c9e2b910268a70afdc40f4c48e026cd356318aa81c73fe97e35f21d830b26497N

Sharing

Copy URL Twitter E-mail

General

Target

c9e2b910268a70afdc40f4c48e026cd356318aa81c73fe97e35f21d830b26497N
Size

5.2MB
MD5

be01ada11ca1b7d311a536e46e4ef1c0
SHA1

b1d4157c3af44600eb7c28c810fde8a82fef0389
SHA256

c9e2b910268a70afdc40f4c48e026cd356318aa81c73fe97e35f21d830b26497
SHA512

a6bb2b46bcd1734e618f9e553e6fcb868a996914e8fd4c9be9b947a07c25ec5decb00b5615380498720cf10538459d3865b5ca9ba9675f35a4f6753ce862bb84
SSDEEP

49152:cqXC0FciXZbDsD49XpzK4Hy0kBkzCym7VRueZQ56fjdTfd2svYT7MiX2/IajNGvS:E2JR95axyOked2swTgioGD+Uqq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c9e2b910268a70afdc40f4c48e026cd356318aa81c73fe97e35f21d830b26497N

Files

c9e2b910268a70afdc40f4c48e026cd356318aa81c73fe97e35f21d830b26497N
.exe windows:6 windows x64 arch:x64

95686bd7b223c506f7d914aaad8412ae

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

osppsvc.pdb

Imports

advapi32

TraceMessage
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerW
SetServiceStatus
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
AllocateAndInitializeSid
CheckTokenMembership
ConvertStringSidToSidW
FreeSid
RegDeleteValueW
RegQueryInfoKeyW
RegEnumKeyW
RegCreateKeyExW
RegSetKeySecurity
RegSetValueExW
RegDeleteKeyW
RegisterEventSourceW
ReportEventW
DeregisterEventSource
CryptGenRandom
CryptAcquireContextW
CryptReleaseContext
ConvertSidToStringSidW
OpenProcessToken
EqualSid
GetTokenInformation
RegEnumKeyExW
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptDestroyKey
CryptEncrypt
CryptDecrypt
CryptImportKey
CryptSignHashA
CryptVerifySignatureA
CryptExportKey
CryptGenKey
RegOpenKeyW
RegCreateKeyW
LookupAccountNameW

kernel32

RegisterWaitForSingleObject
CreateTimerQueue
CreateTimerQueueTimer
GetModuleHandleExW
DeleteCriticalSection
UnregisterWaitEx
CloseHandle
DeleteTimerQueue
DecodePointer
DeleteTimerQueueEx
EncodePointer
InitializeCriticalSectionAndSpinCount
FileTimeToSystemTime
CreateMutexW
OpenMutexW
ReleaseMutex
GetTickCount
CreateSemaphoreW
GetDateFormatW
GetTimeFormatW
ExpandEnvironmentStringsW
MultiByteToWideChar
CreateFileW
GetFileSize
ReadFile
QueueUserWorkItem
GetCurrentProcessId
OpenProcess
WriteFile
GetFileAttributesW
SetFileAttributesW
ChangeTimerQueueTimer
CreateDirectoryW
GetFileSizeEx
GetSystemInfo
CreateEventW
CompareFileTime
GetSystemTimeAsFileTime
lstrlenW
VirtualProtect
GetSystemTime
DebugBreak
lstrcmpiW
GetPrivateProfileStringW
InitializeCriticalSection
GetVersion
VirtualAlloc
SetLastError
VirtualFree
GetLocalTime
DeleteFileW
FlushFileBuffers
CopyFileW
MoveFileExW
SetFilePointer
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetVersionExA
WideCharToMultiByte
GetComputerNameW
DeviceIoControl
LCMapStringW
GetModuleHandleA
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
GetSystemDirectoryW
UnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
RaiseException
GetProcAddress
LoadLibraryW
FreeLibrary
Sleep
GetVersionExW
WaitForSingleObject
SetEvent
ReleaseSemaphore
HeapSetInformation
LeaveCriticalSection
EnterCriticalSection
DeleteTimerQueueTimer
GetCurrentThreadId
LocalFree
SetThreadPriority
GetThreadPriority
GetCurrentProcess
DuplicateHandle
GetCurrentThread
GetLastError
OpenThread
LocalAlloc
GetProcessHeap
HeapFree
HeapAlloc
SystemTimeToFileTime

msvcrt

_wtof
_wtoi
memcmp
_itow
rand
srand
time
_ui64tow
malloc
?terminate@@YAXXZ
memset
memcpy
_onexit
_lock
__dllonexit
_unlock
__set_app_type
_fmode
_commode
__setusermatherr
_amsg_exit
_initterm
exit
_cexit
_exit
_XcptFilter
__C_specific_handler
__wgetmainargs
wcsncmp
_wcsnicmp
_purecall
sscanf
wcschr
_wcsicmp
swscanf
memmove
_vsnwprintf
free

rpcrt4

UuidCreate
UuidFromStringW
UuidToStringW
RpcStringFreeW
RpcServerUseProtseqEpW
RpcServerRegisterIfEx
RpcServerListen
RpcServerInqCallAttributesW
I_RpcBindingInqLocalClientPID
I_RpcMapWin32Status
RpcServerUnregisterIf
RpcMgmtStopServerListening
RpcRaiseException
RpcImpersonateClient
RpcRevertToSelfEx
NdrServerCall2

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlDeleteFunctionTable
RtlInstallFunctionTableCallback

user32

CharPrevW
CharNextW

ole32

CoInitializeEx
CoUninitialize
CoInitializeSecurity

Sections

.text
Size: 4.1MB - Virtual size: 4.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 451KB - Virtual size: 451KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 584KB - Virtual size: 588KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

95686bd7b223c506f7d914aaad8412ae

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

msvcrt

rpcrt4

ntdll

user32

ole32

Sections

.text Size: 4.1MB - Virtual size: 4.1MB

.data Size: 451KB - Virtual size: 451KB

.pdata Size: 72KB - Virtual size: 71KB

.rsrc Size: 25KB - Virtual size: 25KB

.reloc Size: 584KB - Virtual size: 588KB

.text
Size: 4.1MB - Virtual size: 4.1MB

.data
Size: 451KB - Virtual size: 451KB

.pdata
Size: 72KB - Virtual size: 71KB

.rsrc
Size: 25KB - Virtual size: 25KB

.reloc
Size: 584KB - Virtual size: 588KB