37166552776a5f42a2be84f09f0a1eb94772d5e10cdb460e6f66e27fa9ea1495

Sharing

Copy URL Twitter E-mail

General

Target

37166552776a5f42a2be84f09f0a1eb94772d5e10cdb460e6f66e27fa9ea1495
Size

1.4MB
MD5

47f8826f212587fe879a8d30ae637fda
SHA1

f7f78c6aa2426b4893951d7f4bc4328a7bc84a36
SHA256

37166552776a5f42a2be84f09f0a1eb94772d5e10cdb460e6f66e27fa9ea1495
SHA512

4f812bf083e017a21c4509d244dbde99d06f7aad9d149c2fce2a52adde2639528e3a53e792c61c92dcd84b479b506d7255b468dceb9d9b1be2061b46f1f4e166
SSDEEP

24576:DgngVp+yRXYbXyqEn04dOsqjnhMgeiCl7G0nehbGZpbD:UnJbCq+04diDmg27RnWGj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
37166552776a5f42a2be84f09f0a1eb94772d5e10cdb460e6f66e27fa9ea1495

Files

37166552776a5f42a2be84f09f0a1eb94772d5e10cdb460e6f66e27fa9ea1495
.exe windows:6 windows x64 arch:x64

084ec9163b3f9e0e4443c124d52b5ce5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\jk_kan\Desktop\Gerrit\diagnosisV2\AsusSystemDiagnosisV2\x64\Release\AsusSystemDiagnosis.pdb

Imports

kernel32

FindNextFileW
FindClose
OutputDebugStringA
OutputDebugStringW
GetProcessWorkingSetSize
VirtualFree
GetCurrentProcess
VirtualAlloc
VirtualUnlock
VirtualLock
SetProcessWorkingSetSize
WTSGetActiveConsoleSessionId
GetModuleFileNameA
GetModuleFileNameW
FileTimeToSystemTime
WritePrivateProfileStringW
GetPrivateProfileIntW
LoadLibraryW
HeapAlloc
GetProcessHeap
SetEndOfFile
WriteConsoleW
SetFilePointerEx
FlushFileBuffers
HeapSize
SetStdHandle
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
CreateProcessW
PeekNamedPipe
CreatePipe
WriteFile
ReadFile
GetStartupInfoW
K32EnumProcessModules
GetCurrentProcessId
K32EnumProcesses
K32GetModuleBaseNameW
OpenProcess
K32GetModuleFileNameExW
GetProcessId
TerminateProcess
WideCharToMultiByte
GlobalMemoryStatusEx
DeleteCriticalSection
LocalFree
DecodePointer
ResetEvent
CreateThread
RaiseException
GetNativeSystemInfo
SetEvent
Sleep
GetPrivateProfileStringW
GetExitCodeThread
MultiByteToWideChar
CreateEventW
GetPrivateProfileSectionNamesW
LocalAlloc
WaitForSingleObject
GetPrivateProfileSectionW
InitializeCriticalSectionEx
GetDiskFreeSpaceExW
GetLastError
FreeLibrary
GetProcAddress
LoadLibraryA
CreateDirectoryW
CloseHandle
CreateFileW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
HeapReAlloc
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
ReadConsoleW
PeekConsoleInputA
GetNumberOfConsoleInputEvents
GetConsoleMode
GetExitCodeProcess
GetTimeZoneInformation
GetFileType
HeapFree
GetCommandLineW
GetCommandLineA
GetStdHandle
GetModuleHandleExW
ExitProcess
FindFirstFileExW
GetFileAttributesExW
GetConsoleCP
DuplicateHandle
LoadLibraryExW
RtlPcToFileHeader
RtlUnwindEx
DeviceIoControl

user32

wsprintfW
EnumDisplayDevicesW

advapi32

RegOpenKeyExA
ReadEventLogW
CreateServiceA
StartServiceCtrlDispatcherA
CloseServiceHandle
SetServiceStatus
ChangeServiceConfig2W
OpenSCManagerA
RegisterServiceCtrlHandlerExA
DeleteService
ControlService
StartServiceA
ChangeServiceConfig2A
OpenServiceA
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
EqualSid
SetTokenInformation
OpenProcessToken
CreateProcessAsUserW
DuplicateTokenEx
GetTokenInformation
EventWriteTransfer
EventRegister
EventSetInformation
AllocateAndInitializeSid
SetEntriesInAclW
FreeSid
SetSecurityDescriptorDacl
RegCloseKey
RegQueryValueExA
InitializeSecurityDescriptor
CloseEventLog
OpenEventLogW

