67987820277f9e4a9d01c5fe1fafd7c1245c6ec807a14789ca7368f25141f155

Sharing

Copy URL Twitter E-mail

General

Target

67987820277f9e4a9d01c5fe1fafd7c1245c6ec807a14789ca7368f25141f155
Size

4.6MB
MD5

2cbbfbd7f46754440d64eb5f1a15db30
SHA1

5f508596053a49f2d2f8fd42e52cdfadcac99bb3
SHA256

67987820277f9e4a9d01c5fe1fafd7c1245c6ec807a14789ca7368f25141f155
SHA512

e41130f5a0bf05e96480e6399149e1eb443dab98f6bb95bc47d3ab91541d409337cbbf411e4b650f0723bc52b75abb28155f42187f7ce694813ccf56d3e119bc
SSDEEP

49152:8D4Z+7o1ZJtlA6jNv7v5GoG8a3L5Xn8ZN7TO6LUCn+PmzVaxdGIHu6s4Qw7dczSg:8D4Z+7aA6nVZdTJLHPhd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
67987820277f9e4a9d01c5fe1fafd7c1245c6ec807a14789ca7368f25141f155

Files

67987820277f9e4a9d01c5fe1fafd7c1245c6ec807a14789ca7368f25141f155
.exe windows:6 windows x86 arch:x86

d3f907508422250a76a168dc3aa88203

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\Jenkins\jobs\LenovoStore\workspace\bin\x86\Release\LeASPac.pdb

Imports

kernel32

lstrcmpiW
LoadLibraryExW
GetModuleFileNameW
GetCurrentThreadId
CreateThread
Sleep
CreateEventW
WaitForSingleObject
SetEvent
RaiseException
DecodePointer
GetCommandLineW
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleW
FindResourceW
LoadLibraryW
SizeofResource
LockResource
LoadResource
GetProcAddress
FreeLibrary
WriteConsoleW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
SetFilePointerEx
GetConsoleCP
SetStdHandle
GetCurrentDirectoryW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
SetConsoleCtrlHandler
GetTimeZoneInformation
ExitThread
ExitProcess
RtlUnwind
DeleteFileW
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
GetModuleHandleA
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SwitchToThread
SignalObjectAndWait
CreateTimerQueue
InitializeSListHead
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
ResetEvent
GetCPInfo
GetLocaleInfoW
LCMapStringW
CompareStringW
EncodePointer
InitializeCriticalSectionAndSpinCount
GetCurrentThread
DuplicateHandle
GetStringTypeW
IsDebuggerPresent
SetConsoleMode
ReadConsoleW
ReadConsoleA
GetConsoleMode
GetACP
RemoveDirectoryW
FindResourceExW
GetTickCount
CreateMutexW
GetModuleHandleExW
VirtualProtect
GetFileType
GetSystemDirectoryA
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
AcquireSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockShared
ReleaseSRWLockExclusive
InitializeSRWLock
GetSystemFirmwareTable
QueryPerformanceCounter
MapViewOfFile
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetLastError
CloseHandle
CreateFileMappingW
FormatMessageA
CreateDirectoryW
ReadFile
FindFirstFileW
GetFileSizeEx
FindNextFileW
WriteFile
ExpandEnvironmentStringsW
SetFileTime
GetEnvironmentVariableW
GetTempPathW
FindClose
CreateFileW
GetFileAttributesW
SetFileAttributesW
LocalFileTimeToFileTime
FileTimeToSystemTime
MoveFileExW
GetFileSize
CopyFileW
CreateDirectoryA
DosDateTimeToFileTime
MoveFileW
GetFileTime
GetStartupInfoW
VirtualFree
GetCurrentProcess
Wow64DisableWow64FsRedirection
VirtualAlloc
TerminateProcess
PeekNamedPipe
LocalAlloc
GetVersionExW
FreeResource
CreateToolhelp32Snapshot
Wow64RevertWow64FsRedirection
Process32NextW
GlobalAlloc
Process32FirstW
GlobalFree
GetNativeSystemInfo
GetSystemInfo
LocalFree
GetCurrentProcessId
CreateProcessW
GetSystemTimeAsFileTime
VirtualQuery
GetExitCodeProcess
SetConsoleTextAttribute
GetStdHandle
GetPrivateProfileIntW
ReleaseMutex
GetLocalTime
SetThreadPriority
ResumeThread
InitializeCriticalSection
GetPrivateProfileStringW
GlobalMemoryStatusEx
GetSystemTime
SetLastError
SetFilePointer
FlushFileBuffers
ProcessIdToSessionId
GetFullPathNameW
lstrlenA
CreateFileA
OutputDebugStringW
GetDriveTypeW
FormatMessageW
GetFileAttributesExW
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
AreFileApisANSI
TryEnterCriticalSection
HeapCreate
GetDiskFreeSpaceW
OutputDebugStringA
LockFile
GetFullPathNameA
SetEndOfFile
UnlockFileEx
UnmapViewOfFile
HeapValidate
GetTempPathA
GetDiskFreeSpaceA
GetFileAttributesA
FlushViewOfFile
LoadLibraryA
WaitForSingleObjectEx
DeleteFileA
HeapCompact
UnlockFile
CreateFileMappingA
LockFileEx

