641285a573837c39d1d4500d8eb2a7fbfb2e3d6614a3d32625d2b44fff41b3b6

Sharing

Copy URL Twitter E-mail

General

Target

641285a573837c39d1d4500d8eb2a7fbfb2e3d6614a3d32625d2b44fff41b3b6
Size

1.5MB
MD5

1d17bb81ff19326cd72cc671f8f8f7b4
SHA1

59e93368263ec077a5b5a935dd1157d512932676
SHA256

641285a573837c39d1d4500d8eb2a7fbfb2e3d6614a3d32625d2b44fff41b3b6
SHA512

811f623d71318ac266b370a7d6b73dfc8e553a4126e42477a8829c1e81baaa412de550105f359bfa26354a32d27793313ecf1ffebb6a274c2e948d04a1ea1c1b
SSDEEP

24576:7nMQzLlch3wDFM7l+ixEzzxBq43ghlfR7RgioGMHWZvuFQRd/ISXTnKJ1MMMMMMi:jMQWtR+Afz2iISDsMMMMMMMMMMMMMMMJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
641285a573837c39d1d4500d8eb2a7fbfb2e3d6614a3d32625d2b44fff41b3b6

Files

641285a573837c39d1d4500d8eb2a7fbfb2e3d6614a3d32625d2b44fff41b3b6
.exe windows:6 windows x64 arch:x64

df706bd8745042db73743d56fcd515c1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

torrent-rasterbar

??1peer_info@libtorrent@@QEAA@XZ
?name@torrent_handle@libtorrent@@QEBA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?has_val@settings_pack@libtorrent@@UEBA_NH@Z
?get_str@settings_pack@libtorrent@@UEBAAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@Z
?get_int@settings_pack@libtorrent@@UEBAHH@Z
?get_bool@settings_pack@libtorrent@@UEBA_NH@Z
?get_peer_info@torrent_handle@libtorrent@@QEBAXAEAV?$vector@Upeer_info@libtorrent@@V?$allocator@Upeer_info@libtorrent@@@std@@@std@@@Z
?add_torrent@session_handle@libtorrent@@QEAA?AUtorrent_handle@2@AEBUadd_torrent_params@2@@Z
??0torrent_info@libtorrent@@QEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??1add_torrent_params@libtorrent@@QEAA@XZ
??0peer_info@libtorrent@@QEAA@AEBU01@@Z
??0entry@libtorrent@@QEAA@XZ
??4torrent_status@libtorrent@@QEAAAEAU01@$$QEAU01@@Z
??0add_torrent_params@libtorrent@@QEAA@XZ
?info_hash@torrent_handle@libtorrent@@QEBA?AV?$digest32@$0KA@@2@XZ
?set_bool@settings_pack@libtorrent@@UEAAXH_N@Z
??1torrent_status@libtorrent@@QEAA@XZ
?set_int@settings_pack@libtorrent@@UEAAXHH@Z
?status@torrent_handle@libtorrent@@QEBA?AUtorrent_status@2@U?$bitfield_flag@IUstatus_flags_tag@libtorrent@@X@flags@2@@Z
?set_str@settings_pack@libtorrent@@UEAAXHV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?add_torrent@session_handle@libtorrent@@QEAA?AUtorrent_handle@2@AEBVtorrent_info@2@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBVentry@2@W4storage_mode_t@2@_N@Z
??0session@libtorrent@@QEAA@AEBUsettings_pack@1@U?$bitfield_flag@EUsession_flags_tag@libtorrent@@X@flags@1@@Z
??1session@libtorrent@@QEAA@XZ
??1entry@libtorrent@@QEAA@XZ
?info_hash@torrent_info@libtorrent@@QEBA?AV?$digest32@$0KA@@2@XZ
??1torrent_info@libtorrent@@QEAA@XZ

