84523ddad722e205e2d52eedfb682026928b63f919a7bf1ce6f1ad4180d0f507

Sharing

Copy URL Twitter E-mail

General

Target

84523ddad722e205e2d52eedfb682026928b63f919a7bf1ce6f1ad4180d0f507
Size

3.7MB
MD5

ca92a3cc37581012b7b1a63e40e45fd9
SHA1

2584b8b62c1a0785e9e5a97ca5ec8f33bf35c2d7
SHA256

84523ddad722e205e2d52eedfb682026928b63f919a7bf1ce6f1ad4180d0f507
SHA512

eb9f70b2a69a46adc28de3d0a3c6461bc24f52845bc6f715d7988a9b0a5381df858f98ccdfa4caa8e22788e23a7a3046695e15a88d04dd3281d7276acabbc0ff
SSDEEP

49152:y2IvBf2o48NNmAaR/gUmI0QgjDKi+KRyYYumhOZnQzIyiy6CEt9Gy5+PqibGy6Zy:TCBf2rsNpaqxfFf+cyYY/8l0EtQPqiZF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ encrypted/Proton-decrypter.exe

Files

84523ddad722e205e2d52eedfb682026928b63f919a7bf1ce6f1ad4180d0f507
.zip

Password: infected
 encrypted/Proton-decrypter.exe
.exe windows:6 windows x64 arch:x64

Password: infected

c5bf716b2515a99af847cc38764c56c4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

MultiByteToWideChar
WriteConsoleW
GetCurrentDirectoryW
GetEnvironmentVariableW
GetModuleHandleW
FormatMessageW
CreateFileW
GetFileInformationByHandle
GetFileInformationByHandleEx
GetStdHandle
GetFullPathNameW
SetFilePointerEx
FindNextFileW
FindFirstFileW
GetDiskFreeSpaceExW
GlobalMemoryStatusEx
GetCurrentProcessId
CopyFileExW
GetEnvironmentStringsW
FreeEnvironmentStringsW
CompareStringOrdinal
GetModuleFileNameW
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
DuplicateHandle
CreateNamedPipeW
CreateThread
ReadFileEx
SleepEx
WriteFileEx
CreateEventW
CancelIo
GetOverlappedResult
ReadFile
ExitProcess
GetSystemTimeAsFileTime
AcquireSRWLockShared
ReleaseSRWLockShared
InitializeCriticalSectionAndSpinCount
SetHandleInformation
GetProcessTimes
LocalFree
TlsAlloc
GetExitCodeProcess
GetSystemTimes
GetProcessIoCounters
WaitForMultipleObjects
ReadProcessMemory
RegisterWaitForSingleObject
AcquireSRWLockExclusive
WaitForSingleObject
SetThreadStackGuarantee
GetLogicalDrives
AddVectoredExceptionHandler
EncodePointer
QueryPerformanceFrequency
QueryPerformanceCounter
HeapReAlloc
WakeConditionVariable
SleepConditionVariableSRW
GetSystemInfo
TlsGetValue
GetDriveTypeW
GetVolumeInformationW
OpenProcess
WakeAllConditionVariable
VirtualQueryEx
TlsSetValue
TlsFree
GetModuleHandleA
Sleep
TryAcquireSRWLockExclusive
GetFinalPathNameByHandleW
SetLastError
SetFileCompletionNotificationModes
CreateIoCompletionPort
LoadLibraryExW
GetLastError
TerminateProcess
FindClose
PostQueuedCompletionStatus
UnregisterWaitEx
RtlLookupFunctionEntry
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetQueuedCompletionStatusEx
FreeLibrary
InitializeSListHead
IsDebuggerPresent
RtlUnwindEx
RtlPcToFileHeader
FlushFileBuffers
GetTickCount
MapViewOfFile
CreateFileMappingW
FormatMessageA
GetSystemTime
WideCharToMultiByte
SystemTimeToFileTime
GetFileSize
LockFileEx
UnlockFile
HeapDestroy
HeapCompact
LoadLibraryW
DeleteFileW
DeleteFileA
CreateFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
GetTempPathA
HeapSize
HeapValidate
UnmapViewOfFile
CreateMutexW
GetTempPathW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
WriteFile
HeapCreate
AreFileApisANSI
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
RtlVirtualUnwind
RaiseException
CloseHandle
SwitchToThread
RtlCaptureContext
GetCurrentThread
CreateMutexA
LoadLibraryA
WaitForSingleObjectEx
GetCurrentProcess
GetConsoleMode
GetProcAddress
HeapAlloc
GetProcessHeap
ReleaseMutex
ReleaseSRWLockExclusive
GetTickCount64
DeviceIoControl
HeapFree

