3bd98ea5d2eee619d9b5fb9cfceff1a0N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

3bd98ea5d2eee619d9b5fb9cfceff1a0N.exe
Size

1.7MB
MD5

3bd98ea5d2eee619d9b5fb9cfceff1a0
SHA1

42c48a6027c8ccf54017778b6bc1e1cbbbb40c90
SHA256

5ac1fe7e3aa20c93dcc088de6b505cd6940b1720b0ff783cba752167478d0266
SHA512

f561a98af3c94611d0117acd544f4bc4b661b09b64f2116109bbeda70510847d6db9bfa2254a69312d710450d3b3d3fdd135be6197feebd68a58ba61fd7f40c6
SSDEEP

24576:pLWH4xFfqcjIEsYPvsqjnhMgeiCl7G0nehbGZpbD:pLWw7jIEs+TDmg27RnWGj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3bd98ea5d2eee619d9b5fb9cfceff1a0N.exe

Files

3bd98ea5d2eee619d9b5fb9cfceff1a0N.exe
.exe windows:6 windows x64 arch:x64

301595a441861ba2172269f4c37e3a54

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\1\s\x64\Release\HPAudioAnalytics.pdb

Imports

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle
GetCommandLineW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA

api-ms-win-core-errorhandling-l1-1-0

RaiseException
SetUnhandledExceptionFilter
GetLastError
UnhandledExceptionFilter
SetLastError

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
FreeLibrary
LoadLibraryExW
GetModuleHandleExW
FreeLibraryAndExitThread
GetProcAddress
FindResourceExW
GetModuleFileNameW
LoadResource
LockResource
SizeofResource

api-ms-win-core-libraryloader-l1-2-1

FindResourceW

api-ms-win-core-string-l1-1-0

GetStringTypeW
CompareStringW
WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-com-l1-1-0

CoUninitialize
CoInitializeSecurity
CoInitializeEx

oleaut32

SysFreeString

api-ms-win-core-apiquery-l2-1-0

IsApiSetImplemented

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-processthreads-l1-1-0

CreateProcessAsUserW
InitializeProcThreadAttributeList
DeleteProcThreadAttributeList
GetCurrentThreadId
GetCurrentProcessId
UpdateProcThreadAttribute
TerminateProcess
GetCurrentProcess
GetCurrentThread
OpenProcessToken
OpenThreadToken
CreateThread
CreateProcessW
GetStartupInfoW
TlsAlloc
ExitThread
ExitProcess
TlsGetValue
TlsFree
TlsSetValue

api-ms-win-security-base-l1-1-0

AddAccessAllowedAce
AddAce
RevertToSelf
ImpersonateLoggedOnUser
CreateWellKnownSid
GetAce
DuplicateTokenEx
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
IsValidSid
InitializeSecurityDescriptor
InitializeAcl
GetTokenInformation
GetLengthSid
GetAclInformation
CopySid

api-ms-win-core-kernel32-legacy-l1-1-0

MoveFileW
WTSGetActiveConsoleSessionId

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock
ExpandEnvironmentStringsForUserW

api-ms-win-appmodel-runtime-l1-1-1

FindPackagesByPackageFamily
GetStagedPackageOrigin
GetPackagePathByFullName

api-ms-win-appmodel-runtime-l1-1-0

ClosePackageInfo
OpenPackageInfoByFullName
GetPackageInfo

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-synch-l1-1-0

SetEvent
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
WaitForSingleObject
CreateMutexW
WaitForSingleObjectEx
ResetEvent
InitializeCriticalSection
ReleaseMutex
DeleteCriticalSection
CreateEventW
InitializeCriticalSectionEx

api-ms-win-core-processthreads-l1-1-1

OpenProcess
IsProcessorFeaturePresent

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW

api-ms-win-core-version-l1-1-1

GetFileVersionInfoW
GetFileVersionInfoSizeW

api-ms-win-core-version-l1-1-0

VerQueryValueW

api-ms-win-service-management-l2-1-0

QueryServiceConfigW
QueryServiceStatusEx
ChangeServiceConfig2W

api-ms-win-service-management-l1-1-0

CreateServiceW
OpenSCManagerW
CloseServiceHandle
DeleteService
OpenServiceW

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

api-ms-win-eventlog-legacy-l1-1-0

ReportEventW
DeregisterEventSource
RegisterEventSourceW

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegOpenKeyExW
RegQueryValueExW

api-ms-win-core-registry-l2-1-0

RegOpenKeyW

api-ms-win-service-core-l1-1-0

StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerExW
SetServiceStatus

api-ms-win-power-setting-l1-1-0

PowerSettingRegisterNotification

api-ms-win-service-winsvc-l1-1-0

QueryServiceStatus
ControlService

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

user32

MsgWaitForMultipleObjectsEx

hpaudioanalyticclientlib

?ReleaseAnalyticsManager@CAudioAnalyticsManager@Analytics@HotkeyAudio@@SAXXZ
?RegisterDataClass@CAudioAnalyticsManager@Analytics@HotkeyAudio@@QEAA?AW4AnalyticsResult@Emitters@2HP@@XZ
?InitializeAnalyticsSession@CAudioAnalyticsManager@Analytics@HotkeyAudio@@QEAAXXZ
?GetInstance@CAudioAnalyticsManager@Analytics@HotkeyAudio@@SAPEAV123@XZ
?UnRegisterAllAudioSessions@CAudioAnalyticsManager@Analytics@HotkeyAudio@@QEAAXXZ
?RegisterAllAudioSessions@CAudioAnalyticsManager@Analytics@HotkeyAudio@@QEAAXXZ

wtsapi32

WTSQueryUserToken
WTSEnumerateSessionsW
WTSEnumerateProcessesW
WTSFreeMemory

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-localization-l1-2-0

GetCPInfo
LCMapStringW
IsValidCodePage
GetACP
GetOEMCP

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlUnwindEx
RtlPcToFileHeader

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetLocalTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-file-l1-1-0

FindFirstFileExW
SetFilePointerEx
SetEndOfFile
GetFileSizeEx
ReadFile
GetTempFileNameW
GetFileType
GetFullPathNameW
CreateFileW
CreateDirectoryW
WriteFile
DeleteFileW
FindClose
FindFirstFileW
FindNextFileW
GetFileAttributesExW
FlushFileBuffers

api-ms-win-core-realtime-l1-1-0

QueryUnbiasedInterruptTime

api-ms-win-shell-shdirectory-l1-1-0

ord290

ext-ms-win-shell32-shellfolders-l1-1-0

SHGetFolderPathW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-toolhelp-l1-1-0

