a41fc1a4eaf97cc18c2abbae56174327671f4c6a0f6714ed1a39d342dcf1c6c8

Sharing

Copy URL Twitter E-mail

General

Target

a41fc1a4eaf97cc18c2abbae56174327671f4c6a0f6714ed1a39d342dcf1c6c8
Size

2.3MB
MD5

15dba8dfa1a461e2db77d024b7552e8b
SHA1

3230ab18ce3c2a6e7961a05465a725d352bce8d7
SHA256

a41fc1a4eaf97cc18c2abbae56174327671f4c6a0f6714ed1a39d342dcf1c6c8
SHA512

648d574b03cfeb5876e3636295c6b994b87a08d4efac3da40b4f7f7c3573f3d832d0179dcdeb4685474703a26b58050bb2463b430dc7084f4567b21311e5e8f9
SSDEEP

49152:tUjvbFmy2Lxs5+RAGjqXGu8gcjef82H1qqJ9PGk/X4V3:tUjvaBNjq2i82H1j+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a41fc1a4eaf97cc18c2abbae56174327671f4c6a0f6714ed1a39d342dcf1c6c8

Files

a41fc1a4eaf97cc18c2abbae56174327671f4c6a0f6714ed1a39d342dcf1c6c8
.exe windows:6 windows x86 arch:x86

54974a851f4e5205a04d6a35a85c6a21

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\jenkins\workspace\ebAdvisor_WABinary_release_4.1.1\build\Win32\Release\Updater.pdb

Imports

kernel32

GetModuleHandleExA
LoadLibraryExA
FormatMessageA
FindResourceExW
LoadResource
LockResource
SizeofResource
RaiseException
RtlUnwind
VirtualAlloc
VirtualFree
VirtualQuery
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateThread
VirtualProtect
MultiByteToWideChar
ResumeThread
QueueUserAPC
CreateFileMappingW
MapViewOfFileEx
UnmapViewOfFile
OutputDebugStringA
GetFileSizeEx
FindResourceW
GetLongPathNameW
GetCurrentProcess
GetEnvironmentVariableW
GetFileAttributesExW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetTickCount
LoadLibraryW
GetExitCodeProcess
CreateProcessW
FormatMessageW
LoadLibraryExW
GetCommandLineW
IsDebuggerPresent
RtlCaptureContext
RaiseFailFastException
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
WideCharToMultiByte
GetModuleHandleExW
OpenProcess
GetSystemDirectoryW
GetSystemWow64DirectoryW
DuplicateHandle
IsWow64Process
IsWow64Process2
GetModuleFileNameA
LCMapStringEx
GetFileInformationByHandleEx
SetFileInformationByHandle
Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection
GetNativeSystemInfo
GetLargePageMinimum
GetCurrentProcessId
TerminateProcess
CreateSemaphoreW
ReleaseSemaphore
WritePrivateProfileStringW
WritePrivateProfileStructW
WriteConsoleW
GetFileType
GetStdHandle
ExitProcess
GetOverlappedResult
WriteFile
K32EnumProcesses
ProcessIdToSessionId
CancelIoEx
GetCurrentThreadId
GetNamedPipeClientProcessId
GetNamedPipeServerProcessId
WaitNamedPipeW
WaitForMultipleObjects
ReleaseMutex
CreateMutexA
WaitForSingleObject
CreateEventW
ResetEvent
SetEvent
WTSGetActiveConsoleSessionId
OutputDebugStringW
CreateDirectoryW
FindNextFileW
FindFirstFileW
FreeLibraryAndExitThread
GetFileAttributesW
MoveFileExW
DeleteFileW
FindClose
GetProcAddress
GetModuleHandleW
CreateEventA
GlobalFree
DeleteCriticalSection
DecodePointer
InitializeCriticalSectionEx
GetModuleFileNameW
Sleep
SetLastError
GetProcessHeap
LocalFree
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GlobalAlloc
ReadFile
GetFileSize
GetLastError
CreateFileW
CloseHandle
GetModuleHandleA
GetFinalPathNameByHandleW
FreeLibrary
GetTimeZoneInformation
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
QueryFullProcessImageNameW
ExitThread
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetEndOfFile
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
CreatePipe
ReadConsoleW
InterlockedPushEntrySList
GetStartupInfoW
InitializeSListHead
UnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCPInfo
CompareStringEx
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
SetFilePointerEx
EnumSystemLocalesW
GetSystemInfo
GetStringTypeW
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
QueryPerformanceCounter
QueryPerformanceFrequency
InitOnceBeginInitialize
InitOnceComplete
GetLocaleInfoEx
FindFirstFileExW
GetTempPathW
AreFileApisANSI
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableSRW
ReleaseSRWLockShared
AcquireSRWLockShared
WaitForSingleObjectEx
GetExitCodeThread
EncodePointer
GetSystemTimeAsFileTime
GetUserDefaultLCID

user32

MsgWaitForMultipleObjectsEx
PeekMessageW
TranslateMessage
DispatchMessageW
CharLowerBuffW
CharUpperBuffW

advapi32

IsValidSid
RegDeleteTreeW
RegDeleteKeyValueW
CreateServiceA
OpenSCManagerA
ChangeServiceConfigA
StartServiceA
ChangeServiceConfig2A
OpenServiceA
EventUnregister
EventRegister
EventWriteTransfer
RegEnumValueW
RegQueryInfoKeyW
RegDeleteKeyExW
RegCreateKeyExW
SetNamedSecurityInfoW
GetSecurityDescriptorDacl
StartServiceCtrlDispatcherW
SetServiceStatus
RegisterServiceCtrlHandlerExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
ControlService
QueryServiceStatus
SetSecurityInfo
GetSecurityInfo
GetAce
GetAclInformation
AddAce
InitializeAcl
EqualSid
GetLengthSid
CopySid
GetSidSubAuthority
InitializeSid
GetSidLengthRequired
StartServiceW
CreateServiceW
OpenServiceW
OpenSCManagerW
DeleteService
CloseServiceHandle
RegSetValueExA
RegSetValueExW
RegQueryValueExW
RegQueryValueExA
RegOpenKeyExW
RegCloseKey

