MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3e456321e783a063b3893ac377e9395fdf457258562ebd057c9b355f65728cef. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 10


Intelligence 10 IOCs YARA 10 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3e456321e783a063b3893ac377e9395fdf457258562ebd057c9b355f65728cef
SHA3-384 hash: 737a76004c16962c89adcda495a9d51660a393c169a06598f419f9d8da6d89b00d735a84433a2d16c17ab988685d31f8
SHA1 hash: 435b63592df1aa94c838f9cd90457035ccb24168
MD5 hash: a2eab0b5ce718c66a3507313b679ba91
humanhash: north-eight-kentucky-wolfram
File name:Ho So Chung Chi Thong Tin Ca Nhan.exe
Download: download sample
File size:11'779'088 bytes
First seen:2024-12-24 17:48:15 UTC
Last seen:2024-12-25 04:54:59 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 72c4e339b7af8ab1ed2eb3821c98713a (48 x BlankGrabber, 26 x PythonStealer, 7 x LunaStealer)
ssdeep 196608:oiV1Z2azjvj8p5drY+y7o7eBY8XMCHGLLc54i1wN+lPIcu9KYK39s8Mb3PPMXiM4:VVlj87d5ypXMCHWUjqcuIFMb/PMXiU6
TLSH T129C63314A6C056EADAB2053CDAE3455AD9A5BCF60BB2CA9FC7D44365FE533C08D38243
TrID 70.8% (.CPL) Windows Control Panel Item (generic) (57583/11/19)
12.9% (.EXE) Win64 Executable (generic) (10522/11/4)
6.2% (.EXE) Win16 NE executable (generic) (5038/12/1)
2.5% (.ICL) Windows Icons Library (generic) (2059/9)
2.4% (.EXE) OS/2 Executable (generic) (2029/13)
Magika pebin
File icon (PE):PE icon
dhash icon 6cccd4d4d4e8f0d4
Reporter Anonymous
Tags:exe signed

Code Signing Certificate

Organisation:Nguyễn Văn Tuấn
Issuer:SSL.com Code Signing Intermediate CA ECC R2
Algorithm:ecdsa-with-SHA384
Valid from:2024-12-24T05:23:52Z
Valid to:2025-12-24T05:23:52Z
Serial number: 2595bcf2c3ae82b63703af36e1256a9a
Thumbprint Algorithm:SHA256
Thumbprint: 6991b9ec21c9334dbd12881f2937df35228aebaea3357441a19e29fada2f1d7d
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
3
# of downloads :
504
Origin country :
VN VN
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Ho So Chung Chi Thong Tin Ca Nhan.exe
Verdict:
Malicious activity
Analysis date:
2024-12-24 17:49:27 UTC
Tags:
python
Link:
https://app.any.run/tasks/8f5887a2-4fab-432f-a10c-8aacadf285dc

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
SecuriteInfo.com.FileRepMalware.22561.28030.UNOFFICIAL
Create hunting rule

