windir-with-silentcleanup-task[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

windir-with-silentcleanup-task.exe
Size

2.7MB
MD5

d365a7c9abf2b951ae37ef5dbf38e0b2
SHA1

dd932ffe8495ff0f8fa07fb79c98ac750f519ea2
SHA256

ddbe1cdb28f8c34590c497b54a87bff60690cc01e9d5a9703ef3d060a54a681d
SHA512

145ea99947e2986f788871d9c49b6f4417d5e52b0a41a71f9e5167b99c515a3b255a1218c45fd8e84d56133efbfdf7a9ae5dbe4d98db93ec760e72f56fdedad7
SSDEEP

49152:d5FRxlb1ccG70b0P1LvPnCyB+1EhlwNN4T4lxt:jqcI9B4lxt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
windir-with-silentcleanup-task.exe

Files

windir-with-silentcleanup-task.exe
.exe windows:4 windows x64 arch:x64

d9f47649e90633e1f5babdbba7739442

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
InitializeCriticalSection
LeaveCriticalSection
RaiseException
RtlUnwindEx
VirtualProtect
VirtualQuery
__C_specific_handler
AddVectoredExceptionHandler
CancelIo
CloseHandle
CompareStringOrdinal
CopyFileExW
CreateDirectoryW
CreateEventA
CreateEventW
CreateFileMappingA
CreateFileW
CreateHardLinkW
CreateNamedPipeW
CreateProcessW
CreateSymbolicLinkW
CreateThread
CreateToolhelp32Snapshot
CreateWaitableTimerExW
DeleteFileW
DeleteProcThreadAttributeList
DeviceIoControl
DuplicateHandle
ExitProcess
FindClose
FindFirstFileW
FindNextFileW
FlushFileBuffers
FormatMessageW
FreeEnvironmentStringsW
FreeLibrary
GetCommandLineW
GetConsoleMode
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetEnvironmentStringsW
GetEnvironmentVariableW
GetExitCodeProcess
GetFileAttributesW
GetFileInformationByHandle
GetFileInformationByHandleEx
GetFileType
GetFinalPathNameByHandleW
GetFullPathNameW
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetOverlappedResult
GetProcAddress
GetProcessHeap
GetProcessId
GetStdHandle
GetSystemDirectoryW
GetSystemInfo
GetSystemTimePreciseAsFileTime
GetTempPathW
GetWindowsDirectoryW
HeapAlloc
HeapFree
HeapReAlloc
InitOnceBeginInitialize
InitOnceComplete
InitializeProcThreadAttributeList
LoadLibraryA
MapViewOfFile
Module32FirstW
Module32NextW
MoveFileExW
MultiByteToWideChar
QueryPerformanceCounter
QueryPerformanceFrequency
ReadConsoleW
ReadFile
ReadFileEx
RemoveDirectoryW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetCurrentDirectoryW
SetEnvironmentVariableW
SetEvent
SetFileAttributesW
SetFileInformationByHandle
SetFilePointerEx
SetFileTime
SetHandleInformation
SetLastError
SetThreadStackGuarantee
SetUnhandledExceptionFilter
SetWaitableTimer
Sleep
SleepEx
SwitchToThread
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnmapViewOfFile
UpdateProcThreadAttribute
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteConsoleW
WriteFileEx

msvcrt

__getmainargs
__initenv
__iob_func
__set_app_type
__setusermatherr
_amsg_exit
_cexit
_commode
_fmode
_fpreset
_initterm
_onexit
abort
calloc
exit
fprintf
free
fwrite
malloc
memcmp
memcpy
memmove
memset
signal
strlen
strncmp
vfprintf

ntdll

NtReadFile
NtWriteFile
NtCreateFile
RtlNtStatusToDosError

advapi32

RegCloseKey
RegDeleteValueA
RegOpenKeyExA
RegSetValueExA

ole32

CoCreateGuid
CoCreateInstance
CoInitialize
CoUninitialize

oleaut32

GetErrorInfo
SetErrorInfo
SysAllocStringLen
SysFreeString
SysStringLen
VariantClear

propsys

InitVariantFromStringArray

shell32

IsUserAnAdmin

userenv

GetUserProfileDirectoryW

ws2_32

WSACleanup
WSADuplicateSocketW
WSAGetLastError
WSARecv
WSASend
WSASocketW
WSAStartup
accept
bind
closesocket
connect
freeaddrinfo
getaddrinfo
getpeername
getsockname
getsockopt
ioctlsocket
listen
recv
recvfrom
select
send
sendto
setsockopt
shutdown

api-ms-win-core-synch-l1-2-0

WaitOnAddress
WakeByAddressAll
WakeByAddressSingle

bcryptprimitives

ProcessPrng

Sections

.text
Size: 949KB - Virtual size: 949KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 168KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 672B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d9f47649e90633e1f5babdbba7739442

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

ntdll

advapi32

ole32

oleaut32

propsys

shell32

userenv

ws2_32

api-ms-win-core-synch-l1-2-0

bcryptprimitives

Sections

.text Size: 949KB - Virtual size: 949KB

.data Size: 1KB - Virtual size: 1KB

.rdata Size: 168KB - Virtual size: 168KB

.pdata Size: 55KB - Virtual size: 54KB

.xdata Size: 70KB - Virtual size: 70KB

.bss Size: - Virtual size: 672B

.idata Size: 8KB - Virtual size: 7KB

.CRT Size: 512B - Virtual size: 104B

.tls Size: 512B - Virtual size: 16B

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 949KB - Virtual size: 949KB

.data
Size: 1KB - Virtual size: 1KB

.rdata
Size: 168KB - Virtual size: 168KB

.pdata
Size: 55KB - Virtual size: 54KB

.xdata
Size: 70KB - Virtual size: 70KB

.bss
Size: - Virtual size: 672B

.idata
Size: 8KB - Virtual size: 7KB

.CRT
Size: 512B - Virtual size: 104B

.tls
Size: 512B - Virtual size: 16B

.reloc
Size: 4KB - Virtual size: 3KB