24c88df8fb0b24e99ab0a7aed135b91631024064c69b61b8d97dbc0d0c56f5de[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

24c88df8fb0b24e99ab0a7aed135b91631024064c69b61b8d97dbc0d0c56f5de.exe
Size

2.5MB
MD5

31cd537822bbe7011d70c83016fcfd22
SHA1

f5dc3e34ac348ce3378389f6a7f4ac88e81362c0
SHA256

24c88df8fb0b24e99ab0a7aed135b91631024064c69b61b8d97dbc0d0c56f5de
SHA512

e1a2b69d01442e28c61ed47698ad51f4943376d4894b69f1bb6f91ac6bddc54f6480e0e7b303cede662e545a90caca1a13854160fdc55cc6794ff971e16cd6a3
SSDEEP

49152:P/zyX/zdnFzRLGv9XTO2jpp4KFVhJ+VSqbYfmYX5XxnJm4SPsc+iKERzrddCMI0y:nz8z1FzRLI9XT9jMqVh6NYX5O4zcTrQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
24c88df8fb0b24e99ab0a7aed135b91631024064c69b61b8d97dbc0d0c56f5de.exe

Files

24c88df8fb0b24e99ab0a7aed135b91631024064c69b61b8d97dbc0d0c56f5de.exe
.exe windows:6 windows x86 arch:x86

58d0104c67c3498e485105dcc25dacc6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\BuildServer\bna-2\work-git\agent-repository\build\bin\win32-i386-vc141-release\AgentHelper.pdb

Imports

advapi32

RegisterServiceCtrlHandlerExW
SetServiceStatus
StartServiceCtrlDispatcherW
CryptEncrypt
CryptImportKey
CryptHashData
CryptGenRandom
CryptGetHashParam
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
ConvertStringSecurityDescriptorToSecurityDescriptorW
OpenProcessToken
AdjustTokenPrivileges
AllocateAndInitializeSid
CheckTokenMembership
DuplicateTokenEx
FreeSid
GetTokenInformation
SetTokenInformation
LookupPrivilegeValueW
CreateProcessWithTokenW
CloseServiceHandle
OpenSCManagerW
OpenServiceW
QueryServiceConfigW
ConvertSidToStringSidW
ChangeServiceConfigW
ControlService
CreateServiceW
DeleteService
QueryServiceStatus
StartServiceW
OpenThreadToken
AccessCheck
DuplicateToken
EqualSid
GetFileSecurityW
GetSecurityDescriptorDacl
InitializeSecurityDescriptor
MapGenericMask
SetSecurityDescriptorDacl
RegCloseKey
RegOpenKeyExW
QueryServiceObjectSecurity
SetServiceObjectSecurity
SetEntriesInAclW
GetExplicitEntriesFromAclW
GetNamedSecurityInfoW
GetSecurityInfo
SetNamedSecurityInfoW
SetSecurityInfo
BuildTrusteeWithSidW
ConvertStringSidToSidW
RegCreateKeyExW
RegDeleteKeyW
RegEnumValueW
RegQueryInfoKeyW
RegSetValueExW
RegDeleteValueW
RegQueryValueExW
RegDeleteTreeW
GetAce
InitializeAcl
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey

