main[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

main.exe
Size

12.9MB
MD5

6423147c33d0472554a3c071bf50861d
SHA1

07e93e9bb4b5816978cc9cb32cdc0de551259222
SHA256

15a41188506ad91be34d0f8ae6b1ca7762a9f698fc26eef17aecb599ac11edd2
SHA512

d2c0d5f7074acbecec6b1e27e84420ab8165772cecafdcc71505124accdd783f089bbad568496152fb135db4234a79eaccc70375805acf3b004cc0b26c814553
SSDEEP

98304:guS/UWGJ/BC+h6RgxR75OutWfbmRZeDL/ihZwzCo7HYbjSn9il22m6Aojf2/lb5N:1SGCfgxRkPL/ihGSZycoUXgCc

Score

1^/10

Malware Config

Signatures

Files

main.exe
.exe windows x64

3ccdfcc1e5778207aa537320ee87c06d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

libcurl-x64

curl_easy_cleanup
curl_easy_getinfo
curl_easy_init
curl_easy_perform
curl_easy_setopt
curl_easy_strerror
curl_slist_append

advapi32

DeregisterEventSource
GetUserNameA
GetUserNameW
RegCloseKey
RegOpenKeyExW
RegSetValueExW
RegisterEventSourceW
ReportEventW

bcrypt

BCryptGenRandom

crypt32

CryptUnprotectData

libgcc_s_seh-1

_Unwind_Resume

gdi32

BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
DeleteDC
DeleteObject
GetBitmapBits
SelectObject

iphlpapi

GetAdaptersAddresses

kernel32

AcquireSRWLockExclusive
AcquireSRWLockShared
CloseHandle
ConvertFiberToThread
ConvertThreadToFiberEx
CopyFileA
CreateDirectoryA
CreateFiberEx
CreateProcessA
CreateToolhelp32Snapshot
DeleteCriticalSection
DeleteFiber
EnterCriticalSection
FindClose
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
FormatMessageW
FreeLibrary
GetACP
GetConsoleMode
GetConsoleWindow
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDiskFreeSpaceExA
GetEnvironmentVariableW
GetFileAttributesA
GetFileType
GetLastError
GetLocalTime
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
GetStartupInfoA
GetStdHandle
GetSystemDirectoryA
GetSystemInfo
GetSystemTime
GetSystemTimeAsFileTime
GetTickCount
GetVersion
GlobalLock
GlobalMemoryStatusEx
GlobalUnlock
InitializeCriticalSection
InitializeSRWLock
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
LocalFree
MultiByteToWideChar
OpenProcess
Process32First
Process32Next
QueryPerformanceCounter
ReadConsoleA
ReadConsoleW
ReleaseSRWLockExclusive
ReleaseSRWLockShared
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetConsoleMode
SetFileAttributesA
SetLastError
SetUnhandledExceptionFilter
Sleep
SwitchToFiber
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualLock
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
Wow64DisableWow64FsRedirection
WriteFile
lstrlenW

msvcrt

__C_specific_handler
___lc_codepage_func
___mb_cur_max_func
__getmainargs
__initenv
__iob_func
__lconv_init
__set_app_type
__setusermatherr
_access
_acmdln
_amsg_exit
_cexit
_errno
_exit
_fileno
_findclose
_findfirst64
_findnext64
_fmode
_fullpath
_gmtime64
_initterm
_mkdir
_onexit
_pclose
_popen
_setmode
_snwprintf
_stat64
_strdup
_strdup
_time64
_vsnprintf
_vsnwprintf
_wfopen
_wgetcwd
_time64
_wpopen
abort
atoi
calloc
ctime
exit
fclose
feof
ferror
fflush
fgets
fgetws
fopen
fprintf
fputc
fputs
fputwc
fread
free
fseek
ftell
fwprintf
fwprintf
fwrite
getenv
islower
isspace
isupper
localeconv
malloc
memchr
memcmp
memcpy
memmove
memset
qsort
raise
rand
realloc
setvbuf
signal
sprintf
srand
sscanf
strcat
strchr
strcmp
strcpy
strcspn
strerror
strlen
strncmp
strncpy
strrchr
strspn
strstr
strtol
strtoul
tolower
vfprintf
vswprintf_s
wcscpy
wcslen
wcsstr
wcstombs

shlwapi

PathFindExtensionW
PathFindFileNameW

user32

CloseClipboard
GetClipboardData
GetDC
GetDesktopWindow
GetProcessWindowStation
GetSystemMetrics
GetUserObjectInformationW
GetWindowRect
MessageBoxA
MessageBoxW
OpenClipboard
ReleaseDC
ShowWindow