advapi32

OpenProcessToken
RegQueryValueExW
SystemFunction036
RegSetValueExW
LookupAccountSidW
CopySid
GetLengthSid
RegCloseKey
IsValidSid
GetTokenInformation
RegCreateKeyExW
RegOpenKeyExW

ws2_32

socket
freeaddrinfo
recv
send
WSAStartup
getsockname
getpeername
shutdown
WSAIoctl
setsockopt
ioctlsocket
WSASocketW
WSAGetLastError
getsockopt
closesocket
WSACleanup
connect
bind
getaddrinfo
WSASend

ole32

CoInitializeSecurity
CoUninitialize
CoCreateInstance
CoInitializeEx
CoSetProxyBlanket

oleaut32

SafeArrayAccessData
SafeArrayGetUBound
VariantClear
SysAllocString
GetErrorInfo
SysAllocStringLen
SafeArrayUnaccessData
SysFreeString
SysStringLen
SafeArrayGetLBound

bcrypt

BCryptGenRandom

ntdll

NtWriteFile
NtQuerySystemInformation
NtCreateFile
NtQueryInformationProcess
NtReadFile
RtlNtStatusToDosError
NtDeviceIoControlFile
NtCancelIoFileEx
RtlGetVersion

crypt32

CryptUnprotectData

psapi

GetModuleFileNameExW
GetPerformanceInfo

shell32

CommandLineToArgvW

iphlpapi

GetAdaptersAddresses
GetIfEntry2
GetIfTable2
FreeMibTable

netapi32

NetUserEnum
NetUserGetLocalGroups
NetUserGetInfo
NetApiBufferFree

secur32

LsaGetLogonSessionData
LsaFreeReturnBuffer
LsaEnumerateLogonSessions

pdh

PdhAddEnglishCounterW
PdhRemoveCounter
PdhGetFormattedCounterValue
PdhCloseQuery
PdhOpenQueryA
PdhCollectQueryData

powrprof

CallNtPowerInformation

api-ms-win-crt-string-l1-1-0

strlen
strcmp
wcsncmp
strcpy_s
wcslen
strncmp
strcspn

api-ms-win-crt-heap-l1-1-0

calloc
_set_new_mode
realloc
_msize
free
malloc

api-ms-win-crt-math-l1-1-0

__setusermatherr
log
pow

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-time-l1-1-0

_localtime64_s

api-ms-win-crt-runtime-l1-1-0

_register_onexit_function
_beginthreadex
_endthreadex
_crt_atexit
_initialize_onexit_table
_set_app_type
terminate
_configure_narrow_argv
_initialize_narrow_environment
_get_initial_narrow_environment
_initterm
_initterm_e
exit
_exit
abort
_seh_filter_exe
_register_thread_local_exe_atexit_callback
__p___argc
__p___argv
_cexit
_c_exit

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 4.7MB - Virtual size: 4.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 208KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
 encrypted/ encrypted.pdf
.pdf

Password: infected

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

c5bf716b2515a99af847cc38764c56c4

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

ws2_32

ole32

oleaut32

bcrypt

ntdll

crypt32

psapi

shell32

iphlpapi

netapi32

secur32

pdh

powrprof

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 4.7MB - Virtual size: 4.7MB

.rdata Size: 1.7MB - Virtual size: 1.7MB

.data Size: 20KB - Virtual size: 24KB

.pdata Size: 208KB - Virtual size: 208KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 21KB - Virtual size: 20KB

Password: infected

.text
Size: 4.7MB - Virtual size: 4.7MB

.rdata
Size: 1.7MB - Virtual size: 1.7MB

.data
Size: 20KB - Virtual size: 24KB

.pdata
Size: 208KB - Virtual size: 208KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 21KB - Virtual size: 20KB