d2a7aa583054eb65ae6d20add44f69b23d6a1e891358326a800e1c45a87b21fa

Sharing

Copy URL Twitter E-mail

General

Target

d2a7aa583054eb65ae6d20add44f69b23d6a1e891358326a800e1c45a87b21fa
Size

157KB
MD5

80d09afd9fc13d8e05347f3a3be18f32
SHA1

2dbba08b58b23913cb3f7cd0f5aa35a8501e6df8
SHA256

d2a7aa583054eb65ae6d20add44f69b23d6a1e891358326a800e1c45a87b21fa
SHA512

5578eba54c8b4367ce1b34f63cfe1d48ac34a83554b19a478385187ee95e3f349370dc4522e25590b9586eb3e2e6655f81c1eb5af8e2c6f3617c07aa2d5d2031
SSDEEP

3072:LA6ZNflhbYQOvoJSLZVb+JL/fFeQ8BuA6N3U8:M6ZNflhbY+J6Vb+B/tIBuA6q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d2a7aa583054eb65ae6d20add44f69b23d6a1e891358326a800e1c45a87b21fa

Files

d2a7aa583054eb65ae6d20add44f69b23d6a1e891358326a800e1c45a87b21fa
.exe windows:6 windows x64 arch:x64

d975c2c3c5293a2210024c5a20dba029

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\Projects\MouriNaruto\NSudoPrivate\Source\Native\Output\Binaries\Release\x64\NSudoLC.pdb

Imports

kernel32

ExpandEnvironmentStringsW
GetModuleFileNameW
OpenProcess
MultiByteToWideChar
GetTickCount64
LockResource
QueryPerformanceFrequency
GetConsoleOutputCP
LoadResource
GetProcAddress
FreeLibrary
WideCharToMultiByte
SleepEx
QueryPerformanceCounter
RtlLookupFunctionEntry
ReadFile
GetFileInformationByHandleEx
SizeofResource
GetCurrentProcessId
DeleteCriticalSection
GetLocalTime
WaitForSingleObjectEx
ResumeThread
GetCurrentThreadId
InitializeCriticalSection
LeaveCriticalSection
GetCurrentProcess
EnterCriticalSection
SetPriorityClass
GetModuleHandleW
GetProcessHeap
HeapAlloc
CloseHandle
GetThreadUILanguage
GetLastError
CreateFileW
SetThreadUILanguage
WriteFile
GetStdHandle
GetCommandLineW
SetLastError
HeapFree
FindResourceExW
GetModuleHandleExW
ExitProcess
Sleep
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
RaiseException
EncodePointer
RtlUnwindEx
InitializeSListHead
GetSystemTimeAsFileTime
RtlCaptureContext

advapi32

GetTokenInformation
AdjustTokenPrivileges
GetAce
CloseServiceHandle
OpenSCManagerW
AllocateAndInitializeSid
IsWellKnownSid
AddAce
CreateRestrictedToken
FreeSid
StartServiceW
InitializeAcl
OpenServiceW
GetLengthSid
AddAccessAllowedAce
QueryServiceStatusEx
LookupPrivilegeValueW
SetTokenInformation
OpenProcessToken
SetThreadToken
CreateProcessAsUserW
DuplicateTokenEx

ole32

CoInitializeEx

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

wtsapi32

WTSEnumerateSessionsW
WTSFreeMemory
WTSEnumerateProcessesW
WTSQueryUserToken

msvcrt

_callnewh
_initterm
_initterm_e
_set_fmode
abort
_errno
strcpy_s
__pctype_func
tolower
___mb_cur_max_func
wcsnlen
wcstol
_mbtowc_l
?terminate@@YAXXZ
__getmainargs
_environ
_msize
_XcptFilter
__set_app_type
__argc
__argv
?_set_new_mode@@YAHH@Z
_commode
___lc_codepage_func
ceil
log10
realloc
_clearfp
malloc
free
strncmp
_wcsicmp
strrchr
memmove
__DestructExceptionObject
_amsg_exit
memset
__C_specific_handler
_CxxThrowException
wcsstr
wcsrchr
_wcsnicmp
memcpy
memcmp

Sections

.text
Size: 82KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d975c2c3c5293a2210024c5a20dba029

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

ole32

userenv

wtsapi32

msvcrt

Sections

.text Size: 82KB - Virtual size: 81KB

.rdata Size: 26KB - Virtual size: 25KB

.data Size: 1024B - Virtual size: 2KB

.pdata Size: 5KB - Virtual size: 4KB

.rsrc Size: 42KB - Virtual size: 41KB

.reloc Size: 512B - Virtual size: 244B

.text
Size: 82KB - Virtual size: 81KB

.rdata
Size: 26KB - Virtual size: 25KB

.data
Size: 1024B - Virtual size: 2KB

.pdata
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 42KB - Virtual size: 41KB

.reloc
Size: 512B - Virtual size: 244B