156e5631-d22f-455a-9dfa-1ec895986097[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

156e5631-d22f-455a-9dfa-1ec895986097.exe
Size

2.9MB
MD5

f34c9ac503a18450ebd66e7f587675ae
SHA1

4985bac1c64f8193dd058792eaeb533a28f99447
SHA256

a2ba1141b619fa8d15576b76c4aebccbeed061247f0cccb2855d8fe0c87c10f4
SHA512

b11b4b4ab43ef14522999fdcd76f264a45395125096991d905fc29ee9e22372dcfe286d84620543de9c01e0c793104d40ca92028d034a1fc326e2e4fe57d5b62
SSDEEP

49152:e5NpLteEjhzSvGMmy+GHImHwnF8Qj4o7z//sCAlCooSMNS1ftclLMcEsAGSdkq6i:utFfydtG5Tbo+mhX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
156e5631-d22f-455a-9dfa-1ec895986097.exe

Files

156e5631-d22f-455a-9dfa-1ec895986097.exe
.exe windows:6 windows x86 arch:x86

2eaad2c8bdfdf08b6a58c124d00b6154

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Git\Command_Line_Tool\bin\x86_Debug\GLHubUpdateToolCli.pdb

Imports

kernel32

SetEndOfFile
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
GetTimeZoneInformation
HeapQueryInformation
HeapSize
HeapReAlloc
ReadConsoleW
SetFilePointerEx
GetFileSizeEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
ExitProcess
SetEnvironmentVariableW
GetDriveTypeW
GetCommandLineW
GetCommandLineA
GetModuleFileNameW
SetCurrentDirectoryW
CreateThread
WaitForSingleObject
Sleep
FindNextFileW
FindFirstFileW
FindClose
WriteConsoleW
GetFileType
GetSystemInfo
HeapValidate
GetModuleHandleExW
RtlUnwind
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
GetLastError
QueryPerformanceCounter
QueryPerformanceFrequency
ReleaseMutex
CreateMutexW
CloseHandle
CreateFileW
DeleteFileW
GetFileSize
SetFilePointer
WriteFile
OutputDebugStringA
GetCurrentThreadId
GetLocalTime
lstrcmpA
lstrcpyA
VerSetConditionMask
GetCurrentProcess
GetModuleHandleA
GetModuleHandleW
GetProcAddress
LocalAlloc
LocalFree
lstrcmpW
lstrcmpiW
lstrcpyW
lstrlenW
VerifyVersionInfoW
DeviceIoControl
Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection
FormatMessageA
DecodePointer
RaiseException
SetLastError
InitializeCriticalSectionEx
DeleteCriticalSection
TerminateProcess
OpenProcess
K32GetModuleFileNameExW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
SetThreadExecutionState
InitializeCriticalSection
FreeLibrary
LoadLibraryW
FileTimeToLocalFileTime
FileTimeToSystemTime
MultiByteToWideChar
WideCharToMultiByte
OutputDebugStringW
GetExitCodeProcess
ReadFile
CreatePipe
CreateProcessW
HeapAlloc
HeapFree
GetProcessHeap
GetStdHandle
GetCurrentProcessId
AllocConsole
FreeConsole
AttachConsole
CreateFileA
lstrcmpiA
lstrcpynA
EnterCriticalSection
LeaveCriticalSection
CreateEventW
GetFileAttributesExW
GetPrivateProfileIntA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileSectionA
FormatMessageW
GetCurrentDirectoryW
CreateDirectoryW
FindFirstFileExW
GetFileInformationByHandle
GetFullPathNameW
RemoveDirectoryW
AreFileApisANSI
EncodePointer
DuplicateHandle
WaitForSingleObjectEx
SwitchToThread
GetCurrentThread
TryEnterCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
GetStringTypeW
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
SetEvent
ResetEvent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
VirtualQuery
CreateTimerQueue
SignalObjectAndWait
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
FreeLibraryAndExitThread
LoadLibraryExW
GetVersionExW
VirtualAlloc
VirtualProtect
VirtualFree
ReleaseSemaphore
InterlockedPopEntrySList

user32

SendMessageW
PeekMessageW
MsgWaitForMultipleObjects
DispatchMessageW
EnumDisplayMonitors
MessageBoxA
wsprintfW
CharUpperW
SendMessageTimeoutW
FindWindowW
GetWindowThreadProcessId

