d9221892874290ebce49d622a808db6cac4489a2cc1ee21051b58b889becbfff

Sharing

Copy URL

Twitter E-mail

General

Target

d9221892874290ebce49d622a808db6cac4489a2cc1ee21051b58b889becbfff
Size

745KB
MD5

70fb76fc074dcf389e51b3953541f489
SHA1

41152834648845b371df2c55e1280a5984dc8afc
SHA256

d9221892874290ebce49d622a808db6cac4489a2cc1ee21051b58b889becbfff
SHA512

6aaf8a638cd55b02574426bebcaf46fb17d217b7e52f85270e478dbca2aa3333ba052f3f00de8149a5bfe05b614bb0281a204ad7b7f0655ab00c6148bc8bcb6e
SSDEEP

12288:tKBI6iwiZNtznH8ajrUNUAKSpjRh43TGbaWhF2BDQr2glxmzf33Ose2OnW8IVjGL:sBI6pmtLKZxosaWv2BDQr2glxmzfZe2u

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d9221892874290ebce49d622a808db6cac4489a2cc1ee21051b58b889becbfff

Files

d9221892874290ebce49d622a808db6cac4489a2cc1ee21051b58b889becbfff
.exe windows:5 windows x86 arch:x86

25ac07b3d02a78db570b439d802b03dc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

helpsvc.pdb

Imports

msvcrt

__doserrno
_errno
remove
_open
_read
_write
_close
_lseek
_tempnam
_purecall
swscanf
wcscmp
_CxxThrowException
_beginthreadex
iswspace
wcscat
memchr
_wcsdup
_stricmp
_wtoi
wcsrchr
_except_handler3
iswcntrl
_strnicoll
_vsnwprintf
_wcsicmp
realloc
__CxxFrameHandler
free
malloc
wcslen
memmove
_controlfp
_onexit
__dllonexit
??1type_info@@UAE@XZ
?terminate@@YAXXZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
wcschr
_vsnprintf
_wcsnicmp

advapi32

CryptAcquireContextW
GetSecurityDescriptorGroup
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
RevertToSelf
CloseServiceHandle
OpenServiceW
OpenSCManagerW
SetServiceStatus
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW
DeleteService
ControlService
ChangeServiceConfig2W
SetServiceObjectSecurity
CreateServiceW
DuplicateTokenEx
CreateProcessAsUserW
LogonUserW
CryptImportKey
CryptVerifySignatureW
CryptCreateHash
CryptHashData
CryptDeriveKey
CryptEncrypt
CryptDecrypt
CryptDestroyHash
CryptDestroyKey
CryptReleaseContext
ReportEventW
DeregisterEventSource
RegisterEventSourceW
ConvertStringSecurityDescriptorToSecurityDescriptorW
LookupAccountSidW
ConvertSidToStringSidW
RegGetKeySecurity
GetFileSecurityW
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyExW
RegOpenKeyW
RegQueryValueExW
InitializeAcl
InitializeSecurityDescriptor
MakeAbsoluteSD
IsValidSecurityDescriptor
MakeSelfRelativeSD
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
AddAccessDeniedAce
GetAce
AddAccessAllowedAce
GetLengthSid
GetAclInformation
IsValidAcl
GetSecurityDescriptorDacl
DeleteAce
EqualSid
LookupAccountNameW
FreeSid
AllocateAndInitializeSid
RegConnectRegistryW
RegEnumKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
AddAce
ConvertSecurityDescriptorToStringSecurityDescriptorW
GetSecurityDescriptorControl
SetSecurityDescriptorControl
SetThreadToken
AccessCheck
MapGenericMask
CopySid
GetTokenInformation
OpenThreadToken
ConvertStringSidToSidW
AddAccessAllowedAceEx
AddAccessDeniedAceEx
AddAuditAccessAceEx
AddAccessAllowedObjectAce
AddAccessDeniedObjectAce
AddAuditAccessObjectAce
SetFileSecurityW
RegSetKeySecurity
LsaClose
LsaNtStatusToWinError
LsaAddAccountRights
LsaOpenPolicy
GetSecurityDescriptorOwner

