665c542113ebe609e7341afa253c0f9a68907b3745124782ab6221fcd5f0e730

Sharing

Copy URL Twitter E-mail

General

Target

665c542113ebe609e7341afa253c0f9a68907b3745124782ab6221fcd5f0e730
Size

469KB
MD5

8ae8219fe89e59c925476c79a13ad5ac
SHA1

708f90e5b06746b40ddd19ba99d4bacda2cd5692
SHA256

665c542113ebe609e7341afa253c0f9a68907b3745124782ab6221fcd5f0e730
SHA512

08d4c87d04383f772192736d66da50de9982002cacb2a2adf367f27696cf479c56f5e656d169704180e54ddb2c90822f7828b28ecb7f3831146f95a0917b0234
SSDEEP

12288:91k+ZFOncE/VyeeS+IZBuqWPqFTfTVpDXr0skp4Ni3WxSwv4Iy+8Q+8N+8Lae:rkDWS+IZBuqWPqFTfTVpG4NimcBIjCzI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
665c542113ebe609e7341afa253c0f9a68907b3745124782ab6221fcd5f0e730

Files

665c542113ebe609e7341afa253c0f9a68907b3745124782ab6221fcd5f0e730
.exe windows:5 windows x86 arch:x86

a332e15bb05f45944ee8e10822955064

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\Git\Product\ServiSign\CGServiSign\Release\OriginalServiSignMonitor.pdb

Imports

gdiplus

GdipCreateBitmapFromScan0
GdipGetImageEncodersSize
GdiplusStartup
GdiplusShutdown
GdipGetImageEncoders
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipSaveImageToFile

pthreadvc1

pthread_create

psapi

GetModuleBaseNameW
EnumProcesses
EnumProcessModules

kernel32

ReadConsoleW
GetConsoleMode
GetTimeZoneInformation
InterlockedDecrement
Sleep
CreateDirectoryW
SizeofResource
FindFirstFileW
HeapFree
EnterCriticalSection
FindNextFileW
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
FindClose
HeapSize
GetLastError
LockResource
DeleteFileW
HeapReAlloc
CloseHandle
RaiseException
FindResourceExW
LoadResource
FindResourceW
HeapAlloc
DecodePointer
HeapDestroy
DeleteCriticalSection
GetProcessHeap
GetModuleHandleW
GetStartupInfoW
GetCurrentProcess
TerminateProcess
GetModuleFileNameW
GetTempPathW
CreateMutexW
WaitForSingleObject
GetFileAttributesW
ReleaseMutex
OpenProcess
CreateToolhelp32Snapshot
MultiByteToWideChar
Process32NextW
Process32FirstW
LoadLibraryW
GetWindowsDirectoryW
GetProcAddress
CreateProcessW
FreeLibrary
WideCharToMultiByte
InterlockedIncrement
GetExitCodeProcess
OpenEventW
CreateEventW
SetEvent
GetCommandLineA
GetVersionExW
GetSystemDirectoryW
GetNativeSystemInfo
ReadFile
WriteFile
CreateFileW
LocalFree
GetCurrentProcessId
GetCurrentThreadId
GetSystemTime
ExpandEnvironmentStringsA
GetWindowsDirectoryA
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetFileType
GetACP
GetStdHandle
GetModuleFileNameA
GetModuleHandleExW
ExitProcess
QueryPerformanceFrequency
VirtualQuery
VirtualProtect
VirtualAlloc
GetSystemInfo
LoadLibraryExW
RtlUnwind
OutputDebugStringW
InitializeSListHead
QueryPerformanceCounter
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
GetCPInfo
GetLocaleInfoW
LCMapStringW
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetStdHandle
GetConsoleCP
FlushFileBuffers
SetFilePointerEx
WriteConsoleW
ResetEvent
SetEndOfFile
CompareStringW
GetStringTypeW
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetLastError
EncodePointer
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP

user32

GetMessageW
PostMessageW
FindWindowExW
DestroyWindow
EnumChildWindows
CreateWindowExW
SendMessageW
UnregisterClassW
CreatePopupMenu
TrackPopupMenu
DispatchMessageW
RegisterClassW
MessageBoxIndirectW
DestroyMenu
TranslateMessage
LoadIconW
FindWindowW
wsprintfW
GetClientRect
AppendMenuW
PostQuitMessage
RegisterWindowMessageW
SetForegroundWindow
GetCursorPos
GetKeyState
IsWindow
DefWindowProcW
DestroyIcon

gdi32

CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
CreateDCW
GetDeviceCaps
DeleteDC
GetObjectW
DeleteObject
BitBlt

advapi32

InitializeSecurityDescriptor
GetUserNameW
SetSecurityDescriptorDacl

shell32

SHGetFolderPathW
SHGetSpecialFolderPathA
ShellExecuteW
Shell_NotifyIconW
SHGetSpecialFolderPathW

oleaut32

SysAllocStringByteLen
SysStringByteLen
SysStringLen
SysAllocStringLen
VariantClear
SysAllocString
SysFreeString

shlwapi

PathFindExtensionW

wtsapi32

WTSRegisterSessionNotification

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Sections

.text
Size: 301KB - Virtual size: 300KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a332e15bb05f45944ee8e10822955064

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

gdiplus

pthreadvc1

psapi

kernel32

user32

gdi32

advapi32

shell32

oleaut32

shlwapi

wtsapi32

version

Sections

.text Size: 301KB - Virtual size: 300KB

.rdata Size: 94KB - Virtual size: 94KB

.data Size: 6KB - Virtual size: 55KB

.gfids Size: 2KB - Virtual size: 1KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 47KB - Virtual size: 47KB

.reloc Size: 16KB - Virtual size: 16KB

.text
Size: 301KB - Virtual size: 300KB

.rdata
Size: 94KB - Virtual size: 94KB

.data
Size: 6KB - Virtual size: 55KB

.gfids
Size: 2KB - Virtual size: 1KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 47KB - Virtual size: 47KB

.reloc
Size: 16KB - Virtual size: 16KB