ws2_32

WSACleanup
WSAGetLastError
WSASetLastError
WSAStartup
accept
bind
closesocket
connect
gethostbyaddr
gethostbyname
getservbyname
getservbyport
getsockname
getsockopt
htonl
htons
inet_addr
inet_ntoa
ioctlsocket
listen
ntohs
recv
select
send
setsockopt
shutdown
socket

libstdc++-6

_ZNKSt13runtime_error4whatEv
_ZNKSt14basic_ifstreamIcSt11char_traitsIcEE5rdbufEv
_ZNKSt5ctypeIcE13_M_widen_initEv
_ZNKSt6locale2id5_M_idEv
_ZNKSt7__cxx1118basic_stringstreamIcSt11char_traitsIcESaIcEE3strEv
_ZNKSt7__cxx1118basic_stringstreamIwSt11char_traitsIwESaIwEE3strEv
_ZNKSt7__cxx1119basic_ostringstreamIwSt11char_traitsIwESaIwEE3strEv
_ZNKSt7__cxx117collateIcE9transformEPKcS3_
_ZNKSt7__cxx117collateIwE9transformEPKwS3_
_ZNKSt8__detail20_Prime_rehash_policy11_M_next_bktEy
_ZNKSt8__detail20_Prime_rehash_policy14_M_need_rehashEyyy
_ZNKSt9basic_iosIcSt11char_traitsIcEE4failEv
_ZNKSt9basic_iosIcSt11char_traitsIcEE5rdbufEv
_ZNKSt9basic_iosIcSt11char_traitsIcEE5widenEc
_ZNKSt9basic_iosIcSt11char_traitsIcEE7rdstateEv
_ZNKSt9basic_iosIcSt11char_traitsIcEEcvbEv
_ZNKSt9basic_iosIwSt11char_traitsIwEE4failEv
_ZNKSt9basic_iosIwSt11char_traitsIwEE5widenEc
_ZNKSt9basic_iosIwSt11char_traitsIwEEcvbEv
_ZNKSt9type_infoeqERKS_
_ZNSaIcEC1ERKS_
_ZNSaIcEC1Ev
_ZNSaIcEC2ERKS_
_ZNSaIcEC2Ev
_ZNSaIcED1Ev
_ZNSaIcED2Ev
_ZNSaIwEC1ERKS_
_ZNSaIwEC1Ev
_ZNSaIwEC2ERKS_
_ZNSaIwEC2Ev
_ZNSaIwED1Ev
_ZNSaIwED2Ev
_ZNSirsEPFRSt8ios_baseS0_E
_ZNSirsERl
_ZNSo5writeEPKcx
_ZNSolsEPFRSoS_E
_ZNSolsEPFRSt8ios_baseS0_E
_ZNSolsEPSt15basic_streambufIcSt11char_traitsIcEE
_ZNSolsEd
_ZNSolsEi
_ZNSt11regex_errorD1Ev
_ZNSt13basic_istreamIwSt11char_traitsIwEErsEPFRSt8ios_baseS4_E
_ZNSt13basic_istreamIwSt11char_traitsIwEErsERl
_ZNSt13basic_ostreamIwSt11char_traitsIwEElsEi
_ZNSt13basic_ostreamIwSt11char_traitsIwEElsEl
_ZNSt13basic_ostreamIwSt11char_traitsIwEElsEm
_ZNSt13basic_ostreamIwSt11char_traitsIwEElsEt
_ZNSt13runtime_errorC1EPKc
_ZNSt13runtime_errorC1ERKS_
_ZNSt13runtime_errorC2EPKc
_ZNSt13runtime_errorD1Ev
_ZNSt14basic_ifstreamIcSt11char_traitsIcEE5closeEv
_ZNSt14basic_ifstreamIcSt11char_traitsIcEE7is_openEv
_ZNSt14basic_ifstreamIcSt11char_traitsIcEEC1EPKcSt13_Ios_Openmode
_ZNSt14basic_ifstreamIcSt11char_traitsIcEEC1ERKNSt7__cxx1112basic_stringIcS1_SaIcEEESt13_Ios_Openmode
_ZNSt14basic_ifstreamIcSt11char_traitsIcEED1Ev
_ZNSt14basic_ofstreamIcSt11char_traitsIcEE5closeEv
_ZNSt14basic_ofstreamIcSt11char_traitsIcEEC1ERKNSt7__cxx1112basic_stringIcS1_SaIcEEESt13_Ios_Openmode
_ZNSt14basic_ofstreamIcSt11char_traitsIcEED1Ev
_ZNSt14basic_ofstreamIwSt11char_traitsIwEE5closeEv
_ZNSt14basic_ofstreamIwSt11char_traitsIwEEC1ERKNSt7__cxx1112basic_stringIcS0_IcESaIcEEESt13_Ios_Openmode
_ZNSt14basic_ofstreamIwSt11char_traitsIwEED1Ev
_ZNSt15basic_streambufIcSt11char_traitsIcEE5sgetcEv
_ZNSt15basic_streambufIcSt11char_traitsIcEE6sbumpcEv
_ZNSt5ctypeIcE2idE
_ZNSt5ctypeIwE2idE
_ZNSt6locale6globalERKS_
_ZNSt6localeC1EPKc
_ZNSt6localeC1ERKS_
_ZNSt6localeC1Ev
_ZNSt6localeD1Ev
_ZNSt6localeaSERKS_
_ZNSt7__cxx1118basic_stringstreamIcSt11char_traitsIcESaIcEEC1ESt13_Ios_Openmode
