502f7f7e4f6afeeb3a2b2c5cdc011a70N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

502f7f7e4f6afeeb3a2b2c5cdc011a70N.exe
Size

1.3MB
MD5

502f7f7e4f6afeeb3a2b2c5cdc011a70
SHA1

6be09896fc7d92a840641f06522d1cca5b9a745f
SHA256

8f302ed455529bf873ea575f0d6f6f249276f446b3c72ed43bb1682960b2762a
SHA512

e84046fb639d1340d5164520bb342d3b62f5d4b8a33943b14a88e7ee960a22734e7496edcfc261976b0a07a95100ebb553d8907e0bb1af3739c0d41c0496b04b
SSDEEP

12288:brFUZjfRXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:qZjfRsqjnhMgeiCl7G0nehbGZpbD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
502f7f7e4f6afeeb3a2b2c5cdc011a70N.exe

Files

502f7f7e4f6afeeb3a2b2c5cdc011a70N.exe
.exe windows:4 windows x64 arch:x64

1df309b54ec48252385a3d79ef5ac1a5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\usdk\usdk_4_5_356_00\usdk\bin\winbioSecure\x64\Release\VCSWBFPolicyService.pdb

Imports

psapi

EnumProcesses
EnumProcessModules
GetModuleBaseNameA
GetModuleFileNameExA

cfgmgr32

CM_Get_DevNode_Status
CM_Disable_DevNode
CM_Get_Parent
CM_Enable_DevNode

setupapi

SetupDiSetClassInstallParamsA
SetupDiCallClassInstaller
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsExA
SetupDiGetDeviceRegistryPropertyA
SetupDiEnumDeviceInfo
SetupDiGetDeviceInstallParamsA

crypt32

CertCloseStore
CertEnumCertificatesInStore
CertOpenStore
CertGetNameStringA

imagehlp

ImageGetCertificateData
ImageGetCertificateHeader

kernel32

GetModuleFileNameA
FreeLibrary
GetProcAddress
LoadLibraryA
GetLocalTime
OpenProcess
CreateThread
ResetEvent
CreateFileA
CreateEventA
lstrcmpiA
GetLastError
OutputDebugStringA
GetFileSize
MoveFileExA
DeleteFileA
CloseHandle
TerminateThread
SetEvent
LocalFree
WaitForMultipleObjects
GetTickCount
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
GetProcessHeap
HeapAlloc
Sleep
GetSystemTimeAsFileTime
HeapFree
RtlCaptureContext
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetVersionExA

ole32

StringFromCLSID
CoTaskMemFree

advapi32

DeleteService
StartServiceA
RegisterEventSourceA
ReportEventA
DeregisterEventSource
QueryServiceStatus
CreateServiceA
SetServiceStatus
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
OpenSCManagerA
QueryServiceObjectSecurity
GetSecurityDescriptorDacl
BuildExplicitAccessWithNameA
SetEntriesInAclA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetServiceObjectSecurity
EnumDependentServicesA
OpenServiceA
ControlService
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
OpenTraceW
QueryServiceStatusEx
CloseServiceHandle
RegCreateKeyExA
CloseTrace
ProcessTrace
RegSetValueExA

tdh

TdhGetEventInformation

wevtapi

EvtSaveChannelConfig
EvtSetChannelConfigProperty
EvtGetChannelConfigProperty
EvtOpenChannelConfig
EvtClose

msvcr80

_amsg_exit
_commode
__setusermatherr
_configthreadlocale
_initterm_e
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
__crt_debugger_hook
__set_app_type
_encode_pointer
_mbsnbicmp
_vsnprintf
printf
__C_specific_handler
_local_unwind
free
malloc
memset
mbstowcs_s
memcpy
fclose
fprintf
fopen_s
vsprintf_s
system
sprintf
realloc
wcstombs
mbstowcs
_initterm
__getmainargs
_XcptFilter
_exit
_cexit
exit
__initenv
_fmode

Sections

.text
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.2MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1df309b54ec48252385a3d79ef5ac1a5

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

psapi

cfgmgr32

setupapi

crypt32

imagehlp

kernel32

ole32

advapi32

tdh

wevtapi

msvcr80

Sections

.text Size: 38KB - Virtual size: 37KB

.rdata Size: 23KB - Virtual size: 22KB

.data Size: 512B - Virtual size: 2KB

.pdata Size: 2KB - Virtual size: 1KB

.idata Size: 8KB - Virtual size: 7KB

.rsrc Size: 1.2MB - Virtual size: 1.8MB

.text
Size: 38KB - Virtual size: 37KB

.rdata
Size: 23KB - Virtual size: 22KB

.data
Size: 512B - Virtual size: 2KB

.pdata
Size: 2KB - Virtual size: 1KB

.idata
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 1.2MB - Virtual size: 1.8MB