9af5523071134ea45e0f032396a838f68ad4eedcd7cb8e5633dd8b317605d939

Sharing

Copy URL Twitter E-mail

General

Target

9af5523071134ea45e0f032396a838f68ad4eedcd7cb8e5633dd8b317605d939
Size

1.5MB
MD5

2ad90ab4fc3a8867b43a909556dd9efa
SHA1

e0006ab492cf8740d7ff502fd1bca40b8bfb2291
SHA256

9af5523071134ea45e0f032396a838f68ad4eedcd7cb8e5633dd8b317605d939
SHA512

a8a40e616e5e104373bd7622cae24a780bb88feef892991363f2ce309f592bd4ee65c3b8e83740c00e65d6eded57442443c7ab4667274c5f14080aa3ece09461
SSDEEP

49152:VjAiKQPR/4vPg+vAR3Ta/HwHqgxHnVUAo47D432D4D/6TeoOGBtUBGY:SQp/43NvAR6gxHnVUIU3yZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9af5523071134ea45e0f032396a838f68ad4eedcd7cb8e5633dd8b317605d939

Files

9af5523071134ea45e0f032396a838f68ad4eedcd7cb8e5633dd8b317605d939
.exe windows:6 windows x86 arch:x86

54ff786aa1c09f3bc0ccc4fa973af118

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\vsrbuilds\VSR\VSR_23_0_2_63015\ws\RecoveryService\Dev\RemoteCmdSvc\win32_release\RemoteCmdSvc.pdb

Imports

kernel32

LoadLibraryExW
GetProcAddress
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
EncodePointer
SetLastError
RtlUnwind
InterlockedPushEntrySList
LocalAlloc
OpenProcess
GetCurrentProcessId
InterlockedFlushSList
CreateEventW
GetWindowsDirectoryW
CreateProcessW
GetExitCodeProcess
WaitForSingleObject
SetEvent
DeleteCriticalSection
InitializeCriticalSectionEx
CreateNamedPipeW
EnterCriticalSection
LocalFree
DisconnectNamedPipe
LeaveCriticalSection
ConnectNamedPipe
GetLastError
RaiseException
CloseHandle
DecodePointer
WriteFile
ReadFile
DeleteFileW
CreateFileW
WriteConsoleW
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
IsValidCodePage
GetTimeZoneInformation
ReadConsoleW
HeapSize
HeapReAlloc
SetStdHandle
GetCurrentDirectoryW
GetConsoleMode
GetACP
GetOEMCP
GetDateFormatW
GetTimeFormatW
FormatMessageW
InitializeCriticalSection
GetCurrentProcess
GetVersionExA
GetModuleFileNameA
LoadLibraryA
QueryPerformanceCounter
QueryPerformanceFrequency
GetSystemTime
GetLocalTime
GetCommandLineA
GetSystemInfo
Sleep
GetModuleHandleA
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
DuplicateHandle
WaitForSingleObjectEx
GetCurrentThread
GetCurrentThreadId
SetThreadPriority
GetThreadPriority
GetExitCodeThread
SetThreadAffinityMask
GetComputerNameExW
GlobalMemoryStatusEx
ResetEvent
CreateEventA
FindClose
FindFirstFileW
FindFirstVolumeW
FindNextVolumeW
FindVolumeClose
GetDiskFreeSpaceExW
GetDriveTypeW
GetFileAttributesExW
GetFileInformationByHandle
GetFileSize
GetFullPathNameW
GetShortPathNameW
GetVolumeInformationW
GetVolumePathNameW
SetEndOfFile
SetFileAttributesW
SetFilePointer
SetFileTime
GetVolumeNameForVolumeMountPointW
DeviceIoControl
SetVolumeLabelW
FindFirstVolumeMountPointW
FindNextVolumeMountPointW
FindVolumeMountPointClose
LoadLibraryW
GetStdHandle
TerminateProcess
LCMapStringW
GetStringTypeExW
GetUserDefaultLCID
FlushFileBuffers
GetFileSizeEx
SetFilePointerEx
WriteFileEx
SleepEx
FindNextFileW
GetFileAttributesW
PeekNamedPipe
IsDebuggerPresent
OutputDebugStringW
WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW
TryEnterCriticalSection
SwitchToThread
GetSystemTimeAsFileTime
GetTickCount
GetModuleHandleW
CompareStringW
GetLocaleInfoW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead
GetStartupInfoW
SignalObjectAndWait
CreateThread
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
FreeLibraryAndExitThread
GetVersionExW
VirtualAlloc
VirtualProtect
VirtualFree
ReleaseSemaphore
InterlockedPopEntrySList
QueryDepthSList
UnregisterWaitEx
CreateTimerQueue
ExitThread
ResumeThread
GetModuleHandleExW
FindFirstFileExW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
CreateDirectoryW
RemoveDirectoryW
MoveFileExW
GetFileType
ExitProcess
GetCommandLineW
HeapFree
HeapAlloc
IsValidLocale
EnumSystemLocalesW
GetConsoleCP

user32

LoadStringW
wsprintfW

advapi32

RegEnumValueW
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
CryptAcquireContextW
CryptReleaseContext
CryptGenRandom
CryptDeriveKey
CryptDestroyKey
CryptEncrypt
CryptDecrypt
CryptCreateHash
CryptHashData
CryptDestroyHash
RegQueryValueExA
RegDeleteKeyW
StartServiceCtrlDispatcherW
SetServiceStatus
RegisterServiceCtrlHandlerW
OpenServiceW
OpenSCManagerW
DeleteService
CloseServiceHandle
GetTokenInformation
FreeSid
EqualSid
AllocateAndInitializeSid
OpenProcessToken
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegDeleteValueW
RegEnumKeyExW
RegCloseKey
RegQueryInfoKeyW

vxcrypto_7

ord3315
ord4601
ord3782
ord256
ord274
ord276
ord275
ord4515
ord3783

crypt32

CryptUnprotectData

netapi32

NetServerGetInfo
NetApiBufferFree
NetGetJoinInformation
NetUseGetInfo

mpr

WNetGetLastErrorW
WNetCloseEnum
WNetEnumResourceW
WNetAddConnection2W
WNetCancelConnection2W
WNetOpenEnumW

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 320KB - Virtual size: 319KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

54ff786aa1c09f3bc0ccc4fa973af118

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

vxcrypto_7

crypt32

netapi32

mpr

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 320KB - Virtual size: 319KB

.data Size: 23KB - Virtual size: 33KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 66KB - Virtual size: 65KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 320KB - Virtual size: 319KB

.data
Size: 23KB - Virtual size: 33KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 66KB - Virtual size: 65KB