SECOMN64[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

SECOMN64.exe
Size

742KB
MD5

934be89d364c8e4fab89a975153daa40
SHA1

35f3fc270ae34817d6aad4f675726efff107d207
SHA256

bfa24d40cf9c45bb1c95027dc8ec16d9edba4c515f3de657a0705e8bdd2479de
SHA512

3dc1843bf562838d9f6ceab573cc39ae0deb1539c7e32d1221dd5e072b8b1c2d9977179911c76a12dd56e106b905a6d0b8aa4ba2a19ea12d0a8e09abf0002584
SSDEEP

12288:3ZdoQkYFiTbtJEpdQrAhl8FCwyDA/SQlfJJZlDMFmPhe8zs0meT8u48DkCrvmXUH:3ZdoQkkgrvfkCrvmXUv4k

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SECOMN64.exe

Files

SECOMN64.exe
.exe windows:6 windows x64 arch:x64

8f464d7b58796763c9671293698e0d7e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Projects\SoundEdge\APO\x64\Release\SECOMN64.exe.pdb

Imports

oleaut32

VariantClear
VariantInit
VARIANT_UserUnmarshal64
VARIANT_UserFree64
VARIANT_UserMarshal
VARIANT_UserSize
VARIANT_UserUnmarshal
VARIANT_UserFree
VARIANT_UserMarshal64
VARIANT_UserSize64

rpcrt4

RpcServerUnregisterIf
RpcEpRegisterW
NdrServerCallAll
NdrServerCall2
RpcBindingVectorFree
RpcEpUnregister
RpcServerInqBindings
RpcServerRegisterIf3
RpcServerUseProtseqEpW
RpcServerUnsubscribeForNotification
RpcServerSubscribeForNotification
RpcServerListen

kernel32

WaitForSingleObject
SetEvent
CreateThread
FindFirstFileW
WaitForSingleObjectEx
CloseHandle
GetModuleFileNameW
FreeLibrary
ReadFile
QueryPerformanceFrequency
AcquireSRWLockExclusive
GetCurrentThreadId
GetCurrentProcess
GetExitCodeThread
TlsAlloc
LoadLibraryW
DecodePointer
GetProcAddress
CreateEventW
FreeResource
ReleaseSRWLockExclusive
InitializeSRWLock
SleepConditionVariableSRW
SleepConditionVariableCS
WaitForMultipleObjects
FindClose
GetModuleHandleW
FindResourceW
ResumeThread
CreateMutexExW
Sleep
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
SizeofResource
SetLastError
GetStringTypeW
QueryPerformanceCounter
LockResource
LoadResource
WTSGetActiveConsoleSessionId
DeleteCriticalSection
CreateProcessW
ConnectNamedPipe
WriteFile
DisconnectNamedPipe
DuplicateHandle
InitializeCriticalSectionEx
CreateNamedPipeW
OutputDebugStringW
FormatMessageW
RaiseException
InitializeCriticalSectionAndSpinCount
MultiByteToWideChar
CreateThreadpoolWork
SubmitThreadpoolWork
LocalFree
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentProcessId
LocalAlloc
GetLastError
RtlPcToFileHeader
GetLocaleInfoEx
RtlUnwindEx
EncodePointer
GetCPInfo
GetProductInfo
CreateFileW
GetModuleHandleA
IsProcessorFeaturePresent
WideCharToMultiByte
FlushFileBuffers
TerminateProcess
SetUnhandledExceptionFilter
TlsGetValue
UnhandledExceptionFilter
LCMapStringEx
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeCriticalSection
TryEnterCriticalSection
EnterCriticalSection
LeaveCriticalSection
ReleaseMutex
SetThreadPriority
IsDebuggerPresent
TlsSetValue
LoadLibraryExW
TlsFree
CompareStringEx

