b69fa2f0191e8a61ff41a30eefada4c41cc934f0e6d0cf52e2cbaf8a48578ad5

Sharing

Copy URL Twitter E-mail

General

Target

b69fa2f0191e8a61ff41a30eefada4c41cc934f0e6d0cf52e2cbaf8a48578ad5
Size

9.2MB
MD5

d0e995a98ac42bb2a6e78df7e45a2a95
SHA1

2b05204dfb2fdcc445d4217fdae7377dadc355b4
SHA256

b69fa2f0191e8a61ff41a30eefada4c41cc934f0e6d0cf52e2cbaf8a48578ad5
SHA512

c5ba9c2010ca7275e56408fc3ccf07b69dde9e7c2d24333d692b7ef5ecbaca174865c460dabd35d3495e8f0e8611ca7d53f7672b86dc9643a8bf40b7dc130b1e
SSDEEP

196608:EoPgZJcED6cMBHweQDLRvcAes1HmGw7vbsie58kdpjon4I:EoPgZJcED6cMBHweQDlvcf5n

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b69fa2f0191e8a61ff41a30eefada4c41cc934f0e6d0cf52e2cbaf8a48578ad5

Files

b69fa2f0191e8a61ff41a30eefada4c41cc934f0e6d0cf52e2cbaf8a48578ad5
.exe windows:5 windows x86 arch:x86

e8fa136d0563992976ae6b76084a62ab

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\cygwin\home\bat\bat\checkout\zon\build.app_win64_vpn\pkg\win\sdk\certified\net_updater32.exe.pdb

Imports

crypt32

CertGetNameStringW

wintrust

WinVerifyTrust
WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain
WTHelperGetProvCertFromChain

ntdll

NtTestAlert
NtFsControlFile
NtCreateFile
RtlInitUnicodeString
NtCreateSection
NtMapViewOfSection
NtUnmapViewOfSection
NtQuerySystemInformation
NtDeviceIoControlFile
RtlUnwind

advapi32

SetNamedSecurityInfoW
SetEntriesInAclW
ReportEventA
RegisterEventSourceA
DeregisterEventSource
CryptGenRandom
CryptReleaseContext
CryptAcquireContextW
LookupPrivilegeValueW
AdjustTokenPrivileges
SetSecurityDescriptorDacl
RegisterServiceCtrlHandlerExW
SetServiceStatus
StartServiceCtrlDispatcherW
CreateProcessAsUserW
InitializeSecurityDescriptor
ChangeServiceConfigW
ChangeServiceConfig2W
CloseServiceHandle
ControlService
CreateServiceW
DeleteService
OpenSCManagerW
OpenServiceW
FreeSid
QueryServiceStatusEx
SetServiceObjectSecurity
StartServiceW
OpenProcessToken
AllocateAndInitializeSid
CheckTokenMembership

winhttp

WinHttpSetStatusCallback
WinHttpCloseHandle
WinHttpConnect
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpSetOption
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpOpen

kernel32

SetEndOfFile
HeapSize
FindFirstFileExA
FreeEnvironmentStringsW
GetCPInfo
DecodePointer
GetOEMCP
IsValidCodePage
FlushFileBuffers
HeapReAlloc
GetStringTypeW
LCMapStringW
CompareStringW
GetACP
GetCommandLineA
RemoveDirectoryW
CreateDirectoryW
GetCurrentDirectoryW
GetCommandLineW
CloseHandle
GetModuleHandleW
LoadResource
LockResource
SizeofResource
FindResourceW
LocalFree
SetDllDirectoryW
SetSearchPathMode
WideCharToMultiByte
SetLastError
HeapAlloc
HeapFree
GetProcessHeap
GetNativeSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
FreeLibrary
GetProcAddress
LoadLibraryA
IsBadReadPtr
RaiseException
GetLastError
GetSystemInfo
VirtualQuery
LoadLibraryExA
IsDebuggerPresent
OutputDebugStringW
GetTempPathW
SetUnhandledExceptionFilter
Sleep
GetProcessTimes
GetCurrentProcess
TerminateProcess
GetExitCodeProcess
OpenProcess
CreateToolhelp32Snapshot
GetCurrentThread
GetCurrentThreadId
OpenThread
SuspendThread
ResumeThread
GetThreadContext
Thread32First
Thread32Next
Module32FirstW
Module32NextW
GetEnvironmentStringsW
DuplicateHandle
WaitForSingleObjectEx
CreateProcessW
WTSGetActiveConsoleSessionId
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
TerminateThread
QueueUserAPC
SetConsoleCtrlHandler
GetModuleFileNameW
GetTickCount
GetVersionExW
ReadFile
ReadFileEx
WriteFile
WriteFileEx
SetHandleInformation
ConnectNamedPipe
SetNamedPipeHandleState
PeekNamedPipe
SleepEx
LoadLibraryW
CreateFileW
FindClose
FindFirstFileW
FindNextFileW
CreateNamedPipeW
CancelIo
UnregisterWaitEx
RegisterWaitForSingleObject
GetModuleHandleExA
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetStdHandle
GetFileType
OutputDebugStringA
GetModuleHandleA
SwitchToFiber
DeleteFiber
CreateFiber
GetSystemTime
SystemTimeToFileTime
ConvertFiberToThread
ConvertThreadToFiber
FindFirstFileA
FindNextFileA
MultiByteToWideChar
GetEnvironmentVariableW
GetConsoleMode
ReadConsoleA
ReadConsoleW
SetConsoleMode
FormatMessageW
MoveFileExW
GetFileAttributesExW
GetFileAttributesW
GetFileInformationByHandle
GetFullPathNameW
SetFileTime
GetSystemTimeAdjustment
GetTimeZoneInformation
IsProcessorFeaturePresent
InitializeSListHead
UnhandledExceptionFilter
GetStartupInfoW
LoadLibraryExW
ExitProcess
GetModuleHandleExW
SetStdHandle
WaitForSingleObject
CreateThread
ExitThread
FreeLibraryAndExitThread
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetModuleFileNameA
WriteConsoleW
DeleteFileW
GetConsoleCP
SetFilePointerEx
SetEnvironmentVariableA
SetEnvironmentVariableW

userenv

CreateEnvironmentBlock

shell32

ShellExecuteExW
CommandLineToArgvW
SHGetFolderPathW
SHGetKnownFolderPath

wtsapi32

WTSQueryUserToken

winmm

timeEndPeriod
timeGetTime
timeBeginPeriod

ws2_32

sendto
setsockopt
shutdown
socket
WSAStartup
select
WSAEventSelect
WSAIoctl
connect
recv
listen
__WSAFDIsSet
accept
bind
closesocket
getsockname
send
getpeername
WSACleanup
ioctlsocket
WSAGetLastError
WSASetLastError
recvfrom

iphlpapi

GetExtendedTcpTable
GetAdaptersInfo

psapi

EnumProcessModules
GetModuleInformation
GetModuleFileNameExW

user32

MessageBoxA
GetUserObjectInformationW
GetProcessWindowStation
MsgWaitForMultipleObjectsEx

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 524KB - Virtual size: 523KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 66KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7.2MB - Virtual size: 7.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e8fa136d0563992976ae6b76084a62ab

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

crypt32

wintrust

ntdll

advapi32

winhttp

kernel32

userenv

shell32

wtsapi32

winmm

ws2_32

iphlpapi

psapi

user32

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 524KB - Virtual size: 523KB

.data Size: 66KB - Virtual size: 83KB

.rsrc Size: 7.2MB - Virtual size: 7.2MB

.reloc Size: 76KB - Virtual size: 75KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 524KB - Virtual size: 523KB

.data
Size: 66KB - Virtual size: 83KB

.rsrc
Size: 7.2MB - Virtual size: 7.2MB

.reloc
Size: 76KB - Virtual size: 75KB