72135f20eb38acd38351ba2440cd10ee84fe923e18462dad32b626b557ce9e44

Sharing

Copy URL

Twitter E-mail

General

Target

72135f20eb38acd38351ba2440cd10ee84fe923e18462dad32b626b557ce9e44
Size

1.4MB
MD5

d387b2baaf0732510a975ce35358e08b
SHA1

3b1bca96f17542fefbeaab821a38dbe4ee8c2da6
SHA256

72135f20eb38acd38351ba2440cd10ee84fe923e18462dad32b626b557ce9e44
SHA512

dd516895f4a77bc5c37f7b90a7db4e4f0516273b002f9697fdaf15460c542dc32ff813d8b558f1ace322cf7c083f5184ec4dae84fcd36b25dc4097f8b5265688
SSDEEP

24576:FvHqLZrOwsqjnhMgeiCl7G0nehbGZpbD:ULZrHDmg27RnWGj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
72135f20eb38acd38351ba2440cd10ee84fe923e18462dad32b626b557ce9e44

Files

72135f20eb38acd38351ba2440cd10ee84fe923e18462dad32b626b557ce9e44
.exe windows:6 windows x64 arch:x64

8165d2eaea342e1aedfb0a32ddc033c3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\builds\moz2_slave\m-rel-w64-00000000000000000000\build\src\obj-firefox\toolkit\components\maintenanceservice\maintenanceservice.pdb

Imports

kernel32

CreateToolhelp32Snapshot
WriteFile
GetProcAddress
GetCurrentProcess
GetExitCodeProcess
LoadLibraryExW
FreeLibrary
TerminateProcess
CopyFileW
DeleteFileW
MultiByteToWideChar
GetFileAttributesW
LocalAlloc
SetLastError
Process32NextW
GetFileSize
LocalFree
CreateFileW
ReadFile
lstrcmpiW
MoveFileExW
CreateThread
CloseHandle
SetEvent
GetLastError
Sleep
CreateEventW
WaitForSingleObject
GetModuleFileNameW
Process32FirstW
GetTempFileNameW
GetDriveTypeW
MoveFileW
SetEndOfFile
HeapReAlloc
CreateProcessW
HeapSize
WriteConsoleW
CreateDirectoryW
GetProcessHeap
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetConsoleCP
FlushFileBuffers
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
ExitProcess
GetModuleHandleExW
WideCharToMultiByte
GetFileAttributesExW
GetStdHandle
GetCommandLineA
GetCommandLineW
GetACP
HeapFree
HeapAlloc
CompareStringW
LCMapStringW
GetFileType
SetEnvironmentVariableA
SetEnvironmentVariableW
GetStringTypeW
SetFilePointerEx
GetConsoleMode
ReadConsoleW

user32

wsprintfW
LoadStringA

advapi32

SystemFunction036
OpenSCManagerA
QueryServiceStatusEx
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegQueryInfoKeyW
RegEnumKeyExW
RegQueryValueExW
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptGetHashParam
CryptReleaseContext
SetSecurityDescriptorDacl
GetSecurityDescriptorDacl
CreateServiceW
RegCloseKey
QueryServiceStatus
CloseServiceHandle
OpenSCManagerW
BuildExplicitAccessWithNameW
ChangeServiceConfig2W
SetEntriesInAclW
CreateWellKnownSid
DeleteService
SetServiceObjectSecurity
ControlService
RegSetValueExW
FreeSid
InitializeSecurityDescriptor
RegOpenKeyExW
QueryServiceConfigW
ChangeServiceConfigW
OpenServiceW
LookupAccountSidW
QueryServiceObjectSecurity
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerW
SetServiceStatus

crypt32

CertGetNameStringW
CertFindCertificateInStore
CryptMsgGetParam
CertCloseStore
CryptQueryObject
CertFreeCertificateContext
CryptMsgClose
CertGetNameStringA

wintrust

WinVerifyTrust

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

shlwapi

PathRemoveFileSpecW
PathQuoteSpacesW
PathAppendW
PathStripToRootW
PathUnquoteSpacesW

ole32

CoCreateGuid

rpcrt4

RpcStringFreeW
UuidToStringW

Sections

.text
Size: 115KB - Virtual size: 115KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 196B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.2MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8165d2eaea342e1aedfb0a32ddc033c3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

crypt32

wintrust

version

shlwapi

ole32

rpcrt4

Sections

.text Size: 115KB - Virtual size: 115KB

.rdata Size: 55KB - Virtual size: 54KB

.data Size: 3KB - Virtual size: 8KB

.pdata Size: 6KB - Virtual size: 5KB

.gfids Size: 512B - Virtual size: 196B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 1.2MB - Virtual size: 1.8MB

.text
Size: 115KB - Virtual size: 115KB

.rdata
Size: 55KB - Virtual size: 54KB

.data
Size: 3KB - Virtual size: 8KB

.pdata
Size: 6KB - Virtual size: 5KB

.gfids
Size: 512B - Virtual size: 196B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1.2MB - Virtual size: 1.8MB