noalbs-v2[.]8[.]1-x86_64-pc-windows-msvc[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

noalbs-v2.8.1-x86_64-pc-windows-msvc.zip
Size

4.7MB
MD5

5c37f07f9e5f67b210b0ff568dca1886
SHA1

a3058816057aeaf1821055897daadad5ddcca083
SHA256

e93933c284b9f703191435ddb8798bd532aecd5994e3ce1f004997fb2f7847ce
SHA512

777eeeee59be2f658270e705b54d815e973f278dce89dfe9e5d65b3b9ae6c3fb5c3641f5161f87df67798836b4b635ad01385620b973dbd49cf870e824674662
SSDEEP

98304:iunsQ6STPDNKzitXVkLHP/4KfRCjesdCDu5Gt8SjhKjHfFySsWjT3VRnGwx:6wTgzitXOjjbdDoGt8dKWjvf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/noalbs-v2.8.1-x86_64-pc-windows-msvc/noalbs.exe

Files

noalbs-v2.8.1-x86_64-pc-windows-msvc.zip
.zip
noalbs-v2.8.1-x86_64-pc-windows-msvc/.env
noalbs-v2.8.1-x86_64-pc-windows-msvc/config.json
noalbs-v2.8.1-x86_64-pc-windows-msvc/noalbs.exe
.exe windows:6 windows x64 arch:x64

a3f4cb2431bc0950c6c24eb4458a01dc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey
SystemFunction036

kernel32

CloseHandle
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared
TryAcquireSRWLockExclusive
CreateFileW
GetConsoleMode
GetLastError
SetHandleInformation
GetCurrentProcessId
SleepConditionVariableSRW
SetConsoleCtrlHandler
GetSystemInfo
PostQueuedCompletionStatus
CreateIoCompletionPort
GetQueuedCompletionStatusEx
SetFileCompletionNotificationModes
ReleaseMutex
FindClose
AddVectoredExceptionHandler
SetThreadStackGuarantee
SwitchToThread
QueryPerformanceCounter
GetCurrentProcess
GetCurrentThread
RtlCaptureContext
GetProcAddress
RtlLookupFunctionEntry
SetLastError
GetCurrentDirectoryW
GetEnvironmentVariableW
SetEnvironmentVariableW
SetFilePointerEx
GetStdHandle
WaitForSingleObject
WakeAllConditionVariable
WakeConditionVariable
QueryPerformanceFrequency
HeapAlloc
GetProcessHeap
HeapFree
HeapReAlloc
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
GetModuleHandleA
FindNextFileW
GetFileInformationByHandle
GetFileInformationByHandleEx
FindFirstFileW
GetFinalPathNameByHandleW
GetModuleHandleW
FormatMessageW
GetFullPathNameW
MultiByteToWideChar
WriteConsoleW
CreateThread
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
InitializeSListHead
GetCurrentThreadId
IsProcessorFeaturePresent

ntdll

NtCreateFile
RtlNtStatusToDosError
NtDeviceIoControlFile
NtWriteFile
NtCancelIoFileEx
NtReadFile

ws2_32

recv
send
WSASend
WSAIoctl
socket
WSAGetLastError
WSAStartup
WSACleanup
freeaddrinfo
getaddrinfo
shutdown
getsockopt
getpeername
getsockname
accept
listen
ioctlsocket
connect
bind
setsockopt
closesocket
WSASocketW

bcrypt

BCryptGenRandom

secur32

DecryptMessage
AcquireCredentialsHandleA
FreeContextBuffer
DeleteSecurityContext
FreeCredentialsHandle
AcceptSecurityContext
InitializeSecurityContextW
EncryptMessage
ApplyControlToken
QueryContextAttributesW

crypt32

CertFreeCertificateChain
CertVerifyCertificateChainPolicy
CertGetCertificateChain
CertDuplicateCertificateChain
CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertAddCertificateContextToStore
CertOpenStore
CertDuplicateStore
CertCloseStore
CertFreeCertificateContext

vcruntime140

__CxxFrameHandler3
memcpy
memset
memmove
_CxxThrowException
__C_specific_handler
__current_exception
__current_exception_context
memcmp

api-ms-win-crt-math-l1-1-0

pow
__setusermatherr
round

api-ms-win-crt-runtime-l1-1-0

_get_initial_narrow_environment
_initialize_narrow_environment
_configure_narrow_argv
_initterm
_set_app_type
_initterm_e
exit
_exit
__p___argc
__p___argv
_initialize_onexit_table
_register_onexit_function
_cexit
_c_exit
_crt_atexit
terminate
_register_thread_local_exe_atexit_callback
_seh_filter_exe

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

_set_new_mode
free

Sections

.text
Size: 9.4MB - Virtual size: 9.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 508KB - Virtual size: 507KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a3f4cb2431bc0950c6c24eb4458a01dc

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

ntdll

ws2_32

bcrypt

secur32

crypt32

vcruntime140

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 9.4MB - Virtual size: 9.4MB

.rdata Size: 3.8MB - Virtual size: 3.8MB

.data Size: 20KB - Virtual size: 21KB

.pdata Size: 508KB - Virtual size: 507KB

.reloc Size: 74KB - Virtual size: 73KB

.text
Size: 9.4MB - Virtual size: 9.4MB

.rdata
Size: 3.8MB - Virtual size: 3.8MB

.data
Size: 20KB - Virtual size: 21KB

.pdata
Size: 508KB - Virtual size: 507KB

.reloc
Size: 74KB - Virtual size: 73KB