1d9f917e8c6ac157f66d8e9f08968847dc6b8e49027c8e1ccde6ec31d93e4130

Sharing

Copy URL

Twitter E-mail

General

Target

1d9f917e8c6ac157f66d8e9f08968847dc6b8e49027c8e1ccde6ec31d93e4130
Size

4.7MB
MD5

08eabf047d69892ec300ae4302720198
SHA1

deb586904529fafd44f26ff21d808fe6fec336c6
SHA256

1d9f917e8c6ac157f66d8e9f08968847dc6b8e49027c8e1ccde6ec31d93e4130
SHA512

18c18a090be9921fdfef2d3aa2696537d7e21dd6d5755c911c269fe09632ca5f64acfbe76409aef827c53f26c4f3492552615e0cac7b2747a7e1d84cbb334f8a
SSDEEP

98304:yFWqhcSanXXs2w4dqUpN2WwE86KqfbtWV8boOpm97M4:RDXs2w7CKqztO8bH67M4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1d9f917e8c6ac157f66d8e9f08968847dc6b8e49027c8e1ccde6ec31d93e4130

Files

1d9f917e8c6ac157f66d8e9f08968847dc6b8e49027c8e1ccde6ec31d93e4130
.exe windows:6 windows x86 arch:x86

945fcb736da60c48e66eefaefa43fe8c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\__w\1\s\host\frsvc\ReleaseMinDependency\frsvc.pdb

Imports

ws2_32

ntohs
ntohl
accept
htonl
socket
setsockopt
getsockname
getpeername
gethostbyname
inet_ntoa
gethostbyaddr
getservbyport
WSACloseEvent
WSACreateEvent
WSAResetEvent
getservbyname
closesocket
shutdown
WSASend
sendto
send
select
recvfrom
recv
getsockopt
__WSAFDIsSet
gethostname
inet_addr
WSAEventSelect
getaddrinfo
freeaddrinfo
WSAEnumNetworkEvents
connect
WSAWaitForMultipleEvents
bind
listen
WSAIoctl
WSASetLastError
getnameinfo
WSACleanup
ioctlsocket
WSAGetLastError
htons
WSAStartup

kernel32

WaitForMultipleObjects
CreateEventW
WaitForMultipleObjectsEx
GetComputerNameA
CreateFileW
CreateFileA
CreateProcessW
SetFilePointer
ReadFile
GlobalFree
GlobalAlloc
LoadLibraryW
GetProcAddress
FreeLibrary
GetModuleFileNameW
GetExitCodeThread
SystemTimeToFileTime
GetSystemTime
SetHandleInformation
CopyFileA
QueryDosDeviceA
GetLogicalDriveStringsA
RemoveDirectoryA
CreateDirectoryA
SleepEx
GetEnvironmentVariableA
CompareFileTime
GetSystemDirectoryW
SetLastError
DuplicateHandle
TlsFree
TlsSetValue
TlsAlloc
GetCurrentThread
GetCurrentProcess
CreateSemaphoreW
CreateEventA
CreateMutexW
ReleaseMutex
ReleaseSemaphore
ResetEvent
SetEvent
TryEnterCriticalSection
GetVersionExW
ExitProcess
GetEnvironmentStringsW
QueryPerformanceFrequency
WriteFile
GetStdHandle
GetSystemInfo
OpenProcess
GetExitCodeProcess
TerminateProcess
WaitForSingleObject
CloseHandle
InitializeCriticalSection
MultiByteToWideChar
FormatMessageW
GetTickCount
HeapAlloc
HeapFree
GetProcessHeap
InitializeCriticalSectionEx
LoadLibraryA
FormatMessageA
lstrlenA
LCMapStringA
GetUserDefaultLCID
GetStringTypeExA
VerSetConditionMask
FindVolumeClose
FlushFileBuffers
LocalFree
GetDriveTypeA
GetFileAttributesExW
GetFileInformationByHandle
GetFileSizeEx
LockFileEx
SetFilePointerEx
UnlockFileEx
DeviceIoControl
GetSystemDirectoryA
VirtualFree
GetModuleHandleA
MoveFileExA
VerifyVersionInfoW
FindFirstVolumeA
FindNextVolumeA
SetVolumeMountPointA
DeleteVolumeMountPointA
GetVolumePathNameA
GetVolumePathNamesForVolumeNameA
ExpandEnvironmentStringsA
FindClose
CreateProcessA
CreatePipe
WaitForSingleObjectEx
LocalAlloc
SetEndOfFile
IsDebuggerPresent
OutputDebugStringW
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
GetStringTypeW
LCMapStringEx
EncodePointer
GetModuleHandleW
CompareStringEx
GetCPInfo
GetLocaleInfoEx
FindFirstFileW
FindNextFileW
GetEnvironmentVariableW
GetCurrentDirectoryW
DeleteFileW
GetFileAttributesW
GetFullPathNameW
MoveFileExW
AreFileApisANSI
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead
GetStartupInfoW
OpenEventA
SetWaitableTimer
CreateWaitableTimerA
InterlockedPushEntrySList
RtlUnwind
LoadLibraryExW
GetModuleHandleExW
SetStdHandle
GetFileType
CreateThread
ExitThread
FreeLibraryAndExitThread
GetDriveTypeW
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
SetConsoleCtrlHandler
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesW
HeapReAlloc
GetConsoleOutputCP
GetConsoleMode
GetTimeZoneInformation
ReadConsoleW
HeapSize
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCommandLineW
FreeEnvironmentStringsW
SetEnvironmentVariableW
WriteConsoleW
ReleaseSRWLockShared
AcquireSRWLockShared
SwitchToFiber
DeleteFiber
CreateFiberEx
ConvertFiberToThread
ConvertThreadToFiberEx
SetConsoleMode
ReadConsoleA
TlsGetValue
GetCurrentProcessId
GetACP
WideCharToMultiByte
GetSystemTimeAsFileTime
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
QueryPerformanceCounter
GetLastError
RaiseException
DecodePointer
lstrcmpiA
GetModuleFileNameA
GetCurrentThreadId
Sleep
HeapSetInformation
GetCommandLineA

