MService[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

MService.exe
Size

3.3MB
MD5

1cfc0145bb597d259ff62e903c6240d5
SHA1

9207e91333742dac24802a7087f27db57dd8c27d
SHA256

b494b6e2c523ea8c5e5f9b4549cb7cd31c2762d780e834f9b331f315833fee9d
SHA512

e41816f453b6f882d0bec1a94eaec1c4745bcc2e6345519ed907bfd22d1948f8820cde330a35b07e6295f9e190035422319b24fb01a1a949f1738ed086e31544
SSDEEP

12288:HN31RhAZmxkTV/7Cz2OgI9KeA4sIEkX/:HN31RhOV/7fPOsIE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
MService.exe

Files

MService.exe
.exe windows:6 windows x86 arch:x86

45500e419b24cba61754e87c3395b7fd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\_Code\02. Utils\12. MSCenter\01. MSService_2015\Release\MSService.pdb

Imports

mfc140

ord8180
ord4582
ord12191
ord12182
ord5894
ord1471
ord3844
ord12310
ord2166
ord6831
ord993
ord6323
ord14582
ord6324
ord14583
ord6322
ord14581
ord7964
ord12474
ord14380
ord11927
ord11928
ord2027
ord7905
ord12888
ord4082
ord4143
ord9353
ord14507
ord7886
ord8672
ord12484
ord12485
ord2484
ord10330
ord5336
ord8285
ord4580
ord12806
ord12869
ord10383
ord12190
ord8347
ord1468
ord7618
ord8429
ord2200
ord2241
ord4869
ord14048
ord9422
ord6505
ord458
ord12115
ord7459
ord14514
ord14512
ord485
ord2263
ord2370
ord4656
ord5095
ord1650
ord6724
ord2376
ord2381
ord2251
ord8718
ord4655
ord7461
ord9192
ord12116
ord462
ord7078
ord1111
ord2210
ord9083
ord1064
ord4210
ord3140
ord6464
ord10986
ord12074
ord6193
ord13677
ord2758
ord9167
ord1109
ord8997
ord10963
ord11343
ord10421
ord4084
ord3395
ord3396
ord3159
ord6104
ord6195
ord13681
ord3298
ord3295
ord10207
ord8173
ord2759
ord14699
ord10237
ord10239
ord10238
ord10236
ord10240
ord5631
ord11671
ord11672
ord9096
ord12032
ord3830
ord3825
ord11881
ord14502
ord10384
ord12163
ord6947
ord10950
ord9213
ord3259
ord13798
ord12205
ord12201
ord1717
ord1739
ord1765
ord13199
ord1772
ord4920
ord4987
ord4932
ord4950
ord4944
ord4938
ord4997
ord4981
ord4926
ord5003
ord4958
ord4896
ord4911
ord4972
ord4493
ord12554
ord9647
ord4485
ord3050
ord14510
ord7887
ord14508
ord6848
ord4468
ord11663
ord14149
ord13628
ord5911
ord5401
ord2680
ord12067
ord3933
ord3363
ord3364
ord3258
ord12111
ord1000
ord5228
ord5528
ord5739
ord9305
ord5504
ord5231
ord5390
ord5210
ord7687
ord7688
ord7677
ord5388
ord8182
ord9166
ord3689
ord1389
ord890
ord13011
ord1106
ord4639
ord13966
ord450
ord2518
ord6460
ord3597
ord6533
ord6463
ord3874
ord2520
ord6540
ord1449
ord976
ord8776
ord1140
ord2880
ord1700
ord12294
ord5862
ord11907
ord500
ord8322
ord14328
ord14334
ord8679
ord1693
ord4315
ord3841
ord266
ord265
ord1507
ord6475
ord2298
ord4705
ord2881
ord1142
ord503
ord2894
ord4796
ord1706
ord14537
ord11917
ord5869
ord1446
ord14592
ord973
ord12529
ord5493
ord6529
ord321
ord2394
ord8426
ord12194
ord12162
ord12870
ord7962
ord998
ord6835
ord7406
ord5742
ord5937
ord7452
ord10202
ord1411
ord8922
ord12583
ord4807
ord12863
ord12826
ord12706
ord2986
ord5898
ord1696
ord1692
ord1529
ord1526
ord2001
ord929
ord1183
ord1044
ord310
ord300
ord974
ord6153
ord1629
ord1639
ord4607
ord2869
ord4787
ord305
ord316
ord3005
ord14238
ord1058
ord346
ord12503
ord12541
ord5866
ord8146
ord1192
ord12635
ord3952
ord5861
ord1654
ord2523
ord8467
ord554
ord2003
ord567
ord12372
ord4806
ord307
ord311
ord2411
ord2336
ord273
ord1066
ord362
ord6768
ord262
ord4841
ord3230
ord14571
ord12348
ord14518
ord12291
ord4725
ord8140
ord5286
ord5102
ord1661
ord5850
ord5565
ord12725
ord5769
ord5491
ord5562
ord13198
ord5564
ord1751
ord494
ord2387
ord5560
ord2383
ord14509
ord1509
ord2407

