278fc79cf6df216951dd02ce23008a4f61f8daceaa1300dc24fa9fde326a36fbN

Sharing

Copy URL Twitter E-mail

General

Target

278fc79cf6df216951dd02ce23008a4f61f8daceaa1300dc24fa9fde326a36fbN
Size

325KB
MD5

2580f97211c2e07677e37e0957660010
SHA1

8d7bb1203be05972fa94736177c8b9f29765d814
SHA256

278fc79cf6df216951dd02ce23008a4f61f8daceaa1300dc24fa9fde326a36fb
SHA512

3faf6585a99af8c97fbe05dbdd5e38485bcfe427fdf392fc864c04994a6ab8e88f6c9bd63d0584c726ea389a98b14a89e6cb7c3823bddaff71b54840975cbce8
SSDEEP

6144:QfPzgqvRP131cB407qCXrhRkwMdcoUcLp9w9BDXsQSk:QfPzg2P1lA7qCXrcraQ9wjSk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
278fc79cf6df216951dd02ce23008a4f61f8daceaa1300dc24fa9fde326a36fbN

Files

278fc79cf6df216951dd02ce23008a4f61f8daceaa1300dc24fa9fde326a36fbN
.exe windows:4 windows x86 arch:x86

cf8d240557065c15a749829bee8ad761

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_XcptFilter
exit
_acmdln
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_exit

lz32

LZSeek

advapi32

RegQueryMultipleValuesW
SetNamedSecurityInfoA
LsaAddAccountRights
ReportEventA
UnlockServiceDatabase
GetAclInformation
IsValidSid
SetEntriesInAclA
LsaQueryTrustedDomainInfoByName
GetAuditedPermissionsFromAclW
GetUserNameW
GetPrivateObjectSecurity
CreateServiceA
LsaRemoveAccountRights
GetTrusteeFormA
IsValidAcl
RegSaveKeyA
CloseEventLog
OpenServiceA
RegCreateKeyW
LsaRetrievePrivateData
OpenBackupEventLogW
GetExplicitEntriesFromAclW
RegReplaceKeyW
EnumServicesStatusA
RegEnumValueW
LsaClose
RegQueryMultipleValuesA
RegQueryInfoKeyW
RegUnLoadKeyA
OpenEventLogA
RegDeleteValueW
QueryServiceConfig2W
GetSidSubAuthority
GetSecurityDescriptorOwner
GetNumberOfEventLogRecords
LookupPrivilegeDisplayNameW
ChangeServiceConfig2A
RegQueryValueExA
OpenBackupEventLogA
LsaEnumerateAccountRights
ChangeServiceConfigW
AdjustTokenPrivileges
DeleteService
GetServiceDisplayNameW
MakeSelfRelativeSD
QueryServiceObjectSecurity
ObjectCloseAuditAlarmA
GetKernelObjectSecurity
GetOldestEventLogRecord
GetSidIdentifierAuthority
QueryServiceLockStatusW
ObjectOpenAuditAlarmW
RegisterEventSourceW
SetSecurityInfo
RegLoadKeyW
ReportEventW
GetNamedSecurityInfoW
ImpersonateSelf
RegEnumKeyExW
RegReplaceKeyA
LsaQueryTrustedDomainInfo
LookupAccountNameW
OpenServiceW
LookupPrivilegeNameW
QueryServiceConfigA
LookupSecurityDescriptorPartsW
AddAce
IsTokenRestricted
RegOpenKeyExW
RegOpenKeyA
RegCreateKeyExA
GetServiceKeyNameA
LookupPrivilegeValueA
SetFileSecurityA
BuildExplicitAccessWithNameW
LogonUserW
BackupEventLogA
MapGenericMask
GetSecurityInfo
RevertToSelf
MakeAbsoluteSD
LsaEnumerateAccountsWithUserRight
AdjustTokenGroups
SetFileSecurityW
AccessCheck
PrivilegedServiceAuditAlarmW
RegCreateKeyExW
RegGetKeySecurity
SetThreadToken
GetSecurityDescriptorSacl
QueryServiceConfig2A
AccessCheckAndAuditAlarmA
ControlService
LogonUserA
GetSecurityDescriptorDacl
StartServiceA
RegisterEventSourceA
RegOpenKeyW
AbortSystemShutdownW
RegDeleteKeyA
RegDeleteKeyW
ObjectPrivilegeAuditAlarmA
CopySid
SetPrivateObjectSecurity
GetFileSecurityA
GetLengthSid
QueryServiceStatus
RegisterServiceCtrlHandlerW
RegSetValueA
QueryServiceLockStatusA
AllocateAndInitializeSid
RegOverridePredefKey
SetKernelObjectSecurity
RegisterServiceCtrlHandlerA
FreeSid
DecryptFileW
SetSecurityDescriptorSacl
RegQueryValueA
ReadEventLogW
BuildTrusteeWithNameW
SetServiceStatus
CloseServiceHandle
GetSecurityDescriptorLength
GetNamedSecurityInfoA
LsaOpenPolicy
AddAccessAllowedAce
GetTokenInformation
ObjectDeleteAuditAlarmW

user32

OemKeyScan
CreateDialogParamA

kernel32

GetPrivateProfileSectionA
DeleteFileA
FreeEnvironmentStringsA
AddAtomW
FindNextChangeNotification
GetTempFileNameA
GetCommProperties
CreateFileMappingW
GetPriorityClass
FileTimeToSystemTime
GetModuleHandleA
GetStartupInfoA

Sections

.text
Size: 96KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 940KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cf8d240557065c15a749829bee8ad761

Headers

File Characteristics

Imports

msvcrt

lz32

advapi32

user32

kernel32

Sections

.text Size: 96KB - Virtual size: 92KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 4KB - Virtual size: 940KB

.rsrc Size: 36KB - Virtual size: 32KB

.text
Size: 96KB - Virtual size: 92KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 940KB

.rsrc
Size: 36KB - Virtual size: 32KB