b35578f9139989039d4f2944b6f6e8b9756374c2345192454d97523431d79645

Sharing

Copy URL

Twitter E-mail

General

Target

b35578f9139989039d4f2944b6f6e8b9756374c2345192454d97523431d79645
Size

2.0MB
MD5

715f50e21178a7c6c789899029289315
SHA1

4deaa75c5556bd45cdd75e245045f93387e22bf1
SHA256

b35578f9139989039d4f2944b6f6e8b9756374c2345192454d97523431d79645
SHA512

10405e9503c30128c24fd54a2c3243e299f0aae63cc4995d279882e036c90997909d0395116f949a5fae8b50e3382b04948fced1eceee80babe7001429c7c59e
SSDEEP

49152:lHoz31weaIOyyKTAwRhOQC+8+YktHRFcbtUKA:mbKeE+YwHRkeK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b35578f9139989039d4f2944b6f6e8b9756374c2345192454d97523431d79645

Files

b35578f9139989039d4f2944b6f6e8b9756374c2345192454d97523431d79645
.exe windows:10 windows x64 arch:x64

e9eea786081b4c933668a85b70f83fd7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

vssvc.pdb

Imports

msvcrt

??1type_info@@UEAA@XZ
iswspace
?terminate@@YAXXZ
_commode
_fmode
_wcmdln
_initterm
__setusermatherr
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
_CxxThrowException
??0exception@@QEAA@AEBQEBDH@Z
_callnewh
?what@exception@@UEBAPEBDXZ
memmove_s
??0exception@@QEAA@AEBQEBD@Z
wcsstr
_lock
wcstok
_errno
wcsrchr
_beginthreadex
wcstoul
towupper
wcsncmp
memmove
_wcsicmp
iswdigit
_vsnprintf
_wcsnicmp
_purecall
wcscat_s
_vsnprintf_s
malloc
realloc
free
??0exception@@QEAA@XZ
memcpy_s
??0exception@@QEAA@AEBV0@@Z
??1exception@@UEAA@XZ
_vsnwprintf
_unlock
__dllonexit
_onexit
memset
_vscwprintf
__CxxFrameHandler3
memcpy
qsort
__C_specific_handler
memcmp
wcscmp

oleaut32

GetErrorInfo
SysFreeString
VariantClear
LoadRegTypeLi
VarUI4FromStr
VariantCopy
VariantInit
SysAllocStringLen
SysStringLen
SysAllocString
VariantChangeType

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-synch-l1-1-0

InitializeCriticalSection
DeleteCriticalSection
WaitForSingleObjectEx
OpenSemaphoreW
EnterCriticalSection
LeaveCriticalSection
SetEvent
InitializeCriticalSectionAndSpinCount
WaitForMultipleObjectsEx
WaitForSingleObject
CreateWaitableTimerExW
SetWaitableTimer
CancelWaitableTimer
CreateEventW
ReleaseMutex
CreateMutexExW
CreateSemaphoreExW
ReleaseSemaphore
ResetEvent

api-ms-win-core-errorhandling-l1-1-0

SetErrorMode
RaiseException
GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceComplete
InitOnceBeginInitialize

api-ms-win-core-processthreads-l1-1-0

ResumeThread
OpenProcessToken
GetCurrentProcessId
OpenThread
CreateThread
GetStartupInfoW
GetCurrentThreadId
GetCurrentThread
OpenThreadToken
GetCurrentProcess
TerminateProcess
SetThreadPriority

api-ms-win-core-com-l1-1-0

CoSetProxyBlanket
CoTaskMemRealloc
CoTaskMemFree
CoImpersonateClient
CoFreeUnusedLibraries
CoTaskMemAlloc
CoGetClassObject
CLSIDFromString
CoCreateInstance
CoGetObjectContext
CoRegisterClassObject
CoCreateGuid
CoInitializeSecurity
CoDisconnectContext
CoInitializeEx
CoRevertToSelf
CoRevokeClassObject
StringFromCLSID
CoUninitialize

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-memory-l1-1-0

VirtualProtect
VirtualAlloc
VirtualQuery

api-ms-win-core-sysinfo-l1-1-0

GetSystemWindowsDirectoryW
GetSystemDirectoryW
GetSystemTimeAsFileTime
GetTickCount64
GetVersionExW
GetSystemInfo
GetTickCount
GetComputerNameExW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetModuleFileNameW
GetModuleHandleExW
FindResourceExW
LoadResource
SizeofResource
LoadStringW
GetModuleFileNameA
GetProcAddress
FreeLibrary
LoadLibraryExW

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap
HeapSetInformation

api-ms-win-core-string-l2-1-0

CharPrevW
CharNextW

api-ms-win-core-registry-l1-1-0

RegDeleteValueW
RegQueryValueExW
RegCreateKeyExW
RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegDeleteTreeW
RegEnumValueW
RegSetValueExW
RegCloseKey

