181908a38405aa6cc4412341ec2397d996d71e5aebdf9cc739064d827111d3ea

Sharing

Copy URL

Twitter E-mail

General

Target

181908a38405aa6cc4412341ec2397d996d71e5aebdf9cc739064d827111d3ea
Size

1.2MB
MD5

8c54ffd8ff3426a31f83423865817b28
SHA1

8ed33c8ff20ad6c8cc2f9901113684cab796b915
SHA256

181908a38405aa6cc4412341ec2397d996d71e5aebdf9cc739064d827111d3ea
SHA512

0e950b560c3784f85231e7c4053920cc639d293c9fdaa5955aa50b0191ba7e46c71c8a04ea2e877f6d169aa168dfd17bdd3d45c8487e7eb5e4b203266c242b2c
SSDEEP

24576:gyN+Wn/cBuMunBTwtxmG0i7w23CqZVoAcF3rwZMc/UeXBwt5w:gljB4nBTwt7ZDH40ZjLS0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
181908a38405aa6cc4412341ec2397d996d71e5aebdf9cc739064d827111d3ea

Files

181908a38405aa6cc4412341ec2397d996d71e5aebdf9cc739064d827111d3ea
.exe windows:6 windows x64 arch:x64

c06854c2417f95fced1b126b270c511c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\BuildAgent\work\45c3e5cc11d0cfa1\iclsClient\Output\x64\Release-UWD\TPMProvisioningService.pdb

Imports

shlwapi

PathAppendW
PathRemoveFileSpecW

shell32

SHGetKnownFolderPath

kernel32

ClosePrivateNamespace
CreateEventW
SetUnhandledExceptionFilter
OpenEventW
WaitForSingleObject
SetEvent
TerminateProcess
AddSIDToBoundaryDescriptor
IsProcessorFeaturePresent
CreateProcessW
FileTimeToSystemTime
GetCurrentThreadId
Sleep
GetLocalTime
GetSystemTimeAsFileTime
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
CreateBoundaryDescriptorW
WaitForMultipleObjects
CreateMutexW
GetModuleFileNameW
DeleteCriticalSection
CreatePrivateNamespaceW
__C_specific_handler
RaiseException
CreateThread
ResetEvent
IsDebuggerPresent
UnhandledExceptionFilter
HeapFree
LocalFree
CloseHandle
GetLastError
FormatMessageW
QueryPerformanceCounter
GetCurrentProcessId
MultiByteToWideChar
ReadFile
FindFirstFileW
GetCurrentProcess
HeapAlloc
GetProcessHeap
RtlVirtualUnwind
VerSetConditionMask
VerifyVersionInfoW
GetStdHandle
SetConsoleMode
GetConsoleMode
WriteFile
SetFilePointer
FindClose
GetModuleHandleW
LoadLibraryExW
GetUserDefaultLangID
SystemTimeToTzSpecificLocalTime
RtlLookupFunctionEntry
RtlCaptureContext
GetFileTime
ReleaseMutex
CreateFileW
LoadLibraryW
DeleteFileW
FreeLibrary
SetDllDirectoryW
OutputDebugStringW
GetProcAddress
WaitForSingleObjectEx
FindNextFileW
InitializeSListHead
MoveFileW

advapi32

EventRegister
EventSetInformation
EventUnregister
GetSidSubAuthority
GetTokenInformation
RegCloseKey
StartServiceCtrlDispatcherW
OpenProcessToken
RegisterServiceCtrlHandlerW
RegOpenKeyExW
SetServiceStatus
AdjustTokenPrivileges
LookupPrivilegeValueW
RegQueryValueExW
EventWriteTransfer
CreateWellKnownSid

oleaut32

SysFreeString
VariantInit
VariantClear
SysAllocString

ole32

CoInitializeSecurity
CoCreateInstance
CoTaskMemFree
CoUninitialize
CoInitializeEx

setupapi

CM_Get_Device_ID_List_SizeW
CM_Get_DevNode_Registry_PropertyW
CM_Locate_DevNodeW
CM_Get_Device_ID_ListW
CM_Open_DevNode_Key

user32

LoadStringW

msvcp140

?_Xruntime_error@std@@YAXPEBD@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Makeloc@_Locimp@locale@std@@CAPEAV123@AEBV_Locinfo@3@HPEAV123@PEBV23@@Z
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@_N@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?uncaught_exception@std@@YA_NXZ
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A
?id@?$ctype@_W@std@@2V0locale@2@A
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@_W@Z
?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WD@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
??1_Lockit@std@@QEAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?narrow@?$ctype@_W@std@@QEBAD_WD@Z
?widen@?$ctype@_W@std@@QEBA_WD@Z
??Bid@locale@std@@QEAA_KXZ
?_Getname@_Locinfo@std@@QEBAPEBDXZ
??1_Locinfo@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@HPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_J@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@H@Z
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?__ExceptionPtrCreate@@YAXPEAX@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrCompare@@YA_NPEBX0@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEBX@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAH@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAI@Z
?tolower@?$ctype@_W@std@@QEBA_W_W@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
??0_Lockit@std@@QEAA@H@Z
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__RTDynamicCast
memchr
memcmp
memcpy
memmove
__current_exception_context
__std_exception_destroy
__std_exception_copy
__std_terminate
_purecall
__std_type_info_name
_CxxThrowException
memset
__std_type_info_compare
__current_exception

api-ms-win-crt-heap-l1-1-0

free
_callnewh
_set_new_mode
malloc

api-ms-win-crt-runtime-l1-1-0

_crt_atexit
_cexit
_initialize_wide_environment
_seh_filter_exe
_register_onexit_function
_get_initial_wide_environment
_invalid_parameter_noinfo_noreturn
_invalid_parameter_noinfo
_initterm
_initterm_e
exit
_exit
_errno
__p___argc
__p___wargv
_c_exit
_register_thread_local_exe_atexit_callback
_configure_wide_argv
_initialize_onexit_table
_set_app_type
terminate

api-ms-win-crt-convert-l1-1-0

_itoa_s
wcstombs_s

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode
__stdio_common_vsprintf_s

api-ms-win-crt-string-l1-1-0

wcsnlen
strcat_s
strcpy_s

api-ms-win-crt-filesystem-l1-1-0

remove
rename
_stat64i32

api-ms-win-crt-environment-l1-1-0

_dupenv_s

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-time-l1-1-0

_time64
_localtime64_s
strftime

Sections

.text
Size: 501KB - Virtual size: 500KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 49KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 572KB - Virtual size: 576KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c06854c2417f95fced1b126b270c511c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

shell32

kernel32

advapi32

oleaut32

ole32

setupapi

user32

msvcp140

vcruntime140_1

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-time-l1-1-0

Sections

.text Size: 501KB - Virtual size: 500KB

.rdata Size: 102KB - Virtual size: 102KB

.data Size: 49KB - Virtual size: 53KB

.pdata Size: 37KB - Virtual size: 36KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 572KB - Virtual size: 576KB

.text
Size: 501KB - Virtual size: 500KB

.rdata
Size: 102KB - Virtual size: 102KB

.data
Size: 49KB - Virtual size: 53KB

.pdata
Size: 37KB - Virtual size: 36KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 572KB - Virtual size: 576KB