usetor[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

usetor.exe
Size

317KB
MD5

4db1bbe2ad6b478d7eaceb2ac3860728
SHA1

e440ec34c9dfaa6f6209f885af8fb36345c0abb7
SHA256

8d07c4953e67b6c9ae1b43b242fbb6c3ce77e1f7b08caedbe62db42083ae6a18
SHA512

e7fb931da8c57a42118ed6890bb7bda844be91f0e4273a9ca8ad8683a337748b643c45f53c7048df1f3eed94ce5443a0b494dc7f8a68f4b384df5ca783c7fb16
SSDEEP

3072:M/oq1wdxFA/zSLI1lc4K7pPpwyjEnPaYLlS1i5q2aKe4qayMNyj8OfxrJr4vMcao:Xq16FA7q4K71pUDxfaKD92DIBvf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
usetor.exe

Files

usetor.exe
.exe windows:6 windows x64 arch:x64

e4cbd46e4c8f3b64d28544f04e33813c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\user\Desktop\test\target\release\deps\usetor.pdb

Imports

ole32

CoSetProxyBlanket
CoCreateInstance
CoInitializeSecurity
CoInitializeEx

kernel32

RtlCaptureContext
RtlLookupFunctionEntry
SetLastError
GetCurrentDirectoryW
GetEnvironmentVariableW
ReleaseSRWLockShared
GetCurrentThread
ReleaseMutex
CloseHandle
WaitForSingleObject
FormatMessageW
GetCurrentProcess
HeapAlloc
GetStdHandle
GetCurrentProcessId
GetLastError
GetCurrentThreadId
TryAcquireSRWLockExclusive
FreeLibrary
HeapReAlloc
QueryPerformanceCounter
WaitForSingleObjectEx
CreateMutexA
GetModuleHandleA
GetProcAddress
LoadLibraryA
IsProcessorFeaturePresent
HeapFree
GetProcessHeap
GetConsoleMode
SetThreadStackGuarantee
GetModuleHandleW
AddVectoredExceptionHandler
MultiByteToWideChar
WriteConsoleW
WideCharToMultiByte
ReadConsoleW
GetSystemTimeAsFileTime
AcquireSRWLockShared
InitializeSListHead
ReleaseSRWLockExclusive
RtlVirtualUnwind
IsDebuggerPresent
AcquireSRWLockExclusive
UnhandledExceptionFilter
SetUnhandledExceptionFilter

oleaut32

SafeArrayDestroy
VariantClear
SafeArrayUnaccessData
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SysFreeString
SysStringLen
SysAllocStringLen
GetErrorInfo

advapi32

SystemFunction036

ntdll

RtlNtStatusToDosError
NtReadFile
NtWriteFile

bcrypt

BCryptGenRandom

vcruntime140

memcmp
memmove
memset
memcpy
_CxxThrowException
__C_specific_handler
__current_exception
__current_exception_context
__CxxFrameHandler3

api-ms-win-crt-runtime-l1-1-0

_get_initial_narrow_environment
_initterm
_initterm_e
exit
_exit
_seh_filter_exe
__p___argc
__p___argv
_initialize_narrow_environment
_c_exit
_register_thread_local_exe_atexit_callback
terminate
_crt_atexit
_configure_narrow_argv
_register_onexit_function
_set_app_type
_initialize_onexit_table
_cexit

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

_set_new_mode
free

Sections

.text
Size: 219KB - Virtual size: 218KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e4cbd46e4c8f3b64d28544f04e33813c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ole32

kernel32

oleaut32

advapi32

ntdll

bcrypt

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 219KB - Virtual size: 218KB

.rdata Size: 85KB - Virtual size: 84KB

.data Size: 512B - Virtual size: 952B

.pdata Size: 10KB - Virtual size: 10KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 219KB - Virtual size: 218KB

.rdata
Size: 85KB - Virtual size: 84KB

.data
Size: 512B - Virtual size: 952B

.pdata
Size: 10KB - Virtual size: 10KB

.reloc
Size: 1KB - Virtual size: 1KB