d5287240ee154582d8029b62ad5cafab2fc3a9430f5e1869e94934948a213c69

Sharing

Copy URL

Twitter E-mail

General

Target

d5287240ee154582d8029b62ad5cafab2fc3a9430f5e1869e94934948a213c69
Size

143KB
MD5

7a99a6655d85e17422f93029d7a0f24b
SHA1

da046094d79ec143c8192065aad86c58b6d39d43
SHA256

d5287240ee154582d8029b62ad5cafab2fc3a9430f5e1869e94934948a213c69
SHA512

8b4b9d82acb39bc0446f2d32c6daeb4f199bd07ee0eea61eb4d117f7f3835fd17cbe3070ab976591b11ff8c815cd4bfbf7d9b7abad1a17d47881e38c3993a5fe
SSDEEP

3072:4VCuNz/wmJbT7q2xsdzExtp8hh2xSu2Tw:ECuNz/tT7q24zEd8ZT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d5287240ee154582d8029b62ad5cafab2fc3a9430f5e1869e94934948a213c69

Files

d5287240ee154582d8029b62ad5cafab2fc3a9430f5e1869e94934948a213c69
.exe windows:5 windows x64 arch:x64

4900f3be71b077e012f98b394939971e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\BuildAgent\work\8c9bc8b116591fb5\Bin\AMD64\DLIprHlp.pdb

Imports

kernel32

SetFilePointer
lstrlenW
GetFileSizeEx
MoveFileW
FileTimeToSystemTime
GetCurrentThreadId
GetLocalTime
MultiByteToWideChar
WideCharToMultiByte
lstrcpyW
FindClose
GetFirmwareEnvironmentVariableW
CreateProcessW
CreateFileW
FindNextFileW
RemoveDirectoryW
GetExitCodeProcess
SetStdHandle
HeapReAlloc
GetConsoleMode
GetConsoleCP
LoadLibraryW
GetFileAttributesW
GetTempPathW
DeleteFileW
FlushFileBuffers
FileTimeToLocalFileTime
GetSystemTimeAsFileTime
GetComputerNameExA
GetCommandLineA
GetModuleFileNameW
WTSGetActiveConsoleSessionId
GetCurrentProcess
GetCurrentProcessId
ProcessIdToSessionId
GetNativeSystemInfo
lstrlenA
WriteFile
LeaveCriticalSection
EnterCriticalSection
GetTickCount
GetLastError
InitializeCriticalSection
TlsSetValue
TlsGetValue
GetModuleHandleExW
TlsFree
TlsAlloc
GetProcAddress
LCMapStringW
QueryPerformanceCounter
HeapCreate
GetVersion
HeapSetInformation
GetModuleHandleW
FreeLibrary
WaitForSingleObject
TerminateProcess
OpenProcess
Sleep
CloseHandle
SetLastError
FindFirstFileW
DeleteCriticalSection
GetStartupInfoW
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
ExitProcess
HeapSize
GetStdHandle
GetStringTypeW
RtlUnwindEx
DecodePointer
EncodePointer
ExitThread
CreateThread
GetCommandLineW
RaiseException
RtlPcToFileHeader
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
FlsGetValue
FlsSetValue
FlsFree
FlsAlloc
HeapAlloc
HeapFree
WriteConsoleW

advapi32

GetUserNameA
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegDeleteValueW
ChangeServiceConfig2W
AdjustTokenPrivileges
LookupPrivilegeValueW
GetTokenInformation
OpenProcessToken
RegQueryValueExA
ControlService
QueryServiceStatusEx
OpenServiceW
OpenSCManagerW
ChangeServiceConfigW
CloseServiceHandle

shell32

SHGetSpecialFolderPathW
SHGetFolderPathW

fltlib

FilterDetach
FilterVolumeInstanceFindNext
FilterVolumeInstanceFindClose
FilterVolumeFindClose
FilterUnload
FilterVolumeInstanceFindFirst
FilterVolumeFindNext
FilterVolumeFindFirst

psapi

GetModuleBaseNameW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

msi

ord169
ord190
ord141

Sections

.text
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4900f3be71b077e012f98b394939971e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

shell32

fltlib

psapi

version

msi

Sections

.text Size: 93KB - Virtual size: 93KB

.rdata Size: 34KB - Virtual size: 34KB

.data Size: 5KB - Virtual size: 16KB

.pdata Size: 5KB - Virtual size: 5KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 93KB - Virtual size: 93KB

.rdata
Size: 34KB - Virtual size: 34KB

.data
Size: 5KB - Virtual size: 16KB

.pdata
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB