218b5e6903c76f77594b7855b71ee680N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

218b5e6903c76f77594b7855b71ee680N.exe
Size

1.5MB
MD5

218b5e6903c76f77594b7855b71ee680
SHA1

87db77938679855c83e3264ecd6a01856e643713
SHA256

8f5ad4383c523937fddd8e2479e6083e98f49de7ee3c31ea2a81985c393ae770
SHA512

953db3f7b47f138eeb9f6050fac221ca6009dd7b11b31ab2de9b85229eb70584d3b51f6a63b63efd1fe90708f09128d23fbd15d190d9eca195e662a9a3e002c5
SSDEEP

24576:VbRTk6tfEuqNx8pP1Ci54uPxvjj3UMoe22Gt5xURFqFuFbFVVuvVlSKu:1nfEu+xuUC4evjj3UMyu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
218b5e6903c76f77594b7855b71ee680N.exe

Files

218b5e6903c76f77594b7855b71ee680N.exe
.exe windows:5 windows x86 arch:x86

6370b50a07180c64f48d89a8408460ef

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\build\ob\bora-1801916\vos3\thinstall\modules\tlink.pdb

Imports

rpcrt4

UuidCreate

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

msi

ord20
ord78
ord165
ord163
ord123
ord125
ord121
ord167
ord17
ord151
ord153
ord150
ord92
ord159
ord160
ord8
ord118
ord120
ord32

ntdll

NtReadFile
NtQueryInformationFile
NtSetInformationFile
NtOpenSection
NtAllocateUuids
NtWaitForMultipleObjects
NtWaitForSingleObject
NtDuplicateObject
NtOpenDirectoryObject
NtQuerySystemInformation
RtlGetVersion
RtlLeaveCriticalSection
RtlEnterCriticalSection
RtlInitializeCriticalSection
NtDelayExecution
NtOpenFile
RtlCreateSecurityDescriptor
NtQueryInformationThread
NtSetSecurityObject
NtOpenThread
NtCreateEvent
NtSetEvent
NtReleaseMutant
NtFlushBuffersFile
NtWriteFile
NtQueryVirtualMemory
NtProtectVirtualMemory
NtFreeVirtualMemory
NtResumeThread
NtTerminateThread
RtlCreateUserThread
RtlDowncaseUnicodeString
RtlRaiseException
RtlAllocateHeap
RtlFreeHeap
NtQueryObject
NtQueryInformationToken
NtOpenProcess
NtOpenProcessToken
RtlUnwind
NtCreateSection
NtMapViewOfSection
RtlConvertSidToUnicodeString
RtlUnicodeToMultiByteSize
RtlUnicodeToMultiByteN
RtlMultiByteToUnicodeN
RtlCompareUnicodeString
LdrGetDllHandle
RtlInitAnsiString
LdrGetProcedureAddress
NtAllocateVirtualMemory
RtlDosPathNameToNtPathName_U
RtlFreeUnicodeString
NtQueryInformationProcess
NtRaiseHardError
NtTerminateProcess
RtlUpcaseUnicodeChar
RtlInitUnicodeString
NtOpenKey
RtlNtStatusToDosError
NtClose
NtEnumerateKey
NtQueryValueKey
NtSetValueKey
NtUnmapViewOfSection
RtlUpcaseUnicodeString
RtlImageNtHeader
NtReadVirtualMemory
RtlFreeSid
RtlSetSaclSecurityDescriptor
RtlCreateAcl
RtlLengthSid
RtlAllocateAndInitializeSid
RtlSubAuthoritySid
RtlSubAuthorityCountSid