mfc140

ord10026
ord964
ord1427
ord6241
ord2808
ord12117
ord2919
ord1416
ord951
ord3050
ord12954
ord3073
ord4994
ord3092
ord5452
ord12878
ord13521
ord1425
ord962
ord9118
ord3737
ord7220
ord9351
ord12646
ord13675
ord12643
ord13664
ord8534
ord12207
ord12187
ord13348
ord12882
ord6261
ord13667
ord8530
ord12684
ord13275
ord13603
ord12909
ord12717
ord13679
ord5031
ord4502
ord3501
ord8435
ord305
ord5691
ord2917
ord13598
ord3820
ord1421
ord6565
ord8788
ord3157
ord4086
ord6483
ord11978
ord2338
ord14144
ord12035
ord14197
ord13518
ord12711
ord4490
ord6520
ord1107
ord472
ord9028
ord12707
ord1367
ord878
ord7204
ord12391
ord2905
ord13918
ord4714
ord2477
ord3795
ord6340
ord4077
ord7363
ord13232
ord5588
ord13240
ord4713
ord4503
ord3258
ord3138
ord6533
ord1670
ord13242
ord7749
ord4944
ord12189
ord2899
ord5622
ord2217
ord2342
ord2142
ord13784
ord2431
ord7744
ord3084
ord2175
ord1147
ord528
ord1156
ord6322
ord5752
ord8785
ord4075
ord1381
ord6698
ord6544
ord2344
ord2348
ord8025
ord4551
ord1120
ord491
ord300
ord5365
ord5224
ord1674
ord14047
ord6069
ord1504
ord3944
ord1119
ord489
ord3689
ord2207
ord6824
ord1485
ord11761
ord8693
ord10657
ord11037
ord3943
ord3300
ord3299
ord3066
ord5980
ord13327
ord2695
ord11803
ord8888
ord8863
ord6266
ord5221
ord9016
ord8471
ord10117
ord14133
ord2368
ord1676
ord7619
ord981
ord7685
ord13469
ord2173
ord14135
ord3591
ord1089
ord4436
ord1507
ord6292
ord1109
ord6282
ord8792
ord450
ord12171
ord8405
ord1446
ord265
ord12492
ord310
ord5653
ord4711
ord12709
ord12577
ord13689
ord1055
ord6237
ord8781
ord3053
ord4072
ord8403
ord2901
ord3738
ord8029
ord8465
ord12708
ord6527
ord886
ord4021
ord6229
ord357
ord13683
ord14087
ord1999
ord8128
ord2182
ord2473
ord2471
ord12652
ord1053
ord361
ord7519
ord12913
ord4710
ord13135
ord4715
ord3734
ord11274
ord3705
ord8432
ord7364
ord12692
ord6299
ord3748
ord316
ord1032
ord4648
ord2264
ord6226
ord1084
ord438
ord1436
ord971
ord1051
ord988
ord6230
ord8862
ord9903
ord7890
ord5211
ord7420
ord7431
ord7430
ord5896
ord5049
ord5213
ord5067
ord5566
ord5323
ord9001
ord5536
ord5347
ord5064
ord11798
ord3165
ord3270
ord3271
ord3804
ord11754
ord2627
ord5704
ord13284
ord11357
ord6607
ord14134
ord7620
ord14136
ord2962
ord4343
ord9343
ord4351
ord4817
ord4756
ord4741
ord4803
ord4848
ord4771
ord4826
ord4842
ord4783
ord4789
ord4795
ord4777
ord4832
ord4765
ord1750
ord1729
ord1743
ord1717
ord1695
ord11888
ord11892
ord13438
ord3166
ord8909
ord10644
ord6703
ord11850
ord8618
ord14128
ord11575
ord3710
ord11719
ord8779
ord11366
ord11365
ord5435
ord9936
ord9932
ord9934
ord9935
ord9933
ord14279
ord2696
ord7881
ord3202
ord3205
ord13331
ord5982
ord3051
ord12170
ord6590
ord9898
ord2437
ord1487
ord5539
ord5167
ord12552
ord7989
ord940
ord12490
ord11849
ord13050
ord1422
ord8050
ord8131
ord11881
ord956
ord10079
ord10680
ord13216
ord13373
ord12419
ord7888
ord7028
ord13379
ord11877
ord11869
ord5687
ord3723
ord6101
ord14208
ord6102
ord14209
ord6100
ord14207
ord9069
ord7688
ord12160
ord2395
ord14007
ord11615
ord11614
ord2004
ord7637
ord3265
ord12571
ord3941
ord3160
ord4002
ord1087
ord9049
ord8791
ord6573
ord1429
ord7352
ord2781
ord7206
ord266

