Launcher[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Launcher.exe
Size

4.4MB
MD5

245226bb0d345446eb6d5507f67b8b37
SHA1

e2fcad325b3c61622d529d532476c7a9647e7be4
SHA256

a8241358dcaa8a72f0fca32a0c02b1dd6607e0b0beda561a717695213ac47be5
SHA512

b4f16c7dfccb08a08278375baf3e6c6969ba69eb2dd5d90af689bff7989ddb0c0c03583b61dfddd835c7545e47b360712fe07a3f62584aa7b2a22ceb15f7e8fb
SSDEEP

98304:bXcapFRzxX11WmGogP/z3lY+kXxf+8VQCGMU:bD5VfWogP/Ex28VQHMU

Score

N/A

Malware Config

Signatures

Files

Launcher.exe
.exe windows x64

812b5d26ecb82f6c3e46fe95d7835cfa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

OpenThread
GetCurrentProcess
VirtualFreeEx
CreateRemoteThread
WriteProcessMemory
GetLastError
VirtualAllocEx
GetModuleFileNameA
Process32Next
Process32First
CreateToolhelp32Snapshot
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentProcessId
SetThreadContext
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetModuleHandleW
CreateEventW
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
CreateFileA
GetFileSizeEx
WaitForSingleObjectEx
FormatMessageA
SetLastError
RtlDeleteFunctionTable
ReadProcessMemory
GetThreadContext
VirtualProtectEx
ResumeThread
SuspendThread
Thread32First
Thread32Next
GetProcessId
RtlAddFunctionTable
VirtualAlloc
VirtualFree
GetStartupInfoW
LoadLibraryA
GetProcAddress
GetModuleHandleA
SetCurrentDirectoryA
GetCurrentDirectoryA
GetTickCount
QueryPerformanceCounter
TerminateProcess
CreateProcessA
Sleep
CreateThread
OpenProcess
ReleaseMutex
WaitForSingleObject
CloseHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
OpenMutexA
GetCurrentThreadId
GetFileAttributesA
CreateDirectoryA
ExpandEnvironmentStringsA
VerifyVersionInfoA
GetSystemDirectoryA
QueryPerformanceFrequency
VerSetConditionMask
FreeLibrary
SleepEx
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
ReadFile
GetStdHandle
WaitForMultipleObjects
PeekNamedPipe
GetFileType
CreateMutexExA

user32

PostQuitMessage
SendMessageA
CallWindowProcA
LoadIconA
LoadCursorA
RegisterClassExA
CreateWindowExA
ShowWindow
GetMessageA
TranslateMessage
DispatchMessageA
DefWindowProcA
SetWindowLongPtrA
BeginPaint
IsWindowVisible
EndPaint
SetWindowTextA
FindWindowA
GetFocus
MessageBoxA
GetWindowLongPtrA
GetSystemMetrics
LoadBitmapA
FillRect
GetWindowRect
SetFocus
UpdateWindow
GetDC
SetWindowPos
InvalidateRect

gdi32

TextOutA
SetTextAlign
SetTextColor
SetBkMode
SetBkColor
CreateFontA
CreateSolidBrush
DeleteDC
DeleteObject
BitBlt
SelectObject
CreateCompatibleDC

comdlg32

GetOpenFileNameA

advapi32

CryptReleaseContext
CryptEncrypt
CryptImportKey
CryptAcquireContextA
CryptGenRandom
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptGetHashParam
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
CryptDestroyKey

spel64

load_library

msvcp140

?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?id@?$ctype@D@std@@2V0locale@2@A
??Bid@locale@std@@QEAA_KXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?id@?$collate@D@std@@2V0locale@2@A
_Strxfrm
_Strcoll
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?tolower@?$ctype@D@std@@QEBADD@Z
?_Xbad_alloc@std@@YAXXZ
?tolower@?$ctype@D@std@@QEBAPEBDPEADPEBD@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
??1facet@locale@std@@MEAA@XZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEA_N@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAI@Z
?uncaught_exception@std@@YA_NXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
??0_Lockit@std@@QEAA@H@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??0_Locinfo@std@@QEAA@PEBD@Z
??1_Lockit@std@@QEAA@XZ
??1_Locinfo@std@@QEAA@XZ
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Incref@facet@locale@std@@UEAAXXZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Xlength_error@std@@YAXPEBD@Z
??0facet@locale@std@@IEAA@_K@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__std_exception_copy
__std_exception_destroy
strchr
_purecall
strrchr
strstr
__C_specific_handler
__RTDynamicCast
__current_exception
memchr
__current_exception_context
memset
_CxxThrowException
memcmp
__std_terminate
memcpy
memmove