ole32

StringFromCLSID
CoTaskMemFree
CoCreateGuid
CoInitializeEx
CoCreateInstance

advapi32

DeleteService
QueryServiceStatus
ControlService
OpenServiceW
CloseServiceHandle
CreateServiceW
OpenSCManagerW
EventWriteString
SetServiceStatus
EventUnregister
EventRegister
RegisterServiceCtrlHandlerExW
StartServiceCtrlDispatcherW
RevertToSelf
ImpersonateLoggedOnUser
DuplicateTokenEx
SetEntriesInAclW
CreateProcessAsUserW
FreeSid
AllocateAndInitializeSid
RegCloseKey
EqualSid
GetTokenInformation
OpenProcessToken
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegQueryValueExW
RegOpenKeyExW
RegDeleteKeyW
RegDeleteValueW

user32

GetClassInfoW
DefWindowProcW
PostQuitMessage
GetWindowLongPtrW
RegisterClassW
CreateWindowExW
MessageBoxW
SetWindowLongPtrW
TranslateMessage
GetMessageW
PostMessageW
DispatchMessageW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

api-ms-win-security-base-l1-2-2

DeriveCapabilitySidsFromName

wtsapi32

WTSQueryUserToken
WTSRegisterSessionNotification
WTSUnRegisterSessionNotification

api-ms-win-crt-string-l1-1-0

__strncnt
wcscat_s
strcpy_s
wcscpy_s
_wcsdup
towlower
tolower
_wcsicmp
wcsncmp
strcspn
wcsnlen
isspace
isupper
islower

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vswprintf_s
__acrt_iob_func
__p__commode
__stdio_common_vfwprintf
__stdio_common_vswprintf
_set_fmode
__stdio_common_vfprintf
__stdio_common_vsprintf_s
__stdio_common_vfprintf_s

api-ms-win-crt-runtime-l1-1-0

_get_initial_wide_environment
_invalid_parameter_noinfo_noreturn
_errno
_beginthreadex
terminate
abort
_register_thread_local_exe_atexit_callback
_c_exit
__p___wargv
__p___argc
_exit
exit
_initterm_e
_initterm
_initialize_wide_environment
_configure_wide_argv
_set_app_type
_seh_filter_exe
_cexit
_crt_atexit
_register_onexit_function
_initialize_onexit_table

api-ms-win-crt-heap-l1-1-0

realloc
free
calloc
malloc
_set_new_mode
_callnewh

api-ms-win-crt-filesystem-l1-1-0

_wsplitpath_s

api-ms-win-crt-convert-l1-1-0

strtod
strtof

api-ms-win-crt-math-l1-1-0

ldexp
ceilf
_fdclass
powf
pow
frexp
__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
___lc_collate_cp_func
_lock_locales
__pctype_func
localeconv
_unlock_locales
___lc_codepage_func
setlocale
___mb_cur_max_func
___lc_locale_name_func

api-ms-win-crt-time-l1-1-0

_Strftime
_Gettnames
_Wcsftime
_W_Gettnames
_W_Getmonths
_Getmonths
_time64
strftime
_localtime64_s
_Getdays
_W_Getdays