ole32

CoInitializeEx
StringFromGUID2
CoSetProxyBlanket
CoCreateInstance
CoUninitialize

oleaut32

SafeArrayGetElement
VariantInit
SysFreeString
SysAllocString
VariantClear

setupapi

CM_Get_Parent
CM_Open_DevNode_Key
SetupDiGetDevicePropertyW
CM_Disable_DevNode
CM_Enable_DevNode
CM_Get_Device_Interface_List_SizeW
CM_Get_Device_Interface_ListW
SetupDiRemoveDevice
SetupDiGetDeviceRegistryPropertyW
SetupDiEnumDeviceInfo
CM_Get_Device_ID_ListW
CM_Locate_DevNodeW
CM_Get_Device_ID_List_SizeA
CM_Get_Device_IDW
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsA
SetupDiGetDeviceInstanceIdW

shlwapi

PathFileExistsW

bthprops.cpl

BluetoothFindFirstRadio
BluetoothFindRadioClose
BluetoothFindNextDevice
BluetoothFindFirstDevice
BluetoothFindNextRadio
BluetoothFindDeviceClose
BluetoothGetRadioInfo

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

pdh

PdhCollectQueryData
PdhOpenQueryA
PdhAddEnglishCounterW
PdhCloseQuery
PdhGetFormattedCounterValue

rpcrt4

RpcBindingVectorFree
RpcServerUseProtseqEpW
RpcServerUnregisterIf
RpcServerRegisterIf3
RpcEpRegisterA
RpcServerInqCallAttributesA
RpcServerListen
RpcEpUnregister
RpcServerInqBindings
NdrServerCall2
UuidToStringW
RpcStringFreeW
RpcMgmtStopServerListening
NdrServerCallAll

api-ms-win-security-base-l1-2-2

DeriveCapabilitySidsFromName

iphlpapi

GetAdaptersInfo

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

api-ms-win-devices-config-l1-1-1

CM_Get_DevNode_PropertyW

ext-ms-win-networking-wlanapi-l1-1-0

WlanCloseHandle
WlanEnumInterfaces
WlanFreeMemory
WlanQueryInterface
WlanOpenHandle
WlanGetAvailableNetworkList

wlanapi

WlanGetInterfaceCapability
WlanScan
WlanGetNetworkBssList
WlanSetInterface

api-ms-win-core-synch-l1-1-0

WaitForSingleObjectEx
InitializeCriticalSectionAndSpinCount

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-errorhandling-l1-1-0

SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-localization-l1-2-0

GetLocaleInfoW
LCMapStringW
GetCPInfo

api-ms-win-core-string-l1-1-0

CompareStringW
GetStringTypeW

api-ms-win-core-util-l1-1-0

EncodePointer

wtsapi32

WTSQueryUserToken

Sections

.text
Size: 559KB - Virtual size: 559KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 222KB - Virtual size: 221KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 572KB - Virtual size: 576KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

084ec9163b3f9e0e4443c124d52b5ce5

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

oleaut32

setupapi

shlwapi

bthprops.cpl

version

pdh

rpcrt4

api-ms-win-security-base-l1-2-2

iphlpapi

userenv

api-ms-win-devices-config-l1-1-1

ext-ms-win-networking-wlanapi-l1-1-0

wlanapi

api-ms-win-core-synch-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-debug-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-util-l1-1-0

wtsapi32

Sections

.text Size: 559KB - Virtual size: 559KB

.rdata Size: 222KB - Virtual size: 221KB

.data Size: 8KB - Virtual size: 20KB

.pdata Size: 23KB - Virtual size: 23KB

.rsrc Size: 6KB - Virtual size: 5KB

.reloc Size: 572KB - Virtual size: 576KB

.text
Size: 559KB - Virtual size: 559KB

.rdata
Size: 222KB - Virtual size: 221KB

.data
Size: 8KB - Virtual size: 20KB

.pdata
Size: 23KB - Virtual size: 23KB

.rsrc
Size: 6KB - Virtual size: 5KB

.reloc
Size: 572KB - Virtual size: 576KB