kernel32

UnhandledExceptionFilter
IsDebuggerPresent
GetConsoleCP
ReadConsoleInputA
SetConsoleMode
PeekConsoleInputA
GetNumberOfConsoleInputEvents
FileTimeToLocalFileTime
PeekNamedPipe
GetTimeFormatA
GetDateFormatA
HeapReAlloc
SetStdHandle
HeapSize
GetCPInfo
GetOEMCP
IsValidCodePage
TlsFree
HeapCreate
VirtualFree
VirtualAlloc
GetModuleFileNameA
LCMapStringW
SetHandleCount
GetStartupInfoA
WriteConsoleA
GetConsoleOutputCP
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetTickCount
LCMapStringA
InitializeCriticalSectionAndSpinCount
GetCurrentDirectoryA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetFullPathNameW
GetModuleFileNameW
GetShortPathNameW
CreateFileW
UnmapViewOfFile
MapViewOfFile
CloseHandle
CreateFileMappingW
GetFileSizeEx
GetFileAttributesW
GetLocalTime
ReadFile
GetFileSize
LocalFree
FormatMessageW
GetModuleHandleW
GetLastError
CopyFileW
GetTempFileNameW
WriteFile
SetFilePointer
FindClose
FindFirstFileW
GetFileTime
GetPrivateProfileSectionW
MoveFileW
DeleteFileW
ExpandEnvironmentStringsW
FreeLibrary
LoadLibraryExW
GetPrivateProfileStringW
SetFileTime
GetSystemTimeAsFileTime
Sleep
SetEndOfFile
FindNextFileW
GetSystemTime
SetLastError
GetSystemInfo
GetCurrentProcessId
QueryPerformanceFrequency
QueryPerformanceCounter
CallNamedPipeW
WaitForSingleObject
GetCurrentThreadId
CompareFileTime
FindResourceW
LoadResource
SizeofResource
CreateDirectoryW
GetProcAddress
HeapFree
HeapAlloc
GetProcessHeap
LockResource
SystemTimeToFileTime
SetCurrentDirectoryW
ExitProcess
GetPrivateProfileSectionNamesW
GetConsoleMode
GetStdHandle
GetPrivateProfileIntW
GetTempPathW
GetCurrentProcess
VirtualQueryEx
GetEnvironmentVariableW
GetComputerNameW
FileTimeToSystemTime
GetWindowsDirectoryW
GetSystemWindowsDirectoryW
GetSystemDirectoryW
SetEnvironmentVariableW
WriteConsoleW
GetFileInformationByHandle
GetCurrentThread
GetFileType
GetFileAttributesExW
CreateFileMappingA
CreateFileA
GetDriveTypeW
GetTimeZoneInformation
CreateEventA
WideCharToMultiByte
MultiByteToWideChar
LoadLibraryW
DuplicateHandle
LoadLibraryA
CompareStringA
OutputDebugStringA
GetDiskFreeSpaceW
GetLongPathNameW
CreateMutexW
TerminateProcess
ExitThread
GetVersionExA
FlushFileBuffers
GetDriveTypeA
IsBadReadPtr
VirtualQuery
TlsSetValue
TlsGetValue
RaiseException
SetUnhandledExceptionFilter
TlsAlloc
GetACP
SetEvent
CreateThread
GetModuleHandleA
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
InterlockedIncrement
InterlockedDecrement
DeleteCriticalSection
CompareStringW
SetEnvironmentVariableA
SetFileAttributesW

user32

LoadImageW
LoadStringW
MessageBoxW
RegisterClassW
CreateWindowExW
DefWindowProcW
wsprintfW

gdi32

GetObjectW
GetDIBits
CreateCompatibleDC
SelectObject
DeleteDC

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
MapGenericMask
RegEnumKeyExW
RegQueryInfoKeyW
RegEnumValueW
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
RegCreateKeyExW
RegOpenKeyExA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CryptGenRandom
CryptReleaseContext
CryptAcquireContextW

ole32

CoCreateGuid
StringFromGUID2

Sections

.text
Size: 683KB - Virtual size: 682KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 213KB - Virtual size: 213KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 68KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 572KB - Virtual size: 572KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6370b50a07180c64f48d89a8408460ef

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

rpcrt4

version

msi

ntdll

kernel32

user32

gdi32

advapi32

ole32

Sections

.text Size: 683KB - Virtual size: 682KB

.rdata Size: 213KB - Virtual size: 213KB

.data Size: 68KB - Virtual size: 134KB

.rsrc Size: 572KB - Virtual size: 572KB

.text
Size: 683KB - Virtual size: 682KB

.rdata
Size: 213KB - Virtual size: 213KB

.data
Size: 68KB - Virtual size: 134KB

.rsrc
Size: 572KB - Virtual size: 572KB