91589b168ec9d6434c5c5a381d9e6290N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

91589b168ec9d6434c5c5a381d9e6290N.exe
Size

1.2MB
MD5

91589b168ec9d6434c5c5a381d9e6290
SHA1

1f01e197e829290fb8764712953e9f34ff67b78a
SHA256

28ff1b45b5b868a146535ceb38f475b62d4bde1b87c343e04d83709a3a1b7157
SHA512

3faeb26ba460925574bdf6bb222cfe5a2d60e8bad9b671588b2c45ffa909f1a5ce2aa6b9ee9db923f54d0f73388e7d112fd055fd5fd68390e462213f0e8f5e00
SSDEEP

24576:Y0U6vGWQMFuobcLnplqb6qy3C2oR5VrAS58b:gpScjpcmn3CbR5NAS5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
91589b168ec9d6434c5c5a381d9e6290N.exe

Files

91589b168ec9d6434c5c5a381d9e6290N.exe
.exe windows:6 windows x86 arch:x86

90b4b4b79ecce600a0e5ce835238c6a2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

wbengine.pdb

Imports

advapi32

RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
TraceMessage
DuplicateTokenEx
GetUserNameW
RegQueryValueExW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids
SetServiceStatus
CloseServiceHandle
OpenServiceW
OpenSCManagerW
AddAce
InitializeAcl
GetSecurityDescriptorControl
MakeAbsoluteSD
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
InitializeSecurityDescriptor
CreateServiceW
DeleteService
ControlService
IsValidSid
GetAclInformation
SetSecurityDescriptorDacl
GetLengthSid
SetSecurityDescriptorOwner
CopySid
SetSecurityDescriptorGroup
GetSidSubAuthority
InitializeSid
GetSidLengthRequired
LookupAccountNameW
RegEnumValueW
IsValidSecurityDescriptor
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW
InitiateShutdownW
RegGetValueW
TraceEvent
RegLoadKeyW
RegUnLoadKeyW
CheckTokenMembership
SetSecurityInfo
GetSecurityDescriptorLength
GetSecurityInfo
EventRegister
EventEnabled
EventWrite
EventUnregister
OpenThreadToken
SetThreadToken
ControlTraceW
OpenProcessToken
LogonUserW
ImpersonateLoggedOnUser
RevertToSelf
ConvertSidToStringSidW
LookupPrivilegeValueW
AdjustTokenPrivileges
SetNamedSecurityInfoW
LsaOpenPolicy
LsaNtStatusToWinError
LsaQueryInformationPolicy
GetWindowsAccountDomainSid
EqualSid
LsaFreeMemory
LsaClose
ConvertStringSecurityDescriptorToSecurityDescriptorW
EnumDependentServicesW
QueryServiceStatus

kernel32

FindNextVolumeW
FindFirstVolumeW
GetTickCount
LocalAlloc
CreateThread
WaitForSingleObjectEx
GetCurrentThreadId
CreateWaitableTimerW
HeapSetInformation
GetCommandLineW
CopyFileW
DeviceIoControl
FindVolumeClose
GetFullPathNameW
GetSystemWindowsDirectoryW
GetTimeZoneInformation
OutputDebugStringW
TlsGetValue
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
SetErrorMode
CreateSymbolicLinkW
CancelIoEx
GetFileAttributesExW
QueryDosDeviceW
DeleteVolumeMountPointW
SetWaitableTimer
GetLogicalDrives
SetVolumeMountPointW
GetLocalTime
SetLastError
GetLongPathNameW
GetFileSize
SetFileValidData
SetFilePointerEx
SetEndOfFile
SleepEx
GetVolumeInformationW
CancelIo
SetFilePointer
GetOverlappedResult
GetCurrentThread
CopyFileExW
GetSystemDirectoryW
GetTempPathW
GetTickCount64
GetVersionExW
GetProductInfo
GetSystemInfo
GetWindowsDirectoryW
GetComputerNameExW
ExpandEnvironmentStringsW
FindFirstFileW
FindNextFileW
RemoveDirectoryW
GetFileInformationByHandle
SetFileAttributesW
GetVolumeNameForVolumeMountPointW
GetFileInformationByHandleEx
SetFileInformationByHandle
CreateDirectoryW
GetVolumePathNamesForVolumeNameW
GetDiskFreeSpaceExW
GetFileAttributesW
OutputDebugStringA
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
GetStartupInfoW
InterlockedCompareExchange
GetEnvironmentVariableW
CompareStringW
GetVolumePathNameW
GetDriveTypeW
SystemTimeToFileTime
SetThreadExecutionState
Sleep
SetVolumeLabelW
WriteFile
FlushFileBuffers
MoveFileExW
ReadFile
DeleteFileW
FileTimeToLocalFileTime
FindClose
CreateFileW
GetFileSizeEx
CompareFileTime
FileTimeToSystemTime
GetSystemTime
MoveFileW
GetSystemTimeAsFileTime
LocalFree
ResetEvent
WaitForSingleObject
SetEvent
InitializeCriticalSectionAndSpinCount
CreateEventW
CloseHandle
GetModuleFileNameW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
FreeLibrary
lstrcmpiW
GetModuleHandleW
GetProcAddress
LoadLibraryW
InterlockedDecrement
InterlockedIncrement
GetLastError
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
lstrlenW
GetVersionExA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
InterlockedExchange

