5221b107fe4ea84e959300029fe65817f53dace0261a610b05e55a56bde4fafb

Sharing

Copy URL Twitter E-mail

General

Target

5221b107fe4ea84e959300029fe65817f53dace0261a610b05e55a56bde4fafb
Size

3.0MB
MD5

0242760f53c0ccfac65b149a189e73d3
SHA1

90478b4906433825097600bc4a8526afd05ecab4
SHA256

5221b107fe4ea84e959300029fe65817f53dace0261a610b05e55a56bde4fafb
SHA512

2eb1be5dea2c6444179cd0366d740f1afe0bdcc8252456230b301e824b2d786ea25240bcf8d80b240da0114b9435c32be2704743c9929c196dc80a9d0116610c
SSDEEP

49152:HLiO+haHlgbNOioUFnYm7nq0R/l+gS/H2xF8VvBmOsBeSpfL/1uWGNRTE8YAPA6i:YaFMNzFnjntSuxWvgOaeEf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5221b107fe4ea84e959300029fe65817f53dace0261a610b05e55a56bde4fafb

Files

5221b107fe4ea84e959300029fe65817f53dace0261a610b05e55a56bde4fafb
.exe windows:6 windows x86 arch:x86

3beaea2625f3b1ff4e2ebb5e65fc6991

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Webhost\19-12-2023\WindowsBuilds\ACP_AGENT\7510639\appctrlbuild\SA_SRC\ACP\Release\VerifyTrustedFiles.pdb

Imports

wintrust

WinVerifyTrust
CryptCATAdminCalcHashFromFileHandle

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

kernel32

lstrcmpA
lstrcpyW
CopyFileW
FileTimeToSystemTime
CreateFileA
FlushFileBuffers
WriteFile
ConnectNamedPipe
DisconnectNamedPipe
CreateNamedPipeW
CreateIoCompletionPort
GetQueuedCompletionStatus
ExitProcess
CreateThread
GetSystemInfo
GetSystemTimeAsFileTime
GetLocalTime
GlobalAlloc
GlobalFree
GetTimeZoneInformation
MoveFileW
InitializeCriticalSection
SetLastError
GetProcessId
GetModuleFileNameW
K32EnumProcesses
VerSetConditionMask
GetDriveTypeW
SetUnhandledExceptionFilter
GetCurrentThread
SetThreadPriority
CreateProcessW
SetPriorityClass
GetNativeSystemInfo
ReadProcessMemory
CreateFileMappingW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
IsWow64Process
CreateFileMappingA
QueryFullProcessImageNameA
GetComputerNameW
VerifyVersionInfoW
SetConsoleCtrlHandler
DeleteFileA
TlsFree
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
EnterCriticalSection
lstrcpynW
LocalAlloc
Wow64RevertWow64FsRedirection
Wow64DisableWow64FsRedirection
WideCharToMultiByte
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
ReadFile
GetModuleHandleA
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
QueryFullProcessImageNameW
FormatMessageW
LocalFree
LoadLibraryW
LoadLibraryA
GetProcAddress
GetModuleHandleW
GetWindowsDirectoryW
GetSystemDirectoryW
OpenProcess
ProcessIdToSessionId
CreateProcessA
GetExitCodeProcess
TerminateProcess
GetCurrentProcessId
GetCurrentProcess
Sleep
OpenEventW
OpenEventA
ResetEvent
InitializeCriticalSectionEx
GetEnvironmentVariableW
GetCurrentThreadId
MultiByteToWideChar
CreateEventA
WaitForSingleObject
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetLastError
RaiseException
CloseHandle
DecodePointer
GetStdHandle
SetEnvironmentVariableW
WriteConsoleW
RtlUnwind
FlushViewOfFile
LeaveCriticalSection
GetACP
IsValidCodePage
SetStdHandle
ReadConsoleW
GetFileSizeEx
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
GetThreadId
TlsSetValue
FileTimeToLocalFileTime
DeleteFileW
WaitForSingleObjectEx
CreateFileW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetCommandLineW
TlsGetValue
TlsAlloc
GetComputerNameA
GetCommandLineA
GetConsoleMode
GetConsoleCP
GetFileType
FreeLibraryAndExitThread
ExitThread
LoadLibraryExW
SwitchToThread
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryEnterCriticalSection
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
FormatMessageA
GetStringTypeW
InitOnceBeginInitialize
InitOnceComplete
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
GetModuleHandleExW
IsProcessorFeaturePresent
QueryPerformanceCounter
QueryPerformanceFrequency
CreateDirectoryW
FindClose
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
GetFileInformationByHandle
SetEndOfFile
SetFileInformationByHandle
SetFilePointerEx
SetFileTime
AreFileApisANSI
DeviceIoControl
GetFileInformationByHandleEx
InitOnceExecuteOnce
GetCurrentProcessorNumber
EncodePointer
LCMapStringEx
CompareStringEx
GetCPInfo
GetLocaleInfoEx
IsDebuggerPresent
OutputDebugStringW
CreateEventW
UnhandledExceptionFilter
GetStartupInfoW
InitializeSListHead
FindFirstFileExA
FindNextFileA
ReleaseSRWLockShared
AcquireSRWLockShared
GetCurrentDirectoryA
CreateDirectoryA
GetFileAttributesExA
RemoveDirectoryA
MapViewOfFileEx
MoveFileExA
CreateHardLinkA
FreeLibrary

