deadcodecrack[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

deadcodecrack.exe
Size

25.8MB
MD5

4d312e70bcfecd80a965449836efefa8
SHA1

2f612ae9c9efb011a7fb128cffbe4ec084ffeb2c
SHA256

75643963d10b1d64f3948c51177a4a938674799063f501cc2769e8f7f7f89074
SHA512

82740dc7600ffcc0fcbdacead8ad2e3ca5b244018c18d3ee7f2249721fb366791430e68d72088d5ea3dc150368d37d5419ba2dd14a0bcc6f107f31341765a7c6
SSDEEP

393216:ntftuu96oOErrVe553keWV7/lAygQaVUM/TBJkExU7koRsd8s8i2/YZ07yVgfRZn:ntouoUrrVReWV7tJNM7rkEqkogl07nY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
deadcodecrack.exe

Files

deadcodecrack.exe
.exe windows x64

d2d663c4f7bb47683d5e8186268c8dfb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

SetWaitableTimer
TlsSetValue
SetLastError
SetConsoleTextAttribute
EnterCriticalSection
GetStdHandle
WriteFile
WaitForMultipleObjects
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
GetQueuedCompletionStatus
WaitForSingleObject
GetModuleHandleA
OpenProcess
PostQueuedCompletionStatus
CreateToolhelp32Snapshot
CreateEventW
GetExitCodeThread
FormatMessageW
GetLastError
Process32NextW
CreateFileA
SetEvent
TerminateThread
WriteProcessMemory
LockResource
Process32FirstW
CloseHandle
LoadResource
FindResourceW
QueueUserAPC
GetProcAddress
VirtualAllocEx
LocalFree
DeleteCriticalSection
VerSetConditionMask
WideCharToMultiByte
SleepEx
CreateRemoteThread
VerifyVersionInfoW
TlsGetValue
TlsFree
FormatMessageA
lstrcmpiW
CreateIoCompletionPort
CreateDirectoryW
CreateFileW
SizeofResource
ReadFile
SetConsoleTitleW
SetConsoleOutputCP
SetConsoleCP
TlsAlloc
Sleep
GetFileAttributesExW
SetFileInformationByHandle
AreFileApisANSI
CopyFileW
GetFileInformationByHandleEx
MultiByteToWideChar
ResetEvent
WaitForSingleObjectEx
GetModuleHandleW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead

user32

MessageBoxW
GetWindowThreadProcessId
FindWindowW

advapi32

CryptCreateHash
CryptHashData
CryptDestroyHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW

msvcp140

??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?_Winerror_map@std@@YAHH@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Syserror_map@std@@YAPEBDH@Z
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?__ExceptionPtrCreate@@YAXPEAX@Z
?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?__ExceptionPtrRethrow@@YAXPEBX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z

ws2_32

htons
WSAStartup
WSAGetLastError
closesocket
ioctlsocket
setsockopt
bind
WSACleanup
WSASocketW
WSASend

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__std_type_info_compare
__C_specific_handler
__std_terminate
__current_exception
__std_exception_destroy
memmove
memcmp
memcpy
_purecall
__current_exception_context
memset
_CxxThrowException
__std_exception_copy

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_register_onexit_function
_get_initial_narrow_environment
_initterm
terminate
_exit
__p___argc
__p___argv
_c_exit
_beginthreadex
_register_thread_local_exe_atexit_callback
_initterm_e
_cexit
_invalid_parameter_noinfo_noreturn
system
_seh_filter_exe
_crt_atexit
_set_app_type
exit

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
_configthreadlocale
setlocale

api-ms-win-crt-heap-l1-1-0

_set_new_mode
free
malloc
_callnewh

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__stdio_common_vfwprintf
__stdio_common_vsprintf
fclose
__p__commode
ftell
fopen
fseek
__stdio_common_vfprintf
_set_fmode

api-ms-win-crt-string-l1-1-0

strncpy

api-ms-win-crt-math-l1-1-0

__setusermatherr

Sections

.text
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 25.7MB - Virtual size: 25.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 748B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d2d663c4f7bb47683d5e8186268c8dfb

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

msvcp140

ws2_32

vcruntime140_1

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

Sections

.text Size: 60KB - Virtual size: 60KB

.rdata Size: 35KB - Virtual size: 34KB

.data Size: 4KB - Virtual size: 5KB

.pdata Size: 4KB - Virtual size: 4KB

.rsrc Size: 25.7MB - Virtual size: 25.7MB

.reloc Size: 1024B - Virtual size: 748B

.text
Size: 60KB - Virtual size: 60KB

.rdata
Size: 35KB - Virtual size: 34KB

.data
Size: 4KB - Virtual size: 5KB

.pdata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 25.7MB - Virtual size: 25.7MB

.reloc
Size: 1024B - Virtual size: 748B