kernel32

FindCloseChangeNotification
FindFirstChangeNotificationW
FindNextChangeNotification
GetLocaleInfoW
IsDBCSLeadByte
CompareStringA
SetThreadPriority
FormatMessageW
GetWindowsDirectoryW
LocalAlloc
LoadLibraryA
RaiseException
ResetEvent
MoveFileW
ReleaseMutex
SetLastError
lstrcmpiA
GetVersionExW
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
MultiByteToWideChar
lstrlenW
GetLastError
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
lstrcmpiW
HeapDestroy
InterlockedIncrement
InterlockedDecrement
lstrcpynW
lstrcatW
FreeLibrary
lstrlenA
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetModuleFileNameW
GetCommandLineW
GetPrivateProfileStringW
VerifyVersionInfoW
VerSetConditionMask
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InterlockedExchange
Sleep
LoadLibraryW
WaitForMultipleObjects
SetEvent
CloseHandle
CreateEventW
WaitForSingleObject
GetCurrentThread
SetEnvironmentVariableW
GetTempPathW
GetEnvironmentVariableW
CopyFileW
SetFileAttributesW
DeleteFileW
MoveFileExW
GetFileAttributesExW
CreateDirectoryW
FindClose
FindNextFileW
FindFirstFileW
RemoveDirectoryW
CreateFileW
CompareFileTime
GetSystemTime
GetLocalTime
GlobalMemoryStatusEx
GetSystemDirectoryW
GetThreadPriority
GlobalLock
GlobalSize
GlobalAlloc
FileTimeToSystemTime
GetUserDefaultLCID
GetTimeZoneInformation
GetCurrentDirectoryW
GetFullPathNameW
ExpandEnvironmentStringsW
GetDiskFreeSpaceW
GetTempFileNameW
WideCharToMultiByte
LocalFree
DuplicateHandle
WriteFile
SetFilePointer
ReadFile
GetFileInformationByHandle
GlobalFree
GetStartupInfoW
CreateThread
GetProcAddress
lstrcpyW
FlushViewOfFile
UnmapViewOfFile
OpenMutexW
CreateMutexW
MapViewOfFile
OpenFileMappingW
CreateFileMappingW
OpenProcess
GetFileAttributesA
FileTimeToDosDateTime
FileTimeToLocalFileTime
CreateFileA
HeapAlloc
HeapReAlloc
HeapFree
GetProcessHeap
GetACP
GetLocaleInfoA
GetSystemDefaultLangID
IsDBCSLeadByteEx
GlobalUnlock

user32

GetSystemMetrics
CharNextA
CharUpperW
CharUpperBuffW
GetMessageW
PostThreadMessageW
MsgWaitForMultipleObjects
CharPrevW
DispatchMessageW
TranslateMessage
LoadStringW
CharNextW
PeekMessageW

ole32

StringFromCLSID
CLSIDFromString
CoTaskMemFree
CoSuspendClassObjects
CoRegisterClassObject
CoRevokeClassObject
CoSetProxyBlanket
StgOpenStorageEx
StgCreateStorageEx
GetHGlobalFromStream
CoGetCallContext
CreateStreamOnHGlobal
CoInitializeEx
CoInitializeSecurity
CoUninitialize
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateGuid
CoCreateInstanceEx
CoCreateInstance
StringFromGUID2

oleaut32

SetErrorInfo
GetErrorInfo
SysFreeString
SysAllocString
VarUI4FromStr
LoadRegTypeLi
SysStringLen
VariantClear
VariantCopy
VariantChangeType
SystemTimeToVariantTime
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SysAllocStringLen
SafeArrayCreateVector
VariantChangeTypeEx
VariantTimeToSystemTime
VariantInit
LoadTypeLi
RegisterTypeLi
SysStringByteLen
CreateErrorInfo
SysAllocStringByteLen

ntdll

wcscpy
_ltow
_itow
towlower
strtoul
wcstoul
NtQueryInformationProcess
_wtol
_snwprintf
swprintf
strchr
tolower
strrchr
wcsncmp
wcsstr

hnetcfg

IcfConnect
IcfRefreshPolicy
IcfDisconnect

rpcrt4

I_RpcBindingInqLocalClientPID

Sections

.text
Size: 654KB - Virtual size: 653KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 67KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

25ac07b3d02a78db570b439d802b03dc

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

advapi32

kernel32

user32

ole32

oleaut32

ntdll

hnetcfg

rpcrt4

Sections

.text Size: 654KB - Virtual size: 653KB

.data Size: 23KB - Virtual size: 23KB

.rsrc Size: 67KB - Virtual size: 99KB

.text
Size: 654KB - Virtual size: 653KB

.data
Size: 23KB - Virtual size: 23KB

.rsrc
Size: 67KB - Virtual size: 99KB