cf45eede1e7b832838dc065c17ca0b9bbeda7a4fee27130982080859bfd56192

Sharing

Copy URL Twitter E-mail

General

Target

cf45eede1e7b832838dc065c17ca0b9bbeda7a4fee27130982080859bfd56192
Size

203KB
MD5

199f900597c6fbc84be280aa19394211
SHA1

4d2feded6a7e7c12401f567252b6419902c573e4
SHA256

cf45eede1e7b832838dc065c17ca0b9bbeda7a4fee27130982080859bfd56192
SHA512

9bb88158fa69aaea40c50fed80c16062e3a1978c6ced410f9b09c084f0d10cec05520d69bc4f27336cf93819add19809f133154459b22dfc98b6295fef5a17ab
SSDEEP

3072:BWPZNwwLAU6UWFAhIlUZT8x7xIeo2TkQYMC6msYBPQ/quC0qjUGXgVcH:BsN3LQ2hIJqeo6kQYzlx4uNXg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cf45eede1e7b832838dc065c17ca0b9bbeda7a4fee27130982080859bfd56192

Files

cf45eede1e7b832838dc065c17ca0b9bbeda7a4fee27130982080859bfd56192
.exe windows:5 windows x86 arch:x86

afb0b7224b2a6474e9a47dfd318824f4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

WmiPrvSE.pdb

Imports

msvcrt

__dllonexit
??1type_info@@UAE@XZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_controlfp
_XcptFilter
_exit
_c_exit
_wcsicmp
_purecall
_except_handler3
_vsnwprintf
_CxxThrowException
?terminate@@YAXXZ
_cexit
wcsncpy
wcstol
wcslen
setlocale
__CxxFrameHandler
wcstok
_onexit

advapi32

MapGenericMask
AccessCheck
AdjustTokenPrivileges
GetTokenInformation
RegQueryValueExW
MakeAbsoluteSD
ConvertStringSecurityDescriptorToSecurityDescriptorW
OpenProcessToken
OpenThreadToken
GetAclInformation
ImpersonateLoggedOnUser
RegOpenKeyExW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
GetSecurityDescriptorLength
MakeSelfRelativeSD
RegSetValueExW
RevertToSelf
RegDisablePredefinedCache
SetThreadToken
FreeSid
SetSecurityDescriptorDacl
AddAce
InitializeAcl
GetLengthSid
CopySid
AllocateAndInitializeSid
InitializeSecurityDescriptor
ReportEventW
RegisterEventSourceW
DeregisterEventSource

kernel32

HeapFree
HeapAlloc
HeapDestroy
HeapCreate
GetProcessHeap
DeleteCriticalSection
InterlockedCompareExchange
GetProcAddress
GetModuleHandleW
lstrcmpiW
GetCommandLineW
TerminateProcess
GetCurrentProcess
GetCurrentProcessId
CloseHandle
InterlockedIncrement
InterlockedDecrement
SetEvent
InitializeCriticalSectionAndSpinCount
GetLastError
WaitForMultipleObjects
GetCurrentThreadId
WaitForSingleObject
DuplicateHandle
SetUnhandledExceptionFilter
Sleep
CreateThread
UnmapViewOfFile
GetVersionExW
LocalFree
MapViewOfFile
CreateFileMappingW
OpenFileMappingW
OpenEventW
lstrlenW
GetModuleFileNameW
EnterCriticalSection
LeaveCriticalSection
TlsAlloc
TlsFree
ChangeTimerQueueTimer
InterlockedExchange
SwitchToThread
CreateEventW
LCMapStringW
GetTickCount
GetCurrentThread
QueryPerformanceCounter
GetSystemTimeAsFileTime
UnhandledExceptionFilter
GetStartupInfoA
GetStringTypeExW

user32

DeleteMenu
DefWindowProcW
UpdateWindow
ShowWindow
CreateWindowExW
RegisterClassW
LoadCursorW
PostMessageW
MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjects
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
DestroyWindow
UnregisterClassW
LoadIconW
GetSystemMenu

ntdll

RtlUnhandledExceptionFilter
NtQuerySystemInformation

wbemcomn

?DebugTrace@@YAHDPBDZZ
?ErrorTrace@@YAHDPBDZZ
?BreakOnDbgAndRenterLoop@@YGKXZ

fastprox

?New@CWbemCallSecurity@@SGPAV1@XZ

ncobjapi

WmiCreateObjectWithFormat
WmiEventSourceDisconnect
WmiDestroyObject
WmiSetAndCommitObject
WmiEventSourceConnect

oleaut32

SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SysAllocStringLen
VariantInit
VariantClear
SysAllocString
SysFreeString
SafeArrayGetElement

ole32

CoGetInterfaceAndReleaseStream
CoMarshalInterThreadInterfaceInStream
CoCreateGuid
CoGetClassObject
CLSIDFromString
StringFromGUID2
CoImpersonateClient
CoRevertToSelf
CoSwitchCallContext
CoRegisterClassObject
CoFreeUnusedLibrariesEx
CoInitializeEx
CoInitializeSecurity
CoCreateInstance
CoUninitialize
CoRevokeClassObject
CoGetCallContext

rpcrt4

RpcMgmtSetServerStackSize

faultrep

ReportFault

Sections

.text
Size: 195KB - Virtual size: 194KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

afb0b7224b2a6474e9a47dfd318824f4

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

advapi32

kernel32

user32

ntdll

wbemcomn

fastprox

ncobjapi

oleaut32

ole32

rpcrt4

faultrep

Sections

.text Size: 195KB - Virtual size: 194KB

.data Size: 6KB - Virtual size: 7KB

.rsrc Size: 1024B - Virtual size: 161KB

.text
Size: 195KB - Virtual size: 194KB

.data
Size: 6KB - Virtual size: 7KB

.rsrc
Size: 1024B - Virtual size: 161KB