user32

GetProcessWindowStation
CreateWindowExW
RegisterClassW
KillTimer
wsprintfW
CharNextW
CharUpperW
PostThreadMessageW
DispatchMessageW
TranslateMessage
GetMessageW
GetUserObjectInformationW
MessageBoxW
PostMessageW
SendMessageW
IsWindow
GetDC
FindWindowW
ReleaseDC

gdi32

GetDeviceCaps

advapi32

RegCreateKeyExW
StartServiceW
ControlService
OpenSCManagerW
RegQueryValueExA
CloseServiceHandle
QueryServiceStatus
RegCreateKeyW
RegCopyTreeW
RegEnableReflectionKey
RegFlushKey
RegQueryValueExW
OpenServiceW
RegOpenKeyExA
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegSetValueExW
CryptSetHashParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
ReportEventW
RegisterEventSourceW
DeregisterEventSource

shell32

SHChangeNotify
SHCreateDirectoryExW
SHGetSpecialFolderPathW
SHGetFolderPathW
ShellExecuteExW
SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListW

ole32

CoCreateInstance
StringFromGUID2
CoTaskMemAlloc
CoTaskMemRealloc
CoReleaseServerProcess
CoAddRefServerProcess
CoResumeClassObjects
CoRegisterClassObject
CoRevokeClassObject
CoTaskMemFree
CoInitialize
CoInitializeEx
CoUninitialize
CoSetProxyBlanket
CoInitializeSecurity

oleaut32

LoadRegTypeLi
VariantClear
VariantInit
SysAllocStringByteLen
SysStringByteLen
RegisterTypeLi
LoadTypeLi
VarUI4FromStr
SysStringLen
SysFreeString
SysAllocString
UnRegisterTypeLi

libappupdate

lib_appupdate_initilize
lib_appupdate_beginupdate
lib_appupdate_begininstall
lib_appupdate_checkupdate

ws2_32

inet_ntoa
WSAStartup
gethostbyname
WSACleanup
ioctlsocket
shutdown
socket
setsockopt
connect
closesocket
send
recv
WSASetLastError
getservbyname
getservbyport
gethostbyaddr
inet_addr
htons
htonl
WSAGetLastError
ntohs
getsockopt

shlwapi

PathRemoveFileSpecW
StrCpyNW
PathAppendW
PathIsDirectoryW
PathFileExistsW
PathFindFileNameW
PathFindExtensionW
PathIsDirectoryA

wtsapi32

WTSEnumerateSessionsW
WTSFreeMemory

wininet

InternetOpenW
HttpQueryInfoW
HttpEndRequestW
HttpSendRequestExW
InternetCloseHandle
InternetConnectW
InternetSetOptionW
HttpAddRequestHeadersW
InternetWriteFile
InternetQueryOptionW
InternetQueryDataAvailable
HttpSendRequestW
InternetGetConnectedStateExW
InternetReadFile
InternetAttemptConnect
HttpOpenRequestW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeExW
GetFileVersionInfoExW
GetFileVersionInfoSizeW

dxgi

CreateDXGIFactory1

iphlpapi

GetAdaptersAddresses
GetAdaptersInfo

pdh

PdhAddCounterW
PdhGetFormattedCounterValue
PdhCollectQueryData
PdhOpenQueryW

wintrust

CryptCATAdminReleaseContext
CryptCATAdminReleaseCatalogContext
CryptCATAdminAcquireContext
CryptCATAdminEnumCatalogFromHash
WinVerifyTrust
CryptCATAdminCalcHashFromFileHandle
CryptCATCatalogInfoFromContext

crypt32

CertEnumCertificatesInStore
CertOpenStore
CertGetCertificateContextProperty
CertGetNameStringW
CertFindCertificateInStore
CryptMsgGetParam
CertCloseStore
CryptQueryObject
CertFreeCertificateContext
CryptMsgClose
CertDuplicateCertificateContext

bcrypt

BCryptGenRandom

Sections

.text
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 788KB - Virtual size: 787KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 708KB - Virtual size: 712KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d3f907508422250a76a168dc3aa88203

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

libappupdate

ws2_32

shlwapi

wtsapi32

wininet

version

dxgi

iphlpapi

pdh

wintrust

crypt32

bcrypt

Sections

.text Size: 3.1MB - Virtual size: 3.1MB

.rdata Size: 788KB - Virtual size: 787KB

.data Size: 28KB - Virtual size: 50KB

.gfids Size: 3KB - Virtual size: 3KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 5KB - Virtual size: 4KB

.reloc Size: 708KB - Virtual size: 712KB

.text
Size: 3.1MB - Virtual size: 3.1MB

.rdata
Size: 788KB - Virtual size: 787KB

.data
Size: 28KB - Virtual size: 50KB

.gfids
Size: 3KB - Virtual size: 3KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 5KB - Virtual size: 4KB

.reloc
Size: 708KB - Virtual size: 712KB