Process32FirstW
Process32NextW
CreateToolhelp32Snapshot

api-ms-win-core-fibers-l1-1-0

FlsGetValue
FlsAlloc
FlsFree
FlsSetValue

api-ms-win-core-console-l1-1-0

GetConsoleMode
GetConsoleOutputCP
WriteConsoleW
ReadConsoleW

Exports

Exports

??0AnalyticsSession@@QEAA@$$QEAV0@@Z
??0AnalyticsSession@@QEAA@AEBV0@@Z
??0AppSession@Session@Analytics@HP@@QEAA@$$QEAV0123@@Z
??0AppSession@Session@Analytics@HP@@QEAA@AEBV0123@@Z
??0BaseDataClass@DataClass@Analytics@HP@@QEAA@$$QEAV0123@@Z
??0BaseDataClass@DataClass@Analytics@HP@@QEAA@AEBV0123@@Z
??0ConsentObject@@QEAA@$$QEAV0@@Z
??0ConsentObject@@QEAA@AEBV0@@Z
??0DataClassFieldInfo@DataClass@Analytics@HP@@QEAA@$$QEAV0123@@Z
??0DataClassFieldInfo@DataClass@Analytics@HP@@QEAA@AEBV0123@@Z
??0DataClassFieldInfo@DataClass@Analytics@HP@@QEAA@XZ
??0Launcher@@QEAA@AEBV0@@Z
??0Launcher@@QEAA@XZ
??0PrivacyDocuments@@QEAA@$$QEAV0@@Z
??0PrivacyDocuments@@QEAA@AEBV0@@Z
??1AnalyticsSession@@QEAA@XZ
??1AppSession@Session@Analytics@HP@@QEAA@XZ
??1BaseDataClass@DataClass@Analytics@HP@@QEAA@XZ
??1ConsentObject@@QEAA@XZ
??1DataClassFieldInfo@DataClass@Analytics@HP@@QEAA@XZ
??1Launcher@@QEAA@XZ
??1PrivacyDocuments@@QEAA@XZ
??4AnalyticsSession@@QEAAAEAV0@$$QEAV0@@Z
??4AnalyticsSession@@QEAAAEAV0@AEBV0@@Z
??4AppSession@Session@Analytics@HP@@QEAAAEAV0123@$$QEAV0123@@Z
??4AppSession@Session@Analytics@HP@@QEAAAEAV0123@AEBV0123@@Z
??4BaseDataClass@DataClass@Analytics@HP@@QEAAAEAV0123@$$QEAV0123@@Z
??4BaseDataClass@DataClass@Analytics@HP@@QEAAAEAV0123@AEBV0123@@Z
??4ConsentObject@@QEAAAEAV0@$$QEAV0@@Z
??4ConsentObject@@QEAAAEAV0@AEBV0@@Z
??4DataClassFieldInfo@DataClass@Analytics@HP@@QEAAAEAV0123@$$QEAV0123@@Z
??4DataClassFieldInfo@DataClass@Analytics@HP@@QEAAAEAV0123@AEBV0123@@Z
??4Launcher@@QEAAAEAV0@AEBV0@@Z
??4PrivacyDocuments@@QEAAAEAV0@$$QEAV0@@Z
??4PrivacyDocuments@@QEAAAEAV0@AEBV0@@Z
??4ProcessingPermissions@@QEAAAEAV0@$$QEAV0@@Z
??4ProcessingPermissions@@QEAAAEAV0@AEBV0@@Z
??_7BaseDataClass@DataClass@Analytics@HP@@6B@
?CREATE_FILE_EXTENDED_PATH@Launcher@@0_KB
?GetAbsolutePathForUWPAlias@Launcher@@QEAA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V23@@Z
?GetOriginAndVersionByFamilyName@Launcher@@QEAA?AV?$tuple@H_K@std@@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@3@@Z
?GetOriginAndVersionByFullName@Launcher@@QEAA?AV?$tuple@H_K@std@@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@3@@Z
?GetPackageFullNameByFamilyName@Launcher@@QEAA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V23@@Z
?GetPackageFullNameByFamilyName@Launcher@@QEAA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V23@V?$shared_ptr@X@3@@Z
?GetPackageInstalledPathByFullName@Launcher@@QEAA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V23@@Z
?GetPackageInstalledPathByFullName@Launcher@@QEAA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V23@V?$shared_ptr@X@3@@Z
?GetPathExpandedImpersonatedAsCurrentUser@Launcher@@QEAA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V23@V?$shared_ptr@X@3@@Z
?GetUserTokenForCurrentUser@Launcher@@QEAA?AV?$shared_ptr@X@std@@W4_TOKEN_TYPE@@@Z
?IsRealUserSession@Launcher@@QEAA_NAEAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?Run@Launcher@@QEAA_NV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@00@Z
?RunExeAsUser@Launcher@@QEAA_NV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0V?$shared_ptr@X@3@0@Z
?RunExeAsUser@Launcher@@QEAA_NV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0V?$shared_ptr@X@3@0AEAKV?$vector@PEAXV?$allocator@PEAX@std@@@3@@Z
?__autoclassinit2@AnalyticsSession@@QEAAX_K@Z

Sections

.text
Size: 208KB - Virtual size: 207KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 110KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 170KB - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.2MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

301595a441861ba2172269f4c37e3a54

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-string-l1-1-0

api-ms-win-core-com-l1-1-0

oleaut32

api-ms-win-core-apiquery-l2-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-0

userenv

api-ms-win-appmodel-runtime-l1-1-1

api-ms-win-appmodel-runtime-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-security-lsalookup-l2-1-0

api-ms-win-core-version-l1-1-1

api-ms-win-core-version-l1-1-0

api-ms-win-service-management-l2-1-0

api-ms-win-service-management-l1-1-0

api-ms-win-security-sddl-l1-1-0

api-ms-win-eventlog-legacy-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-registry-l2-1-0

api-ms-win-service-core-l1-1-0

api-ms-win-power-setting-l1-1-0

api-ms-win-service-winsvc-l1-1-0

api-ms-win-core-util-l1-1-0

user32

hpaudioanalyticclientlib

wtsapi32

api-ms-win-core-debug-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-realtime-l1-1-0

api-ms-win-shell-shdirectory-l1-1-0

ext-ms-win-shell32-shellfolders-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-toolhelp-l1-1-0

api-ms-win-core-fibers-l1-1-0

api-ms-win-core-console-l1-1-0

Exports

Exports

Sections

.text Size: 208KB - Virtual size: 207KB

.rdata Size: 110KB - Virtual size: 110KB

.data Size: 5KB - Virtual size: 11KB

.pdata Size: 11KB - Virtual size: 10KB

_RDATA Size: 512B - Virtual size: 244B

.rsrc Size: 170KB - Virtual size: 169KB

.reloc Size: 1.2MB - Virtual size: 1.8MB

.text
Size: 208KB - Virtual size: 207KB

.rdata
Size: 110KB - Virtual size: 110KB

.data
Size: 5KB - Virtual size: 11KB

.pdata
Size: 11KB - Virtual size: 10KB

_RDATA
Size: 512B - Virtual size: 244B

.rsrc
Size: 170KB - Virtual size: 169KB

.reloc
Size: 1.2MB - Virtual size: 1.8MB