Verdict:
Clean
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=676af41075bf3268d2fe44e0
Tags:
installer extens remo
Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Creating a file in the %temp% subdirectories
Restart of the analyzed sample
Creating a window
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
expand lolbin microsoft_visual_cc overlay packed packed packer_detected
Link:
https://www.filescan.io/uploads/676af41b103c07c163780741/reports/726edf05-1e62-4b19-8f17-b3f72db0a42d/overview
Verdict:
Malicious
Labled as:
Trojan.Win64.Disco
Link:
https://www.hybrid-analysis.com/sample/3e456321e783a063b3893ac377e9395fdf457258562ebd057c9b355f65728cef
Result
Verdict:
SUSPICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/bee1b04b-efe3-4350-9f29-197108a9b624
Result
Threat name:
n/a
Detection:
suspicious
Classification:
n/a
Score:
36 / 100
Link:
https://www.joesandbox.com/analysis/1580487
Signature
AI detected suspicious sample
Found pyInstaller with non standard icon
Behaviour
Behavior Graph:
Download SVG
Score:
98%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/3e456321e783a063b3893ac377e9395fdf457258562ebd057c9b355f65728cef
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3e456321e783a063b3893ac377e9395fdf457258562ebd057c9b355f65728cef/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=hzcwgiphqoqghm4jhlbxp2jzl7puk4sykyxl2bl4tm2v6zlsrtxq._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
pyinstaller
Link:
https://tria.ge/reports/241224-wdz6rstkhp/
Behaviour
Suspicious use of WriteProcessMemory
Loads dropped DLL
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/6233e79a-0ab4-4c29-bc03-3dddd901f9b1
Unpacked files
SH256 hash:
f957a4c261506484b53534a9be8931c02ec1a349b3f431a858f8215cecfec3f7
MD5 hash:
50abf0a7ee67f00f247bada185a7661c
SHA1 hash:
0cddac9ac4db3bf10a11d4b79085ef9cb3fb84a1
Link:
https://www.unpac.me/results/397676b2-4afd-4fb8-9919-ae9115e93dbe/
SH256 hash:
f918b0c45f59b2cb29f1eb3653d2f2679095e85e082a1198c933a76edf1f33ef
MD5 hash:
854458ad55c39a9dfd1e350a51be02b8
SHA1 hash:
5013cf58de5a0b55e026ace967e9842b3b131c2a
Link:
https://www.unpac.me/results/397676b2-4afd-4fb8-9919-ae9115e93dbe/
SH256 hash:
f6ba90e21a1e31ff2be7292c2a03d20570788fd829e075ab4a6d37a9ca2ba194
MD5 hash:
ce04551e4a578993207eed8f49e045dc
SHA1 hash:
f2ea2b8901458263879e76f67c4154559252aa5b
Link:
https://www.unpac.me/results/397676b2-4afd-4fb8-9919-ae9115e93dbe/
SH256 hash:
eecac10f830ad0dcbdf0f0dc1422ef5cfed490a877429a4674aecc560869a5e5
MD5 hash:
e6184d65799033dbee51667790130016
SHA1 hash:
b00461d14ffa2beab0887bcb716f331090cce8c9
Link:
https://www.unpac.me/results/397676b2-4afd-4fb8-9919-ae9115e93dbe/
SH256 hash:
ee99af71c347ff53c4e15109cb597759e657a3e859d9530680eeea8bb0540112
MD5 hash:
a6776c201baae1dd6f88048d7747d14c
SHA1 hash:
646119d2e440e6dad0ffb0fe449ab4fc27f09fbe
Link:
https://www.unpac.me/results/397676b2-4afd-4fb8-9919-ae9115e93dbe/
SH256 hash:
edd8206ef8caf25e955e9fba2c9c8ebf73d8ec3fd0f562372f7ed8b8f7004c2f
MD5 hash:
be6d51793bc63716fb45cb49958b0f6a