_ZNSt7__cxx1118basic_stringstreamIcSt11char_traitsIcESaIcEED1Ev
_ZNSt7__cxx1118basic_stringstreamIwSt11char_traitsIwESaIwEEC1ERKNS_12basic_stringIwS2_S3_EESt13_Ios_Openmode
_ZNSt7__cxx1118basic_stringstreamIwSt11char_traitsIwESaIwEEC1ESt13_Ios_Openmode
_ZNSt7__cxx1118basic_stringstreamIwSt11char_traitsIwESaIwEED1Ev
_ZNSt7__cxx1119basic_istringstreamIcSt11char_traitsIcESaIcEEC1ERKNS_12basic_stringIcS2_S3_EESt13_Ios_Openmode
_ZNSt7__cxx1119basic_istringstreamIcSt11char_traitsIcESaIcEED1Ev
_ZNSt7__cxx1119basic_istringstreamIwSt11char_traitsIwESaIwEEC1ERKNS_12basic_stringIwS2_S3_EESt13_Ios_Openmode
_ZNSt7__cxx1119basic_istringstreamIwSt11char_traitsIwESaIwEED1Ev
_ZNSt7__cxx1119basic_ostringstreamIwSt11char_traitsIwESaIwEEC1ESt13_Ios_Openmode
_ZNSt7__cxx1119basic_ostringstreamIwSt11char_traitsIwESaIwEED1Ev
_ZNSt8ios_base4InitC1Ev
_ZNSt8ios_base4InitD1Ev
_ZNSt9basic_iosIcSt11char_traitsIcEE5clearESt12_Ios_Iostate
_ZNSt9exceptionD2Ev
_ZSt11_Hash_bytesPKvyy
_ZSt16__ostream_insertIcSt11char_traitsIcEERSt13basic_ostreamIT_T0_ES6_PKS3_x
_ZSt16__ostream_insertIwSt11char_traitsIwEERSt13basic_ostreamIT_T0_ES6_PKS3_x
_ZSt16__throw_bad_castv
_ZSt17__throw_bad_allocv
_ZSt18_Rb_tree_decrementPSt18_Rb_tree_node_base
_ZSt18_Rb_tree_incrementPSt18_Rb_tree_node_base
_ZSt19__throw_logic_errorPKc
_ZSt19__throw_regex_errorNSt15regex_constants10error_typeE
_ZSt20__throw_length_errorPKc
_ZSt20__throw_out_of_rangePKc
_ZSt24__throw_invalid_argumentPKc
_ZSt24__throw_out_of_range_fmtPKcz
_ZSt25__throw_bad_function_callv
_ZSt28_Rb_tree_rebalance_for_erasePSt18_Rb_tree_node_baseRS_
_ZSt29_Rb_tree_insert_and_rebalancebPSt18_Rb_tree_node_baseS0_RS_
_ZSt4cerr
_ZSt4endlIcSt11char_traitsIcEERSt13basic_ostreamIT_T0_ES6_
_ZSt7getlineIcSt11char_traitsIcESaIcEERSt13basic_istreamIT_T0_ES7_RNSt7__cxx1112basic_stringIS4_S5_T1_EES4_
_ZSt7getlineIwSt11char_traitsIwESaIwEERSt13basic_istreamIT_T0_ES7_RNSt7__cxx1112basic_stringIS4_S5_T1_EES4_
_ZSt9use_facetINSt7__cxx117collateIcEEERKT_RKSt6locale
_ZSt9use_facetINSt7__cxx117collateIwEEERKT_RKSt6locale
_ZSt9use_facetISt5ctypeIcEERKT_RKSt6locale
_ZSt9use_facetISt5ctypeIwEERKT_RKSt6locale
_ZStlsISt11char_traitsIcEERSt13basic_ostreamIcT_ES5_PKc
_ZStlsISt11char_traitsIcEERSt13basic_ostreamIcT_ES5_c
_ZStlsIcSt11char_traitsIcEERSt13basic_ostreamIT_T0_ES6_St13_Setprecision
_ZStlsIwSt11char_traitsIwEERSt13basic_ostreamIT_T0_ES6_PKS3_
_ZStlsIwSt11char_traitsIwEERSt13basic_ostreamIT_T0_ES6_PKc
_ZStlsIwSt11char_traitsIwEERSt13basic_ostreamIT_T0_ES6_St5_Setw
_ZStlsIwSt11char_traitsIwEERSt13basic_ostreamIT_T0_ES6_St8_SetfillIS3_E
_ZTVN10__cxxabiv117__class_type_infoE
_ZTVN10__cxxabiv120__si_class_type_infoE
_ZTVN10__cxxabiv121__vmi_class_type_infoE
_ZTVSt11regex_error
_ZTVSt9exception
_ZdaPv
_ZdlPv
_ZdlPvy
_Znay
_Znwy
__cxa_allocate_exception
__cxa_bad_cast
__cxa_begin_catch
__cxa_end_catch
__cxa_free_exception
__cxa_guard_abort
__cxa_guard_acquire
__cxa_guard_release
__cxa_pure_virtual
__cxa_rethrow
__cxa_throw
__dynamic_cast
__gxx_personality_seh0

