c2a1bcdca8506dad51122fed8ece09b634cce2316467bdd07730018d8c4c1fad

Sharing

Copy URL Twitter E-mail

General

Target

c2a1bcdca8506dad51122fed8ece09b634cce2316467bdd07730018d8c4c1fad
Size

839KB
MD5

9ba4e1309e1f174fd8f2f5160e819fe3
SHA1

123c9f909097d0a55f5ebebc35373882a1c0af5e
SHA256

c2a1bcdca8506dad51122fed8ece09b634cce2316467bdd07730018d8c4c1fad
SHA512

ae174638023790670be4bcdaebea146f809a4cd7d952107294cda0cdd8088d186c0246eb572e592f953206d4795d9a81441c2f00e0a2f08f1b518599d41f032f
SSDEEP

24576:ltvuApfrmUeS9u7Xw+Qmtb5JPjXAxrTir7CIrkX/E5/H47h:l5uApzmUeS9u7Xw+QmDPaTWuCkX/EHEh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c2a1bcdca8506dad51122fed8ece09b634cce2316467bdd07730018d8c4c1fad

Files

c2a1bcdca8506dad51122fed8ece09b634cce2316467bdd07730018d8c4c1fad
.exe windows:6 windows x86 arch:x86

f750a1060e1563fb7279e65daf549962

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

G:\AProManagement\JavaGuardService\services\Release\service.pdb

Imports

kernel32

DeleteCriticalSection
ResetEvent
GetModuleHandleW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
GetCurrentDirectoryW
LeaveCriticalSection
EnterCriticalSection
WideCharToMultiByte
Process32FirstW
Process32NextW
GetLastError
Sleep
CreateEventW
CreateToolhelp32Snapshot
GetCurrentThreadId
WaitForSingleObject
GetModuleFileNameW
GetTickCount
CreateSemaphoreA
GetProcessHeap
GetProcAddress
HeapAlloc
GetModuleHandleA
DuplicateHandle
IsDBCSLeadByteEx
IsValidCodePage
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
SetLastError
QueryPerformanceFrequency
MultiByteToWideChar
DecodePointer
EncodePointer
GetCurrentThread
TryEnterCriticalSection
CreateFileW
DeleteFileW
RaiseException
GetFileAttributesW
GetFileAttributesExW
RemoveDirectoryW
DeviceIoControl
CopyFileW
AreFileApisANSI
GetCurrentProcess
HeapFree
LocalFree
FormatMessageA
CreateEventA
CloseHandle
WaitForSingleObjectEx
SetEvent
WaitForMultipleObjectsEx
ReleaseSemaphore
GetModuleFileNameA
LoadLibraryW
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
VirtualProtect
VirtualFree
OpenEventA
SetWaitableTimer
VirtualAlloc
GetVersionExW
LoadLibraryExW
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
ResumeThread
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetThreadPriority
SetThreadPriority
CreateThread
SwitchToThread
GetLogicalProcessorInformation
SignalObjectAndWait
CreateTimerQueue
CreateWaitableTimerA
SystemTimeToFileTime
InitializeCriticalSectionEx
SleepEx
VerifyVersionInfoA
LoadLibraryA
GetStdHandle
GetFileType
ReadFile
GetSystemDirectoryA
VerSetConditionMask
ExpandEnvironmentStringsA
WaitForMultipleObjects
FreeLibrary
PeekNamedPipe
CreateDirectoryW

user32

wsprintfW

advapi32

CryptReleaseContext
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptDestroyKey
CryptImportKey
CryptEncrypt
DeregisterEventSource
CreateServiceW
CryptAcquireContextA
CloseServiceHandle
OpenSCManagerW
SetServiceStatus
DeleteService
RegisterServiceCtrlHandlerW
ControlService
StartServiceCtrlDispatcherW
OpenServiceW
RegisterEventSourceW
ReportEventW

shell32

ShellExecuteExW

vcruntime140

__std_exception_destroy
memmove
__std_exception_copy
_purecall
memchr
__std_terminate
__vcrt_InitializeCriticalSectionEx
memset
_CxxThrowException
_except_handler4_common
__CxxFrameHandler3
memcpy
__RTDynamicCast
__uncaught_exception
__current_exception
__processing_throw
memcmp
strrchr
strchr
__AdjustPointer
strstr

