Vestige launcher[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

Vestige launcher.exe
Size

5.3MB
MD5

32d476604b4e178eabf46439391f8ebc
SHA1

4d5de6da082fedb0f7c8883ec20b19bacd5a8597
SHA256

cd32d6e1443dd57615310f3402e9871c27b170a0bfa45a4d60e59a1a1977be41
SHA512

d6279fb1cdd41afd5195fbc42c7f4f31e871005963c376be5a9129d33f1b387a258d9b5d8da6c6a2b6f51f8ea2fc0e32fef0ef3bee0d1692bab61647316e4626
SSDEEP

49152:7q/G9JWQC1BdIqKT87YQgToTUBrZNQrBgCvh1CMx3OhItnHEr4veyJfJNJihGvNr:eXLdIxw7GFZW5p1CLgNc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Vestige launcher.exe

Files

Vestige launcher.exe
.exe windows:5 windows x64 arch:x64

72f130104b27013023e66c990edbac08

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ole32

CoTaskMemFree
CoTaskMemAlloc

iphlpapi

GetAdaptersAddresses

psapi

GetProcessMemoryInfo
EnumProcessModules

ws2_32

WSAGetLastError
socket
WSASetLastError
WSAIoctl
closesocket
setsockopt
WSARecv
getsockopt
WSASend
send
recv
ioctlsocket
connect
WSASocketW
listen
bind
WSASendTo
InetNtopW
InetPtonW
getnameinfo
freeaddrinfo
getaddrinfo
getpeername
getsockname
WSAStartup
WSAAddressToStringW
ntohs
htons
gethostname
WSARecvFrom
shutdown

rpcrt4

UuidToStringW
UuidCreateSequential
RpcStringFreeW

shlwapi

PathCreateFromUrlW
UrlIsW

advapi32

SystemFunction036
RegGetValueW

shell32

CommandLineToArgvW

dbghelp

SymCleanup
SymInitialize
SymSetOptions

bcrypt

BCryptGenRandom

crypt32

CertEnumCertificatesInStore
CertFreeCertificateContext
CertCloseStore
CertOpenStore

kernel32

LCMapStringW
CompareStringW
HeapAlloc
HeapFree
GetCommandLineA
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
SystemTimeToFileTime
TzSpecificLocalTimeToSystemTime
CreatePipe
GetFileSizeEx
PeekNamedPipe
GetDriveTypeW
ReadConsoleW
EncodePointer
RaiseException
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
SetEnvironmentVariableW
GetProcessHeap
GetCPInfo
HeapReAlloc
GetStringTypeW
WriteConsoleW
DuplicateHandle
CreateDirectoryW
InitOnceExecuteOnce
SetConsoleCtrlHandler
GetConsoleOutputCP
GetConsoleCP
SetConsoleOutputCP
SetConsoleCP
GetStdHandle
GetConsoleMode
SetConsoleMode
MultiByteToWideChar
CreateFileW
SetStdHandle
CreateIoCompletionPort
CancelIoEx
CloseHandle
WaitForSingleObject
OpenThread
GetFileType
ReadFile
PostQueuedCompletionStatus
GetLastError
WriteFile
SetLastError
ReadDirectoryChangesW
GetQueuedCompletionStatus
GetCurrentDirectoryW
SetCurrentDirectoryW
SetErrorMode
SetUnhandledExceptionFilter
GetSystemInfo
GetUserDefaultLocaleName
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameW
WideCharToMultiByte
ExitProcess
GetModuleHandleW
GetProcAddress
CreateProcessW
CreateEventW
WaitForMultipleObjects
OpenProcess
TerminateProcess
GetCurrentProcessId
GetCurrentProcess
CreateNamedPipeW
RegisterWaitForSingleObject
UnregisterWait
GetExitCodeProcess
GetConsoleScreenBufferInfo
LoadLibraryExW
FreeLibrary
LoadLibraryW
VirtualAlloc
VirtualFree
VirtualProtect
InitializeSRWLock
AcquireSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockShared
ReleaseSRWLockExclusive
TlsGetValue
TlsAlloc
TlsSetValue
FindNextFileW
FindFirstFileW
GetFileInformationByHandle
FindClose
GetFileAttributesW
HeapSize
GetTempPathW
RemoveDirectoryW
MoveFileExW
DeleteFileW
SetFileAttributesW
SetFilePointerEx
SetEndOfFile
FlushFileBuffers
LockFileEx
UnlockFileEx
GetFullPathNameW
CreateSymbolicLinkW
CopyFileExW
MoveFileW
DeviceIoControl
SetFileTime
GetFinalPathNameByHandleW
GetCurrentThreadId
TryAcquireSRWLockExclusive
InitializeCriticalSection
InitializeConditionVariable
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
SleepConditionVariableCS
WakeConditionVariable
WakeAllConditionVariable
FormatMessageW
GetCommandLineW
LocalFree
QueryPerformanceFrequency
QueryPerformanceCounter
GetSystemTimeAsFileTime
Sleep
GetCurrentThread
SetThreadPriority
TlsFree
VirtualQuery
SleepConditionVariableSRW
GetTimeZoneInformation
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetLocaleInfoEx
CreateFileA
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
WaitForSingleObjectEx
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitOnceBeginInitialize
InitializeCriticalSectionEx
TryEnterCriticalSection
InitOnceComplete
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree

ntdll

RtlUnwindEx
RtlUnwind
RtlPcToFileHeader

Exports

Exports

Dart_AddSymbols
Dart_Allocate
Dart_AllocateWithNativeFields
Dart_BooleanValue
Dart_ClassLibrary
Dart_ClassName
Dart_Cleanup
Dart_CloseNativePort
Dart_ClosureFunction
Dart_CompileAll
Dart_CompileToKernel
Dart_CreateAppAOTSnapshotAsAssemblies
Dart_CreateAppAOTSnapshotAsAssembly
Dart_CreateAppAOTSnapshotAsElf
Dart_CreateAppAOTSnapshotAsElfs
Dart_CreateAppJITSnapshotAsBlobs
Dart_CreateCoreJITSnapshotAsBlobs
Dart_CreateIsolateGroup
Dart_CreateIsolateGroupFromKernel
Dart_CreateIsolateInGroup
Dart_CreateSnapshot
Dart_CreateVMAOTSnapshotAsAssembly
Dart_CurrentIsolate
Dart_CurrentIsolateData
Dart_CurrentIsolateGroup
Dart_CurrentIsolateGroupData
Dart_CurrentIsolateGroupId
Dart_DebugName
Dart_DebugNameToCString
Dart_DefaultCanonicalizeUrl
Dart_DeferredLoadComplete
Dart_DeferredLoadCompleteError
Dart_DeleteFinalizableHandle
Dart_DeletePersistentHandle
Dart_DeleteWeakPersistentHandle
Dart_DetectNullSafety
Dart_DisableHeapSampling
Dart_DoubleValue
Dart_DumpNativeStackTrace
Dart_EmptyString
Dart_EnableHeapSampling
Dart_EnterIsolate
Dart_EnterScope
Dart_ErrorGetException
Dart_ErrorGetStackTrace
Dart_ErrorHasException
Dart_ExecuteInternalCommand
Dart_ExitIsolate
Dart_ExitScope
Dart_False
Dart_FinalizeAllClasses
Dart_FinalizeLoading
Dart_FunctionIsStatic
Dart_FunctionName
Dart_FunctionOwner
Dart_GetClass
Dart_GetCurrentUserTag
Dart_GetDataFromByteBuffer
Dart_GetDefaultUserTag
Dart_GetError
Dart_GetField
Dart_GetLoadedLibraries
Dart_GetMainPortId
Dart_GetMessageNotifyCallback
Dart_GetNativeArgument
Dart_GetNativeArgumentCount
Dart_GetNativeArguments
Dart_GetNativeBooleanArgument
Dart_GetNativeDoubleArgument
Dart_GetNativeFieldsOfArgument
Dart_GetNativeInstanceField
Dart_GetNativeInstanceFieldCount
Dart_GetNativeIntegerArgument
Dart_GetNativeIsolateGroupData
Dart_GetNativeReceiver
Dart_GetNativeResolver
Dart_GetNativeStringArgument
Dart_GetNativeSymbol
Dart_GetNonNullableType
Dart_GetNullableType
Dart_GetObfuscationMap
Dart_GetPeer
Dart_GetStaticMethodClosure
Dart_GetStickyError
Dart_GetType
Dart_GetTypeOfExternalTypedData
Dart_GetTypeOfTypedData
Dart_GetUserTagLabel
Dart_HandleFromPersistent
Dart_HandleFromWeakPersistent
Dart_HandleMessage
Dart_HandleServiceMessages
Dart_HasLivePorts
Dart_HasServiceMessages
Dart_HasStickyError
Dart_IdentityEquals
Dart_Initialize
Dart_InstanceGetType
Dart_IntegerFitsIntoInt64
Dart_IntegerFitsIntoUint64
Dart_IntegerToHexCString
Dart_IntegerToInt64
Dart_IntegerToUint64
Dart_Invoke
Dart_InvokeClosure
Dart_InvokeConstructor
Dart_InvokeVMServiceMethod
Dart_IsApiError
Dart_IsBoolean
Dart_IsByteBuffer
Dart_IsClosure
Dart_IsCompilationError