SHA1 hash:
e2563b2c324b58bad602c46bc4d6148ce5319c10
Link:
https://www.unpac.me/results/397676b2-4afd-4fb8-9919-ae9115e93dbe/
SH256 hash:
ed969fae3cf64f46b5f4d2447980befd6f0a7fd05802529dbc793f3c014bc46c
MD5 hash:
3491700e847fb9e9c4413fc82a0ad285
SHA1 hash:
03694cd43a06bb2fff6a1d85f73bd7b87198e07e
Link:
https://www.unpac.me/results/397676b2-4afd-4fb8-9919-ae9115e93dbe/
SH256 hash:
eb031616db36c1efb2ee72e5a35aae11de7e79eed63cdf055a1c019fba4e6bd5
MD5 hash:
e41e9b1294df6a390c4466feef1688a0
SHA1 hash:
83d1d0ed7521add43d5c29b7b702c1960e7c55cb
Link:
https://www.unpac.me/results/397676b2-4afd-4fb8-9919-ae9115e93dbe/
SH256 hash:
e6b2b05e14a6c6f5381e8f4c7f4fd28a499246fb4c8eafe1f08014b9273d70df
MD5 hash:
4a060eec454c222a5381cd359dc00b81
SHA1 hash:
21e1bc115d04a74779e955ea16a16bd71454d9bb
Link:
https://www.unpac.me/results/397676b2-4afd-4fb8-9919-ae9115e93dbe/
SH256 hash:
e65305c73e3540491a0c62103764d50d827a13d749f76cb2af593a800c93cf44
MD5 hash:
87c57eddf837c1e7aaaddb451d3d981e
SHA1 hash:
5287af84ca9cdfa928355c3c899a43051169a2fd
Link:
https://www.unpac.me/results/397676b2-4afd-4fb8-9919-ae9115e93dbe/
SH256 hash:
e55b200643e8b078e7f5eb0c97de44fead21b11d06590ebedbcb84214d063345
MD5 hash:
4b328f140a3ae7fedb21ca50cc23d938
SHA1 hash:
9e71b4c2cf030a644d2050188c4b77e638c0ee14
Link:
https://www.unpac.me/results/397676b2-4afd-4fb8-9919-ae9115e93dbe/
SH256 hash:
e44d56d10ee14d4c4767a25839c2ef6826adbea3e15c2705b1d79676a63905b4
MD5 hash:
8aad6a3a2fe9052ef218d5c8ce1995e1
SHA1 hash:
33748750e57cdc165fcdd186ae53003649607221
Link:
https://www.unpac.me/results/397676b2-4afd-4fb8-9919-ae9115e93dbe/
SH256 hash:
dd3843c2e46b4e926c36150d614efe02ca0ebc1f767f64f471568adc35c2ef23
MD5 hash:
4c26932f8f1f490017add31f5ec0a533
SHA1 hash:
0da01a7c89b506fe3fd939344bb51b976efb3207
Link:
https://www.unpac.me/results/397676b2-4afd-4fb8-9919-ae9115e93dbe/
SH256 hash:
db978830b1fbcc0521582a6a79864b0fd83179248fa374926c8097bc02cd6383
MD5 hash:
41e0b7cb0eecba317cf321b1ada084d7
SHA1 hash:
4ce1f13188fc00eb29c726717eae489c524c1c8a
Link:
https://www.unpac.me/results/397676b2-4afd-4fb8-9919-ae9115e93dbe/
SH256 hash:
d078a9a9958a7c816dea989bef24f32befc6651aea5e07f97a7b5d50df73f799
MD5 hash:
7e751952f122f4e8be1317087dc9dc71
SHA1 hash:
f65884c8cfbb8ad565b3df3a51af11b1617c7092
Link:
https://www.unpac.me/results/397676b2-4afd-4fb8-9919-ae9115e93dbe/
SH256 hash:
c4c1d381f419731c848e4a20aef02a4436758935c9a274896228b9451956cc8e
MD5 hash:
fb731a1f96c9e34347cba5bb18e54581
SHA1 hash:
88a62edfbbd806b1043b4a1266c4708e1d47be1d
Link:
https://www.unpac.me/results/397676b2-4afd-4fb8-9919-ae9115e93dbe/
SH256 hash:
c09eb307b2eb747b73c516267a99a23bb73204452326d41bdeb6f43598f6d62e
MD5 hash:
0b65672b91c6a12d769dd777f810b149
SHA1 hash:
2d527b45dcbe653a91e10365891c7e589f5e51e0
Link:
https://www.unpac.me/results/397676b2-4afd-4fb8-9919-ae9115e93dbe/
SH256 hash:
ba55f8481d8a9d225b8c430eb010f675250c5afa64d9eeb15ff31dc159a19f5a
MD5 hash:
abaabc1df36c7a0674f20fb83247fd71
SHA1 hash:
345db0ffea0cb2531b79d464ad69347ac71ee2b9
Link:
