4a31abba0e271b527a692e02b303b4970a84addd2bec417652dcfd1089463787

Sharing

Copy URL Twitter E-mail

General

Target

4a31abba0e271b527a692e02b303b4970a84addd2bec417652dcfd1089463787
Size

1.6MB
MD5

22cc0fb4e24d1bb7e88cff9d182ca85c
SHA1

426c282753dc5ef44a8ea1f942475ee6745c73ef
SHA256

4a31abba0e271b527a692e02b303b4970a84addd2bec417652dcfd1089463787
SHA512

e70535991f181865d5b62a00d7c05ad08d8b5d7d72696cfaed000ece9cfc74d3efe9487c56d66edcfb631a063fc5aab47ec035ae03d1aee92c561070a88c50bb
SSDEEP

12288:JJAMg4BH/IJmGvJtYGyDqNsINnX+s/u3t6z5Y32w7ErGgRfmwWrp0:Li48HYGDnssGU1Y32SXg1mJt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4a31abba0e271b527a692e02b303b4970a84addd2bec417652dcfd1089463787

Files

4a31abba0e271b527a692e02b303b4970a84addd2bec417652dcfd1089463787
.exe windows:6 windows x64 arch:x64

c12e16ab91898eb83294ed6c84222fa2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\Project\AsusLinkNear\AsusSync\x64\Release\GlideXWirelessService.pdb

Imports

kernel32

CreateMutexW
CreateFileW
ReleaseMutex
DisconnectNamedPipe
CreateEventW
GetLastError
SetEvent
GetOverlappedResult
WaitNamedPipeW
ConnectNamedPipe
FlushFileBuffers
GetExitCodeProcess
HeapFree
MultiByteToWideChar
LoadLibraryW
ResetEvent
HeapAlloc
GetProcAddress
GetProcessHeap
CreateProcessW
FreeLibrary
WideCharToMultiByte
GetExitCodeThread
TerminateThread
GetNamedPipeClientProcessId
GetCurrentProcessId
TlsGetValue
TlsAlloc
EncodePointer
FormatMessageW
WriteConsoleW
GetConsoleMode
GetConsoleOutputCP
HeapReAlloc
HeapSize
SetFilePointerEx
GetStringTypeW
K32GetModuleFileNameExW
CreateNamedPipeW
WriteFile
ReadFile
CreateThread
TerminateProcess
CloseHandle
WaitForSingleObject
lstrcmpiW
GetModuleHandleW
Sleep
OpenProcess
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
SetLastError
InterlockedPushEntrySList
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetFileType
EnumSystemLocalesW
RaiseException
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
GetModuleFileNameW
WaitForSingleObjectEx
LCMapStringW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetStdHandle
GetModuleHandleExW
ExitProcess
GetCommandLineW
GetCommandLineA
LoadLibraryExW
TlsFree
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
TlsSetValue

user32

GetWindowThreadProcessId
GetMessageW
DefWindowProcW
PostMessageW
CreateWindowExW
LoadCursorW
RegisterClassExW
DispatchMessageW
TranslateMessage
LoadIconW
FindWindowW
PostQuitMessage

advapi32

EventUnregister
RegOpenKeyExW
RegCloseKey
EventWriteTransfer
EventRegister
EventSetInformation
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegQueryValueExW

ole32

CoInitializeEx
CoTaskMemAlloc
CoCreateInstance
CoUninitialize
CoCreateFreeThreadedMarshaler

oleaut32

SysAllocString
SetErrorInfo
GetErrorInfo
SysFreeString
SysStringLen

wlanapi

WlanEnumInterfaces
WlanOpenHandle
WlanCloseHandle
WlanFreeMemory
WlanQueryInterface

iphlpapi

GetAdaptersAddresses

ws2_32

WSAStartup
WSACleanup
WSAGetLastError
htons
inet_ntoa
connect
ntohs
GetHostNameW
accept
closesocket
socket
getsockname
inet_addr
listen
bind

Sections

.text
Size: 208KB - Virtual size: 208KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.2MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c12e16ab91898eb83294ed6c84222fa2

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

oleaut32

wlanapi

iphlpapi

ws2_32

Sections

.text Size: 208KB - Virtual size: 208KB

.rdata Size: 109KB - Virtual size: 109KB

.data Size: 32KB - Virtual size: 37KB

.pdata Size: 10KB - Virtual size: 10KB

_RDATA Size: 512B - Virtual size: 252B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 1.2MB - Virtual size: 1.9MB

.text
Size: 208KB - Virtual size: 208KB

.rdata
Size: 109KB - Virtual size: 109KB

.data
Size: 32KB - Virtual size: 37KB

.pdata
Size: 10KB - Virtual size: 10KB

_RDATA
Size: 512B - Virtual size: 252B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1.2MB - Virtual size: 1.9MB