2333b62cc5afcd4c90816c8742ff45c17e2abaeef4a45891e07238f47893556e

Sharing

Copy URL Twitter E-mail

General

Target

2333b62cc5afcd4c90816c8742ff45c17e2abaeef4a45891e07238f47893556e
Size

756KB
MD5

461890fe766d229aa352d733e1d975ce
SHA1

c82faa9e95347c785908adc9930065d23919ddf5
SHA256

2333b62cc5afcd4c90816c8742ff45c17e2abaeef4a45891e07238f47893556e
SHA512

8babc0e648c91ec1718b75c962f2e150804f0772427b1c5322c24c9f7cc4fe212f02ca700bcf669b768aee22596c6814be7fadfc38fda110f27102569f28899d
SSDEEP

12288:r6qNhDBZ7y0cwUBL8252uui8FbECP7BhdfswdJ0NXdU8ZWH7DEP1rCJ7U3t:2qNhDBNWwt2rR8FfBhRJUEbDk1ulUd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2333b62cc5afcd4c90816c8742ff45c17e2abaeef4a45891e07238f47893556e

Files

2333b62cc5afcd4c90816c8742ff45c17e2abaeef4a45891e07238f47893556e
.exe windows:6 windows x64 arch:x64

a62b67897853e4da700f8b5772849862

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Per key\Desktop\AcerLightingService_SourceCode\AcerLightingService\x64\Release\AcerLightingService.pdb

Imports

hid

HidD_GetPreparsedData
HidD_FreePreparsedData
HidD_SetFeature
HidD_GetFeature
HidP_GetCaps
HidD_GetAttributes
HidD_GetHidGuid

setupapi

SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInterfaces

ws2_32

WSAStartup
getaddrinfo
listen
socket
connect
accept
ioctlsocket
setsockopt
closesocket
select
WSACleanup
getsockopt
send
recv

kernel32

TerminateProcess
GetModuleFileNameW
LeaveCriticalSection
InitializeCriticalSection
GetEnvironmentVariableW
InitializeCriticalSectionEx
WaitForSingleObject
OpenProcess
CreateToolhelp32Snapshot
CreateEventW
ProcessIdToSessionId
Sleep
GetLastError
Process32NextW
OutputDebugStringW
SetEvent
DeleteFileW
Process32FirstW
CloseHandle
RaiseException
EnterCriticalSection
WTSGetActiveConsoleSessionId
DeleteCriticalSection
WideCharToMultiByte
ReadFile
WriteFile
CreateFileW
GetPrivateProfileStringW
ResetEvent
WritePrivateProfileStringW
HeapFree
HeapSize
HeapReAlloc
HeapAlloc
HeapDestroy
GetProcessHeap
DisconnectNamedPipe
FreeLibrary
ConnectNamedPipe
SizeofResource
LockResource
FindResourceExW
LoadResource
FindResourceW
LocalFree
MultiByteToWideChar
InitializeSListHead
GetSystemTimeAsFileTime
SetNamedPipeHandleState
WaitNamedPipeW
CreateNamedPipeW
IsDebuggerPresent
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
WaitForSingleObjectEx
GetModuleHandleW
GetProcAddress
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
CreateThread

advapi32

RegCloseKey
QueryServiceStatusEx
DuplicateTokenEx
GetUserNameW
GetLengthSid
OpenServiceW
StartServiceCtrlDispatcherW
CreateServiceW
InitializeSecurityDescriptor
ConvertStringSecurityDescriptorToSecurityDescriptorW
QueryServiceStatus
ChangeServiceConfig2W
DeleteService
ControlService
RegisterServiceCtrlHandlerExW
RegQueryValueExW
CloseServiceHandle
OpenSCManagerW
SetTokenInformation
AllocateAndInitializeSid
SetServiceStatus
OpenProcessToken
StartServiceW
RegOpenKeyExW
CreateProcessAsUserW