user32

CharUpperW
GetMessageW
TranslateMessage
LoadStringW
CharNextW
DispatchMessageW
PostThreadMessageW
UnregisterClassA
MessageBoxW

msvcrt

wcsncmp
swscanf_s
calloc
_wcsnicmp
_CxxThrowException
_vsnwprintf
_wcsicmp
_ftol2
memmove_s
memcpy
memset
__dllonexit
_lock
_onexit
??1type_info@@UAE@XZ
swprintf_s
memmove
_exit
_ultow_s
realloc
__set_app_type
strncmp
_wcsupr
_snwscanf_s
_wcslwr
_vsnprintf
wcscspn
towlower
_wgetenv
_wtol
_wcstoi64
wcstok_s
_XcptFilter
exit
_wcmdln
memcpy_s
_initterm
_amsg_exit
wcscpy_s
wcscat_s
_unlock
wcschr
_scwprintf
_resetstkoflw
__wgetmainargs
wcsstr
_cexit
_controlfp
__setusermatherr
__p__commode
wcsrchr
__p__fmode
??2@YAPAXI@Z
_purecall
__CxxFrameHandler3
wcsncpy_s
_except_handler4_common
?terminate@@YAXXZ
wcsnlen
free
malloc
??3@YAXPAX@Z
_errno
wcstoul

ntdll

RtlGUIDFromString
LdrGetProcedureAddress
RtlInitAnsiString
LdrGetDllHandle
NtDeleteFile
NtQueryInformationFile
NtQueryVolumeInformationFile
NtResetEvent
RtlGetVersion
NtQuerySymbolicLinkObject
NtOpenSymbolicLinkObject
NtAllocateUuids
RtlNtStatusToDosError
NtSetInformationKey
RtlClearBits
RtlSetBits
RtlCompareMemory
RtlNumberOfSetBits
RtlClearAllBits
RtlInitializeBitMap
RtlDosPathNameToNtPathName_U
RtlSetAllBits
RtlAreBitsClear
RtlAreBitsSet
RtlNumberOfClearBits
RtlFindNextForwardRunClear
RtlCreateSystemVolumeInformationFolder
WinSqmAddToStreamEx
RtlUnlockBootStatusData
RtlGetSetBootStatusData
RtlFreeUnicodeString
RtlStringFromGUID
NtCreateEvent
NtDeviceIoControlFile
NtWaitForSingleObject
NtQuerySystemInformation
NtDeleteKey
NtCreateFile
NtSaveKey
NtSetValueKey
NtQueryValueKey
NtDeleteValueKey
NtCreateKey
NtSetSecurityObject
RtlAllocateAndInitializeSid
RtlLengthSid
RtlCreateAcl
RtlAddAccessAllowedAceEx
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlLengthSecurityDescriptor
RtlSetOwnerSecurityDescriptor
RtlFreeSid
NtOpenThreadToken
NtOpenProcessToken
NtAdjustPrivilegesToken
NtLoadKey
NtUnloadKey
NtQueryAttributesFile
NtQueryKey
NtEnumerateKey
NtOpenKey
NtClose
RtlAllocateHeap
RtlFreeHeap
RtlGetLastNtStatus
WinSqmAddToStream
RtlInitUnicodeString
NtOpenFile

