services[.]png[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

services.png.exe
Size

264KB
MD5

d397a1de162f332782fe3205a07792dd
SHA1

44793b3a374c3cb453bbd87a2fd28d8a4c408002
SHA256

ea251bf7fcc0a42cb9e954a45d925ef379ef1ffca39e482f44af701b4ace8560
SHA512

6be10fc6ebabffadd89a72862c5d292e2939d165298019fe684de4efb3284603756c8764810835c12651ad49f608dd3345c8d778b7fd795683f0fcceeaa3f659
SSDEEP

6144:VtjNiEZdoTD3wad4eq5OxUatA04d0drsFp2A4AG5uU:VTdS3Uek0WchA2D

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
services.png.exe

Files

services.png.exe
.exe windows:5 windows x86 arch:x86

4a3e896b295785cf8d7280a6d79ca0e8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
FindFirstFileW
GetCurrentThread
FileTimeToSystemTime
SetThreadPriority
FindClose
FindNextFileW
GetWindowsDirectoryW
GetCommandLineW
CreateDirectoryW
LoadLibraryW
lstrcmpiA
WTSGetActiveConsoleSessionId
MoveFileExW
SetFilePointer
SetEndOfFile
WriteFile
ExpandEnvironmentStringsW
GetPrivateProfileStringW
FlushFileBuffers
GetPrivateProfileIntW
GetUserDefaultUILanguage
CreateMutexW
SetErrorMode
GetComputerNameW
TerminateThread
WriteProcessMemory
CreateThread
SetHandleInformation
GetExitCodeProcess
ReadFile
GetExitCodeThread
CreatePipe
GetEnvironmentVariableW
FileTimeToDosDateTime
GetTempFileNameW
VirtualFree
GetTickCount
SystemTimeToFileTime
SetFilePointerEx
GetLogicalDriveStringsW
HeapFree
GetProcessHeap
SetFileTime
VirtualQueryEx
Thread32First
WideCharToMultiByte
ReadProcessMemory
HeapDestroy
HeapCreate
lstrcpynW
Thread32Next
GetTimeZoneInformation
MultiByteToWideChar
lstrlenW
GetTempPathW
GetFileSizeEx
OpenMutexW
VirtualProtectEx
VirtualAllocEx
RemoveDirectoryW
QueryDosDeviceW
GetFileTime
ReleaseMutex
FileTimeToLocalFileTime
GetVolumeNameForVolumeMountPointW
GetFileInformationByHandle
GetSystemTime
InterlockedExchange
GetLocalTime
ResetEvent
SetLastError
GetLastError
CreateEventA
SetFileAttributesW
GetLogicalDrives
GetDriveTypeW
lstrcmpiW
LoadLibraryA
FreeLibrary
GetFileAttributesW
GlobalUnlock
GlobalLock
GetCurrentProcessId
HeapReAlloc
OpenEventW
SetEvent
LocalFree
GetVersionExW
GetNativeSystemInfo
WaitForMultipleObjects
CreateEventW
Sleep
ResumeThread
DeleteFileW
DuplicateHandle
CreateToolhelp32Snapshot
VirtualProtect
Process32NextW
CreateFileMappingA
Process32FirstW
GetProcAddress
CreateFileW
TerminateProcess
CopyFileW
OpenProcess
CreateRemoteThread
IsBadReadPtr
GetModuleHandleW
GetCurrentProcess
CreateProcessW
WaitForSingleObject
UnmapViewOfFile
MapViewOfFile
GetFileSize
CloseHandle
GetFileAttributesExW
GetProcessId
EnterCriticalSection
VirtualAlloc
LeaveCriticalSection
VirtualFreeEx
InitializeCriticalSection
SetThreadContext
GetThreadContext
ExitProcess
ExitThread
GetModuleFileNameW
HeapAlloc

user32

CharUpperW
CharLowerA
GetDC
CharLowerW
MsgWaitForMultipleObjects
LoadImageW
ToUnicode
PeekMessageW
DispatchMessageW
GetForegroundWindow
CharLowerBuffA
GetKeyboardState
TranslateMessage
GetMessageW
GetCursorPos
GetIconInfo
DrawIcon
MessageBoxA
CharToOemW
ExitWindowsEx
GetClipboardData

