01963b41c09a9e9522b9555621e18380N

Sharing

Copy URL

Twitter E-mail

General

Target

01963b41c09a9e9522b9555621e18380N
Size

3.2MB
MD5

01963b41c09a9e9522b9555621e18380
SHA1

cd6d9e9ac12cec6a2610db8588205f3e333e631f
SHA256

6faaad61b263d220100c19dd98bf0479b81dc29f53e3d5822c11798eac08dc58
SHA512

168c92c4dbee69469420dc5f9229d8d4e6a1dd9530f774133d852ec738b8bbe3c7a07a7c7310d2fa0a1af83c6aeb775f7e3257a2513b52bd3851681907ed451a
SSDEEP

98304:IRWcDGNfKDCCiSKO7Pmv3dgOZNzj1DFE/aX:IRFGNfKDCCiSKOA3VF1DFE/aX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
01963b41c09a9e9522b9555621e18380N

Files

01963b41c09a9e9522b9555621e18380N
.exe windows:6 windows x86 arch:x86

037a5d612627b92ff8d32691d929a820

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

WinSAT.pdb

Imports

advapi32

EventWrite
RegCloseKey
RegFlushKey
RegSetValueExW
RegQueryValueExW
RegCreateKeyExW
StopTraceW
RegDeleteKeyW
RegDeleteTreeW
RegOpenKeyExW
EventRegister
EventUnregister
EventEnabled
ControlTraceW
EnableTrace
StartTraceW
RegDeleteValueW
CloseTrace
ProcessTrace
OpenTraceW
OpenProcessToken
LookupPrivilegeValueW
RegOpenKeyExA
RegQueryValueExA
RegisterTraceGuidsW
GetTraceLoggerHandle
GetTraceEnableFlags
GetTraceEnableLevel
UnregisterTraceGuids
InitializeAcl
AddAccessAllowedAceEx
SetNamedSecurityInfoW
SetSecurityInfo
GetLengthSid
EnableTraceEx
CryptEncrypt
CryptDecrypt
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptAcquireContextW
CryptGenKey
CryptGetKeyParam
CryptDestroyKey
CryptReleaseContext
ImpersonateSelf
OpenThreadToken
AdjustTokenPrivileges
RevertToSelf
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
AddAccessAllowedAce