secomn64

SEAPOCOMAPI_ReceiveDataChange
SEAPOCOMAPI_StartReceiveParamChange
SEAPOCOMAPI_GetWindowsLastError
SEAPOCOMAPI_ReceiveParamChangeEx
SEMISCAPI_IsBrowserExtensionInstalled
SEAPOCOMAPI_ReceiveParamChange
SEMISCAPI_OpenBrowser
SEMISCAPI_GetDefaultBrowser
SEAPOCOMAPI_GetUserParamInfos
SEAPOCOMAPI_CancelReceiveDataChange
SEAPOCOMAPI_StartReceiveDataChange
SEAPOCOMAPI_CancelReceiveParamChange
SEAPOCOMAPI_SetUserParameterEx
SEAPOCOMAPI_StartReceiveConfigChange
SEAPOCOMAPI_InitializeAPI
SEAPOCOMAPI_GetEndpointIDsEx
SEAPOCOMAPI_GetEndpoint2
SEAPOCOMAPI_SetAPOType
SEAPOCOMAPI_SetContentType
SEAPOCOMAPI_SetDetectedContentType
SEAPOCOMAPI_FreeEndpoint
SEAPOCOMAPI_FreeEndpointIDs
SEAPOCOMAPI_FreeAPI
SEAPOCOMAPI_GetLastError
SEAPOCOMAPI_GetIOConfig
SEAPOCOMAPI_GetIOConfigs
SEAPOCOMAPI_SetIOConfig
SEAPOCOMAPI_GetContentType
SEAPOCOMAPI_GetContentTypes
SEAPOCOMAPI_FreeContentTypes
SEAPOCOMAPI_FreeIOConfigs
SEAPOCOMAPI_GetEndpointVolume
SEAPOCOMAPI_GetUserParameterEx
SEAPOCOMAPI_SetEndpointVolume
SEAPOCOMAPI_GetEndpointPropertyValue
SEAPOCOMAPI_GetEndpoint
SEAPOCOMAPI_GetEndpointEx
SEAPOCOMAPI_GetEndpointFxPropertyValue
SEAPOCOMAPI_GetEndpointFxPropertyValueEx
SEAPOCOMAPI_GetEndpointFxPropertyValueEx2
SEAPOCOMAPI_SetEndpointFxPropertyValue
SEAPOCOMAPI_SetEndpointFxPropertyValueEx
SEAPOCOMAPI_SetEndpointFxPropertyValueEx2
SEAPOCOMAPI_SetEngine
SEAPOCOMAPI_GetEngineDefaultConfig
SEAPOCOMAPI_GetEngine
SEAPOCOMAPI_GetUserProfiles
SEAPOCOMAPI_FreeProfileNames
SEAPOCOMAPI_SetUserProfile
SEAPOCOMAPI_SetUserProfileW
SEAPOCOMAPI_GetUserProfile
SEAPOCOMAPI_GetUserProfileW
SEAPOCOMAPI_SetUserProfileAlias
SEAPOCOMAPI_GetUserProfileAlias
SEAPOCOMAPI_CopyUserProfile
SEAPOCOMAPI_DeleteUserProfile
SEAPOCOMAPI_GetDetectedContentType
SEAPOCOMAPI_SetUserParameter
SEAPOCOMAPI_ReceiveConfigChange
SEAPOCOMAPI_GetUserParameter
SEAPOCOMAPI_ResetUserParametersEx
SEAPOCOMAPI_ResetUserParameter
SEAPOCOMAPI_ActivateEndpoint
SEAPOCOMAPI_DeactivateEndpoint
SEAPOCOMAPI_CancelReceiveStateChange
SEAPOCOMAPI_ReceiveStateChange
SEAPOCOMAPI_StartReceiveStateChange
SEAPOCOMAPI_CancelReceiveConfigChange

Sections

.text
Size: 363KB - Virtual size: 362KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 186KB - Virtual size: 185KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8f464d7b58796763c9671293698e0d7e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

oleaut32

rpcrt4

kernel32

ole32

advapi32

user32

version

userenv

api-ms-win-security-base-l1-2-2

wtsapi32

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-time-l1-1-0

secomn64

Sections

.text Size: 363KB - Virtual size: 362KB

.rdata Size: 116KB - Virtual size: 115KB

.data Size: 27KB - Virtual size: 96KB

.pdata Size: 15KB - Virtual size: 14KB

_RDATA Size: 512B - Virtual size: 244B

.rsrc Size: 186KB - Virtual size: 185KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 363KB - Virtual size: 362KB

.rdata
Size: 116KB - Virtual size: 115KB

.data
Size: 27KB - Virtual size: 96KB

.pdata
Size: 15KB - Virtual size: 14KB

_RDATA
Size: 512B - Virtual size: 244B

.rsrc
Size: 186KB - Virtual size: 185KB

.reloc
Size: 5KB - Virtual size: 4KB