17ee25ecac6eacb492518fd39b77a2b0N

Sharing

Copy URL Twitter E-mail

General

Target

17ee25ecac6eacb492518fd39b77a2b0N
Size

1.5MB
MD5

17ee25ecac6eacb492518fd39b77a2b0
SHA1

adec4751e326b100f77558171f3b5dc4796f501f
SHA256

dd98aa37821386305adf8332fad253d3bf6b9b437eecb501b7b9f77e206f3465
SHA512

2e4f86c216111daa02717c3b55c09fcf5d76e6dd5ce42468f2d8be015acc9aa6ebc89e8a7c6669002a02e5eb5bf9ae74b00e33ef1633a73f8461014117c8c3ec
SSDEEP

24576:sBzo7HSG/Kvf2GbG3B3MUQZXQzxFBCa/ZupsqjnhMgeiCl7G0nehbGZpbD:sBCSGh1BwCCa/ZutDmg27RnWGj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
17ee25ecac6eacb492518fd39b77a2b0N

Files

17ee25ecac6eacb492518fd39b77a2b0N
.exe windows:10 windows x64 arch:x64

7dfc7478d6668760d96e18604ed6ab6e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

SecurityHealthService.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo
terminate
_errno
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_seh_filter_exe
_set_app_type
_configure_wide_argv
_initialize_wide_environment
_get_initial_wide_environment
_initterm
_initterm_e
exit
_exit
_invalid_parameter_noinfo_noreturn
_register_thread_local_exe_atexit_callback
__p___argc
_c_exit
_cexit
_beginthreadex
__p___wargv

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf
__stdio_common_vsnprintf_s
_set_fmode
__stdio_common_vswprintf
__acrt_iob_func
__p__commode
__stdio_common_vfwprintf
__stdio_common_vswscanf

api-ms-win-crt-string-l1-1-0

_wcsicmp
wcscmp
_wcsnicmp
wcscpy_s
memset
wcscat_s
_wcsdup
wcstok_s

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

_set_new_mode
free
malloc
_callnewh
calloc

api-ms-win-crt-private-l1-1-0

_CxxThrowException
__CxxFrameHandler4
__std_exception_destroy
memmove
__std_exception_copy
_purecall
__std_terminate
__C_specific_handler
memcmp
memcpy
__CxxFrameHandler3

ole32

CoTaskMemFree
CoAddRefServerProcess
CoInitializeEx
CoRevokeClassObject
CoRegisterClassObject
CoInitializeSecurity
CoResumeClassObjects
CoCreateInstance
CoUninitialize
CoReleaseServerProcess

kernel32

EncodePointer
CreateThreadpoolWork
SubmitThreadpoolWork
CreateEventW
SetThreadpoolThreadMaximum
SetThreadpoolThreadMinimum
DecodePointer
CreateThreadpool
CreateTimerQueueTimer
GetFileSizeEx
FindFirstFileW
FindNextFileW
ResetEvent
CloseThreadpool
CloseThreadpoolWork
OpenProcess
ExpandEnvironmentStringsW
RegisterWaitForSingleObject
WaitForThreadpoolWorkCallbacks
GetModuleFileNameA
CreateSemaphoreExW
HeapFree
SetLastError
EnterCriticalSection
ReleaseSemaphore
GetModuleHandleExW
LeaveCriticalSection
InitializeCriticalSectionEx
WaitForThreadpoolTimerCallbacks
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
FormatMessageW
GetLastError
ReleaseSRWLockExclusive
OutputDebugStringW
CloseThreadpoolTimer
AcquireSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
SetThreadpoolTimer
ReleaseSRWLockShared
CreateThreadpoolTimer
HeapAlloc
GetProcAddress
CreateMutexExW
AcquireSRWLockShared
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
DebugBreak
IsDebuggerPresent
FreeLibrary
LocalFree
GetTickCount
DeleteTimerQueueTimer
SetThreadPriority
GetCurrentThread
GetPrivateProfileStringW
GetLocalTime
SwitchToThread
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
GetPhysicallyInstalledSystemMemory
GetSystemDirectoryW
WaitForMultipleObjects
InitializeSRWLock
TryAcquireSRWLockExclusive
CreateDirectoryW
GetActiveProcessorCount
FindClose
CreateFileW
FindResourceW
SizeofResource
DelayLoadFailureHook
ResolveDelayLoadedAPI
LoadResource
LockResource
InitializeCriticalSectionAndSpinCount

