5b93033ec7345210b7211424b4b26ef0c576be6dfc2380d136654e8c82f741ed

Sharing

Copy URL Twitter E-mail

General

Target

5b93033ec7345210b7211424b4b26ef0c576be6dfc2380d136654e8c82f741ed
Size

2.2MB
MD5

21a1e473e82b5031c1553c442338eaf1
SHA1

4299a4e605a529d35feaf86725603dfee8543d36
SHA256

5b93033ec7345210b7211424b4b26ef0c576be6dfc2380d136654e8c82f741ed
SHA512

920639198478a7a0de4ede205f6e66e14589ebef470c5478cac1d4fa914ba7d35c5afafc3b5c0f32d43ce94226afb1f7dbdcc8290057e7d5c1ba1edc500296e6
SSDEEP

24576:Yz70BNY4GPNiKe5gi4CXy/NZnULM/DC/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:XN9iA5X+ZnpDCLNiXicJFFRGNzj3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5b93033ec7345210b7211424b4b26ef0c576be6dfc2380d136654e8c82f741ed

Files

5b93033ec7345210b7211424b4b26ef0c576be6dfc2380d136654e8c82f741ed
.exe windows:6 windows x64 arch:x64

da33a89dca3ea4bfaa229c1ff091a9da

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\Git\ScreenXpert\ScreenXpert3\AsusScreenXpertService\x64\Release\AsusScreenXpertHostService.pdb

Imports

kernel32

Thread32Next
SetEndOfFile
HeapSize
ReadConsoleW
SetStdHandle
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
Thread32First
OpenThread
GetCurrentThreadId
WaitForMultipleObjects
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
WideCharToMultiByte
WTSGetActiveConsoleSessionId
QueryFullProcessImageNameA
OpenProcess
ProcessIdToSessionId
TerminateProcess
GetCurrentProcessId
GetCurrentProcess
OutputDebugStringW
GetFileAttributesW
FileTimeToSystemTime
lstrcmpA
SetLastError
FileTimeToLocalFileTime
GetModuleFileNameW
LoadLibraryW
GetProcAddress
GetVersionExW
LocalFree
CreateEventW
DeleteTimerQueue
MoveFileW
CreateTimerQueueTimer
CreateTimerQueue
GetExitCodeProcess
WaitForSingleObject
CloseHandle
SetFileTime
RemoveDirectoryW
GetFileTime
FindNextFileW
FindFirstFileW
FindClose
DeleteFileW
CreateFileW
CreateDirectoryW
GetLocalTime
LeaveCriticalSection
EnterCriticalSection
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
HeapReAlloc
SetConsoleCtrlHandler
GetTimeZoneInformation
ReadFile
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
SetFilePointerEx
GetFileSizeEx
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
HeapAlloc
HeapFree
GetCurrentThread
GetCommandLineW
GetCommandLineA
WriteFile
ExitProcess
WriteConsoleW
RtlUnwind
InitializeCriticalSection
DeleteCriticalSection
InitializeCriticalSectionEx
RaiseException
DecodePointer
RegisterWaitUntilOOBECompleted
OOBEComplete
MultiByteToWideChar
SubmitThreadpoolWork
CreateThreadpoolWork
GetSystemTimeAsFileTime
Sleep
GetFileType
GetStdHandle
GetModuleHandleExW
FreeLibraryAndExitThread
ResumeThread
ExitThread
CreateThread
LoadLibraryExW
FreeLibrary
TlsFree
GetLastError
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
WaitForSingleObjectEx
GetModuleHandleW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
QueryPerformanceCounter
InitializeSListHead
SwitchToThread
GetExitCodeThread
GetNativeSystemInfo
FormatMessageA
GetStringTypeW
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryEnterCriticalSection
QueryPerformanceFrequency
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
EncodePointer
LCMapStringEx
SetFileInformationByHandle
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
InitOnceExecuteOnce
CreateEventExW
CreateSemaphoreExW
FlushProcessWriteBuffers
GetCurrentProcessorNumber
GetTickCount64
FreeLibraryWhenCallbackReturns
CloseThreadpoolWork
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolWait
SetThreadpoolWait
CloseThreadpoolWait
GetFileInformationByHandleEx
CreateSymbolicLinkW
GetLocaleInfoEx
CompareStringEx
GetCPInfo
RtlPcToFileHeader
RtlUnwindEx
InterlockedPushEntrySList
InterlockedFlushSList

