7a9370fb54e61a21b7ab004a63ccb8571df3b9cbc037d40864d978d56e05373b

Sharing

Copy URL Twitter E-mail

General

Target

7a9370fb54e61a21b7ab004a63ccb8571df3b9cbc037d40864d978d56e05373b
Size

2.4MB
MD5

7ea02631614000ed0a1e1321d07993ad
SHA1

8ba2639b273e5c478439e91cc2d57cf78cd219e3
SHA256

7a9370fb54e61a21b7ab004a63ccb8571df3b9cbc037d40864d978d56e05373b
SHA512

fd8cff05c184cdd0624871e5d659cd83d7fad09f91dc7418e357124260386a3c919df0f69787bdca2d5f9982f06418bdb1c1b0dfa8e8e08af3cd47650cbbe080
SSDEEP

24576:24yjNqczVwtfPjZ/KyKhidrnwvYaHJtjL2OACyytd7jr2q+:246WtfPjZ/K6SnLQ2r2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7a9370fb54e61a21b7ab004a63ccb8571df3b9cbc037d40864d978d56e05373b

Files

7a9370fb54e61a21b7ab004a63ccb8571df3b9cbc037d40864d978d56e05373b
.exe windows:6 windows x64 arch:x64

02b025153a0a8f087cb608832b1f4837

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\buildagent-cd_8812\p4\1503238666\sw\Bin\System_Tools\FPT\Windows64\FPTW.pdb

Imports

kernel32

GetModuleHandleA
LoadLibraryExA
VirtualQuery
VirtualProtect
GetSystemInfo
SetEndOfFile
WriteConsoleW
HeapSize
SetDefaultDllDirectories
SetDllDirectoryW
SetConsoleCtrlHandler
DeleteFileW
GetFileAttributesW
SetFileAttributesW
WriteFile
GetWindowsDirectoryW
GetNativeSystemInfo
Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection
IsWow64Process
FindResourceExW
LoadResource
LockResource
SizeofResource
GetCurrentThread
GetCurrentProcess
CloseHandle
CreateFileW
DeviceIoControl
GetProcAddress
SetErrorMode
GetStdHandle
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
ReadFile
GetOverlappedResult
WaitForSingleObject
CreateEventA
Sleep
FormatMessageA
GetCurrentProcessId
GetSystemTimeAsFileTime
GetProcessHeap
GetLastError
GetStringTypeW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentThreadId
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
InterlockedPushEntrySList
InterlockedFlushSList
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
EncodePointer
RaiseException
RtlPcToFileHeader
GetDriveTypeW
GetFileInformationByHandle
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetFullPathNameW
ExitProcess
GetModuleHandleExW
GetConsoleCP
GetTimeZoneInformation
GetModuleFileNameW
GetCommandLineA
GetCommandLineW
HeapFree
HeapAlloc
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
SetCurrentDirectoryW
GetCurrentDirectoryW
MultiByteToWideChar
SetStdHandle
ReadConsoleW
SetFilePointerEx
GetFileSizeEx
WideCharToMultiByte
SetConsoleMode
GetNumberOfConsoleInputEvents
ReadConsoleInputW
PeekConsoleInputA
HeapReAlloc
OutputDebugStringW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
RtlUnwind

advapi32

QueryServiceConfigA
OpenServiceW
DeleteService
CreateServiceW
ControlService
CloseServiceHandle
OpenProcessToken
OpenThreadToken
StartServiceA
OpenServiceA
AccessCheck
AddAccessAllowedAce
AdjustTokenPrivileges
AllocateAndInitializeSid
DuplicateToken
FreeSid
GetLengthSid
InitializeAcl
InitializeSecurityDescriptor
IsValidSecurityDescriptor
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
InitiateSystemShutdownA
OpenSCManagerA

api-ms-win-power-base-l1-1-0

GetPwrCapabilities

powrprof

SetSuspendState

api-ms-win-devices-config-l1-1-1

CM_Get_DevNode_PropertyW
CM_Get_Device_Interface_PropertyW

setupapi

CM_Locate_DevNodeW
CM_Get_Device_Interface_List_SizeW
CM_Get_Device_Interface_ListW

Sections

.text
Size: 735KB - Virtual size: 734KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 194KB - Virtual size: 194KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

02b025153a0a8f087cb608832b1f4837

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

api-ms-win-power-base-l1-1-0

powrprof

api-ms-win-devices-config-l1-1-1

setupapi

Sections

.text Size: 735KB - Virtual size: 734KB

.rdata Size: 194KB - Virtual size: 194KB

.data Size: 1.4MB - Virtual size: 1.4MB

.pdata Size: 36KB - Virtual size: 35KB

.didat Size: 512B - Virtual size: 32B

_RDATA Size: 512B - Virtual size: 384B

.rsrc Size: 44KB - Virtual size: 44KB

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 735KB - Virtual size: 734KB

.rdata
Size: 194KB - Virtual size: 194KB

.data
Size: 1.4MB - Virtual size: 1.4MB

.pdata
Size: 36KB - Virtual size: 35KB

.didat
Size: 512B - Virtual size: 32B

_RDATA
Size: 512B - Virtual size: 384B

.rsrc
Size: 44KB - Virtual size: 44KB

.reloc
Size: 6KB - Virtual size: 6KB