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoRegisterActivationFactories
RoGetActivationFactory
RoRevokeActivationFactories

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceLoggerHandle
TraceMessage
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsGetStringRawBuffer
WindowsCreateStringReference

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertStringSidToSidW

api-ms-win-service-core-l1-1-0

RegisterServiceCtrlHandlerExW
SetServiceStatus
StartServiceCtrlDispatcherW

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegNotifyChangeKeyValue
RegGetValueW
RegOpenKeyExW
RegOpenCurrentUser
RegEnumValueW

api-ms-win-service-management-l1-1-0

OpenSCManagerW
CloseServiceHandle
OpenServiceW
StartServiceW
CreateServiceW
DeleteService

api-ms-win-service-management-l2-1-0

ChangeServiceConfigW
NotifyServiceStatusChangeW
QueryServiceConfigW
ChangeServiceConfig2W

api-ms-win-security-base-l1-1-0

CopySid
DuplicateTokenEx
ImpersonateLoggedOnUser
GetTokenInformation
AccessCheck
AdjustTokenPrivileges
CreateWellKnownSid
MakeAbsoluteSD
RevertToSelf
GetSecurityDescriptorDacl
GetLengthSid
InitializeAcl
CheckTokenMembership
FreeSid
GetSecurityDescriptorOwner
AllocateAndInitializeSid

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventRegister
EventUnregister
EventWriteTransfer

api-ms-win-eventing-controller-l1-1-0

StartTraceW
ControlTraceW

api-ms-win-eventing-legacy-l1-1-0

EnableTrace

api-ms-win-core-processthreads-l1-1-0

OpenThreadToken
CreateProcessAsUserW
OpenProcessToken

api-ms-win-core-file-l1-1-0

CompareFileTime
FileTimeToLocalFileTime
DeleteFileW
GetDiskFreeSpaceExW
GetFileAttributesW

oleaut32

SysStringLen
VariantClear
SysFreeString
VariantInit
VariantTimeToSystemTime
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SysAllocString
SafeArrayGetElement

api-ms-win-core-synch-l1-1-0

CreateEventExW
WaitForMultipleObjectsEx
SetEvent
SleepEx

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx

api-ms-win-core-com-l1-1-0

CoCreateFreeThreadedMarshaler
CoWaitForMultipleHandles
StringFromCLSID
CoDecrementMTAUsage
CoSetProxyBlanket
CoRevertToSelf
CoIncrementMTAUsage
CoImpersonateClient
CoTaskMemAlloc

api-ms-win-oobe-notification-l1-1-0

UnregisterWaitUntilOOBECompleted
RegisterWaitUntilOOBECompleted

userenv

RegisterGPNotification
DestroyEnvironmentBlock
UnregisterGPNotification
CreateEnvironmentBlock

api-ms-win-core-sysinfo-l1-1-0

GetSystemTime
GetWindowsDirectoryW
GetVersionExW
GetTickCount64

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
FileTimeToSystemTime

api-ms-win-power-base-l1-1-0

GetPwrCapabilities

api-ms-win-core-kernel32-legacy-l1-1-0

GetComputerNameW

api-ms-win-devices-config-l1-1-1

CM_Locate_DevNodeW
CM_MapCrToWin32Err
CM_Get_Device_ID_ListW
CM_Get_Device_ID_List_SizeW
CM_Get_DevNode_Status
CM_Get_DevNode_PropertyW

api-ms-win-core-errorhandling-l1-1-0

RaiseException

api-ms-win-core-path-l1-1-0

PathCchAppend

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceBeginInitialize
InitOnceComplete

