57d6c28d3696adefbfe41d680c94328a7623551bbaaa0f98da6dff7432a276c1

Sharing

Copy URL Twitter E-mail

General

Target

57d6c28d3696adefbfe41d680c94328a7623551bbaaa0f98da6dff7432a276c1
Size

1.1MB
MD5

33d9b34ca8074da140ddedd60bde99d2
SHA1

c01df17a894a0243971a666239533a4d1b3b5be1
SHA256

57d6c28d3696adefbfe41d680c94328a7623551bbaaa0f98da6dff7432a276c1
SHA512

57766bfc638e4d2f87a7e08de6af50568eef6c8929daa40e626d4a4b1f2ad42e9e4913b06a6fbf16008a68022895e1c62d993f8a83460af3bc14fb8a4b008fd9
SSDEEP

24576:hIxxK737EGj69y727T6tvoZlRw1rLsqjnhMgeiCl7G0nehbGZpbD:qxxK7rlj6gCv6tvoZli1TDmg27RnWGj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
57d6c28d3696adefbfe41d680c94328a7623551bbaaa0f98da6dff7432a276c1

Files

57d6c28d3696adefbfe41d680c94328a7623551bbaaa0f98da6dff7432a276c1
.exe windows:6 windows x64 arch:x64

e633540196c51ee96c98a3f268b25cf0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\buildagent-cd_8816\p4\218434198\VisualStudio\bin\x64\Universal_Release\jhi_service.pdb

Imports

kernel32

HeapReAlloc
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
CreateThread
IsValidCodePage
ReadConsoleW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
WriteConsoleW
CopyFileExW
SetFileAttributesW
ReadFile
WriteFile
DeviceIoControl
Sleep
GetConsoleMode
CreateEventW
FindNextFileW
lstrlenA
CreateFileA
GetMailslotInfo
CreateMailslotA
ResetEvent
GetConsoleOutputCP
OpenProcess
GetFileType
GetProcessTimes
GetExitCodeProcess
FindFirstFileW
LoadLibraryExW
FreeLibrary
GetModuleFileNameW
GetProcAddress
ExpandEnvironmentStringsW
FlushFileBuffers
VerifyVersionInfoW
VerSetConditionMask
GetLastError
CreateFileW
ReleaseMutex
CreateMutexW
CreateSemaphoreW
GetFileSizeEx
ReleaseSemaphore
CreateEventA
CloseHandle
SetEvent
GetCommandLineW
LocalFree
WaitForSingleObject
OpenEventA
lstrcmpiW
HeapSize
GetCommandLineA
GetStdHandle
GetModuleHandleExW
ExitProcess
RaiseException
RtlPcToFileHeader
RtlUnwindEx
GetCPInfo
GetStringTypeW
OutputDebugStringA
GetLocaleInfoW
LCMapStringW
CompareStringW
DecodePointer
RtlUnwind
EncodePointer
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
CancelIo
HeapFree
TlsFree
TlsSetValue
HeapAlloc
GetOverlappedResult
GetProcessHeap
SignalObjectAndWait
CreateMutexA
InitializeCriticalSectionAndSpinCount
WaitForSingleObjectEx
GetModuleHandleW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
QueryPerformanceFrequency
FormatMessageW
WideCharToMultiByte
CreateDirectoryW
DeleteFileW
FindClose
FindFirstFileExW
GetFileAttributesExW
GetFileInformationByHandle
SetEndOfFile
SetFilePointerEx
SetLastError
MoveFileExW
MultiByteToWideChar
SwitchToThread
TlsAlloc
TlsGetValue

advapi32

ReportEventW
SetSecurityDescriptorDacl
GetSecurityDescriptorDacl
CreateServiceW
CloseServiceHandle
OpenSCManagerW
BuildExplicitAccessWithNameW
AllocateAndInitializeSid
SetServiceStatus
ChangeServiceConfig2W
SetEntriesInAclW
DeleteService
SetServiceObjectSecurity
ControlService
FreeSid
StartServiceW
RegQueryValueExW
InitializeSecurityDescriptor
RegOpenKeyExW
RegSetValueExW
StartServiceCtrlDispatcherW
OpenServiceW
RegCloseKey
LookupAccountSidW
QueryServiceObjectSecurity
SetSecurityInfo
DeregisterEventSource
RegisterEventSourceW
RegisterServiceCtrlHandlerExW

ws2_32

connect
WSAGetLastError
WSACleanup
accept
bind
closesocket
shutdown
listen
freeaddrinfo
getaddrinfo
WSAStartup
getsockname
send
socket
ntohs
recv

ole32

CoUninitialize
CoInitializeEx
CoCreateInstance

setupapi

CM_Get_Device_Interface_ListA
CM_Get_Device_Interface_ListW
CM_Get_Device_Interface_List_SizeW
CM_Get_Device_Interface_List_SizeA

rpcrt4

UuidToStringA
UuidCreate
RpcStringFreeA

api-ms-win-devices-config-l1-1-1

CM_Unregister_Notification
CM_Register_Notification

oleaut32

SysAllocString
VariantClear
VariantInit
GetErrorInfo
SafeArrayGetUBound
SysFreeString

Exports

Exports

TEE_Transport_Create

Sections

.text
Size: 413KB - Virtual size: 412KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 145KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 572KB - Virtual size: 576KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e633540196c51ee96c98a3f268b25cf0

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

ws2_32

ole32

setupapi

rpcrt4

api-ms-win-devices-config-l1-1-1

oleaut32

Exports

Exports

Sections

.text Size: 413KB - Virtual size: 412KB

.rdata Size: 145KB - Virtual size: 144KB

.data Size: 7KB - Virtual size: 23KB

.pdata Size: 20KB - Virtual size: 20KB

_RDATA Size: 512B - Virtual size: 148B

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 572KB - Virtual size: 576KB

.text
Size: 413KB - Virtual size: 412KB

.rdata
Size: 145KB - Virtual size: 144KB

.data
Size: 7KB - Virtual size: 23KB

.pdata
Size: 20KB - Virtual size: 20KB

_RDATA
Size: 512B - Virtual size: 148B

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 572KB - Virtual size: 576KB