newencryptionrustproject[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

newencryptionrustproject.exe
Size

2.1MB
MD5

3576054e6beb4e3ad075a8a7cea7a2c0
SHA1

4f6dfdda818c3e994a14fc3d4e63e2a27e92488d
SHA256

49911db01d7f79be0acad687ef0b2b4f4983c0abe19431e1bec7f6f83be5f0ba
SHA512

41b146a8b66a5c73901c7db9148d19039e12b6d6e41582e2abd873aca55aa3d46b666cd36d924dda52929643fd3a5603158ff424e8f63a26d283ad6dda2c3699
SSDEEP

24576:oStzW0akprS4YexBnpSRSGlwFRuXGH2cbigdqopaQn652ZOJrbAZfe5SX5IBlq:BzW0aEr+ybzFRu2WcbdjTjAAww

Score

1^/10

Malware Config

Signatures

Files

newencryptionrustproject.exe
.exe windows x64

f6176dd9e25661c8cad02e5a2a4968e9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

CryptReleaseContext
SystemFunction036

kernel32

CloseHandle
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
SleepConditionVariableSRW
WaitNamedPipeW
SetNamedPipeHandleState
SetHandleInformation
GetCurrentProcessId
FlushFileBuffers
CancelIoEx
CreateEventW
WaitForSingleObject
GetOverlappedResult
ReadFile
WriteFile
CreateFileW
GetLastError
TryAcquireSRWLockExclusive
ReleaseMutex
FindClose
ReleaseSRWLockShared
AddVectoredExceptionHandler
SetThreadStackGuarantee
SwitchToThread
GetCurrentProcess
GetCurrentThread
RtlCaptureContext
GetProcAddress
RtlLookupFunctionEntry
SetLastError
GetCurrentDirectoryW
GetEnvironmentVariableW
GetCommandLineW
SetFileInformationByHandle
SetFilePointerEx
GetStdHandle
TerminateProcess
WakeConditionVariable
QueryPerformanceCounter
QueryPerformanceFrequency
HeapAlloc
GetProcessHeap
HeapFree
HeapReAlloc
AcquireSRWLockShared
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
GetModuleHandleA
FindNextFileW
GetFileInformationByHandle
GetFileInformationByHandleEx
FindFirstFileW
GetConsoleMode
GetModuleHandleW
FormatMessageW
GetModuleFileNameW
ExitProcess
GetFullPathNameW
WriteConsoleW
ReadConsoleW
TlsGetValue
TlsSetValue
GetSystemTimeAsFileTime
IsDebuggerPresent
InitializeSListHead
GetCurrentThreadId
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind

ws2_32

setsockopt
WSAIoctl
WSAPoll
WSAStartup
WSACleanup
freeaddrinfo
getaddrinfo
send
closesocket
getsockname
getpeername
recv
WSASocketW
getsockopt
ioctlsocket
connect
WSAGetLastError
bind

secur32

InitializeSecurityContextW
FreeCredentialsHandle
EncryptMessage
QueryContextAttributesW
DeleteSecurityContext
AcquireCredentialsHandleA
DecryptMessage
FreeContextBuffer
AcceptSecurityContext

crypt32

CertOpenStore
CertDuplicateStore
PFXImportCertStore
CertFreeCertificateChain
CertAddCertificateContextToStore
CertEnumCertificatesInStore
CertGetCertificateChain
CertVerifyCertificateChainPolicy
CertFreeCertificateContext
CertDuplicateCertificateContext
CertCreateCertificateContext
CryptStringToBinaryA
CryptAcquireCertificatePrivateKey
CertDuplicateCertificateChain
CertCloseStore

ncrypt

NCryptFreeObject

bcrypt

BCryptGenRandom

vcruntime140

memmove
memcpy
memcmp
_CxxThrowException
__C_specific_handler
__current_exception
__current_exception_context
__CxxFrameHandler3
memset

api-ms-win-crt-math-l1-1-0

ceil
floor
__setusermatherr
log2

api-ms-win-crt-string-l1-1-0

strlen

api-ms-win-crt-runtime-l1-1-0

_set_app_type
_configure_narrow_argv
_seh_filter_exe
terminate
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
__p___argv
__p___argc
_get_initial_narrow_environment
_exit
exit
_initterm_e
_initterm

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

_set_new_mode
free

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 834KB - Virtual size: 833KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f6176dd9e25661c8cad02e5a2a4968e9

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

ws2_32

secur32

crypt32

ncrypt

bcrypt

vcruntime140

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 834KB - Virtual size: 833KB

.data Size: 512B - Virtual size: 2KB

.pdata Size: 52KB - Virtual size: 51KB

.reloc Size: 17KB - Virtual size: 17KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 834KB - Virtual size: 833KB

.data
Size: 512B - Virtual size: 2KB

.pdata
Size: 52KB - Virtual size: 51KB

.reloc
Size: 17KB - Virtual size: 17KB