user32

wsprintfW
CloseDesktop
FindWindowW
SetThreadDesktop
OpenDesktopW
UnregisterClassW

advapi32

RegNotifyChangeKeyValue
RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExW
RegSetValueExW
EventRegister
EventUnregister
EventSetInformation
EventWriteTransfer
StartTraceW
FlushTraceW
EnableTraceEx2
RegCreateKeyExW
BuildExplicitAccessWithNameW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
GetUserNameW
RegGetValueW
LookupPrivilegeValueW
SetTokenInformation
DuplicateTokenEx
AdjustTokenPrivileges
OpenProcessToken
CreateProcessAsUserW
StartServiceW
QueryServiceStatus
DeleteService
CreateServiceW
ControlService
OpenServiceW
OpenSCManagerW
CloseServiceHandle
ChangeServiceConfig2W
StartServiceCtrlDispatcherW
SetServiceStatus
RegisterServiceCtrlHandlerExW
SetEntriesInAclW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
FreeSid
AllocateAndInitializeSid
RegDeleteKeyValueW
RegDeleteKeyW
RegCloseKey

shell32

ShellExecuteExW

ole32

CoCreateInstance
CoInitializeEx
CoUninitialize

oleaut32

SysFreeString
SetErrorInfo
VariantChangeType
GetErrorInfo
SysAllocString
CreateErrorInfo
VariantClear
VariantInit

rpcrt4

RpcBindingVectorFree
RpcEpUnregister
NdrServerCall2
RpcEpRegisterW
RpcServerUseProtseqEpW
RpcServerUnregisterIf
RpcServerRegisterIf3
RpcServerListen
RpcServerInqBindings
NdrServerCallAll

setupapi

SetupDiEnumDeviceInfo
CM_Get_Parent
CM_Get_DevNode_Registry_PropertyW
CM_Get_Device_ID_Size
CM_Get_Device_IDW
SetupDiGetDevicePropertyW
SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList

shlwapi

PathFileExistsW

api-ms-win-security-base-l1-2-2

DeriveCapabilitySidsFromName

crypt32

CryptDecodeObjectEx
CryptDecodeObject
CryptFindOIDInfo
CryptMsgOpenToDecode
CryptMsgClose
CryptMsgUpdate
CryptMsgGetParam
CertOpenStore
CertCloseStore
CertFindCertificateInStore
CertGetNameStringW
CryptQueryObject

wintrust

WinVerifyTrust

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory
WTSQueryUserToken

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 273KB - Virtual size: 273KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 337B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 1024B - Virtual size: 546B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 185KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 576KB - Virtual size: 580KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

da33a89dca3ea4bfaa229c1ff091a9da

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

rpcrt4

setupapi

shlwapi

api-ms-win-security-base-l1-2-2

crypt32

wintrust

userenv

wtsapi32

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 273KB - Virtual size: 273KB

.data Size: 13KB - Virtual size: 27KB

.pdata Size: 48KB - Virtual size: 48KB

.idata Size: 14KB - Virtual size: 14KB

.tls Size: 1024B - Virtual size: 777B

.00cfg Size: 512B - Virtual size: 337B

_RDATA Size: 1024B - Virtual size: 546B

.rsrc Size: 185KB - Virtual size: 184KB

.reloc Size: 576KB - Virtual size: 580KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 273KB - Virtual size: 273KB

.data
Size: 13KB - Virtual size: 27KB

.pdata
Size: 48KB - Virtual size: 48KB

.idata
Size: 14KB - Virtual size: 14KB

.tls
Size: 1024B - Virtual size: 777B

.00cfg
Size: 512B - Virtual size: 337B

_RDATA
Size: 1024B - Virtual size: 546B

.rsrc
Size: 185KB - Virtual size: 184KB

.reloc
Size: 576KB - Virtual size: 580KB