https://www.unpac.me/results/397676b2-4afd-4fb8-9919-ae9115e93dbe/
SH256 hash:
b998ff8d173c34505e1d5984134282866de910b09919cf9a322fce760b75c80b
MD5 hash:
993b5bc35dac959bed58b77fe42ac77a
SHA1 hash:
2abad159cbab86ff423d6446143427daab751366
Link:
https://www.unpac.me/results/397676b2-4afd-4fb8-9919-ae9115e93dbe/
SH256 hash:
b83a71978215fdba477c4ea61340168947a1021324d118e6b7159054985f2d1a
MD5 hash:
201ff3cd2ffe7d222f46574d4ac40a70
SHA1 hash:
b43f19bbb8fd1c8aa05ba67dea38a7785dbe57b6
Link:
https://www.unpac.me/results/397676b2-4afd-4fb8-9919-ae9115e93dbe/
SH256 hash:
b66ae7e1d0da45a758b2ec9d2727f8f59a2d0a59bf43be347369381338c6afb3
MD5 hash:
c4af0dc7d97105deac352f569beb603d
SHA1 hash:
f52d7ee9ae432dbf5b42d5fb2a816411138d7e03
Link:
https://www.unpac.me/results/397676b2-4afd-4fb8-9919-ae9115e93dbe/
SH256 hash:
b3ba83880986f2522d05a88c52fe69eda9c9fadbc5192a063e36bba777cc877f
MD5 hash:
259b4186004bb41e706dd781e29f5c5b
SHA1 hash:
85751d31fe233ed51c46466f214f497d01be8d87
Link:
https://www.unpac.me/results/397676b2-4afd-4fb8-9919-ae9115e93dbe/
SH256 hash:
af9675ac90bae8a0d8623f6fdaff9d39e1b8810e8e46a5b044baaa3396e745b3
MD5 hash:
9313c86e7bae859f0174a1c8b6aba58b
SHA1 hash:
dce67fd1da5da8dc4ba406c544e55a83d6536cc9
Link:
https://www.unpac.me/results/397676b2-4afd-4fb8-9919-ae9115e93dbe/
SH256 hash:
abf8a6ad52f6c71458dc2c159eb8ce7a297494177f8e05fd52a1e7bceb493426
MD5 hash:
03f1e99c4258416b4c6800081b3701e2
SHA1 hash:
502d6654cc0a331b8c45eb760db39edbc3ee93c9
Link:
https://www.unpac.me/results/397676b2-4afd-4fb8-9919-ae9115e93dbe/
SH256 hash:
9c06541d13c7088f313aab0be5af20b72e583f34e442df3d2fc29953640d4812
MD5 hash:
16a97489dab15db9b9713c53726f3411
SHA1 hash:
c15ad01807955374283805104233bd56760b25c9
Link:
https://www.unpac.me/results/397676b2-4afd-4fb8-9919-ae9115e93dbe/
SH256 hash:
96b11fa8aca734f4b1ddee377c84427d384f8e06affd99c63128797289fc9304
MD5 hash:
2ebacbbda70b888b1bcc5e816d14f3a2
SHA1 hash:
ebf1763b0cee267040312deccb3dad61af1b9cf4
Link:
https://www.unpac.me/results/397676b2-4afd-4fb8-9919-ae9115e93dbe/
SH256 hash:
837167faa319cab764615fcfdb375008aed60c399b139dc0b3b0338a106f3b18
MD5 hash:
b5c0e86861a795b607b3dddf29ceab01
SHA1 hash:
4ece72b0a9d8f42da935f9affe3280b48805d9c1
Link:
https://www.unpac.me/results/397676b2-4afd-4fb8-9919-ae9115e93dbe/
SH256 hash:
7f18dc2971d15434bfe03c4842dced10b466e849d782a1c8e398d96c2e2b12e2
MD5 hash:
8222b0f8bcf884433a55996253963a96
SHA1 hash:
35914b003bbe6527e2479d7f897024915821500f
Link:
https://www.unpac.me/results/397676b2-4afd-4fb8-9919-ae9115e93dbe/
SH256 hash:
5dd42e524920f4cb467031eb9e0e440bbe73de0fb39f71e65736a2ab2f6fcfe8
MD5 hash:
e3ede68927c68aa73ac95722d24334ce
SHA1 hash:
dbe71e1a56f9b7569b4a568bb67e37c38011b879
Link:
https://www.unpac.me/results/397676b2-4afd-4fb8-9919-ae9115e93dbe/
SH256 hash:
5ce391edb33c7055e724a4c3cecc64d16ba2aa4724cb99cd5aed00b0cecfbc82
MD5 hash:
10d466341e7ece8cf75b5d026105741b
SHA1 hash:
31d1e9b9a4511156695b5aa33d65b6a36f8139c2
Link:
https://www.unpac.me/results/397676b2-4afd-4fb8-9919-ae9115e93dbe/
SH256 hash:
34c6e58abcce5bccace50df3bd6c3e2d3f4e8413b14aae8e707ddfddccdeba6d
MD5 hash:
3cca955cde8362605fc268e4b12accaa
SHA1 hash:
6f3c214ef223f35495c0cb0ee359b9d975c14e72
Link:
https://www.unpac.me/results/397676b2-4afd-4fb8-9919-ae9115e93dbe/
SH256 hash:
2ee9434cc5f40f4514c7284e14b90db5c7a33000afda834d7c1dc063baa3d805
MD5 hash:
6d0762a2ba4263d0901ca7aaa0725c0c
SHA1 hash:
e36d2d049116bd2d84121cdfa179098ac03650b4
Link:
https://www.unpac.me/results/397676b2-4afd-4fb8-9919-ae9115e93dbe/
SH256 hash:
1ff617fb9d681551fb456aabaae078c0ac7f96580ac1144ea441826a6d98caef
MD5 hash:
e496d42d228b5e90c7b96350dbb1159c
SHA1 hash:
746ba35a931e05aebda957608a6e28c1699237aa
Link:
https://www.unpac.me/results/397676b2-4afd-4fb8-9919-ae9115e93dbe/
SH256 hash:
189bbbd739526a986e53518865e741cde8c5967aacd5ed687408cec3d8781f1c
MD5 hash:
12ea48ce605ebb204a21ae7d86db3417
SHA1 hash:
5fb0ff9ba4105cd76ee4470ae4cad0a39ae68c66
Link:
https://www.unpac.me/results/397676b2-4afd-4fb8-9919-ae9115e93dbe/
SH256 hash:
0d859a866d1bcefe1a1bc5adb88dcf2765567ecc31dfb4e472b512d033d88bb4
MD5 hash:
7ad2034acd0f296fe9eed320e5ad7591
SHA1 hash:
fe1b217e3f4567905968f7a3d48a7611e3cf3f7b
Link:
https://www.unpac.me/results/397676b2-4afd-4fb8-9919-ae9115e93dbe/
SH256 hash:
0c0a66505093b6a4bb3475f716bd3d9552095776f6a124709c13b3f9552c7d99
MD5 hash:
b9de917b925dd246b709bb4233777efd
SHA1 hash:
775f258d8b530c6ea9f0dd3d1d0b61c1948c25d2
Link:
https://www.unpac.me/results/397676b2-4afd-4fb8-9919-ae9115e93dbe/
SH256 hash:
0a351c2a2889a42886017e7dbcf75f45e3cb24d2f55e72205624272487e4a056
MD5 hash:
4166d703abc9c6de65d5b269d3a5425e
SHA1 hash:
16bcd7191312b94bdf38368d188e5a5cc479a36c
Link:
https://www.unpac.me/results/397676b2-4afd-4fb8-9919-ae9115e93dbe/
SH256 hash:
09f19b41a8d71cd5174efdae2a7649022780434d7c4416d6121153359aa85918
MD5 hash:
fa9b5cec8eed4fef73ec60d7f4c1eb1e
SHA1 hash:
03f19b2886688de1fb2016d614fe514f8b508250
Link:
https://www.unpac.me/results/397676b2-4afd-4fb8-9919-ae9115e93dbe/
SH256 hash:
06b0fd7e6d7cbe35177af8fc17863f247bd5caee64543e3a9a125253d51af777
MD5 hash:
4bb011d3e58e958e94ca23ae05a8e958
SHA1 hash:
741af22136c1d6dce03c75c68e977c05d76ac027
Link:
https://www.unpac.me/results/397676b2-4afd-4fb8-9919-ae9115e93dbe/
SH256 hash:
047d09b49dae9a101eb55277aa37c31390ea6c7187379b448122d77bd77bf005
MD5 hash:
2914ea20c9b8d79b1e98ea6b6dd85450
SHA1 hash:
2e25617bb4f3f6391658b5778f5248d9e6762c6b
Link:
https://www.unpac.me/results/397676b2-4afd-4fb8-9919-ae9115e93dbe/
SH256 hash:
03bebf73df97beed5da608cae73324df2aaec092277d53ce8c119031cf8e21fd
MD5 hash:
5bc2660d94760af50f96b1999de6cfab
SHA1 hash:
75dec9b15bf9181f0e8015992b678bac718d8c0b
Link:
https://www.unpac.me/results/397676b2-4afd-4fb8-9919-ae9115e93dbe/
SH256 hash:
3e456321e783a063b3893ac377e9395fdf457258562ebd057c9b355f65728cef
MD5 hash:
a2eab0b5ce718c66a3507313b679ba91
SHA1 hash:
435b63592df1aa94c838f9cd90457035ccb24168
Link:
https://www.unpac.me/results/397676b2-4afd-4fb8-9919-ae9115e93dbe/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/3e456321e783a063b3893ac377e9395fdf457258562ebd057c9b355f65728cef