advapi32

InitiateSystemShutdownExW
CryptCreateHash
AllocateAndInitializeSid
LookupPrivilegeValueW
SetNamedSecurityInfoW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CryptReleaseContext
RegCreateKeyExW
GetTokenInformation
GetSidSubAuthorityCount
OpenThreadToken
CryptAcquireContextW
GetSidSubAuthority
OpenProcessToken
CryptGetHashParam
IsWellKnownSid
RegCloseKey
RegEnumValueW
RegDeleteValueW
RegQueryInfoKeyW
RegCreateKeyW
EqualSid
RegQueryValueExW
RegQueryValueExA
ConvertSidToStringSidW
GetLengthSid
CreateProcessAsUserW
CreateProcessAsUserA
SetSecurityInfo
FreeSid
RegOpenKeyExW
GetSecurityDescriptorSacl
CheckTokenMembership
SetSecurityDescriptorSacl
CryptDestroyHash
AdjustTokenPrivileges
RegSetValueExW
GetSecurityDescriptorDacl
CryptHashData
RegEnumKeyExW
RegEnumKeyW
ConvertStringSecurityDescriptorToSecurityDescriptorW

shlwapi

PathUnquoteSpacesW
PathRemoveBackslashW
PathQuoteSpacesW
PathRenameExtensionW
StrCmpNIA
UrlUnescapeA
wvnsprintfW
PathIsDirectoryW
PathAddBackslashW
SHDeleteValueW
PathSkipRootW
SHDeleteKeyW
PathCombineW
PathAddExtensionW
PathMatchSpecW
wvnsprintfA
StrStrIA
StrStrIW
StrCmpNIW
PathRemoveFileSpecW
PathFindFileNameW
PathIsURLW

shell32

CommandLineToArgvW
ShellExecuteW
SHGetFolderPathW
ShellExecuteExW

secur32

GetUserNameExW

ole32

StringFromGUID2
CoInitializeEx
CoInitialize
CoGetObject
CLSIDFromString
CoUninitialize
CoSetProxyBlanket
CoCreateInstance
CoInitializeSecurity

gdi32

GetDeviceCaps

ws2_32

WSAGetOverlappedResult
WSARecv
WSAEventSelect
WSAEnumNetworkEvents
WSAConnect
WSAGetLastError
inet_addr
gethostbyname
getpeername
recvfrom
WSAIoctl
connect
WSAAddressToStringW
WSAStartup
getaddrinfo
WSASocketA
shutdown
setsockopt
sendto
recv
bind
socket
freeaddrinfo
WSASetLastError
send
listen
WSAWaitForMultipleEvents
getsockname
accept
WSACloseEvent
WSAResetEvent
closesocket
select
WSACreateEvent
WSASend

crypt32

PFXImportCertStore
CertDeleteCertificateFromStore
CryptUnprotectData
CertCloseStore
CertEnumCertificatesInStore
CertDuplicateCertificateContext
PFXExportCertStoreEx
CertOpenSystemStoreW

wininet

HttpQueryInfoA
InternetSetStatusCallbackA
InternetOpenA
InternetSetOptionA
InternetCrackUrlW
InternetCrackUrlA
InternetQueryOptionW
InternetConnectA
InternetQueryOptionA
InternetCloseHandle
HttpEndRequestW
HttpSendRequestA
HttpAddRequestHeadersA
HttpEndRequestA
InternetSetFilePointer
InternetGetCookieA
HttpOpenRequestW
HttpOpenRequestA
HttpAddRequestHeadersW
InternetSetStatusCallbackW
GetUrlCacheEntryInfoW
HttpSendRequestW
InternetReadFile
InternetReadFileExA
InternetQueryDataAvailable
HttpSendRequestExW
HttpSendRequestExA

oleaut32

SysAllocString
VariantClear
VariantInit
SysFreeString

netapi32

NetApiBufferFree
NetUserEnum
NetUserGetInfo

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

ntdll

NtQueryKey

Sections

.text
Size: 249KB - Virtual size: 249KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4a3e896b295785cf8d7280a6d79ca0e8

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

shell32

secur32

ole32

gdi32

ws2_32

crypt32

wininet

oleaut32

netapi32

version

ntdll

Sections

.text Size: 249KB - Virtual size: 249KB

.data Size: 3KB - Virtual size: 12KB

.reloc Size: 9KB - Virtual size: 9KB

.text
Size: 249KB - Virtual size: 249KB

.data
Size: 3KB - Virtual size: 12KB

.reloc
Size: 9KB - Virtual size: 9KB