Dart_IsDouble
Dart_IsError
Dart_IsExternalString
Dart_IsFatalError
Dart_IsFunction
Dart_IsFuture
Dart_IsInstance
Dart_IsInteger
Dart_IsKernel
Dart_IsKernelIsolate
Dart_IsLegacyType
Dart_IsLibrary
Dart_IsList
Dart_IsMap
Dart_IsNonNullableType
Dart_IsNull
Dart_IsNullableType
Dart_IsNumber
Dart_IsPausedOnExit
Dart_IsPausedOnStart
Dart_IsPrecompiledRuntime
Dart_IsReloading
Dart_IsServiceIsolate
Dart_IsString
Dart_IsStringLatin1
Dart_IsTearOff
Dart_IsType
Dart_IsTypeVariable
Dart_IsTypedData
Dart_IsUnhandledExceptionError
Dart_IsVMFlagSet
Dart_IsVariable
Dart_IsolateData
Dart_IsolateFlagsInitialize
Dart_IsolateGroupData
Dart_IsolateGroupHeapNewCapacityMetric
Dart_IsolateGroupHeapNewExternalMetric
Dart_IsolateGroupHeapNewUsedMetric
Dart_IsolateGroupHeapOldCapacityMetric
Dart_IsolateGroupHeapOldExternalMetric
Dart_IsolateGroupHeapOldUsedMetric
Dart_IsolateMakeRunnable
Dart_IsolateRunnableHeapSizeMetric
Dart_IsolateRunnableLatencyMetric
Dart_IsolateServiceId
Dart_KernelIsolateIsRunning
Dart_KernelListDependencies
Dart_KernelPort
Dart_KillIsolate
Dart_LibraryHandleError
Dart_LibraryResolvedUrl
Dart_LibraryUrl
Dart_ListGetAsBytes
Dart_ListGetAt
Dart_ListGetRange
Dart_ListLength
Dart_ListSetAsBytes
Dart_ListSetAt
Dart_LoadLibrary
Dart_LoadLibraryFromKernel
Dart_LoadScriptFromKernel
Dart_LoadingUnitLibraryUris
Dart_LookupLibrary
Dart_MapContainsKey
Dart_MapGetAt
Dart_MapKeys
Dart_New
Dart_NewApiError
Dart_NewBoolean
Dart_NewByteBuffer
Dart_NewCompilationError
Dart_NewDouble
Dart_NewExternalLatin1String
Dart_NewExternalTypedData
Dart_NewExternalTypedDataWithFinalizer
Dart_NewExternalUTF16String
Dart_NewFinalizableHandle
Dart_NewInteger
Dart_NewIntegerFromHexCString
Dart_NewIntegerFromUint64
Dart_NewList
Dart_NewListOf
Dart_NewListOfType
Dart_NewListOfTypeFilled
Dart_NewNativePort
Dart_NewPersistentHandle
Dart_NewSendPort
Dart_NewStringFromCString
Dart_NewStringFromUTF16
Dart_NewStringFromUTF32
Dart_NewStringFromUTF8
Dart_NewTypedData
Dart_NewUnhandledExceptionError
Dart_NewUnmodifiableExternalTypedDataWithFinalizer
Dart_NewUserTag
Dart_NewWeakPersistentHandle
Dart_NotifyDestroyed
Dart_NotifyIdle
Dart_NotifyLowMemory
Dart_Null
Dart_ObjectEquals
Dart_ObjectIsType
Dart_Post
Dart_PostCObject
Dart_PostInteger
Dart_Precompile
Dart_PrepareToAbort
Dart_PropagateError
Dart_ReThrowException
Dart_RecordTimelineEvent
Dart_RegisterHeapSamplingCallback
Dart_RegisterIsolateServiceRequestCallback
Dart_RegisterRootServiceRequestCallback
Dart_ReportSurvivingAllocations
Dart_RootLibrary
Dart_RunLoop
Dart_RunLoopAsync
Dart_ScopeAllocate
Dart_SendPortGetId
Dart_ServiceSendDataEvent
Dart_SetBooleanReturnValue
Dart_SetCurrentUserTag