kernel32

LocalFree
FormatMessageA
lstrcpynA
lstrlenA
CopyFileA
CreateToolhelp32Snapshot
Process32First
Process32Next
InitializeCriticalSection
GetModuleHandleA
GetProcAddress
WritePrivateProfileStringA
SetCurrentDirectoryA
MultiByteToWideChar
GetLocalTime
GetPrivateProfileStringA
CopyFileExA
ResumeThread
GetTickCount
FindVolumeClose
WriteFile
MapViewOfFile
UnmapViewOfFile
GetModuleFileNameA
OpenFileMappingA
GetPrivateProfileIntA
FindFirstVolumeA
FindNextVolumeA
GetVolumePathNamesForVolumeNameA
DecodePointer
RaiseException
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
InitializeCriticalSectionEx
OpenProcess
GetExitCodeProcess
TerminateProcess
Sleep
WaitForSingleObject
GetLastError
CloseHandle
OutputDebugStringA
SetFileAttributesA
RemoveDirectoryA
GetFileAttributesA
FindNextFileA
FindFirstFileA
FindClose
DeleteFileA
CreateDirectoryA
GetSystemDirectoryA
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
CreateFileA
OutputDebugStringW
GetCurrentDirectoryA
GetFileType
ReadFile
SetFilePointer
SetFileTime
DuplicateHandle
GetCurrentProcess
DosDateTimeToFileTime
SystemTimeToFileTime
SetEvent
CreateEventA
GetTempPathA
GetFileInformationByHandle
GetFileSize
FileTimeToDosDateTime
CreateFileMappingA
FileTimeToSystemTime
SetLastError
GetModuleFileNameW
GetModuleHandleW
LoadLibraryW
UnhandledExceptionFilter
EnterCriticalSection
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
ResetEvent
WaitForSingleObjectEx
CreateEventW
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId

user32

KillTimer
ReleaseDC
InvalidateRect
GetClientRect
LoadBitmapW
GetMessageExtraInfo
PostThreadMessageA
mouse_event
GetSystemMetrics
SetCursorPos
GetCursorPos
SetTimer
IsIconic
GetSystemMenu
AppendMenuA
DrawIcon
GetDC
GetWindowLongA
SetWindowLongA
GetWindowThreadProcessId
LoadIconW
UnregisterClassA
ScreenToClient
PostMessageA
GetWindowRect
SendMessageA
PeekMessageA
DispatchMessageA
ShowWindow
TranslateMessage
EnableWindow

gdi32

CreatePen
DeleteObject
GetStockObject
CreateDCA
MoveToEx
GetDIBits
TextOutA
GetObjectA
SelectObject
DeleteDC
CreateCompatibleDC
LineTo
BitBlt
CreateCompatibleBitmap

advapi32

RegOpenKeyExA
RegDeleteValueA
RegSetValueExA
RegCreateKeyExA
RegCloseKey
RegQueryValueExA

shell32

SHFileOperationA
ShellExecuteA

oleaut32

VarUdateFromDate
VariantTimeToSystemTime
SystemTimeToVariantTime
SysFreeString

ws2_32

WSACleanup
accept
bind
htons
listen
WSASocketA
WSAStartup
connect
ioctlsocket
inet_addr
select
socket
gethostname
gethostbyname
getsockname
closesocket
getpeername
setsockopt
send
recv
inet_ntoa
__WSAFDIsSet
WSAGetLastError

gdiplus

GdipGetImageEncodersSize
GdipDrawImageRectI
GdipDeleteGraphics
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipSaveImageToFile
GdipDisposeImage
GdipCloneImage
GdiplusShutdown
GdiplusStartup
GdipFree
GdipAlloc
GdipGetImageEncoders

vcruntime140

memcpy
__std_type_info_destroy_list
_except_handler4_common
__vcrt_InitializeCriticalSectionEx
memmove
_CxxThrowException
memset
__CxxFrameHandler3
__std_terminate

api-ms-win-crt-time-l1-1-0

_gmtime64_s
_mktime64
_tzset
_time64
strftime
_localtime64_s

api-ms-win-crt-filesystem-l1-1-0

_access
_findnext64i32
_findfirst64i32
_findclose

api-ms-win-crt-math-l1-1-0

__setusermatherr
_except1
ceil

api-ms-win-crt-string-l1-1-0

strcpy_s
strncpy_s
_stricmp
strcat_s

api-ms-win-crt-multibyte-l1-1-0

_mbsstr
_mbsnbcpy

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf_s
fwrite
fclose
fopen_s
__p__commode
_set_fmode
fflush

api-ms-win-crt-convert-l1-1-0

atoi
atol

api-ms-win-crt-heap-l1-1-0

realloc
_set_new_mode
_recalloc
malloc
free
calloc

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo
_exit
_initterm_e
_initterm
_get_narrow_winmain_command_line
_c_exit
_set_app_type
_register_thread_local_exe_atexit_callback
terminate
_controlfp_s
_cexit
_crt_at_quick_exit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_beginthreadex
_seh_filter_exe
exit
_errno

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
_setmbcp

Sections

.text
Size: 291KB - Virtual size: 291KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

45500e419b24cba61754e87c3395b7fd

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mfc140

kernel32

user32

gdi32

advapi32

shell32

oleaut32

ws2_32

gdiplus

vcruntime140

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-multibyte-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 291KB - Virtual size: 291KB

.rdata Size: 93KB - Virtual size: 93KB

.data Size: 2KB - Virtual size: 4KB

.gfids Size: 512B - Virtual size: 88B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 2.9MB - Virtual size: 2.9MB

.reloc Size: 35KB - Virtual size: 34KB

.text
Size: 291KB - Virtual size: 291KB

.rdata
Size: 93KB - Virtual size: 93KB

.data
Size: 2KB - Virtual size: 4KB

.gfids
Size: 512B - Virtual size: 88B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 2.9MB - Virtual size: 2.9MB

.reloc
Size: 35KB - Virtual size: 34KB