advapi32

StopTraceW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
ReportEventA
RegisterEventSourceA
DeregisterEventSource
RevertToSelf
ImpersonateLoggedOnUser
StartServiceA
DeleteService
CreateServiceW
ConvertStringSidToSidW
ConvertStringSidToSidA
ConvertSidToStringSidA
RegQueryInfoKeyW
LookupAccountSidW
LookupAccountSidA
EqualSid
DuplicateTokenEx
CreateWellKnownSid
CreateProcessAsUserW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
FreeSid
AllocateAndInitializeSid
GetNamedSecurityInfoW
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
QueryServiceStatusEx
QueryServiceStatus
OpenServiceW
OpenServiceA
OpenSCManagerA
ControlService
CloseServiceHandle
RegGetValueW
RegGetValueA
RegDeleteTreeW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegNotifyChangeKeyValue
RegCloseKey
LookupPrivilegeValueW
GetTokenInformation
AdjustTokenPrivileges
OpenProcessToken

shell32

SHGetKnownFolderPath
ShellExecuteExA

ole32

CoInitializeEx
CoUninitialize

shlwapi

StrStrIW
PathIsRelativeA
StrStrIA

crypt32

CryptDecodeObject
CertCloseStore
CryptMsgClose
CryptQueryObject
CertGetNameStringW
CertFreeCertificateContext
CertFindCertificateInStore
CryptMsgGetParam

msi

ord150
ord92
ord78
ord8

wtsapi32

WTSFreeMemory
WTSEnumerateSessionsA

dbghelp

MiniDumpWriteDump

userenv

CreateEnvironmentBlock

rpcrt4

UuidToStringA
RpcStringFreeA
UuidCreateSequential

Sections

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 402KB - Virtual size: 401KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 848B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3beaea2625f3b1ff4e2ebb5e65fc6991

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wintrust

version

kernel32

advapi32

shell32

ole32

shlwapi

crypt32

msi

wtsapi32

dbghelp

userenv

rpcrt4

Sections

.text Size: 2.5MB - Virtual size: 2.5MB

.rdata Size: 402KB - Virtual size: 401KB

.data Size: 52KB - Virtual size: 64KB

.rsrc Size: 1024B - Virtual size: 848B

.reloc Size: 108KB - Virtual size: 108KB

.text
Size: 2.5MB - Virtual size: 2.5MB

.rdata
Size: 402KB - Virtual size: 401KB

.data
Size: 52KB - Virtual size: 64KB

.rsrc
Size: 1024B - Virtual size: 848B

.reloc
Size: 108KB - Virtual size: 108KB