397b5728a4db7246cf653ff570d06dc0fe8759de50654b41638109031eab6095

Sharing

Copy URL

Twitter E-mail

General

Target

397b5728a4db7246cf653ff570d06dc0fe8759de50654b41638109031eab6095
Size

769KB
MD5

2b8387b0b178bac8bdd3c2df53b40875
SHA1

bfb16a4b5c4590fc228f862186419d5df92776bc
SHA256

397b5728a4db7246cf653ff570d06dc0fe8759de50654b41638109031eab6095
SHA512

5107872de22f0eb1f7390485f1ddcd3d4e9f76835de9b64e1edd32e7cd3e2922dcec8702834bd05e8ba8e71fef3e43791fb913c05358996fd65d28ee929958d1
SSDEEP

12288:Z2pPc0D1DjiUqBLuHqRQ9Fu0Q1yc7zM6bkGjawMdvuvpBNWux26zZLc:ZiPMuHqROFulLbkGja5uvpB4c2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
397b5728a4db7246cf653ff570d06dc0fe8759de50654b41638109031eab6095

Files

397b5728a4db7246cf653ff570d06dc0fe8759de50654b41638109031eab6095
.dll windows:5 windows x86 arch:x86

86e7eec1e15c4d784791412b483ec56e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\hrcode\hr_sysdiag-fund\bin\uactmon.pdb

Imports

kernel32

GetSystemInfo
GetCurrentDirectoryW
SearchPathA
GetWindowsDirectoryW
SetFilePointerEx
LocalFree
DeleteCriticalSection
WideCharToMultiByte
InterlockedIncrement
IsBadReadPtr
CreateFileMappingW
MapViewOfFile
GetTickCount
SetThreadPriority
WaitForSingleObject
SetEvent
GetCurrentThread
GetVersionExA
CreateThread
CreateEventA
DisableThreadLibraryCalls
ReleaseSemaphore
WaitForMultipleObjects
GetThreadPriority
GetLastError
DeviceIoControl
GetOverlappedResult
GetLongPathNameA
TerminateThread
WaitForSingleObjectEx
LoadLibraryW
ResetEvent
DecodePointer
EncodePointer
OutputDebugStringW
OutputDebugStringA
ReadConsoleW
WriteConsoleW
GetTimeZoneInformation
HeapSize
GetConsoleMode
GetConsoleCP
FlushFileBuffers
SetStdHandle
Sleep
MultiByteToWideChar
GetVersion
OpenProcess
GetModuleHandleA
DuplicateHandle
UnmapViewOfFile
GetFileAttributesW
CreateFileW
SetEndOfFile
ExpandEnvironmentStringsA
InitializeCriticalSection
LeaveCriticalSection
InterlockedDecrement
WriteFile
GetCurrentProcess
GetLongPathNameW
EnterCriticalSection
VirtualProtect
GetFileSizeEx
GetQueuedCompletionStatus
InterlockedExchange
GetModuleFileNameA
ReadFile
CreateIoCompletionPort
GetProcAddress
CloseHandle
LoadLibraryA
GetFullPathNameA
GetFullPathNameW
SetCurrentDirectoryW
PostQueuedCompletionStatus
CreateSemaphoreA
SetConsoleCtrlHandler
GetProcessHeap
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
InterlockedPushEntrySList
InterlockedFlushSList
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
RtlUnwind
GetFileAttributesExW
SetFileAttributesW
DeleteFileW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
GetDriveTypeW
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
HeapFree
HeapAlloc
HeapReAlloc
GetACP
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetStdHandle
GetStringTypeW
FindClose
FindFirstFileExA
FindFirstFileExW
FindNextFileA
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW
RaiseException

user32

GetParent
EnumDesktopWindows
OpenDesktopA
OpenWindowStationA
GetWindowThreadProcessId
EnumWindowStationsA
GetWindowRect
IsWindowVisible
CloseWindowStation
EnumDesktopsA
CloseDesktop

advapi32

GetSecurityDescriptorDacl
RegEnumKeyExA
CloseServiceHandle
OpenSCManagerW
OpenServiceW
BuildExplicitAccessWithNameA
SetSecurityDescriptorDacl
SetEntriesInAclA
RegGetKeySecurity
RegCloseKey
RegDeleteKeyA
RegQueryValueExA
RegCreateKeyExA
RegSetKeySecurity
RegSetValueExW
RegSetValueExA
OpenProcessToken
RegLoadKeyA
InitializeSecurityDescriptor
RegOpenKeyExA
ConvertSidToStringSidW
RegEnumValueA
RegDeleteValueA
RegOpenKeyW
RegSaveKeyA
RegQueryValueExW
GetTokenInformation

libxsse

ord10
ord11

iphlpapi

SetTcpEntry

ws2_32

htons

Sections

.text
Size: 304KB - Virtual size: 304KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 400KB - Virtual size: 400KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

86e7eec1e15c4d784791412b483ec56e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

libxsse

iphlpapi

ws2_32

Sections

.text Size: 304KB - Virtual size: 304KB

.rdata Size: 48KB - Virtual size: 47KB

.data Size: 3KB - Virtual size: 9KB

.gfids Size: 1KB - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 968B

.reloc Size: 400KB - Virtual size: 400KB

.text
Size: 304KB - Virtual size: 304KB

.rdata
Size: 48KB - Virtual size: 47KB

.data
Size: 3KB - Virtual size: 9KB

.gfids
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 968B

.reloc
Size: 400KB - Virtual size: 400KB