Proton-decrypter[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

Proton-decrypter.exe
Size

6.7MB
MD5

3ab86f13c521e72bf4e8475ccd1e62e3
SHA1

a1b2b1c4995ba4665d4db71653037f3075e111fb
SHA256

37c52481711631a5c73a6341bd8bea302ad57f02199db7624b580058547fb5a9
SHA512

a56fcf131a3de1a1395746edda0c038f9e39cfb63b8c96d788f9cb1c5d6a3f28d253543968a253b143bafd6ccc7f39ff8932097fca2a5e3076b87343afc8652b
SSDEEP

49152:5vdi5Ifm0OErygxEb6Ns/CRptmctcmZxDit3KowoLGi9VDUIvR62BZrXDbS06DSi:cIHO7cifwIvRtSjRWipG5YF+Oz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Proton-decrypter.exe

Files

Proton-decrypter.exe
.exe windows:6 windows x64 arch:x64

c5bf716b2515a99af847cc38764c56c4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

MultiByteToWideChar
WriteConsoleW
GetCurrentDirectoryW
GetEnvironmentVariableW
GetModuleHandleW
FormatMessageW
CreateFileW
GetFileInformationByHandle
GetFileInformationByHandleEx
GetStdHandle
GetFullPathNameW
SetFilePointerEx
FindNextFileW
FindFirstFileW
GetDiskFreeSpaceExW
GlobalMemoryStatusEx
GetCurrentProcessId
CopyFileExW
GetEnvironmentStringsW
FreeEnvironmentStringsW
CompareStringOrdinal
GetModuleFileNameW
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
DuplicateHandle
CreateNamedPipeW
CreateThread
ReadFileEx
SleepEx
WriteFileEx
CreateEventW
CancelIo
GetOverlappedResult
ReadFile
ExitProcess
GetSystemTimeAsFileTime
AcquireSRWLockShared
ReleaseSRWLockShared
InitializeCriticalSectionAndSpinCount
SetHandleInformation
GetProcessTimes
LocalFree
TlsAlloc
GetExitCodeProcess
GetSystemTimes
GetProcessIoCounters
WaitForMultipleObjects
ReadProcessMemory
RegisterWaitForSingleObject
AcquireSRWLockExclusive
WaitForSingleObject
SetThreadStackGuarantee
GetLogicalDrives
AddVectoredExceptionHandler
EncodePointer
QueryPerformanceFrequency
QueryPerformanceCounter
HeapReAlloc
WakeConditionVariable
SleepConditionVariableSRW
GetSystemInfo
TlsGetValue
GetDriveTypeW
GetVolumeInformationW
OpenProcess
WakeAllConditionVariable
VirtualQueryEx
TlsSetValue
TlsFree
GetModuleHandleA
Sleep
TryAcquireSRWLockExclusive
GetFinalPathNameByHandleW
SetLastError
SetFileCompletionNotificationModes
CreateIoCompletionPort
LoadLibraryExW
GetLastError
TerminateProcess
FindClose
PostQueuedCompletionStatus
UnregisterWaitEx
RtlLookupFunctionEntry
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetQueuedCompletionStatusEx
FreeLibrary
InitializeSListHead
IsDebuggerPresent
RtlUnwindEx
RtlPcToFileHeader
FlushFileBuffers
GetTickCount
MapViewOfFile
CreateFileMappingW
FormatMessageA
GetSystemTime
WideCharToMultiByte
SystemTimeToFileTime
GetFileSize
LockFileEx
UnlockFile
HeapDestroy
HeapCompact
LoadLibraryW
DeleteFileW
DeleteFileA
CreateFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
GetTempPathA
HeapSize
HeapValidate
UnmapViewOfFile
CreateMutexW
GetTempPathW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
WriteFile
HeapCreate
AreFileApisANSI
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
RtlVirtualUnwind
RaiseException
CloseHandle
SwitchToThread
RtlCaptureContext
GetCurrentThread
CreateMutexA
LoadLibraryA
WaitForSingleObjectEx
GetCurrentProcess
GetConsoleMode
GetProcAddress
HeapAlloc
GetProcessHeap
ReleaseMutex
ReleaseSRWLockExclusive
GetTickCount64
DeviceIoControl
HeapFree