kernel32

FlushFileBuffers
GetTickCount
MapViewOfFile
CreateFileMappingW
GetSystemTime
FreeLibrary
SystemTimeToFileTime
GetCurrentProcessId
LockFileEx
GetProcAddress
UnlockFile
HeapCompact
LoadLibraryW
GetSystemInfo
DeleteFileW
DeleteFileA
WaitForSingleObjectEx
LoadLibraryA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
GetTempPathA
HeapValidate
UnmapViewOfFile
GetFileAttributesW
CreateFileW
WaitForSingleObject
CreateMutexW
GetTempPathW
UnlockFileEx
SetEndOfFile
GetModuleHandleW
SetFilePointer
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
WriteFile
GetFullPathNameW
HeapCreate
AreFileApisANSI
TryEnterCriticalSection
GetCurrentThreadId
CreateEventW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
InitializeCriticalSection
CreateMutexA
OpenMutexA
ReleaseMutex
GetModuleFileNameA
InitializeCriticalSectionAndSpinCount
Sleep
MultiByteToWideChar
GetProcessHeap
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapReAlloc
HeapSize
InitializeCriticalSectionEx
QueryPerformanceCounter
LeaveCriticalSection
EnterCriticalSection
HeapFree
ReadFile
GetFileSize
CloseHandle
GetLastError
CreateFileA
GetLocalTime
GetSystemTimeAsFileTime
FormatMessageA
FormatMessageW
WideCharToMultiByte
LocalFree
GetFullPathNameA
SuspendThread

user32

BeginDeferWindowPos
IsWindowVisible
GetWindowPlacement
GetMenu
AdjustWindowRect
EnumChildWindows
GetDlgItem
GetDlgCtrlID
ScreenToClient
SetRect
GetSystemMenu
ShowWindow
GetSystemMetrics
FrameRect
LoadImageA
GrayStringA
GetIconInfo
ReleaseDC
GetDC
GetSysColor
FillRect
DrawStateA
OffsetRect
GetClientRect
DrawFocusRect
InflateRect
CopyRect
PostMessageA
TrackPopupMenuEx
DeferWindowPos
GetWindowRect
GetActiveWindow
WindowFromPoint
ClientToScreen
InvalidateRect
SetCursor
GetParent
GetNextDlgTabItem
SendMessageA
GetWindowLongA
DestroyIcon
DestroyMenu
DestroyCursor
EnableWindow
LockWindowUpdate
SetWindowLongA
AppendMenuA
IsIconic
DrawIcon
SetForegroundWindow
SetActiveWindow
BringWindowToTop
MessageBoxA
PtInRect
EndDeferWindowPos
GetSysColorBrush
LoadIconW
DrawTextExA
SetTimer
KillTimer
LoadMenuW
ModifyMenuA
GetCursorPos
RedrawWindow
UpdateWindow
IsWindow
SystemParametersInfoA
IsRectEmpty
TabbedTextOutA
DrawTextA
GetSubMenu

gdi32

Escape
ExtTextOutA
RectVisible
PtVisible
TextOutA
CreateRectRgn
GetWindowOrgEx
GetDIBColorTable
Rectangle
SetViewportOrgEx
GetViewportOrgEx
CreatePalette
GetDeviceCaps
CreatePen
CreateSolidBrush
CreateFontIndirectA
CreateFontA
GetTextExtentPoint32A
GetObjectA
DeleteDC
SetBkColor
SelectObject
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
GetStockObject
DeleteObject
RealizePalette

shell32

ShellExecuteExA
ShellExecuteA

comctl32

ImageList_GetImageInfo
ImageList_SetBkColor
_TrackMouseEvent
InitCommonControlsEx
ImageList_Draw
ImageList_ReplaceIcon
ImageList_GetIcon

ole32

CoInitialize
OleUninitialize
CoBuildVersion
OleInitialize
CLSIDFromProgID
CoCreateInstance
CoUninitialize

oleaut32

SafeArrayDestroy
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SysFreeString
VarDateFromStr
SystemTimeToVariantTime
VariantTimeToSystemTime
VarUdateFromDate

