078b44bb39a3723857149b876c338410N

Sharing

Copy URL

Twitter E-mail

General

Target

078b44bb39a3723857149b876c338410N
Size

76KB
MD5

078b44bb39a3723857149b876c338410
SHA1

6f7dd540d9b9cb526fca5f1cdf6f1967f5b74edc
SHA256

c6e36defb8843efd54a51affd707df43fa110aba422a78d025fc5bfeddb520f9
SHA512

4eaadb6e7679f4e38b91e68b4b9b482c71c7417ed2338aeabe7a16e57e9dfd81d04866e621940a4ba789b72975666ef02ed85d9d41c24f38baa694c6a089444a
SSDEEP

768:MZVTQRRobGmqrqPhYQK3NIew9v4MkVvLAu7twfaN1BBtOqfH4T1giCeQ5rGGIeL/:MM/0OQpRg71XtXfS1UN2rfHK46QUbF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
078b44bb39a3723857149b876c338410N

Files

078b44bb39a3723857149b876c338410N
.exe windows:10 windows x64 arch:x64

3627be269990d67cf76a03fa55ef9a08

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

taskhostw.pdb

Imports

msvcrt

malloc
__CxxFrameHandler3
memcpy_s
memmove_s
wcsstr
??0exception@@QEAA@AEBV0@@Z
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@XZ
calloc
_purecall
free
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_commode
_fmode
_wcmdln
__C_specific_handler
_initterm
??0exception@@QEAA@AEBQEBDH@Z
_callnewh
__setusermatherr
_CxxThrowException
_cexit
_exit
??1type_info@@UEAA@XZ
exit
__set_app_type
__wgetmainargs
_XcptFilter
_amsg_exit
??1exception@@UEAA@XZ
memset

api-ms-win-core-heap-l1-1-0

HeapReAlloc
HeapDestroy
GetProcessHeap
HeapFree
HeapSize
HeapAlloc

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableLevel
GetTraceLoggerHandle
UnregisterTraceGuids
RegisterTraceGuidsW
TraceMessage
GetTraceEnableFlags

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetStartupInfoW
GetCurrentProcess
SetProcessShutdownParameters
CreateThread
GetExitCodeThread
GetThreadPriority
SetThreadPriority
GetCurrentThread
GetCurrentProcessId
TerminateProcess

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
LoadStringW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

rpcrt4

RpcAsyncCompleteCall
RpcBindingFree
RpcStringFreeW
RpcAsyncCancelCall
RpcAsyncInitializeHandle
RpcBindingSetAuthInfoExW
Ndr64AsyncClientCall
NdrClientCall3
RpcBindingFromStringBindingW
RpcStringBindingComposeW

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoInitializeSecurity
CoUninitialize
CoCancelCall
CoInitializeEx
CoDisableCallCancellation
CoEnableCallCancellation

api-ms-win-security-base-l1-1-0

SetSecurityDescriptorOwner
GetSecurityDescriptorOwner
GetAclInformation
GetSecurityDescriptorGroup
SetSecurityDescriptorGroup
FreeSid
AddAce
InitializeAcl
IsValidSid
GetSecurityDescriptorDacl
SetSecurityDescriptorDacl
CreateWellKnownSid
GetSecurityDescriptorSacl
GetSecurityDescriptorControl
MakeAbsoluteSD
GetLengthSid
InitializeSid
CopySid
GetSidSubAuthority
InitializeSecurityDescriptor
GetSidLengthRequired
AllocateAndInitializeSid

api-ms-win-core-synch-l1-1-0

AcquireSRWLockExclusive
ReleaseSRWLockExclusive
WaitForSingleObject
SetEvent
LeaveCriticalSection
EnterCriticalSection
InitializeSRWLock
ResetEvent
DeleteCriticalSection
InitializeCriticalSection
CreateEventW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-debug-l1-1-0

OutputDebugStringA
IsDebuggerPresent

api-ms-win-core-registry-l1-1-0

RegGetValueW

oleaut32

SysAllocString
SysFreeString

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-threadpool-legacy-l1-1-0

DeleteTimerQueueTimer
CreateTimerQueueTimer

ntdll

EtwTraceMessage
NtSetInformationProcess
RtlUnhandledExceptionFilter
RtlIsMultiSessionSku
DbgPrintEx

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Sections

.text
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 396B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3627be269990d67cf76a03fa55ef9a08

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-heap-l1-1-0

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

rpcrt4

api-ms-win-core-com-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-registry-l1-1-0

oleaut32

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-threadpool-legacy-l1-1-0

ntdll

api-ms-win-core-apiquery-l1-1-0

Sections

.text Size: 39KB - Virtual size: 38KB

.rdata Size: 28KB - Virtual size: 27KB

.data Size: 512B - Virtual size: 2KB

.pdata Size: 4KB - Virtual size: 4KB

.didat Size: 512B - Virtual size: 200B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 396B

.text
Size: 39KB - Virtual size: 38KB

.rdata
Size: 28KB - Virtual size: 27KB

.data
Size: 512B - Virtual size: 2KB

.pdata
Size: 4KB - Virtual size: 4KB

.didat
Size: 512B - Virtual size: 200B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 396B