user32

PostThreadMessageA
MessageBoxA
CharNextA
GetUserObjectInformationW
LoadStringA
GetProcessWindowStation
MessageBoxW

advapi32

CryptAcquireContextW
DeleteService
CreateServiceA
ControlService
RegDeleteValueA
OpenServiceW
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken
CryptGenRandom
CryptReleaseContext
OpenServiceA
CloseServiceHandle
QueryServiceStatusEx
StartServiceA
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
CryptCreateHash
CryptDestroyHash
CryptSignHashW
CryptEnumProvidersW
ChangeServiceConfig2A
OpenSCManagerA
ReportEventA
RegisterEventSourceA
DeregisterEventSource
RegisterServiceCtrlHandlerA
SetServiceStatus
StartServiceCtrlDispatcherA
RegisterEventSourceW
ReportEventW
RegCloseKey
RegCreateKeyW
CryptGetHashParam
CryptHashData
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
CryptAcquireContextA
CryptEnumProvidersA
RegSetValueExW

ole32

CoCreateInstance
CoSetProxyBlanket
CoTaskMemFree
StringFromGUID2
CoInitializeEx
CoUninitialize

oleaut32

SysFreeString
SysAllocString
VariantInit
VariantClear

clusapi

GetNodeClusterState

bcrypt

BCryptGenRandom

crypt32

CertFindCertificateInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty
CertGetEnhancedKeyUsage
CertGetIntendedKeyUsage
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CertOpenSystemStoreW

Sections

.text
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 905KB - Virtual size: 904KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 68KB - Virtual size: 27.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 187KB - Virtual size: 186KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

945fcb736da60c48e66eefaefa43fe8c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

kernel32

user32

advapi32

ole32

oleaut32

clusapi

bcrypt

crypt32

Sections

.text Size: 3.5MB - Virtual size: 3.5MB

.rdata Size: 905KB - Virtual size: 904KB

.data Size: 68KB - Virtual size: 27.1MB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 187KB - Virtual size: 186KB

.text
Size: 3.5MB - Virtual size: 3.5MB

.rdata
Size: 905KB - Virtual size: 904KB

.data
Size: 68KB - Virtual size: 27.1MB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 187KB - Virtual size: 186KB