75f93af9ae2ea32aa27183266386942ea49381dbd4b5e6c581f6e360cfea287d

Sharing

Copy URL Twitter E-mail

General

Target

75f93af9ae2ea32aa27183266386942ea49381dbd4b5e6c581f6e360cfea287d
Size

753KB
MD5

1e7b6d6c81d2af48f5cc24465e6110af
SHA1

970f02b3e9458be93525f8af86f59207a2debe0b
SHA256

75f93af9ae2ea32aa27183266386942ea49381dbd4b5e6c581f6e360cfea287d
SHA512

ccf4e71684ff146166b67f97a5e736ee46981f4e627a785a00989a80b7508c5499861bbd6479a2b524197afc87a2920dfc1b9e7ba24584c0ef0ac924184d9a15
SSDEEP

12288:FYysuctAu/3xrXKeEKzgRYcqjW1P2whDXoK1Y5DQObROqfoW+u3jDGKp:gxrXKeEKkRYZSoYybJ3B3jDj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
75f93af9ae2ea32aa27183266386942ea49381dbd4b5e6c581f6e360cfea287d

Files

75f93af9ae2ea32aa27183266386942ea49381dbd4b5e6c581f6e360cfea287d
.exe windows:5 windows x86 arch:x86

a5a72985893a51fe92c27761884bd83f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\wx\Release\sv_service.pdb

Imports

kernel32

GetStartupInfoW
CreateProcessW
ReadFile
Sleep
CopyFileW
OpenProcess
TerminateProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
ProcessIdToSessionId
LocalAlloc
LocalFree
SetErrorMode
InitializeCriticalSection
WTSGetActiveConsoleSessionId
DeleteFileW
OpenMutexW
WinExec
FindFirstFileW
FindNextFileW
FindClose
RemoveDirectoryW
MoveFileExW
GetSystemDirectoryA
CreatePipe
IsValidCodePage
TlsFree
TlsSetValue
GetVersion
LeaveCriticalSection
GetLocalTime
EnterCriticalSection
GetSystemDirectoryW
DeleteCriticalSection
DecodePointer
RaiseException
InitializeCriticalSectionAndSpinCount
GetPrivateProfileStringW
WritePrivateProfileStringW
DeviceIoControl
MultiByteToWideChar
VirtualQuery
WriteFile
SuspendThread
GetCurrentProcessId
GetCurrentThreadId
GetCurrentThread
FormatMessageW
SetFilePointer
CloseHandle
GetLastError
CreateFileW
FreeLibrary
LoadLibraryW
SetUnhandledExceptionFilter
lstrcmpiW
GetVersionExW
GetDiskFreeSpaceExW
GetModuleFileNameW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetCurrentProcess
TlsGetValue
GetProcessWorkingSetSize
GlobalMemoryStatus
LoadLibraryA
GetModuleHandleW
GetProcAddress
TlsAlloc
SetLastError
UnhandledExceptionFilter
SetConsoleMode
GetSystemInfo
FindResourceExW
FindResourceW
LoadResource
LockResource
SetEnvironmentVariableA
FlushFileBuffers
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetFilePointerEx
SizeofResource
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
SetEndOfFile
GetConsoleCP
SetStdHandle
GetStringTypeW
WideCharToMultiByte
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetTimeZoneInformation
GetCPInfo
GetOEMCP
GetModuleHandleA
GetFileType
GetStdHandle
GetTickCount
QueryPerformanceCounter
GetVersionExA
FlushConsoleInputBuffer
IsDebuggerPresent
OutputDebugStringW
GetSystemTimeAsFileTime
EncodePointer
IsProcessorFeaturePresent
GetModuleHandleExW
WriteConsoleW
GetConsoleMode
ReadConsoleW
CreateThread
ExitThread
ResumeThread
LoadLibraryExW
GetCommandLineW
RtlUnwind
ExitProcess
AreFileApisANSI
SetConsoleCtrlHandler
ReadConsoleInputA
GetACP

user32

FindWindowW
GetDesktopWindow
GetUserObjectInformationW
SendMessageW
MessageBoxA
wsprintfW
GetProcessWindowStation

advapi32

CloseServiceHandle
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegEnumKeyW
RegOpenKeyW
RegSetValueExW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenSCManagerW
CreateServiceW
OpenServiceW
ChangeServiceConfigW
DeleteService
ControlService
StartServiceW
DeregisterEventSource
ReportEventA
SetServiceStatus
RegisterServiceCtrlHandlerW
RegDeleteValueW
StartServiceCtrlDispatcherW
CreateProcessAsUserW
SetTokenInformation
DuplicateTokenEx
SetKernelObjectSecurity
SetSecurityDescriptorDacl
MakeAbsoluteSD
SetEntriesInAclW
GetSecurityDescriptorDacl
GetKernelObjectSecurity
BuildExplicitAccessWithNameW
RegisterEventSourceA

shell32

SHGetPathFromIDListW
SHGetSpecialFolderLocation

ole32

CoCreateInstance
CoUninitialize
CoInitializeEx

oleaut32

SysStringLen
VariantClear
SysFreeString
SysAllocString

sv_log

GetLogLevel
SetLogLevel

sv_shm

SHMEM_GetFdInformation
SHMEM_GetRunTimeSHMMStatus

shlwapi

StrCmpNIW
PathFileExistsW

userenv

CreateEnvironmentBlock

crypt32

CryptMsgClose
CertCloseStore
CryptMsgGetParam
CryptQueryObject
CryptHashCertificate

iphlpapi

GetAdaptersInfo

ws2_32

WSACleanup
closesocket
inet_addr
htons
socket
bind
recvfrom
sendto
setsockopt
WSAStartup

Exports

Exports

??0CBase64@@QAE@ABV0@@Z
??0CBase64@@QAE@XZ
??1CBase64@@UAE@XZ
??4CBase64@@QAEAAV0@ABV0@@Z
??_7CBase64@@6B@
?DecodeBase64@CBase64@@QAEHPBDPAEH@Z
?DecryptString@CBase64@@QAEXPAD0H@Z
?EncodeBase64@CBase64@@QAEHPBEPADHH@Z
?EncryptString@CBase64@@QAEXPAD0HH@Z
?GetMainBoardSerialByWMI@CBase64@@AAEXPADAAH@Z

Sections

.text
Size: 516KB - Virtual size: 515KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 195KB - Virtual size: 195KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a5a72985893a51fe92c27761884bd83f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

sv_log

sv_shm

shlwapi

userenv

crypt32

iphlpapi

ws2_32

Exports

Exports

Sections

.text Size: 516KB - Virtual size: 515KB

.rdata Size: 195KB - Virtual size: 195KB

.data Size: 10KB - Virtual size: 36KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 29KB - Virtual size: 28KB

.text
Size: 516KB - Virtual size: 515KB

.rdata
Size: 195KB - Virtual size: 195KB

.data
Size: 10KB - Virtual size: 36KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 29KB - Virtual size: 28KB