75d5974f91c842265765e4498ee784a872c874e2752f5d1b69bfc32e3603ad10N

Sharing

Copy URL Twitter E-mail

General

Target

75d5974f91c842265765e4498ee784a872c874e2752f5d1b69bfc32e3603ad10N
Size

1.5MB
MD5

8b90aba85ade90abc9e8e1b9ece73bc0
SHA1

9bb43ba81520be3b4f77bdf14cae15cab6280e97
SHA256

75d5974f91c842265765e4498ee784a872c874e2752f5d1b69bfc32e3603ad10
SHA512

c03dfca4974c69746c5550ed8bb68af912baa2d3a6c218ba8597a62bd55c9006252fc6110c859341494b97dd99610790886894a5f392f3a4f4b35f6646f0f6fa
SSDEEP

24576:UcP4mcvIjkGOxhKP2l71nNKbrh/8KBXNyBo4kx929bL3Hnx:vP4m4IpOO67W8KqB+kn3Hnx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
75d5974f91c842265765e4498ee784a872c874e2752f5d1b69bfc32e3603ad10N

Files

75d5974f91c842265765e4498ee784a872c874e2752f5d1b69bfc32e3603ad10N
.exe windows:10 windows x64 arch:x64

09dddfe219af0afb9b41bffe283d1ce7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

WMPNetwk.pdb

Imports

advapi32

EventRegister
EventUnregister
TraceMessage
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
EventWriteTransfer
OpenSCManagerW
OpenServiceW
CloseServiceHandle
RegCloseKey
CreateServiceW
RegOpenKeyExW
ChangeServiceConfig2W
QueryServiceStatusEx
ControlService
DeleteService
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerExW
SetServiceStatus
CopySid
GetLengthSid
IsValidSid
InitializeAcl
AddAce
GetAclInformation
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSecurityDescriptorToStringSecurityDescriptorW
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
GetSecurityDescriptorDacl
SetSecurityDescriptorDacl
GetSecurityDescriptorSacl
GetSecurityDescriptorControl
MakeAbsoluteSD
InitializeSecurityDescriptor
GetNamedSecurityInfoW
RegQueryValueExW
RegDeleteValueW
RegSetValueExW
RegNotifyChangeKeyValue
ConvertStringSidToSidW
RegCreateKeyExW
RegSetKeySecurity
RegEnumKeyExW
RegGetValueW
EventWriteEx
SetSecurityInfo
GetSecurityInfo
SetSecurityDescriptorControl
GetAce
EqualSid
StartServiceW
ChangeServiceConfigW
LookupAccountSidW

kernel32

GetCurrentProcess
EnterCriticalSection
LeaveCriticalSection
CompareStringOrdinal
SetProcessWorkingSetSize
ResetEvent
IsWow64Process
lstrcmpW
GetModuleFileNameW
DeleteTimerQueueTimer
PowerClearRequest
CreateTimerQueue
ChangeTimerQueueTimer
CreateTimerQueueTimer
FindResourceW
CompareStringA
GetFullPathNameW
MultiByteToWideChar
MulDiv
RegisterWaitForSingleObject
UnregisterWaitEx
FormatMessageW
GetProcessHeap
HeapFree
CreateThread
WaitForMultipleObjects
GetStringTypeExW
lstrcmpiW
GetComputerNameW
GetDynamicTimeZoneInformation
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFileAttributesExW
TzSpecificLocalTimeToSystemTime
GetCurrentThreadId
FindCloseChangeNotification
FindFirstChangeNotificationW
FindNextChangeNotification
WideCharToMultiByte
DelayLoadFailureHook
ResolveDelayLoadedAPI
PowerSetRequest
GetTickCount64
WaitForSingleObject
CreateEventW
GetTickCount
Sleep
PowerCreateRequest
SetLastError
GetLastError
SetEvent
OpenEventW
LoadLibraryExW
FreeLibrary
GetProcAddress
LoadLibraryW
RegQueryInfoKeyW
RegGetKeySecurity
OutputDebugStringA
GetModuleHandleW
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
HeapDestroy
HeapAlloc
HeapReAlloc
HeapSize
LocalFree
CompareStringW
FindResourceExW
LoadResource
LockResource
SizeofResource
HeapSetInformation
DeleteCriticalSection
InitializeCriticalSection
CloseHandle
RaiseException
DeleteTimerQueueEx

