Static task
static1
General
-
Target
MangoKeywordsTUI_PTO.exe
-
Size
8.0MB
-
MD5
3e2d01ec5e8d345785f07c8dd999fa6d
-
SHA1
b305d7b5432f51a93de7e0c76b78bea3f94f4b65
-
SHA256
8e72bad1b1c451a3221ef9490fece1c39c83c3646f169a4704ddae8bc346b25b
-
SHA512
12d98af56dfb1ff647d88b453a55929221f79db98440ad9ddef40b1cd78e6e54b04e8d869c8bbf7e7c8476a0ebdc3060e120721f831062c948a57603993d48c0
-
SSDEEP
49152:0NGWCctCj70j6Q9z7DLT2z7DLTrz7DLTYz7DLT/z7DLTDGe6RThiqmkXFZ8oX9xk:uTmZ4wjhYyVY0O5ZaoUgs6T
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource MangoKeywordsTUI_PTO.exe
Files
-
MangoKeywordsTUI_PTO.exe.exe windows x64
5ab9d2baf394891b567ba094f8fb4d35
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
ntdll
RtlVirtualUnwind
NtDeviceIoControlFile
NtCancelIoFileEx
RtlCaptureContext
NtCreateFile
RtlLookupFunctionEntry
RtlNtStatusToDosError
kernel32
Sleep
SetFileTime
TryAcquireSRWLockExclusive
lstrlenW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
SwitchToThread
GetSystemInfo
GetModuleHandleA
GetProcAddress
SetFileCompletionNotificationModes
GetQueuedCompletionStatusEx
CreateIoCompletionPort
SetConsoleScreenBufferSize
PostQueuedCompletionStatus
QueryPerformanceFrequency
HeapFree
CreateFileW
GetLargestConsoleWindowSize
SetConsoleWindowInfo
ReadConsoleInputW
QueryPerformanceCounter
GetNumberOfConsoleInputEvents
WaitForMultipleObjects
GetConsoleMode
GetStdHandle
GetFileInformationByHandleEx
GlobalMemoryStatusEx
CloseHandle
InitializeCriticalSection
FillConsoleOutputAttribute
FillConsoleOutputCharacterA
SetLastError
GetCurrentDirectoryW
GetEnvironmentVariableW
GetTempPathW
GetCommandLineW
SetConsoleTitleW
SetFileInformationByHandle
SetFilePointerEx
SetConsoleTextAttribute
CreateEventW
GetOverlappedResult
WaitForSingleObject
GetExitCodeProcess
TryEnterCriticalSection
AddVectoredExceptionHandler
SetThreadStackGuarantee
GetCurrentProcess
GetCurrentThread
ReleaseMutex
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
GetFileInformationByHandle
DeviceIoControl
CreateDirectoryW
DeleteFileW
CreateSymbolicLinkW
CreateHardLinkW
SetFileAttributesW
GetFinalPathNameByHandleW
SetHandleInformation
GetModuleHandleW
FormatMessageW
GetModuleFileNameW
ExitProcess
GetFullPathNameW
CancelIo
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetCurrentProcessId
CreateNamedPipeW
DuplicateHandle
CreateThread
TlsGetValue
TlsSetValue
WriteConsoleW
ReadFile
LeaveCriticalSection
GetConsoleScreenBufferInfo
SetConsoleMode
EnterCriticalSection
SetConsoleCursorPosition
GetLastError
SetConsoleCursorInfo
AcquireSRWLockShared
GetProcessHeap
WriteFile
HeapAlloc
CompareStringOrdinal
UnhandledExceptionFilter
ReleaseSRWLockShared
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetCurrentThreadId
InitializeSListHead
IsDebuggerPresent
GetSystemTimeAsFileTime
HeapReAlloc
shell32
SHCreateItemFromParsingName
SHGetKnownFolderPath
ole32
CoCreateInstance
CoUninitialize
CoTaskMemFree
CoInitializeEx
user32
GetSystemMetrics
SendInput
MessageBoxW
bcrypt
BCryptGenRandom
ws2_32
WSAGetLastError
WSAIoctl
setsockopt
closesocket
bind
socket
WSASocketW
connect
shutdown
WSAStartup
getsockopt
WSACleanup
freeaddrinfo
getaddrinfo
getpeername
recv
send
ioctlsocket
WSASend
crypt32
CertCloseStore
CertDuplicateStore
CertFreeCertificateContext
CertFreeCertificateChain
CertEnumCertificatesInStore
CertDuplicateCertificateChain
CertAddCertificateContextToStore
CertOpenStore
CertDuplicateCertificateContext
CertGetCertificateChain
CertVerifyCertificateChainPolicy
secur32
AcquireCredentialsHandleA
FreeCredentialsHandle
DecryptMessage
FreeContextBuffer
InitializeSecurityContextW
AcceptSecurityContext
QueryContextAttributesW
ApplyControlToken
EncryptMessage
DeleteSecurityContext
advapi32
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
vcruntime140
__C_specific_handler
__current_exception_context
_CxxThrowException
memcmp
memmove
__CxxFrameHandler3
memset
memcpy
__current_exception
api-ms-win-crt-string-l1-1-0
strlen
wcslen
api-ms-win-crt-math-l1-1-0
__setusermatherr
round
floor
fmod
api-ms-win-crt-heap-l1-1-0
_set_new_mode
malloc
free
api-ms-win-crt-stdio-l1-1-0
_set_fmode
__p__commode
api-ms-win-crt-runtime-l1-1-0
_initterm
_initterm_e
_initialize_narrow_environment
_exit
__p___argc
_get_initial_narrow_environment
__p___argv
_cexit
_c_exit
_configure_narrow_argv
_register_thread_local_exe_atexit_callback
_set_app_type
_seh_filter_exe
_initialize_onexit_table
_register_onexit_function
exit
terminate
_crt_atexit
api-ms-win-crt-locale-l1-1-0
_configthreadlocale
Sections
.text Size: 5.2MB - Virtual size: 5.2MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 2.2MB - Virtual size: 2.2MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 13KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 199KB - Virtual size: 198KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 75KB - Virtual size: 75KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: - Virtual size: 50KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.vlizer Size: 300KB - Virtual size: 1.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.stk Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