2f9fffd46ca423902d6ed7473e74dbd31c40ab2570e496849c543a6f2b6831c8

Sharing

Copy URL Twitter E-mail

General

Target

2f9fffd46ca423902d6ed7473e74dbd31c40ab2570e496849c543a6f2b6831c8
Size

1.8MB
MD5

ad93b5a619c824d060d0929826b97265
SHA1

5425c9301cf36df2007ab3dce55870156385e891
SHA256

2f9fffd46ca423902d6ed7473e74dbd31c40ab2570e496849c543a6f2b6831c8
SHA512

46233a58d484c3e50f737cf5cb62d75ea09b09228eb8bc83405106e7b40c579e43e98c7858e6e7f0ebe1ec80632b6efe2ad0772d871abb0ccab18780b1981511
SSDEEP

49152:cE9hT9Lq+YQKqyAm5brWmEmqBvwZJGNHj:p+qPhp9BIZAND

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2f9fffd46ca423902d6ed7473e74dbd31c40ab2570e496849c543a6f2b6831c8

Files

2f9fffd46ca423902d6ed7473e74dbd31c40ab2570e496849c543a6f2b6831c8
.exe windows:6 windows x64 arch:x64

750fe0581338cf407b9db9aa99c99635

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\MyASUS\SSOURCE\LinkV3\RC21\AsusLinkNear\AsusSync\x64\Release\AsusLinkNear.pdb

Imports

api-ms-win-core-synch-l1-1-0

CreateMutexW
DeleteCriticalSection
OpenEventW
EnterCriticalSection
LeaveCriticalSection
OpenMutexW
CreateEventW
WaitForSingleObject
ReleaseMutex
SetEvent
ResetEvent
InitializeCriticalSectionAndSpinCount
ReleaseSemaphore
InitializeCriticalSection

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-2-1

CreateSemaphoreW
WaitForMultipleObjects

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

ExitThread
GetProcessId
GetCurrentProcess
OpenProcessToken
ResumeThread
TerminateProcess
CreateThread
ExitProcess
CreateProcessAsUserW
TlsFree
TerminateThread
TlsSetValue
TlsGetValue
TlsAlloc
GetExitCodeProcess
SetThreadPriority

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW
FindResourceW

api-ms-win-core-libraryloader-l1-2-0

FreeResource
LoadLibraryExW
SizeofResource
GetModuleHandleExW
FreeLibrary
GetModuleFileNameW
GetProcAddress
GetModuleHandleW
LockResource
LoadResource
FreeLibraryAndExitThread

api-ms-win-core-errorhandling-l1-1-0

RaiseException
SetLastError
GetLastError

api-ms-win-mm-mme-l1-1-0

waveOutWrite
waveOutUnprepareHeader
waveOutReset
waveOutClose
waveOutOpen
waveOutPrepareHeader

api-ms-win-core-file-l1-1-0

FindFirstFileExW
CreateFileW
ReadFile
FindFirstFileW
GetFileAttributesW
WriteFile
DeleteFileW
SetFilePointer
CreateDirectoryW
FindNextFileW
SetFilePointerEx
GetFileSizeEx
GetFileType
FlushFileBuffers
FindClose

api-ms-win-core-io-l1-1-0

DeviceIoControl
GetOverlappedResult

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoCreateInstance
CoInitializeEx
CoUninitialize

ws2_32

socket
WSAGetLastError
connect
closesocket
send
recv
WSACleanup
WSAStartup
bind
getsockname
WSASetServiceW
listen
accept
htons
inet_addr
ntohs
ntohl
GetHostNameW
inet_ntoa
getpeername

api-ms-win-core-sysinfo-l1-1-0

GetWindowsDirectoryW
GetSystemTime
GetSystemDirectoryW
GetTickCount64
GetTickCount

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte
CompareStringW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-kernel32-legacy-l1-1-0

