DemonLeaksSetup[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

DemonLeaksSetup.exe
Size

37.0MB
MD5

dfaaa25a4afdc358c124e9c752a52c79
SHA1

9b5b344a6eb79fef16e00c930282b3945c2a950f
SHA256

eba843f9ce18ea2bf3b04f65b6fba5ce1c72e0afdf28ca25409d62acf5c1105b
SHA512

380ff34ac09d7c5ddbe8517a5823d1b80b7599ceca24457df2d631b700ca0de2d06c35b97531545618cc7552765044698f1ef56eecc7a35353514a6e1a06d4bb
SSDEEP

196608:/ucZKBqCofw275eUjIqC2ITT2cqQqzCUfvN:/ue3xbtX2acMPN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
DemonLeaksSetup.exe

Files

DemonLeaksSetup.exe
.exe windows:6 windows x64

d42b16096a0d36fed338b9e0916167e8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

iphlpapi

GetAdaptersAddresses

bcrypt

BCryptGenRandom

ntdll

RtlPcToFileHeader
RtlCaptureStackBackTrace
RtlDeleteFunctionTable
RtlAddFunctionTable
VerSetConditionMask
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
NtCreateFile
NtDeviceIoControlFile
RtlNtStatusToDosError
NtCancelIoFileEx
RtlUnwindEx
RtlUnwind

advapi32

RegCloseKey
SystemFunction036
RegOpenKeyExW
RegQueryValueExW

winmm

timeGetTime

dbghelp

SymFromAddr
StackWalk64
SymFunctionTableAccess64
SymGetModuleBase64
SymSetSearchPathW
SymGetSearchPathW
SymInitialize
SymSetOptions
SymGetLineFromAddr64

kernel32

GetACP
IsValidCodePage
MultiByteToWideChar
HeapSize
GetFileSizeEx
GetConsoleOutputCP
EnumSystemLocalesW
FindFirstFileExW
SetStdHandle
SetEndOfFile
GetOEMCP
GetStringTypeW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetCommandLineA
GetCPInfo
FreeLibraryAndExitThread
ExitThread
GetCurrentProcessId
CreateToolhelp32Snapshot
Process32First
Process32Next
CloseHandle
GetConsoleMode
SetConsoleMode
AddVectoredExceptionHandler
GetLastError
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
GetStdHandle
GetFileInformationByHandleEx
Sleep
SwitchToThread
CopyFileExW
CreateHardLinkW
FindClose
MoveFileExW
DeviceIoControl
ReadFile
TerminateProcess
FreeLibrary
RegisterWaitForSingleObject
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetConsoleScreenBufferInfo
OpenProcess
ReadConsoleW
LeaveCriticalSection
GetProcessId
SetErrorMode
SetThreadErrorMode
LoadLibraryW
GetProcAddress
CreateSemaphoreW
SetCurrentDirectoryW
CreateEventW
WaitForMultipleObjects
GetOverlappedResult
WaitForSingleObject
GetExitCodeProcess
WriteFile
SetFileTime
InitializeCriticalSection
DeleteCriticalSection
TryEnterCriticalSection
CancelIoEx
SetFileCompletionNotificationModes
CreateIoCompletionPort
GetQueuedCompletionStatusEx
PostQueuedCompletionStatus
WaitForSingleObjectEx
CreateFileW
ReadDirectoryChangesW
ReleaseSemaphore
CancelIo
GetModuleHandleA
SetHandleInformation
TlsGetValue
TlsSetValue
GetModuleHandleW
SetLastError
GetEnvironmentVariableW
WriteConsoleW
EnterCriticalSection
GetCurrentProcess
GetCurrentThread
ReleaseMutex
GetCurrentDirectoryW
LoadLibraryA
CreateMutexA
TlsAlloc
FormatMessageW
GetTempPathW
GetModuleFileNameW
GetCommandLineW
GetFileInformationByHandle
FlushFileBuffers
DuplicateHandle
SetFilePointerEx
FindNextFileW
CreateDirectoryW
FindFirstFileW
CreateProcessW
CreateNamedPipeW
ExitProcess
QueryPerformanceCounter
QueryPerformanceFrequency
GetSystemTimeAsFileTime
DeleteFileW
RemoveDirectoryW
CreateThread
UnregisterWaitEx
GetSystemInfo
GetSystemTimes
GlobalMemoryStatusEx
GetVersionExA
GetTimeZoneInformation
WideCharToMultiByte
GetThreadTimes
GetCurrentThreadId
DeleteFileA
GetTempPathA
GetTempFileNameA
GetFileType
OutputDebugStringA
VerifyVersionInfoW
VirtualAlloc
VirtualFree
IsDebuggerPresent
TlsFree
QueryThreadCycleTime
GetThreadPriority
SetThreadPriority
VirtualProtect
LoadLibraryExW
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
TryAcquireSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableSRW
InitOnceExecuteOnce
SetUnhandledExceptionFilter
GetNativeSystemInfo
InitializeConditionVariable
OpenThread
SuspendThread
GetThreadContext
ResumeThread
CreateSemaphoreA
GetModuleHandleExW
EncodePointer
RaiseException
IsProcessorFeaturePresent
GetStartupInfoW
UnhandledExceptionFilter
InitializeSListHead
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount

ws2_32

getaddrinfo
freeaddrinfo
WSAStartup
WSACleanup
setsockopt
getpeername
recv
send
shutdown
WSASend
WSASocketW
getsockname
recvfrom
sendto
getsockopt
connect
ioctlsocket
socket
WSAIoctl
listen
bind
WSAGetLastError
closesocket
accept

Exports

Exports

CrashForExceptionInNonABICompliantCodeRange

Sections

.text
Size: 14.3MB - Virtual size: 14.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 67KB - Virtual size: 185KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 429KB - Virtual size: 429KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 852B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d42b16096a0d36fed338b9e0916167e8

Headers

DLL Characteristics

File Characteristics

Imports

iphlpapi

bcrypt

ntdll

advapi32

winmm

dbghelp

kernel32

ws2_32

Exports

Exports

Sections

.text Size: 14.3MB - Virtual size: 14.3MB

.rdata Size: 3.1MB - Virtual size: 3.1MB

.data Size: 67KB - Virtual size: 185KB

.pdata Size: 429KB - Virtual size: 429KB

_RDATA Size: 512B - Virtual size: 148B

.rsrc Size: 1024B - Virtual size: 852B

.reloc Size: 80KB - Virtual size: 80KB

.text
Size: 14.3MB - Virtual size: 14.3MB

.rdata
Size: 3.1MB - Virtual size: 3.1MB

.data
Size: 67KB - Virtual size: 185KB

.pdata
Size: 429KB - Virtual size: 429KB

_RDATA
Size: 512B - Virtual size: 148B

.rsrc
Size: 1024B - Virtual size: 852B

.reloc
Size: 80KB - Virtual size: 80KB