advapi32

OpenProcessToken
RegQueryValueExW
SystemFunction036
RegSetValueExW
LookupAccountSidW
CopySid
GetLengthSid
RegCloseKey
IsValidSid
GetTokenInformation
RegCreateKeyExW
RegOpenKeyExW

ws2_32

socket
freeaddrinfo
recv
send
WSAStartup
getsockname
getpeername
shutdown
WSAIoctl
setsockopt
ioctlsocket
WSASocketW
WSAGetLastError
getsockopt
closesocket
WSACleanup
connect
bind
getaddrinfo
WSASend

ole32

CoInitializeSecurity
CoUninitialize
CoCreateInstance
CoInitializeEx
CoSetProxyBlanket

oleaut32

SafeArrayAccessData
SafeArrayGetUBound
VariantClear
SysAllocString
GetErrorInfo
SysAllocStringLen
SafeArrayUnaccessData
SysFreeString
SysStringLen
SafeArrayGetLBound

bcrypt

BCryptGenRandom

ntdll

NtWriteFile
NtQuerySystemInformation
NtCreateFile
NtQueryInformationProcess
NtReadFile
RtlNtStatusToDosError
NtDeviceIoControlFile
NtCancelIoFileEx
RtlGetVersion

crypt32

CryptUnprotectData

psapi

GetModuleFileNameExW
GetPerformanceInfo

shell32

CommandLineToArgvW

iphlpapi

GetAdaptersAddresses
GetIfEntry2
GetIfTable2
FreeMibTable

netapi32

NetUserEnum
NetUserGetLocalGroups
NetUserGetInfo
NetApiBufferFree

secur32

LsaGetLogonSessionData
LsaFreeReturnBuffer
LsaEnumerateLogonSessions

pdh

PdhAddEnglishCounterW
PdhRemoveCounter
PdhGetFormattedCounterValue
PdhCloseQuery
PdhOpenQueryA
PdhCollectQueryData

powrprof

CallNtPowerInformation

api-ms-win-crt-string-l1-1-0

strlen
strcmp
wcsncmp
strcpy_s
wcslen
strncmp
strcspn

api-ms-win-crt-heap-l1-1-0

calloc
_set_new_mode
realloc
_msize
free
malloc

api-ms-win-crt-math-l1-1-0

__setusermatherr
log
pow

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-time-l1-1-0

_localtime64_s

api-ms-win-crt-runtime-l1-1-0

_register_onexit_function
_beginthreadex
_endthreadex
_crt_atexit
_initialize_onexit_table
_set_app_type
terminate
_configure_narrow_argv
_initialize_narrow_environment
_get_initial_narrow_environment
_initterm
_initterm_e
exit
_exit
abort
_seh_filter_exe
_register_thread_local_exe_atexit_callback
__p___argc
__p___argv
_cexit
_c_exit

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 4.7MB - Virtual size: 4.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 208KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c5bf716b2515a99af847cc38764c56c4

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

ws2_32

ole32

oleaut32

bcrypt

ntdll

crypt32

psapi

shell32

iphlpapi

netapi32

secur32

pdh

powrprof

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 4.7MB - Virtual size: 4.7MB

.rdata Size: 1.7MB - Virtual size: 1.7MB

.data Size: 20KB - Virtual size: 24KB

.pdata Size: 208KB - Virtual size: 208KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 21KB - Virtual size: 20KB

.text
Size: 4.7MB - Virtual size: 4.7MB

.rdata
Size: 1.7MB - Virtual size: 1.7MB

.data
Size: 20KB - Virtual size: 24KB

.pdata
Size: 208KB - Virtual size: 208KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 21KB - Virtual size: 20KB