ole32

CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
CoUninitialize
CoCreateInstance

oleaut32

VariantInit
VariantCopy
SafeArrayUnaccessData
SafeArrayCreate
SafeArrayAccessData
VariantChangeType
SysFreeString
SysAllocString
VariantClear

msvcp140

??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?uncaught_exception@std@@YA_NXZ
?id@?$ctype@_W@std@@2V0locale@2@A
?_Xout_of_range@std@@YAXPEBD@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?_Xlength_error@std@@YAXPEBD@Z
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEBA?AVlocale@2@XZ
?_Init@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXXZ
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?widen@?$ctype@_W@std@@QEBA_WD@Z
?_Getcat@?$codecvt@_WDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?unshift@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?out@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEB_W1AEAPEB_WPEAD3AEAPEAD@Z
?in@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEA_W3AEAPEA_W@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
?_Xinvalid_argument@std@@YAXPEBD@Z
_Query_perf_frequency
?_Throw_Cpp_error@std@@YAXH@Z
?_Throw_C_error@std@@YAXH@Z
_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_init_in_situ
_Cnd_do_broadcast_at_thread_exit
_Thrd_sleep
_Thrd_id
_Query_perf_counter
_Xtime_get_ticks
_Thrd_join
_Mtx_unlock

shlwapi

PathRemoveFileSpecW

imagehlp

MakeSureDirectoryPathExists

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

wtsapi32

WTSQueryUserToken

vcruntime140_1

__CxxFrameHandler4

vcruntime140

_CxxThrowException
memcpy
__current_exception_context
__current_exception
__std_exception_copy
__std_terminate
wcsstr
strstr
_purecall
memmove
memset
__C_specific_handler
__std_exception_destroy

api-ms-win-crt-stdio-l1-1-0

fgetc
__p__commode
setvbuf
ungetwc
fputwc
fgetwc
__stdio_common_vfwprintf
__stdio_common_vsprintf
__stdio_common_vfprintf
fwrite
fclose
fflush
__acrt_iob_func
__stdio_common_vswprintf_s
_fseeki64
fgetpos
ungetc
_set_fmode
fsetpos

api-ms-win-crt-string-l1-1-0

_wcsicmp
wcscat_s
wmemcpy_s
strtok
wcscpy_s
strcmp

api-ms-win-crt-time-l1-1-0

_ftime64_s
_localtime64_s
wcsftime
_time64

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlink
_unlock_file

api-ms-win-crt-heap-l1-1-0

free
_callnewh
_set_new_mode
malloc

api-ms-win-crt-runtime-l1-1-0

_beginthreadex
_invalid_parameter_noinfo
_errno
_invalid_parameter_noinfo_noreturn
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_register_thread_local_exe_atexit_callback
_seh_filter_exe
_set_app_type
terminate
_get_initial_narrow_environment
_initterm
_initterm_e
exit
_exit
_c_exit
__p___argc
__p___argv
_cexit

api-ms-win-crt-convert-l1-1-0

mbstowcs
_wtoi
wcstoul

api-ms-win-crt-math-l1-1-0

sqrtf
log10f
__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 133KB - Virtual size: 133KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 568KB - Virtual size: 572KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a62b67897853e4da700f8b5772849862

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

hid

setupapi

ws2_32

kernel32

advapi32

ole32

oleaut32

msvcp140

shlwapi

imagehlp

userenv

wtsapi32

vcruntime140_1

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 133KB - Virtual size: 133KB

.rdata Size: 46KB - Virtual size: 45KB

.data Size: 1KB - Virtual size: 6KB

.pdata Size: 5KB - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 568KB - Virtual size: 572KB

.text
Size: 133KB - Virtual size: 133KB

.rdata
Size: 46KB - Virtual size: 45KB

.data
Size: 1KB - Virtual size: 6KB

.pdata
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 568KB - Virtual size: 572KB