msvcrt

__wgetmainargs
_amsg_exit
_XcptFilter
memmove
memcpy
_CxxThrowException
?what@exception@@UEBAPEBDXZ
_ui64tow_s
_ltow_s
_i64tow_s
exit
_exit
_cexit
__setusermatherr
??1type_info@@UEAA@XZ
ceil
wcsrchr
floor
memcmp
memset
realloc
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_commode
_fmode
_wcmdln
__set_app_type
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBD@Z
_callnewh
_strlwr_s
strncmp
_ultoa_s
_ultow_s
_wtol
_wtoi
qsort_s
_wcsicmp
_vsnwprintf
swscanf
wcsstr
wcstol
_wcslwr_s
_wcsnicmp
wcsncmp
iswdigit
towupper
_wcstoui64
wcstoul
_errno
_purecall
calloc
malloc
wcscpy_s
free
_wputenv
memmove_s
memcpy_s
__C_specific_handler
??_V@YAXPEAX@Z
__CxxFrameHandler3
??3@YAXPEAX@Z
_initterm
??0exception@@QEAA@AEBQEBDH@Z
strchr
wcscmp

user32

UnregisterPowerSettingNotification
RegisterPowerSettingNotification
PeekMessageW
DispatchMessageW
MsgWaitForMultipleObjectsEx
CharUpperW
CharUpperBuffW
UnregisterClassA
wvsprintfW

oleaut32

RegisterTypeLi
UnRegisterTypeLi
SysStringLen
SysAllocString
LoadTypeLi
SysFreeString
SysAllocStringLen
VariantInit
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayUnlock
SafeArrayPtrOfIndex
SafeArrayLock
SetErrorInfo
CreateErrorInfo
SafeArrayCopy
SafeArrayCreate
SafeArrayDestroy
VariantClear
LoadRegTypeLi

ole32

CoSetProxyBlanket
StringFromGUID2
CoCreateGuid
CLSIDFromProgID
CoTaskMemAlloc
IIDFromString
CoUnmarshalInterface
CoReleaseMarshalData
CoMarshalInterface
CreateStreamOnHGlobal
PropVariantClear
CoInitializeSecurity
CoInitializeEx
CoUninitialize
CoCreateInstance
CoTaskMemFree

wsock32

WSAGetLastError

iphlpapi

SendARP
GetIpNetEntry2
CancelIPChangeNotify
ResolveIpNetEntry2
GetIpAddrTable
GetBestInterfaceEx
GetAdaptersAddresses
NotifyIpInterfaceChange
NotifyAddrChange
CancelMibChangeNotify2

shlwapi

PathCreateFromUrlW
PathFindExtensionW
PathFindFileNameW
ord168
ord219
PathRemoveExtensionW
StrChrW

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

userenv

UnregisterGPNotification
RegisterGPNotification

netapi32

NetApiBufferFree
NetShareGetInfo

propsys

PropVariantToStringAlloc
PSGetPropertyDescriptionByName
InitPropVariantFromCLSID
PSGetPropertyKeyFromName
PropVariantToString

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Sections

.text
Size: 672KB - Virtual size: 671KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 151KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 568KB - Virtual size: 572KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

09dddfe219af0afb9b41bffe283d1ce7

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

msvcrt

user32

oleaut32

ole32

wsock32

iphlpapi

shlwapi

ntdll

userenv

netapi32

propsys

api-ms-win-core-apiquery-l1-1-0

Sections

.text Size: 672KB - Virtual size: 671KB

.rdata Size: 151KB - Virtual size: 151KB

.data Size: 14KB - Virtual size: 22KB

.pdata Size: 20KB - Virtual size: 19KB

.didat Size: 512B - Virtual size: 264B

.rsrc Size: 71KB - Virtual size: 70KB

.reloc Size: 568KB - Virtual size: 572KB

.text
Size: 672KB - Virtual size: 671KB

.rdata
Size: 151KB - Virtual size: 151KB

.data
Size: 14KB - Virtual size: 22KB

.pdata
Size: 20KB - Virtual size: 19KB

.didat
Size: 512B - Virtual size: 264B

.rsrc
Size: 71KB - Virtual size: 70KB

.reloc
Size: 568KB - Virtual size: 572KB