93c4d4e26296f28507a5b82667c491be13bb196f190a58a424dba027f8adfab9

Sharing

Copy URL Twitter E-mail

General

Target

93c4d4e26296f28507a5b82667c491be13bb196f190a58a424dba027f8adfab9
Size

74KB
MD5

48952f51b0c3bf526f18eedc85c4d48c
SHA1

3a52e01c56be482f0be1f0d8d282ecb91100d64c
SHA256

93c4d4e26296f28507a5b82667c491be13bb196f190a58a424dba027f8adfab9
SHA512

e1297f25d9d24464a47c83ad584951d6f3f98ccf7162299a726714dc31be7dc4504e7c2e47e12a4e1864221d34fc43c6ba334a859f3a2289433a16b45709386d
SSDEEP

1536:W5fnGXYxKTUtmPe3cGsI+1bFZTpKnekq02WkpAufWIrj3JmHnWd:W2BIsbFR6Hq02WkD9J6n

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
93c4d4e26296f28507a5b82667c491be13bb196f190a58a424dba027f8adfab9

Files

93c4d4e26296f28507a5b82667c491be13bb196f190a58a424dba027f8adfab9
.exe windows:6 windows x86 arch:x86

9dcbf6851631fcc0d50034d7282c766b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

wermgr.pdb

Imports

msvcrt

_acmdln
_cexit
_exit
_XcptFilter
_ismbblead
wcsncmp
_vsnprintf
_vscwprintf
_wcsnicmp
_wcsicmp
exit
__getmainargs
_initterm
_amsg_exit
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
??2@YAPAXI@Z
??3@YAXPAX@Z
__CxxFrameHandler3
_wtoi64
_wtoi
memset
_vsnwprintf
_onexit
_lock
__dllonexit
_unlock
_controlfp
_except_handler4_common
?terminate@@YAXXZ
__set_app_type

advapi32

RevertToSelf
IsValidSid
GetLengthSid
CopySid
RegGetValueW
OpenProcessToken
DuplicateToken
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
GetTokenInformation
CreateProcessAsUserW
ImpersonateLoggedOnUser
ConvertSidToStringSidW
RegQueryValueExW
TraceMessage
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids
RegCloseKey
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegOpenKeyExW

kernel32

ReadProcessMemory
InterlockedExchange
Sleep
InterlockedCompareExchange
GetStartupInfoA
SetUnhandledExceptionFilter
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
UnmapViewOfFile
CloseHandle
CreateProcessW
SetEvent
GetLastError
MapViewOfFile
Wow64RevertWow64FsRedirection
GetSystemDirectoryW
Wow64DisableWow64FsRedirection
IsWow64Process
GlobalFree
GetCommandLineW
HeapSetInformation
DeleteFileW
OpenProcess
GetSystemDefaultLCID
InterlockedIncrement
lstrlenW
InterlockedDecrement
CreateEventW
LocalFree
OutputDebugStringA
GetProcAddress
OpenMutexW
HeapFree
OpenPrivateNamespaceW
HeapAlloc
GetProcessHeap
WaitForSingleObject
GetModuleHandleW
OpenFileMappingW
ClosePrivateNamespace
CreateFileMappingW
GetApplicationRecoveryCallback

ole32

StringFromGUID2
CoInitialize
CoCreateInstance
CoCreateGuid
CoInitializeEx
CoRegisterClassObject
CoRevokeClassObject
CoUninitialize

oleaut32

SysAllocString
LoadRegTypeLi
SysFreeString
SysAllocStringLen
LoadTypeLibEx

shell32

CommandLineToArgvW
ShellExecuteExW

wer

WerpAddRegisteredDataToReport
WerpSetCallBack
WerReportSubmit
WerReportCloseHandle
WerReportAddDump
WerpEnumerateStoreStart
WerpEnumerateStoreNext
WerpOpenMachineQueue
WerpSubmitReportFromStore
WerpOpenUserQueue
WerpCloseStore
WerpShowNXNotification
WerpIsTransportAvailable
WerpSetReportInformation
WerpGetReportInformation
WerpGetReportType
WerpLoadReport

user32

CloseWindowStation
GetUserObjectInformationW
GetThreadDesktop
GetProcessWindowStation
CloseDesktop

ntdll

RtlAllocateAndInitializeSid
RtlCreateBoundaryDescriptor
RtlCreateServiceSid
RtlAddSIDToBoundaryDescriptor
RtlDeleteBoundaryDescriptor
NtQueryInformationProcess
RtlInitUnicodeString
NtQueryInformationToken
NtClose
RtlFreeSid
NtAlpcSendWaitReceivePort
NtAlpcConnectPort

Sections

.text
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9dcbf6851631fcc0d50034d7282c766b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

advapi32

kernel32

ole32

oleaut32

shell32

wer

user32

ntdll

Sections

.text Size: 45KB - Virtual size: 45KB

.data Size: 512B - Virtual size: 2KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 25KB - Virtual size: 26KB

.text
Size: 45KB - Virtual size: 45KB

.data
Size: 512B - Virtual size: 2KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 25KB - Virtual size: 26KB