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW
lstrcpynW

ntdll

RtlNtStatusToDosError
RtlAdjustPrivilege
EtwTraceMessage
NtThawRegistry
NtFreezeRegistry
NtClose
NtCreateSymbolicLinkObject
RtlInitUnicodeString
NtThawTransactions
NtFreezeTransactions
NtQuerySystemInformation
RtlNtStatusToDosErrorNoTeb
NtQueryVolumeInformationFile
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle

api-ms-win-service-core-l1-1-0

StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerExW
SetServiceStatus

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentVariableW
GetCommandLineW
ExpandEnvironmentStringsW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-file-l1-1-0

SetFileAttributesW
WriteFile
FlushFileBuffers
FindFirstVolumeW
GetFileAttributesW
DeleteFileW
ReadFile
GetDriveTypeW
GetDiskFreeSpaceW
DefineDosDeviceW
DeleteVolumeMountPointW
GetVolumeInformationW
CreateDirectoryW
CreateFileW
FindNextVolumeW
GetVolumePathNameW
QueryDosDeviceW
FindFirstFileW
FindNextFileW
FindClose
FindVolumeClose

api-ms-win-core-io-l1-1-0

DeviceIoControl
GetOverlappedResult

api-ms-win-core-file-l1-2-0

GetVolumeNameForVolumeMountPointW
GetVolumePathNamesForVolumeNameW

api-ms-win-security-base-l1-1-0

FreeSid
AllocateAndInitializeSid
GetTokenInformation
GetLengthSid
CheckTokenMembership
PrivilegeCheck
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AdjustTokenPrivileges
AddAccessAllowedAce
EqualSid
SetSecurityDescriptorOwner
CopySid
SetSecurityDescriptorGroup
GetAclInformation
DuplicateToken
AddAce
AddAccessDeniedAceEx
AddAccessAllowedAceEx
IsValidSid
AccessCheck
GetSidSubAuthorityCount
EqualDomainSid
CreateWellKnownSid
InitializeAcl
GetAce

api-ms-win-core-kernel32-legacy-l1-1-1

SetVolumeMountPointW

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventWriteTransfer
EventSetInformation
EventUnregister

rpcrt4

RpcStringFreeW
UuidToStringW
I_RpcBindingInqLocalClientPID

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-service-private-l1-1-0

I_ScRegisterDeviceNotification
I_ScUnregisterDeviceNotification

api-ms-win-core-kernel32-legacy-l1-1-0

GetComputerNameW

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

vssapi

CreateWriterEx
VssFreeSnapshotPropertiesInternal
CreateVssSnapshotSetDescription
LoadVssSnapshotSetDescription
CreateWriter

devobj

DevObjGetClassDevs
DevObjDestroyDeviceInfoList
DevObjCreateDeviceInfoList
DevObjEnumDeviceInterfaces
DevObjGetDeviceInterfaceDetail
DevObjUninstallDevice
DevObjGetDeviceRegistryProperty
DevObjEnumDeviceInfo

vsstrace

ord6
ord3
ord10
ord4
ord1
ord2
ord8
ord7
ord11
ord9
ord5

api-ms-win-eventlog-legacy-l1-1-0

ReportEventW
DeregisterEventSource
RegisterEventSourceW

authz

AuthzReportSecurityEventFromParams
AuthzRegisterSecurityEventSource
AuthzUnregisterSecurityEventSource

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-timezone-l1-1-0

GetTimeZoneInformation

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

virtdisk

GetStorageDependencyInformation

bcd

BcdCloseObject
BcdForciblyUnloadStore
BcdOpenSystemStore
BcdOpenObject
BcdGetElementData
BcdCloseStore

api-ms-win-core-util-l1-1-0

EncodePointer

Sections

.text
Size: 988KB - Virtual size: 987KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 459KB - Virtual size: 458KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 336B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 568KB - Virtual size: 572KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e9eea786081b4c933668a85b70f83fd7

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

oleaut32

api-ms-win-core-localization-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

ntdll

api-ms-win-service-core-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-io-l1-1-0

api-ms-win-core-file-l1-2-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-1

api-ms-win-eventing-provider-l1-1-0

rpcrt4

api-ms-win-core-file-l2-1-0

api-ms-win-service-private-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-profile-l1-1-0

vssapi

devobj

vsstrace

api-ms-win-eventlog-legacy-l1-1-0

authz

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-psapi-l1-1-0

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

virtdisk

bcd

api-ms-win-core-util-l1-1-0

Sections

.text Size: 988KB - Virtual size: 987KB

.rdata Size: 459KB - Virtual size: 458KB

.data Size: 1KB - Virtual size: 4KB

.pdata Size: 32KB - Virtual size: 32KB

.didat Size: 512B - Virtual size: 336B

.rsrc Size: 20KB - Virtual size: 19KB

.reloc Size: 568KB - Virtual size: 572KB

.text
Size: 988KB - Virtual size: 987KB

.rdata
Size: 459KB - Virtual size: 458KB

.data
Size: 1KB - Virtual size: 4KB

.pdata
Size: 32KB - Virtual size: 32KB

.didat
Size: 512B - Virtual size: 336B

.rsrc
Size: 20KB - Virtual size: 19KB

.reloc
Size: 568KB - Virtual size: 572KB