d92716f1bfeffddbb8dcc6d2315d5d9cb9eb0b54f880523bdfd7a0295d27e63f

Sharing

Copy URL Twitter E-mail

General

Target

d92716f1bfeffddbb8dcc6d2315d5d9cb9eb0b54f880523bdfd7a0295d27e63f
Size

827KB
MD5

b63709ef8918a61e8491a09528e5504a
SHA1

d92fd62e91648060ae7373ca4f5feefe38a699a3
SHA256

d92716f1bfeffddbb8dcc6d2315d5d9cb9eb0b54f880523bdfd7a0295d27e63f
SHA512

bdfdd54d53f21395fd7c3d84e158e46cdff06bda9eb224d3d1bb14730cd9ccf3ec52bd29d1a49e4ac20c5bb2be0eab84a6960a32d7f0a65e1fa43352d6387791
SSDEEP

12288:Al9okW+0ZMc2015WYgeWYg955/155/oB7iYdJ427kkVe8uso8hJA:Al9okWYcvL7iYT40F4dsN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d92716f1bfeffddbb8dcc6d2315d5d9cb9eb0b54f880523bdfd7a0295d27e63f

Files

d92716f1bfeffddbb8dcc6d2315d5d9cb9eb0b54f880523bdfd7a0295d27e63f
.exe windows:6 windows x64 arch:x64

29ef22e1343c7c0021f83d6ea08b2f29

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\work\selftools\dten_daemon\x64\Release\dten_daemon.pdb

Imports

kernel32

CreateProcessA
CreateDirectoryA
FormatMessageA
WriteFile
SetFileTime
SetFilePointer
CreateFileW
GetFileAttributesW
MultiByteToWideChar
LocalFileTimeToFileTime
GetCurrentDirectoryW
SystemTimeToFileTime
WideCharToMultiByte
FindFirstFileExW
GetFullPathNameW
GetTempPathA
OutputDebugStringA
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
CreateEventA
OpenEventA
GetLocalTime
LocalFree
GetPrivateProfileIntA
GetComputerNameA
GetTimeZoneInformation
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
RtlCaptureStackBackTrace
GetCurrentThreadId
GetSystemTimeAsFileTime
CopyFileA
CreatePipe
ReadFile
RemoveDirectoryA
WTSGetActiveConsoleSessionId
DeleteFileA
FindNextFileA
GetCurrentProcess
FindFirstFileA
GetModuleFileNameA
CreateDirectoryW
CreateThread
SetEvent
OutputDebugStringW
CreateEventW
GetModuleFileNameW
GetPrivateProfileIntW
GetExitCodeProcess
GetModuleHandleW
CreateProcessW
GetProcAddress
CloseHandle
Process32FirstW
Process32NextW
GetLastError
Sleep
CreateToolhelp32Snapshot
OpenProcess
WaitForSingleObject
FindClose
TerminateProcess
GetStdHandle
FindNextFileW
WriteConsoleW
HeapSize
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
RtlUnwind
IsValidCodePage
HeapReAlloc
FlushFileBuffers
GetFileSizeEx
MoveFileExW
GetFileAttributesExW
GetWindowsDirectoryA
DeleteFileW
SetFilePointerEx
ReadConsoleW
SetEndOfFile
SetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
HeapFree
HeapAlloc
GetCommandLineW
InitializeCriticalSectionEx
EncodePointer
DecodePointer
LCMapStringEx
GetStringTypeW
GetCPInfo
InitializeCriticalSectionAndSpinCount
ResetEvent
WaitForSingleObjectEx
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
SetLastError
QueryPerformanceFrequency
RtlUnwindEx
InterlockedPushEntrySList
RtlPcToFileHeader
RaiseException
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetFileType
GetDriveTypeW
GetFileInformationByHandle
PeekNamedPipe
ExitProcess
GetModuleHandleExW
DuplicateHandle
GetConsoleCP
GetConsoleMode
SetConsoleCtrlHandler
GetCommandLineA

user32

wsprintfW

advapi32

QueryServiceStatus
RegCreateKeyExW
RegEnumKeyExW
RegDeleteValueW
QueryServiceStatusEx
RegOpenKeyW
RegCloseKey
SetTokenInformation
RegSetValueExW
OpenProcessToken
RegOpenKeyExW
CreateProcessAsUserW
RegCreateKeyW
DuplicateTokenEx
RegQueryValueExW
RegisterServiceCtrlHandlerExW
CreateServiceW
UnlockServiceDatabase
CloseServiceHandle
OpenSCManagerW
SetServiceStatus
LockServiceDatabase
DeleteService
ControlService
StartServiceW
StartServiceCtrlDispatcherW
ChangeServiceConfigW
OpenServiceW

shell32

SHFileOperationW

shlwapi

PathFileExistsW
PathFileExistsA
PathIsDirectoryW
PathStripPathA
PathRemoveFileSpecA
PathRemoveFileSpecW
PathIsDirectoryA

wtsapi32

WTSQueryUserToken

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

dbghelp

SymFromAddr
SymSetOptions
SymInitialize
UnDecorateSymbolName
SymCleanup

Sections

.text
Size: 576KB - Virtual size: 575KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 194KB - Virtual size: 193KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

29ef22e1343c7c0021f83d6ea08b2f29

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

shlwapi

wtsapi32

userenv

version

dbghelp

Sections

.text Size: 576KB - Virtual size: 575KB

.rdata Size: 194KB - Virtual size: 193KB

.data Size: 12KB - Virtual size: 86KB

.pdata Size: 35KB - Virtual size: 35KB

_RDATA Size: 512B - Virtual size: 244B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 576KB - Virtual size: 575KB

.rdata
Size: 194KB - Virtual size: 193KB

.data
Size: 12KB - Virtual size: 86KB

.pdata
Size: 35KB - Virtual size: 35KB

_RDATA
Size: 512B - Virtual size: 244B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 6KB - Virtual size: 5KB