f532855978070ab6b297a537609a7cd8d71b916bad11f4317dca556f442021ad

Sharing

Copy URL

Twitter E-mail

General

Target

f532855978070ab6b297a537609a7cd8d71b916bad11f4317dca556f442021ad
Size

1.8MB
MD5

7266ccc90410642094a2cdd612dbd769
SHA1

823ba2c5abf0b9e71bf26dc5899996a092c1dbfe
SHA256

f532855978070ab6b297a537609a7cd8d71b916bad11f4317dca556f442021ad
SHA512

3096aa4cb2b45bcc77531ac3717314939cecd8e5eb54f44861a4f46e27cd7351fd9ad50381cc659ecbdb44ddc3be0a9c2f37bb4175aaa94271bd55fa14047602
SSDEEP

49152:99MEyGd8O5wsxJA69cnTX9XRF5dxOsppRJwDQraYKTZzGS7DN3VGk:T3yNewsrA6GF5dxOsp/JwDe2zG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f532855978070ab6b297a537609a7cd8d71b916bad11f4317dca556f442021ad

Files

f532855978070ab6b297a537609a7cd8d71b916bad11f4317dca556f442021ad
.exe windows:6 windows x86 arch:x86

c5f58bf53b4459081e6f54afea96be8a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\vsrbuilds\VSR\VSR_23_0_2_63015\ws\GenericMount\Dev\GenericMountService\win32_release\GenericMountService.pdb

Imports

netapi32

NetUseGetInfo
NetServerGetInfo
NetGetJoinInformation
NetApiBufferFree

mpr

WNetEnumResourceW
WNetOpenEnumW
WNetCancelConnection2W
WNetGetLastErrorW
WNetAddConnection2W
WNetCloseEnum

kernel32

Sleep
CreateThread
GetCurrentThreadId
WaitForMultipleObjects
InitializeCriticalSection
GetCurrentProcess
GetVersionExA
GetModuleFileNameA
LoadLibraryA
GetDateFormatW
GetTimeFormatW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LocalFree
FormatMessageW
QueryPerformanceCounter
QueryPerformanceFrequency
GetSystemTime
GetLocalTime
GetCommandLineA
GetCurrentProcessId
GetSystemInfo
GetModuleHandleA
GetProcessAffinityMask
SetProcessAffinityMask
DuplicateHandle
WaitForSingleObjectEx
GetCurrentThread
SetThreadPriority
GetThreadPriority
GetExitCodeThread
SetThreadAffinityMask
GetWindowsDirectoryW
GetComputerNameExW
GlobalMemoryStatusEx
GetStdHandle
GetEnvironmentStrings
FreeEnvironmentStringsA
TerminateProcess
GetExitCodeProcess
CreateProcessW
CreateEventW
GetOEMCP
ResetEvent
CreateEventA
CreateFileW
FindClose
FindFirstFileW
FindFirstVolumeW
FindNextVolumeW
FindVolumeClose
GetDiskFreeSpaceExW
GetDriveTypeW
GetFileAttributesExW
GetFileInformationByHandle
GetFileSize
GetFullPathNameW
GetShortPathNameW
GetVolumeInformationW
GetVolumePathNameW
SetEndOfFile
SetFileAttributesW
SetFilePointer
SetFileTime
GetVolumeNameForVolumeMountPointW
DeviceIoControl
SetVolumeLabelW
FindFirstVolumeMountPointW
FindNextVolumeMountPointW
FindVolumeMountPointClose
LoadLibraryW
ReadFile
WriteFile
CreatePipe
PeekNamedPipe
LCMapStringW
GetStringTypeExW
GetUserDefaultLCID
FlushFileBuffers
GetFileSizeEx
SetFilePointerEx
WriteFileEx
SleepEx
FindNextFileW
GetFileAttributesW
OpenSemaphoreA
CreateSemaphoreA
UnmapViewOfFile
MapViewOfFile
CreateMutexA
WriteConsoleW
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
IsValidCodePage
GetTimeZoneInformation
SetEvent
GetCommandLineW
MultiByteToWideChar
lstrcmpiW
FindResourceW
SizeofResource
LoadResource
LoadLibraryExW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
FreeLibrary
CreateMutexW
WaitForSingleObject
ReleaseMutex
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
GetLastError
RaiseException
CloseHandle
DecodePointer
CreateFileMappingA
QueryDosDeviceW
GetACP
ReadConsoleW
SetStdHandle
GetCurrentDirectoryW
GetConsoleMode
GetConsoleCP
EnumSystemLocalesW
IsValidLocale
HeapReAlloc
HeapSize
HeapAlloc
HeapFree
ExitProcess
GetFileType
MoveFileExW
RemoveDirectoryW
CreateDirectoryW
DeleteFileW
GetModuleHandleExW
ExitThread
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
FindFirstFileExW
RtlUnwind
CreateTimerQueue
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
VirtualProtect
GetVersionExW
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
SignalObjectAndWait
GetStartupInfoW
InitializeSListHead
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
OutputDebugStringW
IsDebuggerPresent
GetCPInfo
GetLocaleInfoW
CompareStringW
EncodePointer
GetTickCount
GetSystemTimeAsFileTime
SetLastError
CancelIo
VirtualAlloc
VirtualFree
LocalAlloc
WideCharToMultiByte
GetStringTypeW
TryEnterCriticalSection
SwitchToThread

user32

CharUpperW
CharNextW
LoadStringW
GetMessageW
TranslateMessage
DispatchMessageW
PostThreadMessageW
MessageBoxW

advapi32

RegisterServiceCtrlHandlerW
RegOpenKeyA
RegQueryValueExA
ConvertStringSecurityDescriptorToSecurityDescriptorA
ConvertSidToStringSidA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW
IsWellKnownSid
GetTokenInformation
OpenProcessToken
RegEnumValueW
StartServiceCtrlDispatcherW
SetServiceStatus
OpenServiceW
OpenSCManagerW
DeleteService
CreateServiceW
ControlService
CloseServiceHandle
RegQueryValueExW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey

ole32

CoRegisterClassObject
CLSIDFromString
CoInitializeEx
CoAddRefServerProcess
CoReleaseServerProcess
CoUninitialize
CoInitializeSecurity
GetRunningObjectTable
CreateClassMoniker
CoTaskMemFree
StringFromCLSID
CoResumeClassObjects
CoCreateInstance
CoTaskMemAlloc
CoRevokeClassObject
CoTaskMemRealloc
StringFromGUID2

oleaut32

SysAllocString
SafeArrayCopy
SysAllocStringLen
SysFreeString
UnRegisterTypeLi
RegisterTypeLi
LoadRegTypeLi
LoadTypeLi
SysStringLen
VariantCopyInd
VariantCopy
VariantClear
VariantInit
SafeArrayGetVartype
VarUI4FromStr
SafeArrayUnlock
SafeArrayLock
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayRedim
SafeArrayDestroy
SafeArrayCreate
SysAllocStringByteLen
SysStringByteLen

setupapi

SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsW

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 391KB - Virtual size: 391KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 37KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c5f58bf53b4459081e6f54afea96be8a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

netapi32

mpr

kernel32

user32

advapi32

ole32

oleaut32

setupapi

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 391KB - Virtual size: 391KB

.data Size: 37KB - Virtual size: 47KB

.rsrc Size: 15KB - Virtual size: 15KB

.reloc Size: 78KB - Virtual size: 78KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 391KB - Virtual size: 391KB

.data
Size: 37KB - Virtual size: 47KB

.rsrc
Size: 15KB - Virtual size: 15KB

.reloc
Size: 78KB - Virtual size: 78KB