kernel32

TerminateProcess
CancelWaitableTimer
CreateThread
CreateWaitableTimerW
GetStringTypeExW
CompareStringW
ExitProcess
SetWaitableTimer
GetFileSizeEx
SetEndOfFile
SetFilePointer
FlushFileBuffers
GetLocalTime
GetTimeFormatW
LoadLibraryExA
FormatMessageA
GetCurrentProcessId
GetCurrentThreadId
SetCriticalSectionSpinCount
LeaveCriticalSection
EnterCriticalSection
GetNativeSystemInfo
GetSystemInfo
lstrlenW
CreateFileW
ReadFile
CompareStringA
GetStringTypeExA
GlobalMemoryStatusEx
CreateFileMappingA
GetFullPathNameA
GetVersionExA
GetSystemWindowsDirectoryW
LoadLibraryA
GetModuleHandleExW
OpenThread
SetFileAttributesW
SetFileInformationByHandle
CreateWaitableTimerExW
HeapDestroy
HeapCreate
SearchPathW
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
UnmapViewOfFile
IsProcessorFeaturePresent
FindResourceExW
GetFileSize
lstrcmpA
SystemTimeToFileTime
GetProcessId
VirtualUnlock
MultiByteToWideChar
lstrcmpiA
ReadFileEx
WriteFileEx
CancelIo
SetFileValidData
GetLogicalDrives
GetVolumePathNameW
GetVolumeNameForVolumeMountPointW
GetDiskFreeSpaceW
SetFilePointerEx
SleepEx
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
GetExitCodeThread
GetProcessWorkingSetSize
SetProcessWorkingSetSize
SetThreadIdealProcessor
VirtualAlloc
VirtualLock
VirtualFree
GetLogicalProcessorInformation
GetThreadPriority
SetThreadAffinityMask
QueryPerformanceFrequency
CreateFileA
GetSystemTime
GetFileAttributesW
LoadLibraryExW
GetConsoleOutputCP
FindResourceA
GetSystemFirmwareTable
lstrcmpW
FileTimeToSystemTime
GetTempPathW
ProcessIdToSessionId
WTSGetActiveConsoleSessionId
OpenFileMappingW
MapViewOfFile
UnhandledExceptionFilter
GetModuleHandleA
SetUnhandledExceptionFilter
OutputDebugStringA
InterlockedCompareExchange
InterlockedExchange
InterlockedDecrement
InterlockedIncrement
GetCommandLineW
GetCurrentDirectoryW
SetLastError
GetComputerNameW
HeapFree
GetProcessHeap
HeapAlloc
FreeLibrary
GetProcAddress
GetLastError
LoadLibraryW
GetModuleHandleW
CloseHandle
CreateEventW
ResetEvent
SetEvent
SetThreadPriority
GetCurrentThread
SetPriorityClass
GetCurrentProcess
FindFirstFileW
FindNextFileW
GetSystemPowerStatus
GetVersionExW
WriteFile
GetStdHandle
GetSystemTimeAsFileTime
QueryPerformanceCounter
CreateFileMappingW
DeviceIoControl
SizeofResource
LockResource
LoadResource
FindResourceW
DeleteCriticalSection
Sleep
WideCharToMultiByte
WriteConsoleA
WriteConsoleW
GetFileType
GetHandleInformation
InitializeCriticalSection
FindClose
WaitForMultipleObjectsEx
ResumeThread
WaitForSingleObject
CreateProcessW
GetWindowsDirectoryW
LocalFree
FormatMessageW
GetTickCount
GetNumberFormatW
GetLocaleInfoW
DeleteFileW
CreateDirectoryW
OpenEventW
CreateMutexW
ReleaseMutex
ExpandEnvironmentStringsW
IsWow64Process
GetModuleFileNameW
HeapSetInformation
GetPriorityClass
SetConsoleCtrlHandler
CopyFileW

msvcrt

isspace
islower
toupper
sprintf_s
strcspn
_itoa_s
memchr
localeconv
_wtof
iswdigit
free
_time64
_purecall
__CxxFrameHandler3
memmove
memcpy
??1bad_cast@@UAE@XZ
_CxxThrowException
??0bad_cast@@QAE@ABV0@@Z
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@XZ
_CIasin
_CIatan
_CIcosh
_CIfmod
_CIsinh
_CItan
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABQBD@Z
memmove_s
memcpy_s
memset
_vsnwprintf
_controlfp
_except_handler4_common
?terminate@@YAXXZ
_onexit
_lock
__dllonexit
_unlock
__uncaught_exception
??1type_info@@UAE@XZ
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
abort
__mb_cur_max
__crtLCMapStringW
__crtGetStringTypeW
setlocale
___mb_cur_max_func
_errno
___lc_handle_func
___lc_codepage_func
isupper
__pctype_func
__crtLCMapStringA
malloc
_callnewh
_wfopen
fgets
feof
fclose
_snwprintf_s
_vsnwprintf_s
_snprintf_s
_vsnprintf_s
wcscat_s
wcstoul
floor
_CIsqrt
_CIpow
atof
_ftol2
_beginthreadex
modf
_ftol2_sse
vswprintf_s
ldiv
mbstowcs
iswpunct
time
qsort
_aligned_malloc
_aligned_free
rand
srand
_CIsin
_CIcos
_vsnprintf
fwprintf
wcsncmp
_wcsnicmp
_wcsicmp
bsearch
wcschr
wcsstr
strchr
_CIexp
_CIlog
isprint
iswascii
_CIacos
_CIatan2
_finite
_clearfp
_stricmp
tolower
isdigit
isalnum
isalpha
isxdigit
_strdup
atoi
_fpclass
_isnan
ceil
_CItanh

oleaut32

SysStringLen
SysFreeString
VariantInit
GetErrorInfo
SysAllocString
VariantClear

ole32

CLSIDFromString
PropVariantClear
StgCreateDocfile
CoInitializeEx
CoGetClassObject
CoCreateInstance
StringFromCLSID
CoTaskMemFree
CoInitialize
CoUninitialize

