221KB

.data Size: 64KB - Virtual size: 66KB

.idata Size: 5KB - Virtual size: 4KB

.rsrc Size: 1024B - Virtual size: 1016B

.reloc Size: 576KB - Virtual size: 580KB

.text
Size: 222KB - Virtual size: 221KB

.data
Size: 64KB - Virtual size: 66KB

.idata
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 1024B - Virtual size: 1016B

.reloc
Size: 576KB - Virtual size: 580KB