api-ms-win-crt-runtime-l1-1-0

_configure_narrow_argv
_initialize_narrow_environment
exit
__sys_nerr
_initialize_onexit_table
_getpid
_register_onexit_function
_crt_atexit
_cexit
_seh_filter_exe
_set_app_type
strerror
_get_narrow_winmain_command_line
_invalid_parameter_noinfo_noreturn
_initterm
_exit
_c_exit
_register_thread_local_exe_atexit_callback
_invalid_parameter_noinfo
_controlfp_s
_errno
_initterm_e
abort
terminate
_beginthreadex

api-ms-win-crt-locale-l1-1-0

___mb_cur_max_func
___lc_codepage_func
___lc_locale_name_func
localeconv
setlocale
___lc_collate_cp_func
_configthreadlocale
__pctype_func
_lock_locales
_unlock_locales

api-ms-win-crt-heap-l1-1-0

_malloc_base
calloc
_callnewh
_calloc_base
free
_realloc_base
malloc
realloc
_free_base
_set_new_mode

api-ms-win-crt-convert-l1-1-0

strtof
strtoul
strtod
atoi
strtol
strtoll
mbstowcs

api-ms-win-crt-stdio-l1-1-0

ungetc
setvbuf
fseek
_fsopen
fsetpos
_fseeki64
_get_stream_buffer_pointers
fgetpos
__stdio_common_vswprintf_s
fopen
fwrite
__p__commode
fgetc
fclose
_set_fmode
fflush
fgets
fputc
__stdio_common_vsprintf
fread
__stdio_common_vsscanf
__stdio_common_vsprintf_s
_read
_write
_lseeki64
_close
_open
__acrt_iob_func
__stdio_common_vfprintf
fputs

api-ms-win-crt-string-l1-1-0

isupper
_wcsdup
islower
isspace
tolower
__strncnt
strspn
strncpy
strcspn
_strdup
strncmp
wcsnlen
_stricmp

api-ms-win-crt-time-l1-1-0

_localtime64
_time64
_gmtime64
_Strftime
_Gettnames
_Wcsftime
_W_Gettnames
_Getdays
_W_Getmonths
_W_Getdays
_Getmonths

api-ms-win-crt-math-l1-1-0

__setusermatherr
ldexp
frexp
_CIexp
_CIsqrt
_except1
modf
_dtest
_libm_sse2_pow_precise

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file
_access
_stat64
_fstat64

api-ms-win-crt-multibyte-l1-1-0

_mbspbrk
_ismbblead

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-environment-l1-1-0

getenv

ws2_32

gethostname
recvfrom
listen
ioctlsocket
sendto
accept
WSAStartup
WSACleanup
WSAGetLastError
socket
__WSAFDIsSet
select
WSASetLastError
recv
send
bind
closesocket
connect
getpeername
getsockname
getsockopt
htons
ntohs
setsockopt
WSAIoctl
getaddrinfo
freeaddrinfo

wldap32

ord79
ord35
ord33
ord32
ord27
ord26
ord22
ord41
ord50
ord60
ord211
ord46
ord217
ord143
ord200
ord30
ord301

Sections

.text
Size: 661KB - Virtual size: 660KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 124KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f750a1060e1563fb7279e65daf549962

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-multibyte-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-environment-l1-1-0

ws2_32

wldap32

Sections

.text Size: 661KB - Virtual size: 660KB

.rdata Size: 124KB - Virtual size: 124KB

.data Size: 13KB - Virtual size: 17KB

.tls Size: 512B - Virtual size: 9B

.gfids Size: 4KB - Virtual size: 4KB

.rsrc Size: 1024B - Virtual size: 984B

.reloc Size: 33KB - Virtual size: 33KB

.text
Size: 661KB - Virtual size: 660KB

.rdata
Size: 124KB - Virtual size: 124KB

.data
Size: 13KB - Virtual size: 17KB

.tls
Size: 512B - Virtual size: 9B

.gfids
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 1024B - Virtual size: 984B

.reloc
Size: 33KB - Virtual size: 33KB