version-faaebc838e2e45f6[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

version-faaebc838e2e45f6.exe
Size

82.2MB
MD5

62c0dba9362381353019363cbdd67270
SHA1

f9554a48a59a832767a54077874b1a3388e3dd05
SHA256

3fb78c1d90dffb059c89d46fd7155d1a91102f55d48eef007b36ab074ab669c7
SHA512

f4b4bd11253c0eec92c869bbdd5f417d1cbed3ee8e68795f9d3af074f804d92e91cf43a705b6ca8bfeef939ffb82b5ec342ea58ea549300b6194027486cc2d61
SSDEEP

786432:qKp/iMvSVU5akXcEX5Rp6obkX/yfwI0/dKYxvIUKEjn6HQO6b59:qKQaamP8oAPyAjxAUt6wO6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
version-faaebc838e2e45f6.exe

Files

version-faaebc838e2e45f6.exe
.exe windows:6 windows x64

06cd73fe6dc3eaa1a49587a17c564c02

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

robloxplayerbeta

run

cryptbase

SystemFunction036

kernelbase

RegQueryValueExW
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
GetTokenInformation
OpenProcessToken
RegOpenKeyExW
GetSidSubAuthority
GetSidSubAuthorityCount
AllocateAndInitializeSid
EqualSid
SleepConditionVariableSRW
GetStringTypeW
InitOnceComplete
InitOnceBeginInitialize
FlsAlloc
FlsGetValue
FlsSetValue
IsValidCodePage
HeapQueryInformation
InitializeCriticalSectionEx
GetLastError
RaiseException
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleW
GetModuleFileNameW
GetModuleFileNameA
WaitForSingleObject
GetSystemTimeAsFileTime
CloseHandle
GetProcessHeap
ReleaseMutex
ReleaseSemaphore
WaitForSingleObjectEx
GetModuleHandleExW
SetEvent
ResetEvent
GlobalAlloc
CreateEventA
UnmapViewOfFile
GetTempPathW
GetSystemTime
SystemTimeToFileTime
FindFirstFileW
DeleteFileW
FindNextFileW
MapViewOfFile
GetModuleHandleA
SetCurrentDirectoryW
OutputDebugStringA
CreateMutexA
WaitForMultipleObjects
OpenEventA
LoadResource
GetCurrentProcessId
Sleep
FreeLibrary
LoadLibraryExA
CreateMutexW
CreateFileMappingW
CompareFileTime
FindFirstFileA
WriteFile
FindNextFileA
CreateFileA
FileTimeToSystemTime
GetCurrentProcess
LoadLibraryA
GetVersionExA
VirtualAlloc
SetErrorMode
ResumeThread
CreateFileW
LocalAlloc
LocalFree
LoadLibraryW
GetLocalTime
SetThreadPriority
DuplicateHandle
GetACP
GetSystemInfo
OpenProcess
GetLocaleInfoW
WaitForMultipleObjectsEx
LCMapStringW
GetEnvironmentVariableW
GetFileAttributesW
LoadLibraryExW
GlobalMemoryStatusEx
ReadFile
GetFileSizeEx
SetFilePointerEx
InitializeCriticalSectionAndSpinCount
GetEnvironmentVariableA
TlsSetValue
TlsAlloc
GetStdHandle
GetNativeSystemInfo
SleepEx
GetProcessImageFileNameA
GetProcessMemoryInfo
FreeEnvironmentStringsW
GetEnvironmentStringsW
CreateDirectoryW
FindClose
GetFileType
VirtualQuery
SetWaitableTimer
GetFullPathNameW
SetFileTime
GetCurrentDirectoryW
MoveFileExW
GetFileTime
AreFileApisANSI
GetTimeZoneInformation
GetProcessTimes
SetConsoleCtrlHandler
GetCommandLineW
GetCommandLineA
GetStartupInfoW
GetLocaleInfoEx
GetCPInfo
PathAppendA
PathFindFileNameA
PathAddBackslashA
PathFindFileNameW
GetFileVersionInfoW
VerQueryValueA
GetFileVersionInfoSizeW
GetLastError

cryptsp

CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptCreateHash

ntdll

RtlFreeSid
RtlInitializeSRWLock
RtlInitializeSListHead
RtlEncodePointer
RtlPcToFileHeader
RtlDecodePointer
RtlDeleteCriticalSection
RtlSizeHeap
RtlReAllocateHeap
RtlAllocateHeap
RtlFreeHeap
RtlLeaveCriticalSection
RtlEnterCriticalSection
RtlRestoreLastWin32Error
VerSetConditionMask
RtlInitializeCriticalSection
RtlQueryPerformanceFrequency
RtlQueryPerformanceCounter
RtlInitializeConditionVariable
RtlWakeConditionVariable
RtlWakeAllConditionVariable
RtlGetCurrentProcessorNumber
RtlReleaseSRWLockExclusive
RtlAcquireSRWLockExclusive
RtlReleaseSRWLockShared
RtlAcquireSRWLockShared
RtlUnwindEx
RtlRestoreLastWin32Error