api-ms-win-crt-heap-l1-1-0

_callnewh
malloc
free
_set_new_mode
realloc
calloc

api-ms-win-crt-runtime-l1-1-0

strerror
_beginthreadex
_invalid_parameter_noinfo
_invalid_parameter_noinfo_noreturn
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
__sys_nerr
_errno
_register_thread_local_exe_atexit_callback
_c_exit
_crt_atexit
_exit
exit
_initterm_e
_initterm
_get_narrow_winmain_command_line
_getpid
_set_app_type
_seh_filter_exe
terminate
_cexit

api-ms-win-crt-time-l1-1-0

strftime
clock
_time64
_gmtime64
_localtime64_s

api-ms-win-crt-string-l1-1-0

strcspn
strcmp
tolower
_stricmp
strspn
strncmp
strncpy
isupper
strpbrk
strcpy_s
_strdup
strcat_s

api-ms-win-crt-stdio-l1-1-0

__p__commode
__stdio_common_vsscanf
_read
__stdio_common_vsprintf
_write
_open
_close
__stdio_common_vsprintf_s
fseek
_set_fmode
fgets
fopen
_lseeki64
ftell
fflush
__acrt_iob_func
setvbuf
fputs
fopen_s
fsetpos
_fseeki64
fgetpos
fclose
_get_stream_buffer_pointers
fwrite
fread
fputc
ungetc
fgetc

api-ms-win-crt-convert-l1-1-0

strtoul
atoi
strtoll
strtol

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_access
rename
remove
_fstat64
_stat64
_unlock_file

api-ms-win-crt-utility-l1-1-0

srand
qsort
rand_s
rand

api-ms-win-crt-environment-l1-1-0

_dupenv_s
getenv

api-ms-win-crt-multibyte-l1-1-0

_mbspbrk
_mbsncmp
_mbsnbcpy
_mbschr

api-ms-win-crt-math-l1-1-0

ceilf
__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

crypt32

CertFindCertificateInStore
CertCloseStore
CertFreeCertificateContext
CertOpenStore
CertGetCertificateChain
CertFreeCertificateChainEngine
CertAddCertificateContextToStore
CryptQueryObject
CertFreeCertificateChain
CertGetNameStringA
CertCreateCertificateChainEngine
CertEnumCertificatesInStore
CryptStringToBinaryA

ws2_32

connect
getsockopt
htons
setsockopt
send
recv
WSAStartup
WSACleanup
getsockname
ntohs
socket
ntohl
gethostname
htonl
getpeername
ioctlsocket
getaddrinfo
freeaddrinfo
accept
listen
recvfrom
sendto
WSASetLastError
__WSAFDIsSet
select
closesocket
bind
WSAIoctl
WSAGetLastError

wldap32

ord27
ord200
ord45
ord26
ord46
ord79
ord22
ord301
ord33
ord211
ord41
ord32
ord35
ord30
ord50
ord143
ord60
ord217

Sections

.text
Size: 496KB - Virtual size: 495KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 126KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 669KB - Virtual size: 669KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.vlizer
Size: 3.1MB - Virtual size: 8.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

812b5d26ecb82f6c3e46fe95d7835cfa

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

spel64

msvcp140

version

vcruntime140_1

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-multibyte-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

crypt32

ws2_32

wldap32

Sections

.text Size: 496KB - Virtual size: 495KB

.rdata Size: 126KB - Virtual size: 126KB

.data Size: 4KB - Virtual size: 7KB

.pdata Size: 21KB - Virtual size: 20KB

.rsrc Size: 669KB - Virtual size: 669KB

.reloc Size: - Virtual size: 1KB

.vlizer Size: 3.1MB - Virtual size: 8.4MB

.text
Size: 496KB - Virtual size: 495KB

.rdata
Size: 126KB - Virtual size: 126KB

.data
Size: 4KB - Virtual size: 7KB

.pdata
Size: 21KB - Virtual size: 20KB

.rsrc
Size: 669KB - Virtual size: 669KB

.reloc
Size: - Virtual size: 1KB

.vlizer
Size: 3.1MB - Virtual size: 8.4MB