Dart_SetDartLibrarySourcesKernel
Dart_SetDeferredLoadHandler
Dart_SetDoubleReturnValue
Dart_SetDwarfStackTraceFootnoteCallback
Dart_SetEmbedderInformationCallback
Dart_SetEnabledTimelineCategory
Dart_SetEnvironmentCallback
Dart_SetFfiNativeResolver
Dart_SetField
Dart_SetFileModifiedCallback
Dart_SetHeapSamplingPeriod
Dart_SetIntegerReturnValue
Dart_SetLibraryTagHandler
Dart_SetMessageNotifyCallback
Dart_SetNativeInstanceField
Dart_SetNativeResolver
Dart_SetPausedOnExit
Dart_SetPausedOnStart
Dart_SetPeer
Dart_SetPerformanceMode
Dart_SetPersistentHandle
Dart_SetReturnValue
Dart_SetRootLibrary
Dart_SetServiceStreamCallbacks
Dart_SetShouldPauseOnExit
Dart_SetShouldPauseOnStart
Dart_SetStickyError
Dart_SetThreadName
Dart_SetTimelineRecorderCallback
Dart_SetVMFlags
Dart_SetWeakHandleReturnValue
Dart_ShouldPauseOnExit
Dart_ShouldPauseOnStart
Dart_ShutdownIsolate
Dart_SortClasses
Dart_StartProfiling
Dart_StopProfiling
Dart_StringGetProperties
Dart_StringLength
Dart_StringStorageSize
Dart_StringToCString
Dart_StringToLatin1
Dart_StringToUTF16
Dart_StringToUTF8
Dart_ThreadDisableProfiling
Dart_ThreadEnableProfiling
Dart_ThrowException
Dart_TimelineEvent
Dart_TimelineGetMicros
Dart_TimelineGetTicks
Dart_TimelineGetTicksFrequency
Dart_ToString
Dart_True
Dart_TypeDynamic
Dart_TypeNever
Dart_TypeToNonNullableType
Dart_TypeToNullableType
Dart_TypeVoid
Dart_TypedDataAcquireData
Dart_TypedDataReleaseData
Dart_UpdateExternalSize
Dart_UpdateFinalizableExternalSize
Dart_VersionString
Dart_WaitForEvent
Dart_WriteHeapSnapshot
Dart_WriteProfileToTimeline

Sections

.text
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

snapshot
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_MEM_DISCARDABLE

Sharing

General

Malware Config

Signatures

Files

72f130104b27013023e66c990edbac08

Headers

DLL Characteristics

File Characteristics

Imports

ole32

iphlpapi

psapi

ws2_32

rpcrt4

shlwapi

advapi32

shell32

dbghelp

bcrypt

crypt32

kernel32

ntdll

Exports

Exports

Sections

.text Size: 2.6MB - Virtual size: 2.6MB

.rdata Size: 1.0MB - Virtual size: 1.0MB

.data Size: 16KB - Virtual size: 44KB

.pdata Size: 81KB - Virtual size: 80KB

_RDATA Size: 512B - Virtual size: 252B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 40KB - Virtual size: 40KB

snapshot Size: 1.6MB - Virtual size: 1.6MB

.text
Size: 2.6MB - Virtual size: 2.6MB

.rdata
Size: 1.0MB - Virtual size: 1.0MB

.data
Size: 16KB - Virtual size: 44KB

.pdata
Size: 81KB - Virtual size: 80KB

_RDATA
Size: 512B - Virtual size: 252B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 40KB - Virtual size: 40KB

snapshot
Size: 1.6MB - Virtual size: 1.6MB