fd10111e89331ef5bc250c97b30c5e43980f69483e43aeb7ef00faaba429d6a3

Sharing

Copy URL Twitter E-mail

General

Target

fd10111e89331ef5bc250c97b30c5e43980f69483e43aeb7ef00faaba429d6a3
Size

5.4MB
MD5

ac0d3aa6aa63eca095ad9ab614db04a0
SHA1

71093ae841c4127f16976fec85bfdbfc627db87c
SHA256

fd10111e89331ef5bc250c97b30c5e43980f69483e43aeb7ef00faaba429d6a3
SHA512

3be58a747e803802a6b25cf7f5bdc16640363bf7064f6470429105caebf189ba77f9f8300e82952a12bffffbe661df03d44b3376122e783a81fc780c16cd55d6
SSDEEP

49152:64Knv7I2YTJmygWtujK/kfzVxyizfjgg7anyhBAk3KFSR3Q9q7d7Ani1WT4VyvM7:8nv8naWtafzjgg7anyhBfAI3QeznoZh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fd10111e89331ef5bc250c97b30c5e43980f69483e43aeb7ef00faaba429d6a3

Files

fd10111e89331ef5bc250c97b30c5e43980f69483e43aeb7ef00faaba429d6a3
.exe windows:6 windows x86 arch:x86

705ca904178b43e4e4fd253d8685295b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\jenkins\workspace\desktop-Windows-Komodia_develop\src\PCProxy - Redirect\Release\qengine.pdb

Imports

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

psapi

GetProcessImageFileNameW
GetModuleFileNameExW

ws2_32

ntohs
recv
htonl
inet_addr
gethostname
WSAStringToAddressA
getaddrinfo
freeaddrinfo
WSASetLastError
WSAEventSelect
WSAAsyncSelect
ioctlsocket
WSASocketA
getsockname
__WSAFDIsSet
WSAAddressToStringA
gethostbyname
inet_ntoa
ntohl
WSAIoctl
shutdown
select
listen
getsockopt
bind
accept
WSACleanup
WSAStartup
send
getnameinfo
connect
WSAGetLastError
socket
setsockopt
sendto
htons
WSCEnumProtocols
recvfrom
closesocket
WSCGetProviderPath

kernel32

lstrcmpiA
lstrlenA
FindResourceA
CopyFileW
WideCharToMultiByte
IsDBCSLeadByte
GetNativeSystemInfo
ReadProcessMemory
IsWow64Process
Process32FirstW
Process32NextW
GetStdHandle
FreeConsole
WriteConsoleInputA
ReleaseMutex
WaitForSingleObject
CreateMutexA
GetWindowsDirectoryA
SetFileAttributesW
SystemTimeToFileTime
GetSystemInfo
FormatMessageA
GetFileSize
WaitForMultipleObjects
PulseEvent
InitializeCriticalSection
SetThreadPriority
GetThreadPriority
TerminateThread
ResumeThread
SetThreadAffinityMask
ReleaseSemaphore
CreateSemaphoreA
CompareStringW
GetTimeFormatW
GetDateFormatW
HeapReAlloc
HeapAlloc
LoadLibraryExA
GetFileSizeEx
HeapFree
SetConsoleCtrlHandler
GetConsoleCP
ExitProcess
ExitThread
TzSpecificLocalTimeToSystemTime
SetFileTime
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileInformationByHandle
GetDriveTypeW
CreateFileW
ReadFile
VirtualQuery
RtlUnwind
GetModuleFileNameA
GetCurrentThread
CreateThread
TerminateProcess
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
RaiseException
DecodePointer
GetTempPathW
GetCurrentDirectoryA
SetCurrentDirectoryW
GetCommandLineA
VerifyVersionInfoA
GetModuleHandleW
GetVersionExA
GetFileAttributesA
VerSetConditionMask
Process32Next
Process32First
CreateToolhelp32Snapshot
GetLogicalDriveStringsA
CreateProcessW
GetCurrentThreadId
GetCurrentProcess
GetTempPathA
GetShortPathNameW
FindNextFileW
FindFirstFileW
FindClose
DeleteFileA
GetWindowsDirectoryW
GetTimeFormatA
GetDateFormatA
GetLocalTime
GetSystemTime
DeviceIoControl
CreateFileA
LoadLibraryW
GetModuleHandleA
SetLastError
DeleteCriticalSection
LocalFree
LocalAlloc
LoadLibraryA
GetProcAddress
FreeLibrary
GetSystemDirectoryW
GetSystemDirectoryA
Sleep
CreateEventA
ResetEvent
RtlCaptureStackBackTrace
SetEvent
GetFileAttributesW
CreateDirectoryW
ExpandEnvironmentStringsW
GetTickCount
OpenProcess
GetCurrentProcessId
GetLastError
CloseHandle
RemoveDirectoryW
DeleteFileW
MultiByteToWideChar
FindResourceW
SizeofResource
LockResource
LoadResource
GetModuleFileNameW
LCMapStringW
GetLocaleInfoW
WaitForMultipleObjectsEx
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
DuplicateHandle
SetProcessAffinityMask
VirtualFree
VirtualProtect
VirtualAlloc
GetVersionExW
LoadLibraryExW
FreeLibraryAndExitThread
GetThreadTimes
EncodePointer
UnregisterWait
RegisterWaitForSingleObject
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
SignalObjectAndWait
CreateTimerQueue
CopyFileA
ReadConsoleW
ReadConsoleA
SetConsoleMode
GetConsoleMode
ConvertThreadToFiber
ConvertFiberToThread
WriteFile
GetFileType
CreateFiber
DeleteFiber
SwitchToFiber
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
GetCurrentDirectoryW
GetFullPathNameW
SetStdHandle
GetTimeZoneInformation
HeapSize
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
GetStringTypeW
GetNumberOfConsoleInputEvents
ReadConsoleInputW
PeekConsoleInputA
GetFileAttributesExW
SetEndOfFile
WriteConsoleW
SetFilePointerEx
GetEnvironmentVariableW
GetModuleHandleExW
InitializeSListHead
GetStartupInfoW
WaitForSingleObjectEx
SwitchToThread
GetExitCodeThread
QueryPerformanceCounter
QueryPerformanceFrequency
TryEnterCriticalSection
FormatMessageW
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
IsDebuggerPresent
OutputDebugStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent

user32

CharNextW
GetProcessWindowStation
MessageBoxW
GetUserObjectInformationW
SetProcessWindowStation
LoadStringA
DispatchMessageA
PeekMessageA
PostThreadMessageA
CharNextA
UnregisterClassA
CreateDesktopA
GetMessageA
MsgWaitForMultipleObjectsEx
DestroyWindow
CreateWindowExA
RegisterClassA
DefWindowProcA
KillTimer
SetTimer
PostMessageA
TranslateMessage
SetThreadDesktop

advapi32

ChangeServiceConfigA
GetSidSubAuthority
GetSidSubAuthorityCount
GetNamedSecurityInfoA
LookupAccountNameA
LookupAccountSidA
CreateServiceA
RegSetValueA
CryptEnumProvidersW
CryptSignHashW
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptAcquireContextW
ReportEventW
GetTokenInformation
AllocateAndInitializeSid
FreeSid
GetSecurityDescriptorSacl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegCloseKey
RegCreateKeyA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
ConvertStringSecurityDescriptorToSecurityDescriptorA
SetEntriesInAclA
SetNamedSecurityInfoA
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
LookupAccountSidW
RegEnumKeyA
RegEnumKeyExA
RegOpenKeyA
RegQueryValueExW
CryptGenKey
CloseServiceHandle
EnumServicesStatusW
RegSetValueExW
RegOpenKeyExW
RegDeleteValueW
RegCreateKeyExW
ConvertSidToStringSidA
LookupPrivilegeValueA
AdjustTokenPrivileges
ConvertStringSecurityDescriptorToSecurityDescriptorW
StartServiceCtrlDispatcherA
SetServiceStatus
RegisterServiceCtrlHandlerW
QueryServiceConfigW
OpenServiceW
DeleteService
CreateServiceW
ChangeServiceConfig2A
ChangeServiceConfigW
RegQueryInfoKeyW
RegQueryInfoKeyA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
ReportEventA
RegisterEventSourceW
DeregisterEventSource
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
IsValidSid
GetSecurityDescriptorLength
GetLengthSid
CopySid
OpenThreadToken
ConvertStringSidToSidA
StartServiceA
QueryServiceStatusEx
QueryServiceStatus
OpenServiceA
OpenSCManagerA
ControlService
OpenProcessToken

ole32

CoInitializeEx
CoInitialize
CoUninitialize
CoCreateGuid
StringFromGUID2
CoRegisterClassObject
CoInitializeSecurity
CoTaskMemAlloc
CoCreateInstance
CoTaskMemRealloc
StringFromIID
CoTaskMemFree
CoCreateFreeThreadedMarshaler
CoRevokeClassObject
ProgIDFromCLSID

oleaut32

SysStringLen
VariantChangeType
VariantClear
SysFreeString
SysAllocString
SysStringByteLen
SysAllocStringByteLen
SetErrorInfo
UnRegisterTypeLi
RegisterTypeLi
LoadRegTypeLi
LoadTypeLi
VarUI4FromStr
VariantInit
SysAllocStringLen
CreateErrorInfo
GetErrorInfo

rpcrt4

RpcServerInqCallAttributesW

netapi32

NetApiBufferFree
NetUserGetInfo

secur32

GetUserNameExW
GetUserNameExA

crypt32

CryptMsgGetParam
CertOpenStore
CertCloseStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptAcquireCertificatePrivateKey
CertStrToNameA
CertGetNameStringW
CryptQueryObject
CryptMemAlloc
CryptMemFree
CertCreateSelfSignCertificate
CryptBinaryToStringA
CryptMsgClose
CertEnumCertificatesInStore
CertCreateCertificateContext
CertEnumCRLsInStore
CertNameToStrA
CertOpenSystemStoreA
CertGetCertificateChain
CertFreeCertificateChain
CryptStringToBinaryA
CertGetCertificateContextProperty
CertDuplicateCertificateContext
PFXExportCertStoreEx

iphlpapi

GetExtendedTcpTable
GetAdaptersInfo

bcrypt

BCryptGenRandom

Sections

.text
Size: 4.4MB - Virtual size: 4.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 874KB - Virtual size: 874KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 61KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

705ca904178b43e4e4fd253d8685295b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

psapi

ws2_32

kernel32

user32

advapi32

ole32

oleaut32

rpcrt4

netapi32

secur32

crypt32

iphlpapi

bcrypt

Sections

.text Size: 4.4MB - Virtual size: 4.3MB

.rdata Size: 874KB - Virtual size: 874KB

.data Size: 61KB - Virtual size: 92KB

.idata Size: 14KB - Virtual size: 14KB

.tls Size: 1024B - Virtual size: 777B

.00cfg Size: 512B - Virtual size: 260B

.rsrc Size: 72KB - Virtual size: 71KB

.text
Size: 4.4MB - Virtual size: 4.3MB

.rdata
Size: 874KB - Virtual size: 874KB

.data
Size: 61KB - Virtual size: 92KB

.idata
Size: 14KB - Virtual size: 14KB

.tls
Size: 1024B - Virtual size: 777B

.00cfg
Size: 512B - Virtual size: 260B

.rsrc
Size: 72KB - Virtual size: 71KB