327ee1eccb682dfab794e11a3a82d43d461cffa7b556476aef7be19efb43e922[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

327ee1eccb682dfab794e11a3a82d43d461cffa7b556476aef7be19efb43e922.exe
Size

84KB
MD5

7c2bc9103ba030d641b7b2cace8fde8a
SHA1

5cdaaa8728b8b4716f85276a948a4c38d4e0b7eb
SHA256

327ee1eccb682dfab794e11a3a82d43d461cffa7b556476aef7be19efb43e922
SHA512

2a3e93405b83eb6a5bc95ce110d85b2fc7549e70f9cc5b56ce470b6ed068ae7027ff8abee9f567704d4575061e8ba9fa1e91c3957a0b3dc40024c5c2bbacd24c
SSDEEP

1536:dhJfbGY/Bn623Kvv0IzGJyyu2xXibswbTYTjULf1Yrfsp:dhJfbG6B6yKvv0uWyyu2xXibswbQjUjL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
327ee1eccb682dfab794e11a3a82d43d461cffa7b556476aef7be19efb43e922.exe

Files

327ee1eccb682dfab794e11a3a82d43d461cffa7b556476aef7be19efb43e922.exe
.exe windows:10 windows x64 arch:x64

3e94ccb6e60fc118db0d61a5306c8825

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

easinvoker.pdb

Imports

advapi32

RegGetValueW
TraceMessage
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceEnableFlags
GetTraceLoggerHandle
GetTokenInformation
MakeAbsoluteSD
OpenThreadToken
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW
OpenProcessToken
EventRegister
EventUnregister

kernel32

GetProcessHeap
HeapAlloc
HeapFree
GetModuleHandleExA
ResolveDelayLoadedAPI
DelayLoadFailureHook
GetSystemWindowsDirectoryW
LocalFree
CloseHandle
GetCurrentThread
SetEvent
GetLastError
CreateEventW
WaitForSingleObject
GetCurrentProcess

msvcrt

_purecall
__CxxFrameHandler3
free
malloc
_vsnwprintf
_XcptFilter
_amsg_exit
__wgetmainargs
__set_app_type
memcpy
_exit
_cexit
__setusermatherr
_initterm
__C_specific_handler
_fmode
memset
_commode
_lock
_unlock
__dllonexit
_onexit
?terminate@@YAXXZ
exit
_wcsicmp
_callnewh
_wtoi

api-ms-win-core-com-l1-1-0

CoRevokeClassObject
CoInitializeSecurity
CoTaskMemAlloc
CoRegisterClassObject
CoInitializeEx
CoUninitialize
CoCreateInstance
CoReleaseServerProcess
CoAddRefServerProcess
CoTaskMemFree

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
GetProcAddress
FreeLibrary
GetModuleHandleW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThreadId
TerminateProcess

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime
GetVersionExW

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-heap-l2-1-0

LocalAlloc

api-ms-win-security-base-l1-1-0

PrivilegeCheck
GetSecurityDescriptorDacl
CopySid
CreateWellKnownSid
EqualSid
GetLengthSid
CheckTokenMembership

authz

AuthzInitializeContextFromSid
AuthzAddSidsToContext
AuthzInitializeResourceManager
AuthzAccessCheck
AuthzFreeResourceManager
AuthzFreeContext

samcli

NetUserGetInfo

netutils

NetApiBufferFree

rpcrt4

RpcStringBindingComposeW
RpcBindingFromStringBindingW
RpcStringFreeW
RpcBindingFree
I_RpcMapWin32Status
I_RpcExceptionFilter
RpcBindingCreateW
NdrClientCall3
RpcBindingBind

api-ms-win-core-registry-l1-1-0

RegEnumValueW
RegQueryInfoKeyW
RegCreateKeyExW
RegSetValueExW
RegDeleteValueW
RegOpenKeyExW
RegDeleteTreeW
RegCloseKey

api-ms-win-core-file-l1-1-0

CreateFileW

api-ms-win-security-lsapolicy-l1-1-0

LsaClose
LsaFreeMemory
LsaQueryInformationPolicy
LsaOpenPolicy
LsaLookupSids

samlib

SamQueryInformationDomain
SamConnect
SamQuerySecurityObject
SamOpenDomain
SamQueryInformationUser
SamCloseHandle
SamFreeMemory
SamOpenUser

ntdll

NtGetCachedSigningLevel
NtQuerySystemInformation
RtlGetDeviceFamilyInfoEnum
NtDuplicateToken
NtOpenProcessToken
NtOpenThreadToken
RtlEqualSid
RtlSubAuthorityCountSid
RtlDeleteResource
RtlInitializeResource
NtClose
RtlReleaseResource
RtlAcquireResourceExclusive
RtlCopySid
RtlLengthSid
RtlGetNtProductType
RtlInitUnicodeString
RtlSubAuthoritySid
RtlInitializeSid
RtlIsMultiSessionSku
NtQueryInformationToken

user32

UpdatePerUserSystemParameters
SystemParametersInfoW

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3e94ccb6e60fc118db0d61a5306c8825

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

msvcrt

api-ms-win-core-com-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-security-base-l1-1-0

authz

samcli

netutils

rpcrt4

api-ms-win-core-registry-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-security-lsapolicy-l1-1-0

samlib

ntdll

user32

api-ms-win-core-apiquery-l1-1-0

Sections

.text Size: 36KB - Virtual size: 35KB

.imrsiv Size: - Virtual size: 4B

.rdata Size: 24KB - Virtual size: 22KB

.data Size: 4KB - Virtual size: 3KB

.pdata Size: 4KB - Virtual size: 1KB

.didat Size: 4KB - Virtual size: 48B

.rsrc Size: 4KB - Virtual size: 2KB

.reloc Size: 4KB - Virtual size: 352B

.text
Size: 36KB - Virtual size: 35KB

.imrsiv
Size: - Virtual size: 4B

.rdata
Size: 24KB - Virtual size: 22KB

.data
Size: 4KB - Virtual size: 3KB

.pdata
Size: 4KB - Virtual size: 1KB

.didat
Size: 4KB - Virtual size: 48B

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 352B