489e0fc18a5e20990a6f1c68285c4e7d35bf89ee998347c9202feff1d7e8fdc8N

Sharing

Copy URL Twitter E-mail

General

Target

489e0fc18a5e20990a6f1c68285c4e7d35bf89ee998347c9202feff1d7e8fdc8N
Size

1.2MB
MD5

a8b19c69bc2b59dfaac615fc17b72870
SHA1

02a2365cabc09562c628e91942c35d289101bee8
SHA256

489e0fc18a5e20990a6f1c68285c4e7d35bf89ee998347c9202feff1d7e8fdc8
SHA512

21bcbb6db6dcede98572ac50fa24decd5d70660be9290530a539188a6d32a18788b433286aa8e4ecec57caae5e1307b20e525d3acd0830e01d8e3cbce07c3236
SSDEEP

24576:3WHW/AjSnL7CYI8FUk2k7ExVirnlBUKZ408vTZrX+lgdW:mHW/AjUfCYwkh6iLlBUKubZrX+ld

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
489e0fc18a5e20990a6f1c68285c4e7d35bf89ee998347c9202feff1d7e8fdc8N

Files

489e0fc18a5e20990a6f1c68285c4e7d35bf89ee998347c9202feff1d7e8fdc8N
.exe windows:6 windows x86 arch:x86

45cb83e65ae37ee3661f1716d9e4f6cc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\dvs\p4\build\sw\rel\gfclient\rel_03_28\nodejs\launcher\winxp_x86_release\nvnodejslauncher.pdb

Imports

shell32

CommandLineToArgvW
SHGetKnownFolderPath
SHGetFolderPathW

shlwapi

PathRemoveFileSpecW

oleaut32

SysAllocString
SysFreeString
VariantClear
VariantInit

ole32

CoInitialize
CoCreateInstance
CoTaskMemFree

kernel32

GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
CreateDirectoryW
GetCommandLineW
GetCurrentProcess
WriteFile
GetModuleFileNameW
K32GetModuleFileNameExW
InitializeCriticalSectionEx
WaitForSingleObject
CreateFileW
GetFileAttributesW
OpenEventW
OpenProcess
CreateToolhelp32Snapshot
CreateEventW
Sleep
GetTickCount64
GetLastError
Process32NextW
SetEvent
QueryPerformanceFrequency
Process32FirstW
CloseHandle
SetCurrentDirectoryW
FreeEnvironmentStringsW
MoveFileExW
GetCurrentProcessId
CreateProcessW
GetModuleHandleW
SystemTimeToTzSpecificLocalTime
GetSystemTime
QueryPerformanceCounter
GetProcAddress
FreeLibrary
ReadFile
GetFileSizeEx
RaiseException
DecodePointer
DeleteCriticalSection
WideCharToMultiByte
GetModuleFileNameA
SetLastError
GetFullPathNameW
ExpandEnvironmentStringsW
LocalAlloc
GetSystemDirectoryW
VerSetConditionMask
VerifyVersionInfoW
lstrcmpW
LoadLibraryExW
GetTimeZoneInformation
HeapReAlloc
EnumSystemLocalesW
GetProcessHeap
SetStdHandle
HeapSize
FlushFileBuffers
GetConsoleCP
GetConsoleMode
LocalFree
FindClose
MultiByteToWideChar
WriteConsoleW
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
SetFilePointerEx
FormatMessageW
GetStringTypeW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
EncodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentThreadId
InitializeSListHead
OutputDebugStringW
RtlUnwind
SetEnvironmentVariableW
ExitProcess
GetModuleHandleExW
GetStdHandle
HeapAlloc
HeapFree
GetFileType
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID

advapi32

CloseServiceHandle
OpenSCManagerW
OpenProcessToken
RegGetValueW
QueryServiceConfigW
OpenServiceW
GetTokenInformation
QueryServiceStatus

Sections

.text
Size: 346KB - Virtual size: 346KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 133KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 588KB - Virtual size: 592KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

45cb83e65ae37ee3661f1716d9e4f6cc

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shell32

shlwapi

oleaut32

ole32

kernel32

advapi32

Sections

.text Size: 346KB - Virtual size: 346KB

.rdata Size: 112KB - Virtual size: 111KB

.data Size: 7KB - Virtual size: 11KB

.rsrc Size: 133KB - Virtual size: 133KB

.reloc Size: 588KB - Virtual size: 592KB

.text
Size: 346KB - Virtual size: 346KB

.rdata
Size: 112KB - Virtual size: 111KB

.data
Size: 7KB - Virtual size: 11KB

.rsrc
Size: 133KB - Virtual size: 133KB

.reloc
Size: 588KB - Virtual size: 592KB