sqlite3

sqlite3_close
sqlite3_column_int
sqlite3_column_int64
sqlite3_column_text
sqlite3_finalize
sqlite3_open
sqlite3_prepare_v2
sqlite3_step

libsodium-23

sodium_base642bin

Sections

.text
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 661KB - Virtual size: 661KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 131KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 160KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 15KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/31
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/45
Size: 266KB - Virtual size: 265KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/57
Size: 368KB - Virtual size: 367KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/70
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/81
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3ccdfcc1e5778207aa537320ee87c06d

Headers

File Characteristics

Imports

libcurl-x64

advapi32

bcrypt

crypt32

libgcc_s_seh-1

gdi32

iphlpapi

kernel32

msvcrt

shlwapi

user32

ws2_32

libstdc++-6

sqlite3

libsodium-23

Sections

.text Size: 2.8MB - Virtual size: 2.8MB

.data Size: 11KB - Virtual size: 11KB

.rdata Size: 661KB - Virtual size: 661KB

.pdata Size: 131KB - Virtual size: 130KB

.xdata Size: 160KB - Virtual size: 160KB

.bss Size: - Virtual size: 15KB

.idata Size: 19KB - Virtual size: 18KB

.CRT Size: 512B - Virtual size: 104B

.tls Size: 512B - Virtual size: 16B

/4 Size: 86KB - Virtual size: 85KB

/19 Size: 3.3MB - Virtual size: 3.3MB

/31 Size: 9KB - Virtual size: 9KB

/45 Size: 266KB - Virtual size: 265KB

/57 Size: 368KB - Virtual size: 367KB

/70 Size: 63KB - Virtual size: 63KB

/81 Size: 92KB - Virtual size: 92KB

.text
Size: 2.8MB - Virtual size: 2.8MB

.data
Size: 11KB - Virtual size: 11KB

.rdata
Size: 661KB - Virtual size: 661KB

.pdata
Size: 131KB - Virtual size: 130KB

.xdata
Size: 160KB - Virtual size: 160KB

.bss
Size: - Virtual size: 15KB

.idata
Size: 19KB - Virtual size: 18KB

.CRT
Size: 512B - Virtual size: 104B

.tls
Size: 512B - Virtual size: 16B

/4
Size: 86KB - Virtual size: 85KB

/19
Size: 3.3MB - Virtual size: 3.3MB

/31
Size: 9KB - Virtual size: 9KB

/45
Size: 266KB - Virtual size: 265KB

/57
Size: 368KB - Virtual size: 367KB

/70
Size: 63KB - Virtual size: 63KB

/81
Size: 92KB - Virtual size: 92KB