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

shlwapi

SHDeleteKeyW
PathFileExistsW
SHDeleteKeyA
SHDeleteEmptyKeyA

setupapi

CM_Get_Sibling
CM_Get_Child
SetupDiCallClassInstaller
SetupDiSetDeviceRegistryPropertyW
SetupDiGetDeviceInstallParamsW
SetupDiDeleteDevRegKey
CM_Locate_DevNodeA
CM_Get_Parent
SetupDiOpenClassRegKeyExW
SetupDiClassGuidsFromNameExW
SetupDiGetDeviceInstanceIdA
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailA
SetupDiGetClassDevsA
SetupDiGetDeviceRegistryPropertyA
SetupDiOpenDeviceInfoA
SetupDiChangeState
SetupDiOpenDevRegKey
SetupDiSetClassInstallParamsW
SetupDiGetDeviceRegistryPropertyW
CM_Get_Device_IDA
CM_Get_DevNode_Registry_PropertyA
CM_Get_DevNode_Registry_PropertyW
SetupDiSetDeviceRegistryPropertyA

dxva2

GetPhysicalMonitorsFromHMONITOR
CapabilitiesRequestAndCapabilitiesReply
GetCapabilitiesStringLength
SetVCPFeature
GetVCPFeatureAndVCPFeatureReply
DestroyPhysicalMonitors
GetNumberOfPhysicalMonitorsFromHMONITOR

bcrypt

BCryptExportKey
BCryptImportKeyPair
BCryptFinalizeKeyPair
BCryptDestroyKey
BCryptSignHash
BCryptVerifySignature
BCryptDestroyHash
BCryptFinishHash
BCryptHashData
BCryptCreateHash
BCryptCloseAlgorithmProvider
BCryptGetProperty
BCryptOpenAlgorithmProvider
BCryptGenerateKeyPair

hid

HidD_GetHidGuid
HidP_GetCaps
HidD_FreePreparsedData
HidD_GetFeature
HidD_SetFeature
HidD_GetPreparsedData
HidD_GetAttributes

winusb

WinUsb_ResetPipe
WinUsb_FlushPipe
WinUsb_SetPowerPolicy
WinUsb_SetPipePolicy
WinUsb_QueryPipe
WinUsb_QueryDeviceInformation
WinUsb_QueryInterfaceSettings
WinUsb_Free
WinUsb_Initialize
WinUsb_ControlTransfer

advapi32

OpenProcessToken
LookupPrivilegeValueW
RegCloseKey
RegDeleteValueW
RegQueryValueExW
RegSetValueExW
InitiateSystemShutdownA
CloseServiceHandle
OpenSCManagerW
RegUnLoadKeyA
RegSaveKeyA
RegRestoreKeyA
RegReplaceKeyA
RegNotifyChangeKeyValue
RegLoadKeyA
RegFlushKey
RegDeleteValueA
RegConnectRegistryW
RegDeleteKeyA
RegOpenKeyExW
RegQueryValueExA
RegSetValueExA
RegQueryInfoKeyA
RegOpenKeyExA
RegEnumKeyExA
RegCreateKeyExA
QueryServiceStatus
QueryServiceConfig2W
QueryServiceConfigW
OpenServiceW
AdjustTokenPrivileges

shell32

ShellExecuteExW

ole32

CoCreateGuid

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 546KB - Virtual size: 546KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.msvcjmc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2eaad2c8bdfdf08b6a58c124d00b6154

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

version

shlwapi

setupapi

dxva2

bcrypt

hid

winusb

advapi32

shell32

ole32

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.rdata Size: 546KB - Virtual size: 546KB

.data Size: 13KB - Virtual size: 27KB

.msvcjmc Size: 8KB - Virtual size: 7KB

.rsrc Size: 24KB - Virtual size: 23KB

.reloc Size: 100KB - Virtual size: 99KB

.text
Size: 2.2MB - Virtual size: 2.2MB

.rdata
Size: 546KB - Virtual size: 546KB

.data
Size: 13KB - Virtual size: 27KB

.msvcjmc
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 24KB - Virtual size: 23KB

.reloc
Size: 100KB - Virtual size: 99KB