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError

api-ms-win-security-lsalookup-l2-1-0

LookupAccountNameW
LookupPrivilegeValueW

api-ms-win-service-winsvc-l1-1-0

QueryServiceStatus

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-sysinfo-l1-2-0

GetProductInfo
VerSetConditionMask

api-ms-win-core-featurestaging-l1-1-0

UnsubscribeFeatureStateChangeNotification
SubscribeFeatureStateChangeNotification

firewallapi

FwAnalyzeFirewallPolicy
FWGetConfig
IcfChangeNotificationCreate
FWOpenPolicyStore
FwIsGroupPolicyEnforced
FwActivate
IcfChangeNotificationDestroy
FWClosePolicyStore

setupapi

SetupDiEnumDeviceInfo
SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList

wtsapi32

WTSQueryUserToken

ntdll

RtlQueryImageMitigationPolicy
RtlSetImageMitigationPolicy
RtlRunOnceExecuteOnce
NtQueryValueKey
NtClose
NtQuerySystemInformation
RtlPublishWnfStateData
NtQueryInformationProcess
RtlGetActiveConsoleId
RtlQueryWnfStateData
NtOpenKey
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlIsMultiUsersInSessionSku
NtEnumerateKey
RtlNtStatusToDosError
RtlGetPersistedStateLocation
RtlGetDeviceFamilyInfoEnum
NtQueryWnfStateData
RtlInitString
RtlIsMultiSessionSku
RtlSubscribeWnfStateChangeNotification

api-ms-win-core-threadpool-private-l1-1-0

RegisterWaitForSingleObjectEx

api-ms-win-core-libraryloader-l1-2-0

AddDllDirectory
LoadLibraryExW
RemoveDllDirectory
GetModuleFileNameW

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

api-ms-win-core-shutdown-l1-1-0

InitiateSystemShutdownExW

crypt32

CertVerifyCertificateChainPolicy
CryptBinaryToStringW

api-ms-win-core-processthreads-l1-1-1

GetProcessMitigationPolicy

api-ms-win-core-heap-l2-1-0

LocalAlloc

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
CompareStringW

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

wldp

WldpQueryWindowsLockdownMode

drvstore

DriverStoreOpenW
DriverStoreGetObjectPropertyW
DriverStoreFindW
DriverStoreClose

winbio

WinBioFree
WinBioEnumBiometricUnits

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z

api-ms-win-crt-utility-l1-1-0

qsort
ldiv

api-ms-win-crt-convert-l1-1-0

_wtol
wcstol

api-ms-win-core-registry-l2-1-0

RegDeleteKeyW

api-ms-win-core-version-l1-1-0

VerQueryValueW

api-ms-win-crt-math-l1-1-0

ceilf

Sections

.text
Size: 699KB - Virtual size: 698KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 185KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 416B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 572KB - Virtual size: 576KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7dfc7478d6668760d96e18604ed6ab6e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-private-l1-1-0

ole32

kernel32

api-ms-win-core-winrt-l1-1-0

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-security-sddl-l1-1-0

api-ms-win-service-core-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-service-management-l1-1-0

api-ms-win-service-management-l2-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-eventing-controller-l1-1-0

api-ms-win-eventing-legacy-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-file-l1-1-0

oleaut32

api-ms-win-core-synch-l1-1-0

api-ms-win-core-threadpool-legacy-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-oobe-notification-l1-1-0

userenv

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-timezone-l1-1-0

api-ms-win-power-base-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-0

api-ms-win-devices-config-l1-1-1

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-path-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-security-lsalookup-l2-1-0

api-ms-win-service-winsvc-l1-1-0

api-ms-win-core-psapi-l1-1-0

api-ms-win-core-sysinfo-l1-2-0

api-ms-win-core-featurestaging-l1-1-0

firewallapi

setupapi

wtsapi32

ntdll

api-ms-win-core-threadpool-private-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-kernel32-legacy-l1-1-1

api-ms-win-core-shutdown-l1-1-0

crypt32

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-heap-l2-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-apiquery-l1-1-0

wldp

drvstore

winbio

msvcp_win

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-core-registry-l2-1-0

api-ms-win-core-version-l1-1-0

api-ms-win-crt-math-l1-1-0

Sections

.text Size: 699KB - Virtual size: 698KB

.rdata Size: 185KB - Virtual size: 184KB

.data Size: 32KB - Virtual size: 36KB

.pdata Size: 22KB - Virtual size: 22KB

.text
Size: 699KB - Virtual size: 698KB

.rdata
Size: 185KB - Virtual size: 184KB

.data
Size: 32KB - Virtual size: 36KB

.pdata
Size: 22KB - Virtual size: 22KB

.didat
Size: 512B - Virtual size: 416B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 572KB - Virtual size: 576KB