cf65aaa59bac3417a873fea2ec30dd0ed8c07476a4c7440f13d2fd22b560b0ab

Sharing

Copy URL

Twitter E-mail

General

Target

cf65aaa59bac3417a873fea2ec30dd0ed8c07476a4c7440f13d2fd22b560b0ab
Size

1.3MB
MD5

68e5ac1450ce181933f5c0fce402d291
SHA1

6242516a888eca247e02e0646f6ef026eab28b4e
SHA256

cf65aaa59bac3417a873fea2ec30dd0ed8c07476a4c7440f13d2fd22b560b0ab
SHA512

97d4a94ae6bf072922d2cf44825523fe0c65c26420ba5d94d06d0957914b58a4b05a2f8aad383a3cc91f2bba31330348ce6c20804f80e78789d55fe69f8c1682
SSDEEP

24576:lNvC2AJ+Nl8F8vi7BBRLGxVirnlBUKZ408vTZrX+lgdW:lNvCfh8K7BrgiLlBUKubZrX+ld

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cf65aaa59bac3417a873fea2ec30dd0ed8c07476a4c7440f13d2fd22b560b0ab

Files

cf65aaa59bac3417a873fea2ec30dd0ed8c07476a4c7440f13d2fd22b560b0ab
.exe windows:6 windows x64 arch:x64

ca1779863fa32a13bf1d3b0f0786e1f9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\Projects\AsusUpdateCheck\x64\Release\AsusUpdateCheck.pdb

Imports

kernel32

TerminateProcess
OpenProcess
CreateToolhelp32Snapshot
ProcessIdToSessionId
Process32NextW
Process32FirstW
WTSGetActiveConsoleSessionId
CreateProcessW
GetExitCodeProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
CreateDirectoryW
FindFirstFileExW
RemoveDirectoryW
GetFileAttributesW
GetLogicalProcessorInformation
GetProcAddress
GetModuleHandleW
GetSystemFirmwareTable
InitializeCriticalSectionEx
HeapSize
HeapReAlloc
RaiseException
FindResourceExW
DecodePointer
HeapDestroy
GetStdHandle
LoadLibraryW
FreeLibrary
GetSystemDirectoryW
GetCurrentProcessId
SetEndOfFile
WriteConsoleW
SetStdHandle
SetEnvironmentVariableW
LoadResource
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
GetFileAttributesExW
ReadConsoleW
LockResource
FreeResource
SizeofResource
GetProcessHeap
HeapAlloc
MapViewOfFile
QueueUserWorkItem
GetCurrentThreadId
ResetEvent
CreateThread
DeleteFileW
Sleep
WaitForMultipleObjects
FlushFileBuffers
WideCharToMultiByte
GetWindowsDirectoryW
lstrcatW
OutputDebugStringW
FormatMessageW
LocalAlloc
OutputDebugStringA
GetCommandLineW
LocalFree
GetLastError
CreateEventW
WaitForSingleObject
SetEvent
ReadFile
MoveFileW
lstrcmpW
lstrcpyW
GetFileSize
CloseHandle
CreateFileW
FindClose
SetFilePointer
lstrcpynW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetFileType
GetCommandLineA
GetModuleHandleExW
ExitProcess
LoadLibraryExW
CreateFileMappingW
MultiByteToWideChar
UnmapViewOfFile
GetFileSizeEx
GetCurrentProcess
GetModuleFileNameW
HeapFree
RtlPcToFileHeader
RtlUnwindEx
InitializeSListHead
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WaitForSingleObjectEx
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SwitchToThread
InitializeCriticalSectionAndSpinCount
SetLastError
GetCPInfo
EncodePointer
FindResourceW
WriteFile
lstrlenW
FindNextFileW
FindFirstFileW
FreeEnvironmentStringsW
RtlUnwind

user32

SendMessageW
TranslateMessage
GetMessageW
DispatchMessageW
GetWindowThreadProcessId
GetWindow
FindWindowExW
IsWindowVisible

advapi32

CryptAcquireContextW
RegGetValueW
RegCloseKey
OpenServiceW
CryptAcquireContextA
CryptDeriveKey
CryptReleaseContext
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegDeleteValueW
RegQueryValueExW
CreateProcessAsUserW
DuplicateTokenEx
CryptDestroyKey
CryptDecrypt
CryptVerifySignatureW
CryptCreateHash
CryptHashData
CryptDestroyHash
DeregisterEventSource
RegisterServiceCtrlHandlerExW
SetServiceStatus
StartServiceCtrlDispatcherW
RegisterEventSourceW
ReportEventW
SetSecurityDescriptorDacl
OpenProcessToken
InitializeSecurityDescriptor
CreateServiceW
QueryServiceStatus
CloseServiceHandle
OpenSCManagerW
DeleteService
ControlService
FreeSid

shell32

Shell_NotifyIconW
ShellExecuteExW

ole32

CoCreateInstance
CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
CoUninitialize

oleaut32

VariantInit
SysFreeString
VariantClear
SysAllocString

iphlpapi

NotifyRouteChange2
CancelMibChangeNotify2
GetAdaptersInfo

setupapi

SetupDiDestroyDeviceInfoList
SetupDiOpenDevRegKey
SetupDiGetDeviceInstanceIdW
SetupDiGetClassDevsW
SetupDiEnumDeviceInfo

winhttp

WinHttpQueryHeaders
WinHttpReadData
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpCloseHandle
WinHttpSendRequest
WinHttpConnect
WinHttpCrackUrl
WinHttpQueryDataAvailable
WinHttpOpen
WinHttpReceiveResponse
WinHttpSetOption

ws2_32

setsockopt
recv
socket
WSAGetLastError
freeaddrinfo
getaddrinfo
listen
bind
accept
send
WSACleanup
WSAStartup
closesocket

crypt32

CryptImportPublicKeyInfo
CryptDecodeObjectEx

netapi32

NetUserGetInfo
NetApiBufferFree

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock
GetUserProfileDirectoryW
GetAllUsersProfileDirectoryW

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory
WTSQueryUserToken

Sections

.text
Size: 253KB - Virtual size: 252KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 138KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 326KB - Virtual size: 326KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 568KB - Virtual size: 572KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ca1779863fa32a13bf1d3b0f0786e1f9

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

iphlpapi

setupapi

winhttp

ws2_32

crypt32

netapi32

userenv

wtsapi32

Sections

.text Size: 253KB - Virtual size: 252KB

.rdata Size: 138KB - Virtual size: 138KB

.data Size: 5KB - Virtual size: 17KB

.pdata Size: 13KB - Virtual size: 13KB

.rsrc Size: 326KB - Virtual size: 326KB

.reloc Size: 568KB - Virtual size: 572KB

.text
Size: 253KB - Virtual size: 252KB

.rdata
Size: 138KB - Virtual size: 138KB

.data
Size: 5KB - Virtual size: 17KB

.pdata
Size: 13KB - Virtual size: 13KB

.rsrc
Size: 326KB - Virtual size: 326KB

.reloc
Size: 568KB - Virtual size: 572KB