winmm

PlaySoundA

msvcp140

_Strcoll
?_Xout_of_range@std@@YAXPEBD@Z
?_Xinvalid_argument@std@@YAXPEBD@Z
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Getcat@?$codecvt@_WDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Locimp_Addfac@_Locimp@locale@std@@CAXPEAV123@PEAVfacet@23@_K@Z
?out@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEB_W1AEAPEB_WPEAD3AEAPEAD@Z
??0_Locinfo@std@@QEAA@HPEBD@Z
?_Getname@_Locinfo@std@@QEBAPEBDXZ
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
?in@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEA_W3AEAPEA_W@Z
??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@_K@Z
??1?$codecvt@_WDU_Mbstatet@@@std@@MEAA@XZ
?narrow@?$ctype@_W@std@@QEBAPEB_WPEB_W0DPEAD@Z
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
?id@?$ctype@_W@std@@2V0locale@2@A
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@_N@Z
?_Makeloc@_Locimp@locale@std@@CAPEAV123@AEBV_Locinfo@3@HPEAV123@PEBV23@@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?id@?$ctype@D@std@@2V0locale@2@A
?id@?$collate@D@std@@2V0locale@2@A
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?tolower@?$ctype@D@std@@QEBAPEBDPEADPEBD@Z
?tolower@?$ctype@D@std@@QEBADD@Z
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?_Xruntime_error@std@@YAXPEBD@Z
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
??Bid@locale@std@@QEAA_KXZ
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
??1_Locinfo@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
_Strxfrm
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAH@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z

ws2_32

ntohs
htonl
ntohl
WSAAddressToStringW
WSAGetLastError
WSASetLastError
WSACleanup
WSAStartup

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memchr
_CxxThrowException
__current_exception_context
__current_exception
strrchr
memset
memmove
memcpy
memcmp
__C_specific_handler
strchr
_purecall
__std_exception_destroy
__std_exception_copy
__std_terminate

api-ms-win-crt-multibyte-l1-1-0

_mbsnbcpy_s

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf_s
_read
_lseeki64
_fileno
__stdio_common_vfprintf
__acrt_iob_func
fopen
__stdio_common_vsprintf
fclose
__p__commode
_set_fmode

api-ms-win-crt-runtime-l1-1-0

_endthreadex
_beginthreadex
_cexit
terminate
_seh_filter_exe
_set_app_type
_get_narrow_winmain_command_line
_initterm
_resetstkoflw
exit
_exit
_configure_narrow_argv
_initialize_narrow_environment
_invalid_parameter_noinfo
_c_exit
_register_thread_local_exe_atexit_callback
_errno
_invalid_parameter_noinfo_noreturn
_initialize_onexit_table
_initterm_e
_crt_atexit
_register_onexit_function

api-ms-win-crt-heap-l1-1-0

_msize
calloc
realloc
free
_set_new_mode
malloc

api-ms-win-crt-string-l1-1-0

strncpy
strcat_s
strcmp
strcspn
strcpy_s
strncmp
strlen

api-ms-win-crt-convert-l1-1-0

strtol
strtod
strtoul

api-ms-win-crt-time-l1-1-0

strftime
_localtime64_s
_time64
_mktime64

api-ms-win-crt-filesystem-l1-1-0

_stat64i32
_fstat64i32
_splitpath_s

api-ms-win-crt-math-l1-1-0

ceil
floor
__setusermatherr

api-ms-win-crt-locale-l1-1-0

_setmbcp
_configthreadlocale

Exports

Exports

GeoIPDBDescription
GeoIP_country_code
GeoIP_country_code3
GeoIP_country_continent
GeoIP_country_name
GeoIP_utf8_country_name

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 135KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 53KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 160KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

df706bd8745042db73743d56fcd515c1

Headers

DLL Characteristics

File Characteristics

Imports

torrent-rasterbar

mfc140

kernel32

user32

gdi32

shell32

comctl32

ole32

oleaut32

winmm

msvcp140

ws2_32

vcruntime140_1

vcruntime140

api-ms-win-crt-multibyte-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 135KB - Virtual size: 135KB

.data Size: 53KB - Virtual size: 57KB

.pdata Size: 35KB - Virtual size: 35KB

.rsrc Size: 160KB - Virtual size: 160KB

.reloc Size: 9KB - Virtual size: 8KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 135KB - Virtual size: 135KB

.data
Size: 53KB - Virtual size: 57KB

.pdata
Size: 35KB - Virtual size: 35KB

.rsrc
Size: 160KB - Virtual size: 160KB

.reloc
Size: 9KB - Virtual size: 8KB