shell32

CommandLineToArgvW
SHGetKnownFolderPath
SHGetSpecialFolderPathW

ole32

StringFromGUID2
CoCreateInstance
CoTaskMemFree
StringFromCLSID
CoInitializeEx
CoUninitialize
OleRun
CoCreateGuid

oleaut32

SysFreeString
VarUdateFromDate
VariantTimeToSystemTime
SystemTimeToVariantTime
VariantClear
SysAllocString

shlwapi

StrRChrW
PathFileExistsW
PathFindExtensionW
PathFindFileNameW

Exports

Exports

__swprintf_l
__vswprintf_l
_fprintf_l
_fprintf_p
_fprintf_p_l
_fprintf_s_l
_fscanf_l
_fscanf_s_l
_fwprintf_l
_fwprintf_p
_fwprintf_p_l
_fwprintf_s_l
_fwscanf_l
_fwscanf_s_l
_printf_l
_printf_p
_printf_p_l
_printf_s_l
_scanf_l
_scanf_s_l
_scprintf
_scprintf_l
_scprintf_p
_scprintf_p_l
_scwprintf
_scwprintf_l
_scwprintf_p
_scwprintf_p_l
_snprintf
_snprintf_c
_snprintf_c_l
_snprintf_l
_snprintf_s
_snprintf_s_l
_snscanf
_snscanf_l
_snscanf_s
_snscanf_s_l
_snwprintf
_snwprintf_l
_snwprintf_s
_snwprintf_s_l
_snwscanf
_snwscanf_l
_snwscanf_s
_snwscanf_s_l
_sprintf_l
_sprintf_p
_sprintf_p_l
_sprintf_s_l
_sscanf_l
_sscanf_s_l
_swprintf
_swprintf_c
_swprintf_c_l
_swprintf_l
_swprintf_p
_swprintf_p_l
_swprintf_s_l
_swscanf_l
_swscanf_s_l
_vfprintf_l
_vfprintf_p
_vfprintf_p_l
_vfprintf_s_l
_vfscanf_l
_vfscanf_s_l
_vfwprintf_l
_vfwprintf_p
_vfwprintf_p_l
_vfwprintf_s_l
_vfwscanf_l
_vfwscanf_s_l
_vprintf_l
_vprintf_p
_vprintf_p_l
_vprintf_s_l
_vscanf_l
_vscanf_s_l
_vscprintf
_vscprintf_l
_vscprintf_p
_vscprintf_p_l
_vscwprintf
_vscwprintf_l
_vscwprintf_p
_vscwprintf_p_l
_vsnprintf
_vsnprintf_c
_vsnprintf_c_l
_vsnprintf_l
_vsnprintf_s
_vsnprintf_s_l
_vsnwprintf
_vsnwprintf_l
_vsnwprintf_s
_vsnwprintf_s_l
_vsnwscanf_l
_vsnwscanf_s_l
_vsprintf_l
_vsprintf_p
_vsprintf_p_l
_vsprintf_s_l
_vsscanf_l
_vsscanf_s_l
_vswprintf
_vswprintf_c
_vswprintf_c_l
_vswprintf_l
_vswprintf_p
_vswprintf_p_l
_vswprintf_s_l
_vswscanf_l
_vswscanf_s_l
_vwprintf_l
_vwprintf_p
_vwprintf_p_l
_vwprintf_s_l
_vwscanf_l
_vwscanf_s_l
_wprintf_l
_wprintf_p
_wprintf_p_l
_wprintf_s_l
_wscanf_l
_wscanf_s_l
fprintf
fprintf_s
fscanf
fscanf_s
fwprintf
fwprintf_s
fwscanf
fwscanf_s
printf
printf_s
scanf
scanf_s
snprintf
sprintf
sprintf_s
sscanf
sscanf_s
swprintf
swprintf_s
swscanf
swscanf_s
vfprintf
vfprintf_s
vfscanf
vfscanf_s
vfwprintf
vfwprintf_s
vfwscanf
vfwscanf_s
vprintf
vprintf_s
vscanf
vscanf_s
vsnprintf
vsnprintf_s
vsprintf
vsprintf_s
vsscanf
vsscanf_s
vswprintf
vswprintf_s
vswscanf
vswscanf_s
vwprintf
vwprintf_s
vwscanf
vwscanf_s
wprintf
wprintf_s
wscanf
wscanf_s

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 436KB - Virtual size: 435KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 31KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 512B - Virtual size: 212B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 113KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

54974a851f4e5205a04d6a35a85c6a21

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

Exports

Exports

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 436KB - Virtual size: 435KB

.data Size: 31KB - Virtual size: 68KB

.didat Size: 512B - Virtual size: 212B

.rsrc Size: 113KB - Virtual size: 113KB

.reloc Size: 78KB - Virtual size: 77KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 436KB - Virtual size: 435KB

.data
Size: 31KB - Virtual size: 68KB

.didat
Size: 512B - Virtual size: 212B

.rsrc
Size: 113KB - Virtual size: 113KB

.reloc
Size: 78KB - Virtual size: 77KB