MangoKeywordsTUI_PTO[.]rar

Resubmissions

30/12/2022, 22:20

221230-1846esbh91 1

Sharing

Copy URL Twitter E-mail

General

Target

MangoKeywordsTUI_PTO.rar
Size

4.3MB
MD5

79c0f43730a84152c2e6d709e4fded3c
SHA1

b78feb795681e933694dc4aa5991996806b75d2e
SHA256

77ce6539b3e883d35b11698146ff5401a2213afec31f659df32b3f7683fa1dee
SHA512

5c5aa02faa84f408187212eba1e4e21f74ace06963fe034a17144b578e4d911d9aafd11753d7e618e3ee4aeca28abd7eaec072396a929d25f401ab8c6c5091f1
SSDEEP

98304:50XNRfco4Dshz3xoJjUFXDz8KjUwkvS6tjwXMliaBejpa:5GNt048uXDNj7kVxkdaIo

Score

N/A

Malware Config

Signatures

Files

MangoKeywordsTUI_PTO.rar
.rar

Password: untrusted
MangoKeywordsTUI_PTO.exe
.exe windows x64

Password: untrusted

5ab9d2baf394891b567ba094f8fb4d35

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntdll

RtlVirtualUnwind
NtDeviceIoControlFile
NtCancelIoFileEx
RtlCaptureContext
NtCreateFile
RtlLookupFunctionEntry
RtlNtStatusToDosError

kernel32

Sleep
SetFileTime
TryAcquireSRWLockExclusive
lstrlenW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
SwitchToThread
GetSystemInfo
GetModuleHandleA
GetProcAddress
SetFileCompletionNotificationModes
GetQueuedCompletionStatusEx
CreateIoCompletionPort
SetConsoleScreenBufferSize
PostQueuedCompletionStatus
QueryPerformanceFrequency
HeapFree
CreateFileW
GetLargestConsoleWindowSize
SetConsoleWindowInfo
ReadConsoleInputW
QueryPerformanceCounter
GetNumberOfConsoleInputEvents
WaitForMultipleObjects
GetConsoleMode
GetStdHandle
GetFileInformationByHandleEx
GlobalMemoryStatusEx
CloseHandle
InitializeCriticalSection
FillConsoleOutputAttribute
FillConsoleOutputCharacterA
SetLastError
GetCurrentDirectoryW
GetEnvironmentVariableW
GetTempPathW
GetCommandLineW
SetConsoleTitleW
SetFileInformationByHandle
SetFilePointerEx
SetConsoleTextAttribute
CreateEventW
GetOverlappedResult
WaitForSingleObject
GetExitCodeProcess
TryEnterCriticalSection
AddVectoredExceptionHandler
SetThreadStackGuarantee
GetCurrentProcess
GetCurrentThread
ReleaseMutex
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
GetFileInformationByHandle
DeviceIoControl
CreateDirectoryW
DeleteFileW
CreateSymbolicLinkW
CreateHardLinkW
SetFileAttributesW
GetFinalPathNameByHandleW
SetHandleInformation
GetModuleHandleW
FormatMessageW
GetModuleFileNameW
ExitProcess
GetFullPathNameW
CancelIo
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetCurrentProcessId
CreateNamedPipeW
DuplicateHandle
CreateThread
TlsGetValue
TlsSetValue
WriteConsoleW
ReadFile
LeaveCriticalSection
GetConsoleScreenBufferInfo
SetConsoleMode
EnterCriticalSection
SetConsoleCursorPosition
GetLastError
SetConsoleCursorInfo
AcquireSRWLockShared
GetProcessHeap
WriteFile
HeapAlloc
CompareStringOrdinal
UnhandledExceptionFilter
ReleaseSRWLockShared
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetCurrentThreadId
InitializeSListHead
IsDebuggerPresent
GetSystemTimeAsFileTime
HeapReAlloc

shell32

SHCreateItemFromParsingName
SHGetKnownFolderPath

ole32

CoCreateInstance
CoUninitialize
CoTaskMemFree
CoInitializeEx

user32

GetSystemMetrics
SendInput
MessageBoxW

bcrypt

BCryptGenRandom

ws2_32

WSAGetLastError
WSAIoctl
setsockopt
closesocket
bind
socket
WSASocketW
connect
shutdown
WSAStartup
getsockopt
WSACleanup
freeaddrinfo
getaddrinfo
getpeername
recv
send
ioctlsocket
WSASend

crypt32

CertCloseStore
CertDuplicateStore
CertFreeCertificateContext
CertFreeCertificateChain
CertEnumCertificatesInStore
CertDuplicateCertificateChain
CertAddCertificateContextToStore
CertOpenStore
CertDuplicateCertificateContext
CertGetCertificateChain
CertVerifyCertificateChainPolicy

secur32

AcquireCredentialsHandleA
FreeCredentialsHandle
DecryptMessage
FreeContextBuffer
InitializeSecurityContextW
AcceptSecurityContext
QueryContextAttributesW
ApplyControlToken
EncryptMessage
DeleteSecurityContext

advapi32

RegOpenKeyExW
RegCloseKey
RegQueryValueExW

vcruntime140

__C_specific_handler
__current_exception_context
_CxxThrowException
memcmp
memmove
__CxxFrameHandler3
memset
memcpy
__current_exception

api-ms-win-crt-string-l1-1-0

strlen
wcslen

api-ms-win-crt-math-l1-1-0

__setusermatherr
round
floor
fmod

api-ms-win-crt-heap-l1-1-0

_set_new_mode
malloc
free

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e
_initialize_narrow_environment
_exit
__p___argc
_get_initial_narrow_environment
__p___argv
_cexit
_c_exit
_configure_narrow_argv
_register_thread_local_exe_atexit_callback
_set_app_type
_seh_filter_exe
_initialize_onexit_table
_register_onexit_function
exit
terminate
_crt_atexit

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 5.2MB - Virtual size: 5.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 199KB - Virtual size: 198KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.vlizer
Size: 300KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.stk
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
stk.dll
.dll windows x64

Password: untrusted

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: - Virtual size: 304KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: untrusted

Password: untrusted

5ab9d2baf394891b567ba094f8fb4d35

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

shell32

ole32

user32

bcrypt

ws2_32

crypt32

secur32

advapi32

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 5.2MB - Virtual size: 5.2MB

.rdata Size: 2.2MB - Virtual size: 2.2MB

.data Size: 13KB - Virtual size: 15KB

.pdata Size: 199KB - Virtual size: 198KB

.rsrc Size: 75KB - Virtual size: 75KB

.reloc Size: - Virtual size: 50KB

.vlizer Size: 300KB - Virtual size: 1.3MB

.stk Size: 4KB - Virtual size: 4KB

Password: untrusted

Headers

DLL Characteristics

File Characteristics

Sections

Size: - Virtual size: 304KB

Size: 1.9MB - Virtual size: 1.9MB

Size: 512B - Virtual size: 4KB

.text
Size: 5.2MB - Virtual size: 5.2MB

.rdata
Size: 2.2MB - Virtual size: 2.2MB

.data
Size: 13KB - Virtual size: 15KB

.pdata
Size: 199KB - Virtual size: 198KB

.rsrc
Size: 75KB - Virtual size: 75KB

.reloc
Size: - Virtual size: 50KB

.vlizer
Size: 300KB - Virtual size: 1.3MB

.stk
Size: 4KB - Virtual size: 4KB