ole32

CoImpersonateClient
CoRevertToSelf
CoCreateGuid
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
StringFromGUID2
CoCreateInstance
CoUninitialize
CoInitializeEx
CoSuspendClassObjects
CoRevokeClassObject
CoRegisterClassObject
CoResumeClassObjects
CoInitializeSecurity
CreateStreamOnHGlobal

oleaut32

VarBstrCmp
VariantInit
VariantCopy
VariantClear
SysFreeString
VarUI4FromStr
VarBstrCat
SysAllocStringLen
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysStringLen
SysStringByteLen
SysAllocStringByteLen
SysAllocString
SystemTimeToVariantTime

rpcrt4

RpcStringFreeW
UuidToStringW
UuidFromStringW
UuidCreate

vssapi

VssFreeSnapshotPropertiesInternal
CreateVssBackupComponentsInternal
CreateVssExamineWriterMetadataInternal

setupapi

SetupEnumPublishedInfW
SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceRegistryPropertyW
SetupGetInfDriverStoreLocationW

netapi32

NetShareAdd
NetShareDel
NetShareGetInfo
NetApiBufferFree

xmllite

CreateXmlReaderInputWithEncodingName
CreateXmlReader

bcrypt

BCryptOpenAlgorithmProvider
BCryptCreateHash
BCryptGetProperty
BCryptHashData
BCryptFinishHash
BCryptCloseAlgorithmProvider
BCryptDestroyHash

virtdisk

AttachVirtualDisk
CompactVirtualDisk
GetVirtualDiskPhysicalPath
OpenVirtualDisk
DetachVirtualDisk
GetStorageDependencyInformation
GetVirtualDiskOperationProgress
GetVirtualDiskInformation

clusapi

GetNodeClusterState

Exports

Exports

??0CTraceFailureHelper@@QAE@AAVCTraceProvider@@JPBGKPBX@Z
??0CTraceFunction@@QAE@AAVCTraceProvider@@PBGH1PBX@Z
??0CTraceHelper@@QAE@AAVCTraceProvider@@PBGKPBX@Z
??0CTraceProvider@@QAE@W4COMPONENT_CODE@@@Z
??1CTraceFunction@@QAE@XZ
??1CTraceProvider@@QAE@XZ
??4CTraceProvider@@QAEAAV0@ABV0@@Z
?EtwEnabled@CTraceProvider@@QAE_NW4TRACE_FLAG@@@Z
?EtwTrace@CTraceProvider@@QAEXABUDLS_TRACE_EVENT@@@Z
?OdsEnabled@CTraceProvider@@QAE_NW4TRACE_FLAG@@@Z
?OdsTrace@CTraceProvider@@QAEXABUDLS_TRACE_EVENT@@@Z
?QueryTaskId@CTraceProvider@@SG?AU_GUID@@XZ
?SetTraceControlInfo@CTraceProvider@@QAEX_N_KK@Z
?Trace@CTraceProvider@@QAEXW4TRACE_FLAG@@PBGKPBX1PAD@Z
?TraceMessage@CTraceFailureHelper@@QAAXPBGZZ
?TraceMessage@CTraceHelper@@QAAXW4TRACE_FLAG@@PBGZZ
?m_dwTraceCurrSize@CTraceProvider@@0KA
?m_dwTraceLevel@CTraceProvider@@0KA
?m_dwTraceMaxNum@CTraceProvider@@0KA
?m_dwTraceMaxSize@CTraceProvider@@0KA
?m_dwTraceNextNum@CTraceProvider@@0KA
?m_errLogCriticalSection@CTraceProvider@@0U_RTL_CRITICAL_SECTION@@A
?m_errorFile@CTraceProvider@@0PAU_iobuf@@A
?m_errorTracingInBadState@CTraceProvider@@0_NA
?m_isCriticalSectionIntialized@CTraceProvider@@0_NA

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 108KB - Virtual size: 110KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

tqzqdcv
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

90b4b4b79ecce600a0e5ce835238c6a2

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

user32

msvcrt

ntdll

ole32

oleaut32

rpcrt4

vssapi

setupapi

netapi32

xmllite

bcrypt

virtdisk

clusapi

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.data Size: 4KB - Virtual size: 8KB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 108KB - Virtual size: 110KB

tqzqdcv Size: - Virtual size: 4KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 4KB - Virtual size: 8KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 108KB - Virtual size: 110KB

tqzqdcv
Size: - Virtual size: 4KB