libsrv32[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

libsrv32.exe
Size

3.8MB
MD5

ea0336aaa24742c774ca8713132c7b4d
SHA1

7df85e68177fb118eb1461d2dfc927198d458eb4
SHA256

920226a25d102c354672c1c004a9551087f392d352077e8b7c82b973b6068267
SHA512

0ae61cb6ee165caa4e9f6b72411b4e27bef52cc6684f697749cb94df0364a3bdd5f4103c21b7b1ffd75f385b8c968b000c06d59649cfe20cf78258003e2fb52c
SSDEEP

49152:K7/idr291YPqWomuHBVygwtqnw1b2b6xWXJf4WGdxT585/IUZl18vPksj:K7KB291YCWomEfygwthd2ukJf47d

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
libsrv32.exe

Files

libsrv32.exe
.exe windows:6 windows x86 arch:x86

19228b8d4ad143a92e4419b166ca665d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

G:\Projects\macsfancontrol\build\MacsFanControl.pdb

Imports

kernel32

HeapReAlloc
HeapDestroy
RaiseException
DecodePointer
lstrcatW
VirtualProtect
HeapSize
GetVersion
GetSystemTime
InitializeCriticalSectionEx
GlobalAlloc
GetCurrentThreadId
GetDynamicTimeZoneInformation
WideCharToMultiByte
GetStdHandle
WriteFile
GlobalUnlock
WriteConsoleA
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
GetCommandLineW
CompareFileTime
FileTimeToLocalFileTime
GetFileSize
ReadFile
IsDebuggerPresent
DebugBreak
OutputDebugStringW
SetLastError
HeapAlloc
HeapFree
GetProcessHeap
EnterCriticalSection
LeaveCriticalSection
ReleaseSemaphore
ReleaseMutex
WaitForSingleObject
WaitForSingleObjectEx
OpenSemaphoreW
CreateMutexExW
CreateSemaphoreExW
GetProcessTimes
GlobalLock
MulDiv
GetVersionExW
LocalLock
LocalUnlock
GetLongPathNameW
MoveFileExA
GetConsoleMode
GetCurrentProcessId
GetFileAttributesW
MultiByteToWideChar
GetPhysicallyInstalledSystemMemory
GetLogicalProcessorInformation
GetModuleHandleW
Sleep
DeviceIoControl
CloseHandle
VerSetConditionMask
GetLogicalDrives
GetDriveTypeW
CreateFileW
LoadLibraryW
GetProcAddress
FreeLibrary
GetLastError
VerifyVersionInfoW
GetCurrentProcess
DeleteFileW
GetNativeSystemInfo
InitializeSListHead
GetSystemTimeAsFileTime
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsProcessorFeaturePresent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
InitOnceComplete
InitOnceBeginInitialize
WaitForMultipleObjects
CreateEventW
ResetEvent
SetEvent
SetFileTime
LocalFileTimeToFileTime
GetDiskFreeSpaceExW
SetThreadPriority
GetSystemPowerStatus
QueryPerformanceCounter
QueryPerformanceFrequency
SetThreadGroupAffinity
GetActiveProcessorCount
GetActiveProcessorGroupCount
SystemTimeToFileTime
lstrcpyW
VirtualFree
VirtualAlloc
GetWindowsDirectoryW
SearchPathW
ExpandEnvironmentStringsW
lstrcmpiW
FindResourceW
SizeofResource
LockResource
LoadResource
GetTempPathW
QueryDosDeviceW
GetTempFileNameW
GetLogicalDriveStringsW
GetFullPathNameW
GetFileAttributesExW
FindNextFileW
FindFirstFileW
FindClose
GetCurrentDirectoryW
K32GetModuleFileNameExW
K32EnumProcessModules
Thread32Next
Thread32First
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
FileTimeToSystemTime
QueryFullProcessImageNameW
lstrlenW
FormatMessageW
LocalFree
LocalAlloc
GetModuleHandleExW
GetModuleFileNameW
GetModuleFileNameA
VirtualFreeEx
WriteProcessMemory
VirtualAllocEx
OpenProcess
CreateProcessW
GetCurrentThread
CreateRemoteThread
GetExitCodeProcess
TerminateProcess
WriteConsoleW