kernel32

PeekNamedPipe
ExitThread
HeapSize
HeapAlloc
HeapFree
GetFileInformationByHandle
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetConsoleOutputCP
GetDateFormatW
SetConsoleCtrlHandler
GetLastError
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
GetProcessHeap
HeapReAlloc
DecodePointer
RaiseException
InitializeCriticalSectionEx
DeleteCriticalSection
ExpandEnvironmentStringsW
CreateDirectoryW
CreateFileW
GetDriveTypeW
GetFileAttributesExW
ReadFile
SetFileAttributesW
WriteFile
CloseHandle
CopyFileW
MoveFileExW
FileTimeToSystemTime
WaitForSingleObject
GetCurrentProcess
GetCurrentProcessId
GetExitCodeProcess
GetProcessId
OpenProcess
GetVersionExW
CreateJobObjectW
OpenJobObjectW
AssignProcessToJobObject
SetInformationJobObject
QueryInformationJobObject
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
LocalAlloc
LocalFree
QueryFullProcessImageNameW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
CreateFileMappingW
OpenFileMappingW
MapViewOfFile
FlushViewOfFile
UnmapViewOfFile
MultiByteToWideChar
WideCharToMultiByte
GetCurrentThread
WriteConsoleW
SetLastError
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
GetCurrentThreadId
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FormatMessageW
GetModuleHandleExW
GetStdHandle
GetFileType
DeleteFiber
QueryPerformanceCounter
GetSystemTimeAsFileTime
FindClose
FindFirstFileW
FindNextFileW
ConvertFiberToThread
FreeLibrary
LoadLibraryA
LoadLibraryW
GetEnvironmentVariableW
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
IsDebuggerPresent
Sleep
SetThreadPriority
GetThreadPriority
GetProcessAffinityMask
SetThreadAffinityMask
GetSystemInfo
GetLogicalProcessorInformationEx
GetNativeSystemInfo
GetCurrentDirectoryW
RemoveDirectoryW
DeleteFileW
FlushFileBuffers
GetFileSizeEx
SetEndOfFile
SetFilePointerEx
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
QueryPerformanceFrequency
GetTimeZoneInformation
SleepConditionVariableSRW
LoadLibraryExW
VerSetConditionMask
GetSystemDirectoryW
VerifyVersionInfoW
GetTickCount
WaitForSingleObjectEx
GetEnvironmentVariableA
InitializeCriticalSection
TryEnterCriticalSection
DuplicateHandle
SwitchToThread
GetExitCodeThread
EncodePointer
CreateEventW
GetCPInfo
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
SetEvent
ResetEvent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
InitializeSListHead
GetStartupInfoW
OutputDebugStringW
CreateTimerQueue
SignalObjectAndWait
CreateThread
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
FreeLibraryAndExitThread
GetModuleHandleA
VirtualAlloc
VirtualProtect
VirtualFree
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
RtlUnwind
GetFullPathNameW
FindFirstFileExW
SystemTimeToTzSpecificLocalTime
GetCommandLineA
GetCommandLineW
SetStdHandle
ExitProcess

ole32

CoCreateInstance
CoInitializeEx
CoUninitialize
CoTaskMemFree
CoSetProxyBlanket

wintrust

WinVerifyTrust

bcrypt

BCryptGenRandom

iphlpapi

GetExtendedTcpTable

crypt32

CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CertFindExtension
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryW
CertGetCertificateContextProperty
CertDuplicateCertificateContext
CryptMsgGetParam
CryptStringToBinaryA
CertVerifyCertificateChainPolicy
CertFreeCertificateChain
CertGetCertificateChain
CertGetNameStringA
CertDeleteCertificateFromStore
CertAddCertificateContextToStore
CertCreateCertificateContext
CertEnumCertificatesInStore
CertOpenStore
CryptUnprotectData
CryptProtectData
CryptQueryObject
CertGetNameStringW
CertFreeCertificateContext
CryptMsgClose
CertCloseStore
CertFindCertificateInStore

shell32

SHGetKnownFolderPath
SHChangeNotify
ShellExecuteExW

ws2_32

listen
setsockopt
socket
getsockopt
ntohl
ntohs
WSAGetLastError
getsockname
htons
__WSAFDIsSet
WSASetLastError
closesocket
bind
accept
send
select
recv
WSACleanup
WSAStartup
ioctlsocket
htonl
inet_pton

user32

GetForegroundWindow
GetShellWindow
GetWindowThreadProcessId
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxW

oleaut32

SysFreeString
SysAllocString
VariantInit
VariantClear
VariantChangeType

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 613KB - Virtual size: 612KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.zero
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

58d0104c67c3498e485105dcc25dacc6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

ole32

wintrust

bcrypt

iphlpapi

crypt32

shell32

ws2_32

user32

oleaut32

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 613KB - Virtual size: 612KB

.data Size: 29KB - Virtual size: 56KB

.rsrc Size: 112KB - Virtual size: 112KB

.reloc Size: 92KB - Virtual size: 92KB

.zero Size: 4KB - Virtual size: 3KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 613KB - Virtual size: 612KB

.data
Size: 29KB - Virtual size: 56KB

.rsrc
Size: 112KB - Virtual size: 112KB

.reloc
Size: 92KB - Virtual size: 92KB

.zero
Size: 4KB - Virtual size: 3KB