unsecapp[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

unsecapp.exe
Size

53KB
MD5

13eaab37b2928eea81b1979c520cb896
SHA1

3b9a4d780770976b715e2a29cdd44e518eb33cd9
SHA256

13d8ac95bdbda8caf2922e6632fdf9570237525940bbada2b68ace2cc98321ae
SHA512

51a99011285e3cca2925f04f004d9bbb2342cad9de04f0c40b325b2db19419b24d1959b2f7f9ad1ea17d7a695e86d18d8ce0499b3487b5ddf988d42aad1affe9
SSDEEP

1536:wzAD+X+1mFQOM16kLDGa3Fz8yntK6b+Bzn1IZ0fcP2OS:wzcT1wkLDGa3Fz1nk6b+Bz1K0l

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unsecapp.exe

Files

unsecapp.exe
.exe windows:10 windows x64 arch:x64

87e54e3d04d772f26002d8b564b2426c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

unsecapp.pdb

Imports

msvcrt

exit
__set_app_type
__getmainargs
_amsg_exit
??0exception@@QEAA@AEBV0@@Z
memmove
__CxxFrameHandler3
??0exception@@QEAA@AEBQEBD@Z
?terminate@@YAXXZ
_onexit
_callnewh
__dllonexit
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
_CxxThrowException
??0exception@@QEAA@AEBQEBDH@Z
memcpy
_XcptFilter
_unlock
_lock
??1type_info@@UEAA@XZ
malloc
_exit
_commode
_fmode
_purecall
??3@YAXPEAX@Z
__C_specific_handler
_initterm
__setusermatherr
_cexit
printf
wcsstr
??_V@YAXPEAX@Z
_vsnwprintf

api-ms-win-core-com-l1-1-0

StringFromGUID2
CoInitializeEx
CoRegisterClassObject
CoRevokeClassObject
CoImpersonateClient
CoInitializeSecurity
CoRevertToSelf

api-ms-win-security-base-l1-1-0

GetLengthSid
EqualSid
IsValidSid

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameW
GetModuleHandleW
LoadLibraryExW
GetProcAddress

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentThreadId
ExitProcess
GetCurrentProcessId
GetCurrentProcess

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

wbemcomn

??0CInCritSec@@QEAA@PEAU_RTL_CRITICAL_SECTION@@@Z
??1CInCritSec@@QEAA@XZ
??0CNtSid@@QEAA@AEBV0@@Z
?GetDWORDStr@Registry@@QEAAHPEBGPEAK@Z
??1Registry@@QEAA@XZ
??0Registry@@QEAA@PEBGK@Z
??0CNtSid@@QEAA@PEAX@Z
?GetTextSid@CNtSid@@QEAAHPEAGPEAK@Z
??8CNtSid@@QEAAHAEAV0@@Z
??1CNtSid@@QEAA@XZ
??1CCritSec@@QEAA@XZ
ErrorTrace
_ThrowMemoryException_
?OnInitialize@CUnk@@UEAAHXZ
??0CUnkInternal@@QEAA@PEAVCLifeControl@@@Z
??1CUnkInternal@@UEAA@XZ
?QueryInterface@CUnkInternal@@UEAAJAEBU_GUID@@PEAPEAX@Z
?AddRef@CUnkInternal@@UEAAKXZ
?Release@CUnkInternal@@UEAAKXZ
?Initialize@CUnk@@UEAAHXZ
?AddRef@CUnk@@UEAAKXZ
??0CCritSec@@QEAA@XZ
?Write@CMemoryLog@@QEAAXJ@Z
GetMemLogObject
?InternalRelease@CUnkInternal@@QEAAKXZ
?InternalQueryInterface@CUnkInternal@@QEAAJAEBU_GUID@@PEAPEAX@Z
??0CLifeControl@@QEAA@XZ
??0CNtSid@@QEAA@W4SidType@0@@Z
?Release@CUnk@@UEAAKXZ
?QueryInterface@CUnk@@UEAAJAEBU_GUID@@PEAPEAX@Z
??1CUnk@@UEAA@XZ
??0CUnk@@QEAA@PEAVCLifeControl@@PEAUIUnknown@@@Z
??_7CUnkInternal@@6B@

api-ms-win-core-synch-l1-1-0

SetEvent
LeaveCriticalSection
EnterCriticalSection
CreateEventW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount

api-ms-win-core-debug-l1-1-0

DebugBreak

api-ms-win-core-localization-l1-2-0

LCMapStringW

api-ms-win-service-core-l1-1-0

SetServiceStatus
StartServiceCtrlDispatcherW

api-ms-win-service-winsvc-l1-1-0

RegisterServiceCtrlHandlerW

api-ms-win-service-management-l1-1-0

CreateServiceW
OpenServiceW
DeleteService
OpenSCManagerW

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW

ntdll

EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwTraceMessage
EtwUnregisterTraceGuids

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 644B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

87e54e3d04d772f26002d8b564b2426c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-com-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-apiquery-l1-1-0

wbemcomn

api-ms-win-core-synch-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-service-core-l1-1-0

api-ms-win-service-winsvc-l1-1-0

api-ms-win-service-management-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

ntdll

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Sections

.text Size: 24KB - Virtual size: 24KB

.rdata Size: 21KB - Virtual size: 21KB

.data Size: 512B - Virtual size: 2KB

.pdata Size: 2KB - Virtual size: 1KB

.didat Size: 512B - Virtual size: 64B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 644B

.text
Size: 24KB - Virtual size: 24KB

.rdata
Size: 21KB - Virtual size: 21KB

.data
Size: 512B - Virtual size: 2KB

.pdata
Size: 2KB - Virtual size: 1KB

.didat
Size: 512B - Virtual size: 64B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 644B