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:DebuggerException__SetConsoleCtrl
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:golang_bin_JCorn_CSC846
Create hunting rule
Author:Justin Cornwell
Description:CSC-846 Golang detection ruleset
Rule name:PE_Digital_Certificate
Create hunting rule
Author:albertzsigovits
Rule name:PyInstaller
Create hunting rule
Author:@bartblaze
Description:Identifies executable converted using PyInstaller. This rule by itself does NOT necessarily mean the detected file is malicious.
Rule name:RansomPyShield_Antiransomware
Create hunting rule
Author:XiAnzheng
Description:Check for Suspicious String and Import combination that Ransomware mostly abuse(can create FP)
Rule name:Sus_Obf_Enc_Spoof_Hide_PE
Create hunting rule
Author:XiAnzheng
Description:Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)
Rule name:upxHook
Create hunting rule
Author:@r3dbU7z
Description:Detect artifacts from 'upxHook' - modification of UPX packer
Reference:https://bazaar.abuse.ch/sample/6352be8aa5d8063673aa428c3807228c40505004320232a23d99ebd9ef48478a/

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Executable exe 3e456321e783a063b3893ac377e9395fdf457258562ebd057c9b355f65728cef

(this sample)

  
Link
https://www.virustotal.com/gui/file-analysis/YTJlYWIwYjVjZTcxOGM2NmEzNTA3MzEzYjY3OWJhOTE6MTczNTA2MjE0NA==
  
Delivery method
Distributed via e-mail attachment

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (FORCE_INTEGRITY)high
Reviews
IDCapabilitiesEvidence
AUTH_APIManipulates User AuthorizationADVAPI32.dll::ConvertSidToStringSidW
ADVAPI32.dll::ConvertStringSecurityDescriptorToSecurityDescriptorW
SECURITY_BASE_APIUses Security Base APIADVAPI32.dll::GetTokenInformation
WIN32_PROCESS_APICan Create Process and ThreadsKERNEL32.dll::CreateProcessW
ADVAPI32.dll::OpenProcessToken
KERNEL32.dll::CloseHandle
WIN_BASE_APIUses Win Base APIKERNEL32.dll::TerminateProcess
KERNEL32.dll::LoadLibraryExW
KERNEL32.dll::GetDriveTypeW
KERNEL32.dll::GetStartupInfoW
KERNEL32.dll::GetCommandLineW
KERNEL32.dll::GetCommandLineA
WIN_BASE_EXEC_APICan Execute other programsKERNEL32.dll::WriteConsoleW
KERNEL32.dll::ReadConsoleW
KERNEL32.dll::SetConsoleCtrlHandler
KERNEL32.dll::SetStdHandle
KERNEL32.dll::GetConsoleMode
KERNEL32.dll::GetConsoleOutputCP
WIN_BASE_IO_APICan Create FilesKERNEL32.dll::CreateDirectoryW
KERNEL32.dll::CreateFileW
KERNEL32.dll::DeleteFileW
KERNEL32.dll::FindFirstFileW
KERNEL32.dll::RemoveDirectoryW
KERNEL32.dll::SetDllDirectoryW
WIN_USER_APIPerforms GUI ActionsUSER32.dll::PeekMessageW
USER32.dll::CreateWindowExW

Comments