a35d03929840360e1b48276f14c1dc70N

Sharing

Copy URL Twitter E-mail

General

Target

a35d03929840360e1b48276f14c1dc70N
Size

272KB
MD5

a35d03929840360e1b48276f14c1dc70
SHA1

2b4c5a9424501d152ffdd50f04f63af29bf9c5bd
SHA256

aac3dae0d43c0c623e145ce0c63b6d8aadd31bf13e4ec232eeff65171434ea81
SHA512

18343e8b81ba05dfa7841773043cb09fc2a919ed3effcecfa9d4d7479d96f4db7422dce22f7dafd3230abe0a366db87ff51be021442bca929c24765ac544ea83
SSDEEP

3072:QJduozkmsQ1h92T/o0N8h/aqgNJjUdbLh112Zswn+eIcR+8e+e1Rc6XtdC76qJcP:QJd7zVs0dbLh6c7Gk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a35d03929840360e1b48276f14c1dc70N

Files

a35d03929840360e1b48276f14c1dc70N
.exe windows:4 windows x86 arch:x86

e330911b4ca2fe00860de85d0b49793d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\Program\VSS\_StatusMonitorTree\StatusMonitor_1.1.0.0(mini11_L11_OEM)\BrYNSvc\BrYNSvc\Release\BrYNSvc.pdb

Imports

kernel32

GetCurrentThreadId
CreateThread
CreateEventW
SetEvent
GetCommandLineW
GetProcAddress
LoadLibraryW
WaitForMultipleObjects
GetPrivateProfileSectionW
GetCurrentProcess
GetVersionExW
ReleaseMutex
CreateMutexW
GetPrivateProfileStringW
WideCharToMultiByte
OutputDebugStringA
GetTimeFormatA
GetLocalTime
Sleep
ResetEvent
GetLocaleInfoA
LoadLibraryA
InterlockedExchange
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetStartupInfoA
GetFileType
GetThreadLocale
CreateFileA
WriteConsoleW
WaitForSingleObject
CloseHandle
GetModuleHandleW
LoadLibraryExW
MultiByteToWideChar
FreeLibrary
GetModuleFileNameW
InterlockedDecrement
InterlockedIncrement
lstrcmpiW
GetLastError
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
GetFileAttributesW
lstrlenW
SetHandleCount
GetCommandLineA
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
FlushFileBuffers
GetStringTypeW
GetStringTypeA
GetConsoleMode
GetEnvironmentStringsW
GetConsoleCP
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapSize
GetModuleFileNameA
GetStdHandle
WriteFile
ExitProcess
HeapCreate
HeapDestroy
VirtualAlloc
VirtualFree
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleA
RtlUnwind
HeapAlloc
HeapFree
HeapReAlloc
ExitThread
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetVersionExA
GetProcessHeap
GetStartupInfoW
SetFilePointer

user32

MessageBoxW
PostThreadMessageW
CharUpperW
SetTimer
KillTimer
GetMessageW
TranslateMessage
DispatchMessageW
LoadStringW
CharNextW
UnregisterClassA

winspool.drv

ClosePrinter
OpenPrinterW
EnumPrintersW
GetPrinterW
XcvDataW
GetPrinterDriverW

advapi32

StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerExW
ControlService
DeleteService
CreateServiceW
OpenSCManagerW
OpenServiceW
CloseServiceHandle
RegQueryValueExW
SetServiceStatus
RegisterEventSourceW
ReportEventW
DeregisterEventSource
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW

shell32

DoEnvironmentSubstW

ole32

CoRevokeClassObject
CoInitializeSecurity
CoRegisterClassObject
CoTaskMemRealloc
CoTaskMemAlloc
CoInitializeEx
CoUninitialize
CoSuspendClassObjects
StringFromGUID2
CoCreateInstance
CoTaskMemFree
CoResumeClassObjects

oleaut32

RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
LoadRegTypeLi
SysStringLen
VarUI4FromStr
SafeArrayRedim
SafeArrayDestroy
SafeArrayCreate
SysStringByteLen
SysAllocStringByteLen
SysAllocString
VariantCopyInd
SysAllocStringLen
SafeArrayUnlock
SafeArrayLock
SafeArrayPutElement
SafeArrayGetUBound
SafeArrayGetLBound
VariantCopy
VariantClear
SafeArrayCopy
VariantInit
SysFreeString
SafeArrayGetVartype

Sections

.text
Size: 176KB - Virtual size: 176KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e330911b4ca2fe00860de85d0b49793d

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

winspool.drv

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 176KB - Virtual size: 176KB

.rdata Size: 48KB - Virtual size: 47KB

.data Size: 8KB - Virtual size: 14KB

.rsrc Size: 36KB - Virtual size: 36KB

.text
Size: 176KB - Virtual size: 176KB

.rdata
Size: 48KB - Virtual size: 47KB

.data
Size: 8KB - Virtual size: 14KB

.rsrc
Size: 36KB - Virtual size: 36KB