579ed6ef8b02a9d1de34e316cfa3701ec09c5ddc2f0bb004f56b87db78f368e1

Sharing

Copy URL Twitter E-mail

General

Target

579ed6ef8b02a9d1de34e316cfa3701ec09c5ddc2f0bb004f56b87db78f368e1
Size

1.3MB
MD5

44c0fee8f7c8287945129ec3b51734af
SHA1

c3afdfdf979236717a324e32dfda07fbfafa6711
SHA256

579ed6ef8b02a9d1de34e316cfa3701ec09c5ddc2f0bb004f56b87db78f368e1
SHA512

c8921ce55ead81fdbee0f4dd0fc76db75fa4cea9eace1b91e3925f002be053f743af9c0ad3737470070ba4755197526bab41daa798deccc329351a1dba1cdf9f
SSDEEP

24576:/1FCKisuEMfumVLFMnGC786fQkh4lZ181gUOrPdIdp:PCRsuOsunGC7pXIZWkrPdUp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
579ed6ef8b02a9d1de34e316cfa3701ec09c5ddc2f0bb004f56b87db78f368e1

Files

579ed6ef8b02a9d1de34e316cfa3701ec09c5ddc2f0bb004f56b87db78f368e1
.dll windows:6 windows x64 arch:x64

15027fcca928a02026d128c2183b3129

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

d:\Jenkins\SAS Redistributable\workspace\src\Binary\Release\SdAppServices_x64.pdb

Imports

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

kernel32

GetLastError
GetTickCount
GlobalFree
AddAtomA
Sleep
WaitForMultipleObjects
VerSetConditionMask
VerifyVersionInfoW
LoadLibraryW
GetProcAddress
QueryPerformanceCounter
QueryPerformanceFrequency
SetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
ReadFile
GetCurrentDirectoryW
CreateProcessA
SetHandleInformation
CreatePipe
GetCurrentProcessId
ResetEvent
SetEvent
CreateEventW
FreeLibraryAndExitThread
MultiByteToWideChar
WideCharToMultiByte
lstrlenW
ReleaseMutex
WaitForSingleObject
GetComputerNameW
CreateMutexW
lstrlenA
lstrcmpA
GetComputerNameA
FileTimeToSystemTime
FindClose
FindFirstFileW
LocalFree
LocalAlloc
GetModuleFileNameW
GetModuleHandleExA
CreateDirectoryW
SetFilePointerEx
ReadConsoleW
DeleteFileW
GetConsoleMode
GetConsoleCP
WriteFile
HeapFree
ExitProcess
SetEndOfFile
HeapReAlloc
HeapAlloc
GetModuleHandleExW
ExitThread
CreateThread
FlushFileBuffers
GetTimeZoneInformation
GetStdHandle
GetACP
CloseHandle
GetFileAttributesA
MoveFileExW
GetFullPathNameW
HeapSize
WriteConsoleW
GetModuleFileNameA
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
GetProcessHeap
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
GetCPInfo
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
WaitForSingleObjectEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetCurrentThreadId
RtlPcToFileHeader
RaiseException
InterlockedPushEntrySList
InterlockedFlushSList
RtlUnwindEx
FreeLibrary
LoadLibraryExW
CreateFileW
GetDriveTypeW
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime

user32

GetLastInputInfo
DispatchMessageW
TranslateMessage
CallMsgFilterW
PostQuitMessage
PeekMessageW
MsgWaitForMultipleObjects
EnableWindow

advapi32

RegQueryValueExW
GetNamedSecurityInfoW
CryptGenRandom
CryptAcquireContextA
CryptEncrypt
CryptDecrypt
CryptSetKeyParam
CryptImportKey
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
RegSetValueExW
RegCreateKeyExW
RegCloseKey
CreateWellKnownSid
RegOpenKeyExW
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority
IsValidSid
LookupAccountNameA
SetNamedSecurityInfoW
SetEntriesInAclW

shell32

ShellExecuteExW
SHFileOperationW
ShellExecuteW
SHGetFolderPathW

ole32

CoCreateInstance
CoUninitialize
CoInitializeEx
CoSetProxyBlanket

oleaut32

VariantChangeType
VariantClear
VariantInit
SysFreeString
SysAllocString

shlwapi

PathAppendW
PathRemoveFileSpecW
PathFileExistsW

iphlpapi

GetAdaptersInfo

crypt32

CryptStringToBinaryW
CryptBinaryToStringW

winhttp

WinHttpReadData
WinHttpQueryDataAvailable
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpAddRequestHeaders
WinHttpSetOption
WinHttpGetProxyForUrl
WinHttpOpenRequest
WinHttpConnect
WinHttpSetTimeouts
WinHttpOpen
WinHttpGetIEProxyConfigForCurrentUser
WinHttpCreateUrl
WinHttpCloseHandle
WinHttpCrackUrl

Exports

Exports

sas_AAAA
sas_AAAB
sas_AAAC
sas_AAAD
sas_AAAE

Sections

.text
Size: 938KB - Virtual size: 937KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 338KB - Virtual size: 337KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 1024B - Virtual size: 732B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

15027fcca928a02026d128c2183b3129

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

iphlpapi

crypt32

winhttp

Exports

Exports

Sections

.text Size: 938KB - Virtual size: 937KB

.rdata Size: 338KB - Virtual size: 337KB

.data Size: 27KB - Virtual size: 39KB

.pdata Size: 42KB - Virtual size: 42KB

.gfids Size: 1024B - Virtual size: 732B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 9KB - Virtual size: 8KB

.text
Size: 938KB - Virtual size: 937KB

.rdata
Size: 338KB - Virtual size: 337KB

.data
Size: 27KB - Virtual size: 39KB

.pdata
Size: 42KB - Virtual size: 42KB

.gfids
Size: 1024B - Virtual size: 732B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 9KB - Virtual size: 8KB