f14bd43a933a846b732971d4234a304cd9e13751a83a9b5a360e4496c25499c8

Sharing

Copy URL Twitter E-mail

General

Target

f14bd43a933a846b732971d4234a304cd9e13751a83a9b5a360e4496c25499c8
Size

9.2MB
MD5

2bc9bd6ef0b7ab8f5e1de02c29b58e7d
SHA1

715d09cea1523b4ec6a70337a2f6dc223e8b1bab
SHA256

f14bd43a933a846b732971d4234a304cd9e13751a83a9b5a360e4496c25499c8
SHA512

9f1d82f036633efaeae1bcde3eeacc04042f574a9f061b49c87b2a84f6c01f3528280d0b731ab238931ff46bedf6d853a43c92475e37ffdffb5fea88595cdbc5
SSDEEP

98304:ZOQMbGgJRxUdSNaOPukoNYveCf39qMiYlpr2+VHzjFCFLPCX68hfsoWy7VSzG+gz:ZgPxAOSvCknzxqOGoJEpfwaUPy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f14bd43a933a846b732971d4234a304cd9e13751a83a9b5a360e4496c25499c8

Files

f14bd43a933a846b732971d4234a304cd9e13751a83a9b5a360e4496c25499c8
.exe windows:6 windows x86 arch:x86

2011ac4531156a1a77e2e2239cd317ee

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\vsrbuilds\Common\Common_23_0_2_63006\ws\Sme\Dev\Utility\CreateSSOImage\win32_release\CreateSSOImage.pdb

Imports

netapi32

NetServerGetInfo
NetShareAdd
NetShareGetInfo
NetShareCheck
NetGetJoinInformation
NetApiBufferFree
NetUseGetInfo

mpr

WNetAddConnection2W
WNetCancelConnection2W
WNetOpenEnumW
WNetEnumResourceW
WNetCloseEnum
WNetGetLastErrorW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

shlwapi

SHDeleteKeyA

kernel32

GetUserDefaultLCID
LoadLibraryA
FlushFileBuffers
GetFileSizeEx
ReadFile
SetFilePointerEx
WriteFile
WriteFileEx
SleepEx
FindNextFileW
GetFileAttributesW
SetEvent
ResetEvent
WaitForSingleObject
CreateEventA
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LocalFree
FormatMessageW
GetACP
GetOEMCP
DuplicateHandle
WaitForSingleObjectEx
GetCurrentProcess
GetCurrentThread
GetCurrentThreadId
SetThreadPriority
GetThreadPriority
GetExitCodeThread
SetThreadAffinityMask
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetProcessAffinityMask
SetProcessAffinityMask
GetWindowsDirectoryW
GetComputerNameExW
GetVersionExA
GetFirmwareEnvironmentVariableA
GlobalMemoryStatusEx
LoadLibraryW
CreateFileA
GetStdHandle
GetEnvironmentStrings
FreeEnvironmentStringsA
TerminateProcess
GetExitCodeProcess
CreateProcessW
CreatePipe
PeekNamedPipe
GetFileAttributesA
SetLastError
DecodePointer
RaiseException
InitializeCriticalSectionEx
ExpandEnvironmentStringsW
LCMapStringW
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
OpenMutexW
GetTickCount
QueryDosDeviceW
SetErrorMode
VirtualAlloc
VirtualFree
GetDiskFreeSpaceW
OutputDebugStringW
DeleteVolumeMountPointW
DefineDosDeviceW
GetLogicalDriveStringsW
SetVolumeMountPointW
MultiByteToWideChar
WideCharToMultiByte
GetStringTypeW
TryEnterCriticalSection
InitializeCriticalSectionAndSpinCount
CreateEventW
SwitchToThread
GetSystemTimeAsFileTime
GetModuleHandleW
EncodePointer
CompareStringW
GetLocaleInfoW
GetCPInfo
InitializeSListHead
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
SignalObjectAndWait
CreateThread
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
FreeLibraryAndExitThread
LoadLibraryExW
GetVersionExW
VirtualProtect
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
CreateTimerQueue
RtlUnwind
DeleteFileW
CreateDirectoryW
RemoveDirectoryW
MoveFileExW
GetFileType
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
ExitThread
GetModuleHandleExW
FindFirstFileExW
ExitProcess
GetCommandLineW
IsValidLocale
EnumSystemLocalesW
GetConsoleCP
GetConsoleMode
GetCurrentDirectoryW
SetStdHandle
ReadConsoleW
GetTimeZoneInformation
IsValidCodePage
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
WriteConsoleW
ExpandEnvironmentStringsA
FreeLibrary
FindVolumeMountPointClose
FindNextVolumeMountPointW
FindFirstVolumeMountPointW
SetVolumeLabelW
GetModuleFileNameW
DeviceIoControl
GetLastError
CloseHandle
GetVolumeNameForVolumeMountPointW
SetFileTime
SetFilePointer
SetFileAttributesW
SetEndOfFile
GetVolumePathNameW
GetVolumeInformationW
GetShortPathNameW
GetFullPathNameW
GetFileSize
GetFileInformationByHandle
GetFileAttributesExW
GetDriveTypeW
GetDiskFreeSpaceExW
FindVolumeClose
FindNextVolumeW
FindFirstVolumeW
FindFirstFileW
FindClose
CreateFileW
Sleep
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetSystemInfo
GetCurrentProcessId
GetCommandLineA
GetTimeFormatW
GetDateFormatW
GetLocalTime
GetSystemTime
QueryPerformanceFrequency
QueryPerformanceCounter
GetSystemDirectoryW
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetStringTypeExW
GetLogicalDrives
CreateFileMappingA
OpenSemaphoreA
CreateSemaphoreA
UnmapViewOfFile
MapViewOfFile
GetPrivateProfileStringW
GetStringTypeExA
LCMapStringA
CreateMutexA
ReleaseMutex
SetDllDirectoryA
SetEnvironmentVariableA
VerifyVersionInfoW
VerSetConditionMask
GetEnvironmentVariableA
WaitForMultipleObjects
GetWindowsDirectoryA