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

winmm

timeEndPeriod
waveOutGetNumDevs
timeBeginPeriod

user32

CharLowerW
GetMonitorInfoW
EnumDisplayMonitors
EnumDisplaySettingsW
EnumDisplayDevicesW
CharLowerBuffW
GetSystemMetrics
GetMessageW
MonitorFromPoint
LoadStringW
GetDesktopWindow
SetCursor
UnregisterClassW
MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjects
PostMessageW
DispatchMessageW
TranslateMessage
PeekMessageW
ShowWindow
MoveWindow
AdjustWindowRectEx
GetWindowLongW
SetWindowLongW
DestroyWindow
DefWindowProcW
EndPaint
BeginPaint
GetUpdateRect
RegisterClassW
CreateWindowExW
RegisterClassExW
LoadImageW
PostQuitMessage
SetWindowPos
UnregisterDeviceNotification
IsWindow

ntdll

WinSqmIsOptedIn
NtSetSystemInformation
NtOpenEvent
RtlInitUnicodeString
NtQueryVolumeInformationFile
NtOpenFile
NtDeviceIoControlFile
NtClose
RtlNtStatusToDosError
NtQuerySystemInformation
RtlRandom
RtlFindNextForwardRunClear
RtlFindClearBits
RtlInitializeBitMap
RtlGetCompressionWorkSpaceSize
RtlDecompressBuffer
RtlCompressBuffer
WinSqmEndSession
WinSqmStartSession
NtReadFile
RtlGetVersion
RtlReleaseSRWLockExclusive
RtlAcquireSRWLockShared
RtlReleaseSRWLockShared
RtlAcquireSRWLockExclusive
RtlInitializeSRWLock
WinSqmAddToStream
NtSetInformationFile
NtOpenKey
NtQueryObject
NtCreateFile

shell32

SHGetFolderPathW

gdi32

GetStockObject
DeleteObject

powrprof

CallNtPowerInformation
PowerGetActiveScheme

dxgi

DXGIReportAdapterConfiguration
CreateDXGIFactory

d3d10_1

D3D10CreateDeviceAndSwapChain1
D3D10CreateStateBlock
D3D10StateBlockMaskEnableAll
D3D10CompileShader

d3d10

D3D10CreateDeviceAndSwapChain

gdiplus

GdipBitmapUnlockBits
GdiplusStartup
GdipCreateBitmapFromStream
GdipBitmapLockBits
GdiplusShutdown
GdipDisposeImage

quartz

AMGetErrorTextW

shlwapi

StrFormatByteSizeW

rpcrt4

UuidToStringA
UuidCreateNil
UuidCreate
RpcStringFreeW
UuidToStringW
NdrServerCall2
RpcStringFreeA
RpcRevertToSelf
RpcImpersonateClient

setupapi

SetupDiCallClassInstaller
SetupDiGetSelectedDriverW
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsExW
SetupDiBuildDriverInfoList
SetupDiEnumDeviceInfo

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGELK
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 394KB - Virtual size: 433KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 920KB - Virtual size: 919KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 154KB - Virtual size: 155KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

037a5d612627b92ff8d32691d929a820

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

msvcrt

oleaut32

ole32

version

winmm

user32

ntdll

shell32

gdi32

powrprof

dxgi

d3d10_1

d3d10

gdiplus

quartz

shlwapi

rpcrt4

setupapi

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

PAGELK Size: 6KB - Virtual size: 5KB

.data Size: 394KB - Virtual size: 433KB

.rsrc Size: 920KB - Virtual size: 919KB

.reloc Size: 154KB - Virtual size: 155KB

.text
Size: 1.8MB - Virtual size: 1.8MB

PAGELK
Size: 6KB - Virtual size: 5KB

.data
Size: 394KB - Virtual size: 433KB

.rsrc
Size: 920KB - Virtual size: 919KB

.reloc
Size: 154KB - Virtual size: 155KB