crypt32

CryptProtectData
CryptUnprotectData

gdi32

CreateDIBSection
CreateBitmap
DeleteObject

imm32

ImmGetDefaultIMEWnd
ImmGetContext
ImmSetOpenStatus

iphlpapi

GetAdaptersAddresses

kernel32

GetProcAddress
CreateFileMappingA
GetUserGeoID
GetGeoInfoA
GlobalFree
GetCurrentThreadId
VerifyVersionInfoW
FindResourceExA
GetShortPathNameW
GetTickCount64
CreateThread
CreateSemaphoreA
Process32First
CreateToolhelp32Snapshot
Process32Next
VerifyVersionInfoA
CreateWaitableTimerA
FreeLibraryAndExitThread
timeBeginPeriod
timeGetDevCaps
timeGetTime

powrprof

CallNtPowerInformation

setupapi

SetupDiGetClassDevsA
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyA
SetupDiEnumDeviceInterfaces

sensapi

IsNetworkAlive

user32

MapVirtualKeyW
PostMessageW
GetClassInfoExW
LoadCursorW
CallWindowProcW
RegisterDeviceNotificationW
RegisterClassW
EnumDisplayDevicesA
RegisterClassExA
IsWindow
GetClientRect
SetWindowTextW
GetMonitorInfoA
MonitorFromWindow
SetRectEmpty
GetClassLongPtrA
CreateIconIndirect
SetClassLongPtrA
DestroyCursor
LoadKeyboardLayoutA
SetRect
MapVirtualKeyExA
PtInRect
GetCursorPos
GetSystemMetrics
DispatchMessageW
TranslateMessage
UpdateWindow
CreateWindowExW
LoadStringW
GetMessageW
RegisterClassExW
LoadIconW
RegisterClipboardFormatW
CreateWindowExA
ClientToScreen
ScreenToClient
CallWindowProcA
SetWindowLongPtrA
LoadCursorA

win32u

NtUserEnableWindow
ord1476
NtUserGetKeyboardLayoutList
NtUserGetRawInputData
NtUserGetDoubleClickTime
NtUserGetForegroundWindow
ord1224
NtUserClipCursor
ord1298
ord1390
ord1412
ord1317

winmm

timeSetEvent

ws2_32

getnameinfo
getpeername
connect
getsockopt
ioctlsocket
recv
gethostname
sendto
recvfrom
__WSAFDIsSet
select
send
closesocket
socket
bind
WSAStartup
inet_pton
FreeAddrInfoW
getaddrinfo
inet_ntop
htonl
htonl
htons
htons
WSAIoctl
getsockname

bcrypt

BCryptGenRandom

combase

StringFromGUID2
CoInitializeEx
CoUninitialize
CoTaskMemFree
CoTaskMemAlloc
PropVariantClear
CoCreateGuid

urlmon

ObtainUserAgentString
UrlMkSetSessionOption

Exports

Exports

?generic_category@system@boost@@YAAEBVerror_category@12@XZ
?system_category@system@boost@@YAAEBVerror_category@12@XZ
AmdPowerXpressRequestHighPerformance
NvOptimusEnablement

Sections

.text
Size: 49.4MB - Virtual size: 49.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17.3MB - Virtual size: 17.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8.6MB - Virtual size: 8.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rodata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 4.4MB - Virtual size: 4.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 533KB - Virtual size: 533KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 152KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.krampus
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

06cd73fe6dc3eaa1a49587a17c564c02

Headers

DLL Characteristics

File Characteristics

Imports

robloxplayerbeta

cryptbase

kernelbase

cryptsp

ntdll

crypt32

gdi32

imm32

iphlpapi

kernel32

powrprof

setupapi

sensapi

user32

win32u

winmm

ws2_32

bcrypt

combase

urlmon

Exports

Exports

Sections

.text Size: 49.4MB - Virtual size: 49.4MB

.rdata Size: 17.3MB - Virtual size: 17.3MB

.data Size: 8.6MB - Virtual size: 8.6MB

.pdata Size: 1.8MB - Virtual size: 1.8MB

.rodata Size: 3KB - Virtual size: 3KB

_RDATA Size: 41KB - Virtual size: 41KB

.vmp0 Size: 4.4MB - Virtual size: 4.4MB

.reloc Size: 533KB - Virtual size: 533KB

.rsrc Size: 152KB - Virtual size: 152KB

.krampus Size: 24KB - Virtual size: 24KB

.text
Size: 49.4MB - Virtual size: 49.4MB

.rdata
Size: 17.3MB - Virtual size: 17.3MB

.data
Size: 8.6MB - Virtual size: 8.6MB

.pdata
Size: 1.8MB - Virtual size: 1.8MB

.rodata
Size: 3KB - Virtual size: 3KB

_RDATA
Size: 41KB - Virtual size: 41KB

.vmp0
Size: 4.4MB - Virtual size: 4.4MB

.reloc
Size: 533KB - Virtual size: 533KB

.rsrc
Size: 152KB - Virtual size: 152KB

.krampus
Size: 24KB - Virtual size: 24KB