user32

LoadStringA
FindWindowA
wsprintfA
LoadStringW

advapi32

CryptAcquireContextW
CryptDestroyHash
CryptHashData
CryptGenRandom
CryptCreateHash
CryptGetHashParam
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA
CryptReleaseContext
RegQueryValueExA
StartServiceA
ConvertStringSecurityDescriptorToSecurityDescriptorA
ConvertSidToStringSidA
IsWellKnownSid
RegSaveKeyExW
RegUnLoadKeyW
RegLoadKeyW
DeleteService
CreateServiceA
RegOpenKeyW
RegCreateKeyW
RegEnumKeyW
CryptEncrypt
CryptImportKey
QueryServiceConfigA
OpenServiceA
OpenSCManagerA
ControlService
CloseServiceHandle
LookupAccountNameW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
InitializeAcl
GetLengthSid
AddAccessAllowedAce
SetSecurityInfo
GetSecurityInfo
SetEntriesInAclA
RegUnLoadKeyA
RegSetValueExA
RegQueryInfoKeyA
RegOpenKeyExA
RegLoadKeyA
RegEnumKeyExA
RegCreateKeyA
GetTokenInformation
ConvertSecurityDescriptorToStringSecurityDescriptorA
GetKernelObjectSecurity
RegSetValueExW
RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
CryptDestroyKey

ole32

CoUninitialize
CoInitializeEx
CoSetProxyBlanket
CoCreateInstance
CoTaskMemFree

oleaut32

SafeArrayCopy
SafeArrayUnlock
SafeArrayLock
SafeArrayGetUBound
SysAllocStringLen
VariantCopyInd
SafeArrayRedim
SafeArrayCreate
VariantCopy
SafeArrayGetLBound
SafeArrayGetElement
VariantChangeType
SysFreeString
SafeArrayDestroy
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayCreateVector
VariantInit
VariantClear
SysAllocString

ws2_32

getpeername
select
WSAGetLastError
getsockopt
send
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
sendto
listen
getsockname
accept
recvfrom
recv
ioctlsocket
freeaddrinfo
bind
gethostname
inet_addr
htonl
__WSAFDIsSet
WSAIoctl
setsockopt
socket
htons
closesocket
WSACleanup
WSAStartup
WSASetLastError
ntohs
ntohl
WSAWaitForMultipleEvents
connect
getaddrinfo
WSAResetEvent

wldap32

ord46
ord14
ord216
ord219
ord145
ord41
ord117
ord26
ord301
ord147
ord133
ord79
ord142
ord167
ord127
ord27
ord208

rpcrt4

UuidToStringW
UuidCreate
RpcStringFreeW

setupapi

SetupIterateCabinetW
SetupGetStringFieldW
SetupGetFieldCount
SetupOpenInfFileW
SetupCloseInfFile
SetupFindNextLine
SetupGetLineCountW
SetupFindFirstLineW

wintrust

WinVerifyTrust

vxcrypto_7

ord276
ord275
ord3782
ord3783
ord3315
ord4601
ord4515
ord256

clusapi

GetClusterKey
ClusterResourceControl
GetClusterResourceState
OpenClusterResource
ClusterRegQueryValue
ClusterEnum
ClusterGetEnumCount
ClusterOpenEnum
CloseCluster
ClusterCloseEnum
OpenCluster

resutils

ResUtilFindDwordProperty
ResUtilFindBinaryProperty

bcrypt

BCryptGenRandom

Exports

Exports

sts_api

Sections

.text
Size: 7.0MB - Virtual size: 7.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 109KB - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 408KB - Virtual size: 407KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2011ac4531156a1a77e2e2239cd317ee

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

netapi32

mpr

version

shlwapi

kernel32

user32

advapi32

ole32

oleaut32

ws2_32

wldap32

rpcrt4

setupapi

wintrust

vxcrypto_7

clusapi

resutils

bcrypt

Exports

Exports

Sections

.text Size: 7.0MB - Virtual size: 7.0MB

.rdata Size: 1.8MB - Virtual size: 1.8MB

.data Size: 109KB - Virtual size: 154KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 408KB - Virtual size: 407KB

.text
Size: 7.0MB - Virtual size: 7.0MB

.rdata
Size: 1.8MB - Virtual size: 1.8MB

.data
Size: 109KB - Virtual size: 154KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 408KB - Virtual size: 407KB