MoveFileW
GetComputerNameW
WTSGetActiveConsoleSessionId

api-ms-win-security-base-l1-1-0

AdjustTokenPrivileges
SetSecurityDescriptorDacl
SetTokenInformation
AllocateAndInitializeSid
InitializeSecurityDescriptor
DuplicateTokenEx
FreeSid

api-ms-win-core-memory-l1-1-0

CreateFileMappingW
MapViewOfFile
UnmapViewOfFile

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegSetValueExW
RegCreateKeyExW
RegEnumKeyExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegNotifyChangeKeyValue

iphlpapi

NotifyAddrChange
GetAdaptersAddresses

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentVariableW
SetStdHandle
GetCommandLineA
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetStdHandle
GetCommandLineW

api-ms-win-core-version-l1-1-1

GetFileVersionInfoSizeW
GetFileVersionInfoW

api-ms-win-core-version-l1-1-0

VerQueryValueW

ext-ms-win-networking-wlanapi-l1-1-0

WlanFreeMemory
WlanEnumInterfaces
WlanQueryInterface
WlanGetAvailableNetworkList
WlanCloseHandle
WlanOpenHandle

wlanapi

WlanGetNetworkBssList
WlanScan
WlanRegisterNotification

api-ms-win-core-registry-l1-1-1

RegDeleteKeyValueW

api-ms-win-service-core-l1-1-0

SetServiceStatus
RegisterServiceCtrlHandlerExW
StartServiceCtrlDispatcherW

api-ms-win-service-management-l1-1-0

OpenSCManagerW
CreateServiceW
CloseServiceHandle
DeleteService
OpenServiceW
StartServiceW

api-ms-win-service-management-l2-1-0

ChangeServiceConfig2W

api-ms-win-core-localization-l1-2-0

GetACP
IsValidCodePage
EnumSystemLocalesW
GetLocaleInfoW
GetOEMCP
FormatMessageW
LCMapStringW
IsValidLocale
GetUserDefaultLCID

api-ms-win-service-winsvc-l1-1-0

ControlService
QueryServiceStatus

api-ms-win-core-registry-l2-1-0

RegCreateKeyW
RegDeleteKeyW

api-ms-win-core-console-l1-1-0

GetConsoleOutputCP
GetConsoleMode
WriteConsoleW

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW

api-ms-win-devices-config-l1-1-1

CM_Get_DevNode_Status
CM_Get_Device_Interface_ListW
CM_MapCrToWin32Err
CM_Get_Device_Interface_List_SizeW

d3d11

D3D11CreateDevice

mfplat

MFCreateDXGIDeviceManager
MFShutdown
MFTEnumEx
MFCreateMediaType
MFCreateSample
MFCreateDXGISurfaceBuffer
MFStartup
MFCreateMemoryBuffer

dxgi

CreateDXGIFactory1
CreateDXGIFactory
CreateDXGIFactory2

oleaut32

SysAllocString
VariantInit
SysFreeString

api-ms-win-core-psapi-l1-1-0

K32GetModuleFileNameExW

api-ms-win-core-processthreads-l1-1-1

OpenProcess

dnsapi

DnsServiceRegister
DnsServiceDeRegister
DnsServiceBrowse
DnsServiceBrowseCancel
DnsFree
DnsServiceFreeInstance

rpcrt4

RpcServerInqCallAttributesW
RpcBindingVectorFree
RpcEpUnregister
RpcServerUnregisterIf
NdrServerCall2
RpcServerListen
RpcEpRegisterW
RpcServerInqBindings
RpcServerRegisterIf3
RpcServerUseProtseqEpW
NdrServerCallAll

api-ms-win-security-base-l1-2-2

DeriveCapabilitySidsFromName

api-ms-win-security-provider-l1-1-0

SetEntriesInAclW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-mm-time-l1-1-0

timeBeginPeriod
timeEndPeriod

api-ms-win-eventing-classicprovider-l1-1-0

UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
TraceMessage

api-ms-win-oobe-notification-l1-1-0

RegisterWaitUntilOOBECompleted
UnregisterWaitUntilOOBECompleted

api-ms-win-power-setting-l1-1-0

PowerSettingUnregisterNotification
PowerSettingRegisterNotification

api-ms-win-power-base-l1-1-0

GetPwrCapabilities

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

api-ms-win-security-lsalookup-ansi-l2-1-0

LookupAccountNameA

user32

RegisterClassExW
LoadCursorW
wsprintfA
GetMessageW
PostQuitMessage
SendMessageTimeoutW
TranslateMessage
wsprintfW
PostMessageW
DispatchMessageW
DefWindowProcW
CreateWindowExW
LoadIconW
FindWindowW

