f31c7d6e2a3dbf2ac0082122ad891b90N[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

f31c7d6e2a3dbf2ac0082122ad891b90N.exe
Size

1.4MB
MD5

f31c7d6e2a3dbf2ac0082122ad891b90
SHA1

6473136489daff5d5b51315f7bfe3f63d9cac7b9
SHA256

039496e7a51ea0a1491e2770dce6ec55506bfbc114b29ee022b1986dce527cbb
SHA512

6e968455b0471f66745473456592578e21f4b53254fb0e88d50626c961d78440d548b0888a50cec0b0f52e121db2c926788e32413d1010587e23b495352f8d4c
SSDEEP

24576:1BiOXpK59t8ICJ2ugtTd60SpP+VU+2bzueG+PFJumD/6:1B5pK59t8VGTd60U+2PDBPvumT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f31c7d6e2a3dbf2ac0082122ad891b90N.exe

Files

f31c7d6e2a3dbf2ac0082122ad891b90N.exe
.exe windows:5 windows x64 arch:x64

62704d7d25bd1d19b486237679cef807

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

I:\CheckPoints\TPDrv\headgit1\Install\WinNT5\SynTPEnhService\SynTPEnhService\x64\Release\SynTPEnhService.pdb

Imports

kernel32

GetProcessId
GetModuleFileNameW
QueueUserWorkItem
GetExitCodeProcess
GetCurrentProcess
LockResource
lstrlenW
MultiByteToWideChar
GetFileAttributesW
SizeofResource
LoadResource
FindResourceW
FindResourceExW
CreateThread
ReleaseMutex
ResetEvent
GetOverlappedResult
WaitForMultipleObjectsEx
SetEvent
WaitForSingleObject
CreateMutexW
CloseHandle
DeleteCriticalSection
DecodePointer
CreateEventW
ReadFileEx
HeapSize
GetLastError
RaiseException
FlushFileBuffers
DisconnectNamedPipe
CreateFileW
ReadFile
HeapDestroy
Sleep
InitializeCriticalSectionAndSpinCount
WriteFile
GetProcessHeap
CreateNamedPipeW
ConnectNamedPipe
HeapFree
HeapAlloc
WaitForMultipleObjects
HeapReAlloc
SetEndOfFile
ReadConsoleW
WriteConsoleW
SetStdHandle
SetFilePointerEx
GetConsoleMode
GetConsoleCP
LCMapStringW
LoadLibraryExW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
GetProcAddress
LocalFree
TerminateProcess
GetCurrentThreadId
GetModuleHandleExW
IsWow64Process
EnterCriticalSection
LeaveCriticalSection
ExpandEnvironmentStringsW
QueryPerformanceCounter
QueryPerformanceFrequency
WideCharToMultiByte
IsDebuggerPresent
OutputDebugStringW
EncodePointer
IsProcessorFeaturePresent
GetCommandLineW
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
ExitProcess
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
GetStringTypeW
GetStdHandle
GetFileType
GetCurrentProcessId

advapi32

RegCreateKeyW
RegCreateKeyExW
RegOpenKeyExW
RegisterTraceGuidsW
UnregisterTraceGuids
GetTraceLoggerHandle
GetTraceEnableLevel
ControlService
ChangeServiceConfigW
QueryServiceStatus
OpenServiceW
OpenSCManagerW
DeleteService
CloseServiceHandle
CreateServiceW
ReportEventW
SetServiceStatus
DeregisterEventSource
RegisterServiceCtrlHandlerExW
StartServiceCtrlDispatcherW
RegisterEventSourceW
AdjustTokenPrivileges
DuplicateTokenEx
LookupPrivilegeValueW
SetTokenInformation
CreateProcessAsUserW
OpenProcessToken
RegSetValueExW
RegCloseKey
RegQueryValueExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetTraceEnableFlags
TraceMessage

newdev

UpdateDriverForPlugAndPlayDevicesW

setupapi

SetupGetLineByIndexW
SetupDiEnumDeviceInfo
SetupDiSetClassInstallParamsW
SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyW
SetupGetLineTextW
SetupGetLineCountW
SetupOpenInfFileW
SetupDiCallClassInstaller
SetupCloseInfFile
SetupDiGetINFClassW

shell32

SHGetFolderPathW

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

wtsapi32

WTSFreeMemory
WTSEnumerateSessionsW
WTSQueryUserToken

Sections

.text
Size: 130KB - Virtual size: 129KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

62704d7d25bd1d19b486237679cef807

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

newdev

setupapi

shell32

userenv

wtsapi32

Sections

.text Size: 130KB - Virtual size: 129KB

.rdata Size: 59KB - Virtual size: 58KB

.data Size: 8KB - Virtual size: 18KB

.pdata Size: 7KB - Virtual size: 7KB

.rsrc Size: 28KB - Virtual size: 28KB

.reloc Size: 1.2MB - Virtual size: 1.2MB

.text
Size: 130KB - Virtual size: 129KB

.rdata
Size: 59KB - Virtual size: 58KB

.data
Size: 8KB - Virtual size: 18KB

.pdata
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 28KB - Virtual size: 28KB

.reloc
Size: 1.2MB - Virtual size: 1.2MB