user32

FindWindowW
SetForegroundWindow
SetFocus
WaitForInputIdle
SendMessageW
GetActiveWindow
SetLayeredWindowAttributes
ShowWindow
RegisterClassExW
PostMessageW
ExitWindowsEx
GetMessageW
CharLowerBuffW
CharLowerBuffA
GetClassInfoW
MessageBoxA
GetWindowThreadProcessId
EnumDisplaySettingsW
MessageBoxW
GetDC
RegisterWindowMessageW
DefWindowProcW
RegisterClassW
CreateWindowExW
DestroyWindow
GetSystemMetrics
GetWindowLongW
SetWindowLongW
DestroyIcon
LoadImageW
GetDesktopWindow
GetForegroundWindow
FindWindowExW
BringWindowToTop
IsIconic
WinHelpW
IsDialogMessageW
LoadIconW
GetWindow
GetLastActivePopup
GetClassNameW
GetParent
SetRect
FillRect
GetSysColor
MessageBeep
GetWindowRect
GetClientRect
GetWindowTextW
SetWindowTextW
RedrawWindow
EndPaint
BeginPaint
DrawTextW
UnregisterClassW
SetWindowPos
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
ReleaseDC
SystemParametersInfoW
LoadStringW
TranslateMessage
DispatchMessageW
PeekMessageW
WaitMessage
AttachThreadInput
IsWindow
MoveWindow
CreateDialogIndirectParamW
DrawIcon
EnableMenuItem
GetDlgItem
CheckDlgButton
GetSystemMenu
PostQuitMessage
EnableWindow
GetDialogBaseUnits
GetAsyncKeyState
SetTimer
KillTimer

gdi32

CreateFontIndirectW
CreateDCW
GetDeviceCaps
SetBkColor
SelectObject
DeleteObject
DeleteDC
CreateSolidBrush
BitBlt
CreateCompatibleBitmap
GetTextExtentPoint32W
SetTextColor
CreateCompatibleDC

advapi32

ConvertStringSidToSidW
OpenThreadToken
AdjustTokenPrivileges
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
GetTokenInformation
IsValidSid
LookupAccountSidW
LookupPrivilegeValueW
ConvertSidToStringSidW
ChangeServiceConfigW
ChangeServiceConfig2W
CloseServiceHandle
ControlService
CreateServiceW
DeleteService
EnumServicesStatusExW
OpenSCManagerW
OpenServiceW
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
RegQueryValueExA
RegOpenKeyExA
GetUserNameW
QueryServiceConfigW
QueryServiceStatus
StartServiceW
RegCreateKeyExW
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegNotifyChangeKeyValue
OpenProcessToken
RegSetValueExW
RegQueryValueExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegOpenKeyExW

shell32

SHBrowseForFolderW
SHGetSpecialFolderPathW
SHCreateDirectoryExW
SHGetPathFromIDListW
SHFileOperationW
ShellExecuteW
CommandLineToArgvW
ShellExecuteExW
Shell_NotifyIconW

ole32

CoInitializeEx
CoUninitialize
CoInitializeSecurity
CoCreateInstance
CoTaskMemFree

gdiplus

GdipCloneImage
GdiplusStartup
GdiplusShutdown
GdipAlloc
GdipFree
GdipDisposeImage
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipCreateBitmapFromHBITMAP
GdipSaveImageToFile

dwmapi

DwmGetWindowAttribute

shlwapi

StrFormatByteSizeW
PathIsRelativeW
PathIsDirectoryW
PathMatchSpecW
PathStripPathW
PathAddBackslashW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

oleaut32

SysFreeString
VariantInit
VariantClear
SysStringLen
SysStringByteLen
SysAllocStringByteLen
SysAllocStringLen
SafeArrayGetVartype
VariantCopy
VarCmp
GetErrorInfo
VariantChangeType
SetErrorInfo
CreateErrorInfo
SysAllocString

ws2_32

getaddrinfo
closesocket
select
recv
send
connect
ioctlsocket
recvfrom
WSAStartup
getsockname
socket
WSAGetLastError
listen
shutdown
bind
accept
__WSAFDIsSet
getsockopt
freeaddrinfo
WSACleanup
setsockopt

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 776KB - Virtual size: 776KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 45KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 855KB - Virtual size: 854KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

19228b8d4ad143a92e4419b166ca665d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

gdiplus

dwmapi

shlwapi

version

oleaut32

ws2_32

Sections

.text Size: 2.1MB - Virtual size: 2.1MB

.rdata Size: 776KB - Virtual size: 776KB

.data Size: 45KB - Virtual size: 68KB

.rsrc Size: 855KB - Virtual size: 854KB

.text
Size: 2.1MB - Virtual size: 2.1MB

.rdata
Size: 776KB - Virtual size: 776KB

.data
Size: 45KB - Virtual size: 68KB

.rsrc
Size: 855KB - Virtual size: 854KB