shell32

ShellExecuteW
ShellExecuteExW

advapi32

DeregisterEventSource
RegisterEventSourceW
ReportEventW

setupapi

CM_Get_Device_Interface_List_ExW
CM_Get_Device_Interface_List_Size_ExW

wtsapi32

WTSFreeMemory
WTSEnumerateSessionsW
WTSQueryUserToken

ole32

CoInitialize

msdmo

MoFreeMediaType
MoInitMediaType

kernel32

IsDebuggerPresent
GetStartupInfoW
SetUnhandledExceptionFilter
GetCurrentProcessId
UnhandledExceptionFilter
GetSystemTimeAsFileTime
RtlVirtualUnwind
InitializeSListHead
RtlLookupFunctionEntry
RtlCaptureContext
__C_specific_handler
GetCPInfo
SleepConditionVariableSRW
GetStringTypeW
QueryPerformanceFrequency
IsProcessorFeaturePresent
GetSystemTimePreciseAsFileTime
DuplicateHandle
WaitForSingleObjectEx
GetCurrentThread
GetCurrentThreadId
GetExitCodeThread
InitializeSRWLock
ReleaseSRWLockExclusive
LCMapStringEx
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
InitializeCriticalSectionEx
TryEnterCriticalSection
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
EncodePointer
InitOnceExecuteOnce
DecodePointer

api-ms-win-core-rtlsupport-l1-1-0

RtlPcToFileHeader
RtlUnwindEx

api-ms-win-core-fibers-l1-1-0

FlsFree
FlsAlloc
FlsGetValue
FlsSetValue

api-ms-win-core-heap-l1-1-0

HeapSize
HeapAlloc
HeapFree
GetProcessHeap
HeapReAlloc

Sections

.text
Size: 682KB - Virtual size: 682KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 390KB - Virtual size: 390KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gehcont
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 164KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 568KB - Virtual size: 572KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

750fe0581338cf407b9db9aa99c99635

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-core-synch-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-synch-l1-2-1

api-ms-win-core-synch-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-mm-mme-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-io-l1-1-0

api-ms-win-core-com-l1-1-0

ws2_32

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-core-registry-l1-1-0

iphlpapi

api-ms-win-core-file-l1-2-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-version-l1-1-1

api-ms-win-core-version-l1-1-0

ext-ms-win-networking-wlanapi-l1-1-0

wlanapi

api-ms-win-core-registry-l1-1-1

api-ms-win-service-core-l1-1-0

api-ms-win-service-management-l1-1-0

api-ms-win-service-management-l2-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-service-winsvc-l1-1-0

api-ms-win-core-registry-l2-1-0

api-ms-win-core-console-l1-1-0

api-ms-win-security-lsalookup-l2-1-0

api-ms-win-devices-config-l1-1-1

d3d11

mfplat

dxgi

oleaut32

api-ms-win-core-psapi-l1-1-0

api-ms-win-core-processthreads-l1-1-1

dnsapi

rpcrt4

api-ms-win-security-base-l1-2-2

api-ms-win-security-provider-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-mm-time-l1-1-0

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-oobe-notification-l1-1-0

api-ms-win-power-setting-l1-1-0

api-ms-win-power-base-l1-1-0

userenv

api-ms-win-security-lsalookup-ansi-l2-1-0

user32

shell32

advapi32

setupapi

wtsapi32

ole32

msdmo

kernel32

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-fibers-l1-1-0

api-ms-win-core-heap-l1-1-0

Sections

.text Size: 682KB - Virtual size: 682KB

.text
Size: 682KB - Virtual size: 682KB

.rdata
Size: 390KB - Virtual size: 390KB

.data
Size: 12KB - Virtual size: 19KB

.pdata
Size: 26KB - Virtual size: 26KB

.gehcont
Size: 512B - Virtual size: 20B

.rsrc
Size: 164KB - Virtual size: 163KB

.reloc
Size: 568KB - Virtual size: 572KB