fb5adb1a4b55bd8f92efb5d021a1f8d7cf6f082c49d3ca344c5950addca12ca8

Sharing

Copy URL Twitter E-mail

General

Target

fb5adb1a4b55bd8f92efb5d021a1f8d7cf6f082c49d3ca344c5950addca12ca8
Size

868KB
MD5

ebd0aa115f78d8452b3ddb815c688753
SHA1

4eab4683e85439061f27f95f2caab3063fc13939
SHA256

fb5adb1a4b55bd8f92efb5d021a1f8d7cf6f082c49d3ca344c5950addca12ca8
SHA512

b868d11b6cd5c8d6de33667494cc62c8bfd04670a52a8b6b883268cdae5026640785a814f9128a225f26f664507531fb2342c948e7c3fc8e428ef938e5bc549f
SSDEEP

12288:7W3D6lKtVhA+ixzFtaF3SuScZYeQrJUs/sJD:7SD6Ut5iYF3fXYUse

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fb5adb1a4b55bd8f92efb5d021a1f8d7cf6f082c49d3ca344c5950addca12ca8

Files

fb5adb1a4b55bd8f92efb5d021a1f8d7cf6f082c49d3ca344c5950addca12ca8
.exe windows:6 windows x64 arch:x64

e2f3a213cdea5f3412444ec0cc371d53

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

P:\Target\x64\ship\click2run\x-none\integratedoffice.pdb

Imports

advapi32

RegCloseKey
RegCreateKeyExW
RegisterEventSourceW
DeregisterEventSource
RegOpenKeyExW
RegGetValueW
RegDeleteTreeW
RegSetValueExW
RegQueryValueExW
RegQueryInfoKeyW
RegEnumValueW
RegDeleteValueW
EventWrite
EventUnregister
EventRegister
OpenServiceW
OpenSCManagerW
CloseServiceHandle
CreateProcessAsUserW
RevertToSelf
IsValidSid
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
OpenProcessToken
ReportEventW

kernel32

GetTempFileNameW
LocaleNameToLCID
GetSystemDefaultLCID
GetUserGeoID
GetVersionExW
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
DecodePointer
EncodePointer
GetStartupInfoW
HeapFree
HeapAlloc
VirtualProtect
HeapSetInformation
GetProcessHeap
QueryPerformanceCounter
ReleaseSemaphore
GetSystemPowerStatus
IsSystemResumeAutomatic
CreateMemoryResourceNotification
GetSystemDirectoryW
ResetEvent
GetProcessAffinityMask
CreateThread
WerRegisterMemoryBlock
QueryFullProcessImageNameW
CreateFileMappingA
CreateSemaphoreA
UnmapViewOfFile
MapViewOfFile
CreateEventA
GetNativeSystemInfo
FindFirstFileW
lstrcmpW
CreateFileW
GetFileType
GetOverlappedResult
IsValidCodePage
GetStringTypeExW
LoadResource
SizeofResource
FindResourceW
LoadLibraryA
WerUnregisterMemoryBlock
MultiByteToWideChar
CompareStringEx
RaiseFailFastException
GetModuleFileNameW
IsWow64Process
GetCurrentProcess
GetLastError
RtlCaptureContext
ExpandEnvironmentStringsW
CloseHandle
GetCurrentProcessId
GetCurrentThread
ProcessIdToSessionId
FreeLibrary
GetModuleHandleW
GetProcAddress
LoadLibraryExW
GetComputerNameW
WideCharToMultiByte
SetLastError
WaitForSingleObjectEx
GetExitCodeProcess
CreateProcessW
GetPriorityClass
OpenProcess
Sleep
GetTickCount
GetCurrentThreadId
WaitForMultipleObjects
GlobalAlloc
GlobalFree
LocalAlloc
InitializeCriticalSectionEx
DeleteCriticalSection
InitializeSRWLock
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
EnterCriticalSection
LeaveCriticalSection
DeleteFileW
GetLocalTime
WriteFile
SetEvent
CreateEventExW
GetTickCount64
GetSystemTimeAsFileTime
FindClose
FindFirstFileExW
FindNextFileW
GetShortPathNameW
RemoveDirectoryW
SetFileAttributesW
TerminateProcess
GetModuleFileNameA
GetShortPathNameA
GetTempPathW
GetLongPathNameW
RaiseException
GetFileAttributesExW
FormatMessageW
CreateEventW
IsProcessorFeaturePresent
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
WaitForSingleObject
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetThreadIOPendingFlag
TryEnterCriticalSection
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
QueryDepthSList
SetWaitableTimerEx
CancelWaitableTimer
CreateWaitableTimerW
ReleaseMutex
WaitForMultipleObjectsEx
CreateMutexA

ole32

CoRegisterInitializeSpy
CoRevokeInitializeSpy
CoCreateInstance
StringFromGUID2
CoInitializeEx
CoUninitialize
CoCreateGuid
CoTaskMemFree

msvcr100

__crt_debugger_hook
?terminate@@YAXXZ
__lconv_init
_onexit
_lock
__dllonexit
_unlock
??3@YAXPEAX@Z
_invalid_parameter_noinfo_noreturn
wcsncpy_s
swprintf_s
free
malloc
realloc
??_U@YAPEAX_K@Z
??_V@YAXPEAX@Z
??0exception@std@@QEAA@AEBQEBDH@Z
??0exception@std@@QEAA@AEBV01@@Z
??1exception@std@@UEAA@XZ
?what@exception@std@@UEBAPEBDXZ
_CxxThrowException
__CxxFrameHandler3
memcpy
memset
_snwprintf_s
wmemcpy_s
wcsnlen
wcsncat_s
_i64tow_s
wcscpy_s
_vscwprintf
_itow_s
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
memmove
__set_app_type
_fmode
_commode
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_cexit
_exit
_XcptFilter
__C_specific_handler
__wgetmainargs
_amsg_exit
vswprintf_s
logf
expf
_clearfp
ldiv
wcsstr
wcscmp
wcschr
memcmp
strncpy_s
memcpy_s
towlower
??2@YAPEAX_K@Z
wcsrchr
wcstol
wcscat_s
_vsnwprintf_s
??0exception@std@@QEAA@AEBQEBD@Z

msvcp100

?max@?$numeric_limits@_K@std@@SA_KXZ
?_BADOFF@std@@3_JB
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@K@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
?pbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXH@Z
?gbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXH@Z
?pptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
?gptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?_Xfunc@tr1@std@@YAXXZ
?_Swap_all@_Container_base0@std@@QEAAXAEAU12@@Z
?_Orphan_all@_Container_base0@std@@QEAAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z

oleaut32

SysFreeString
VariantInit
VariantClear
SysAllocString

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 496KB - Virtual size: 495KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 220KB - Virtual size: 219KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e2f3a213cdea5f3412444ec0cc371d53

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

ole32

msvcr100

msvcp100

oleaut32

version

Sections

.text Size: 496KB - Virtual size: 495KB

.rdata Size: 220KB - Virtual size: 219KB

.data Size: 25KB - Virtual size: 26KB

.pdata Size: 37KB - Virtual size: 37KB

.rsrc Size: 82KB - Virtual size: 82KB

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 496KB - Virtual size: 495KB

.rdata
Size: 220KB - Virtual size: 219KB

.data
Size: 25KB - Virtual size: 26KB

.pdata
Size: 37KB - Virtual size: 37KB

.rsrc
Size: 82KB - Virtual size: 82KB

.reloc
Size: 6KB - Virtual size: 5KB