C:\Users\me\source\repos\updater\x64\Release\updater.pdb
General
-
Target
woah.zip
-
Size
4.4MB
-
MD5
aa76204afd603f4bc4f665dc582cec09
-
SHA1
92aeb826a9e040c5aaed47bcde65bc8b19c09483
-
SHA256
978c02e8a181b0ee5bf50aeec8e3145e6b4a5e9659e8c4c391c125e25aebd2be
-
SHA512
7245be16b6d6a2cc9e3b7e281d0f918ced88ebadcff39680e3a1815ffde60ae6a4f12d0dd18e29bfd4e19689e882acd3687ebbf29d185b4b177a64d8ce1d7ba9
-
SSDEEP
98304:kS3GNFy8TgU3s3rFGJNXUUa9lusx6qml2feAvoHM8dAetfPh+EnhBK4:kAGDy+IQrUfxXS2WdM8dAetPNLK4
Score
7/10
Malware Config
Signatures
-
resource yara_rule static1/unpack001/hahahahahahahahahahahahah/celex.exe themida -
Unsigned PE 2 IoCs
Checks for missing Authenticode signature.
resource unpack001/hahahahahahahahahahahahah/celex.exe unpack001/hahahahahahahahahahahahah/login.exe
Files
-
woah.zip.zip
-
hahahahahahahahahahahahah/READ ME!.txt
-
hahahahahahahahahahahahah/celex.exe.exe windows:6 windows x64 arch:x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Sections
Size: 433KB - Virtual size: 912KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Size: 97KB - Virtual size: 225KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Size: 94KB - Virtual size: 174KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 19KB - Virtual size: 33KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Size: 275B - Virtual size: 488B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Size: 1KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.imports Size: 2KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 512B - Virtual size: 4KB
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.themida Size: - Virtual size: 6.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.boot Size: 3.6MB - Virtual size: 3.6MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 16B - Virtual size: 4KB
IMAGE_SCN_MEM_READ
-
hahahahahahahahahahahahah/login.exe.exe windows:6 windows x64 arch:x64
1cbe23d5bc6daa93fa901ee43d967ea4
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
kernel32
FormatMessageA
CreateFileA
GetFileSizeEx
WideCharToMultiByte
IsDebuggerPresent
WaitForMultipleObjects
PeekNamedPipe
ReadFile
GetFileType
GetStdHandle
GetEnvironmentVariableA
MultiByteToWideChar
WaitForSingleObjectEx
CloseHandle
MoveFileExA
Sleep
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
GetTickCount
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetFileInformationByHandleEx
GetModuleHandleW
AreFileApisANSI
GetFileAttributesExW
FindFirstFileW
FindClose
CreateFileW
CreateDirectoryW
GetLocaleInfoEx
LocalFree
SetLastError
QueryPerformanceCounter
VerifyVersionInfoA
LoadLibraryA
GetProcAddress
GetModuleHandleA
FreeLibrary
GetSystemDirectoryA
QueryPerformanceFrequency
VerSetConditionMask
SleepEx
GetLastError
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
SetUnhandledExceptionFilter
EnterCriticalSection
advapi32
CryptAcquireContextA
CryptGetHashParam
CryptGenRandom
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptDestroyKey
CryptImportKey
CryptEncrypt
CryptReleaseContext
msvcp140
?_Winerror_map@std@@YAHH@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Xout_of_range@std@@YAXPEBD@Z
normaliz
IdnToAscii
ws2_32
getaddrinfo
select
__WSAFDIsSet
WSAIoctl
freeaddrinfo
socket
WSAStartup
WSACleanup
accept
htonl
closesocket
recvfrom
listen
ioctlsocket
setsockopt
recv
send
WSAGetLastError
bind
gethostname
connect
ntohl
sendto
getpeername
getsockname
ntohs
htons
getsockopt
WSASetLastError
wldap32
ord60
ord45
ord50
ord211
ord46
ord217
ord143
ord22
ord26
ord27
ord32
ord33
ord35
ord301
ord200
ord30
ord41
ord79
crypt32
CertFreeCertificateChainEngine
CertGetNameStringA
CertFreeCertificateChain
CertCloseStore
CertCreateCertificateChainEngine
CryptQueryObject
CertFindExtension
CertAddCertificateContextToStore
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryA
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertGetCertificateChain
CertOpenStore
vcruntime140_1
__CxxFrameHandler4
vcruntime140
memchr
memcmp
__current_exception
__C_specific_handler
__current_exception_context
strstr
__std_exception_destroy
__std_exception_copy
memcpy
memset
strchr
strrchr
memmove
_CxxThrowException
api-ms-win-crt-heap-l1-1-0
_callnewh
free
calloc
realloc
malloc
_set_new_mode
api-ms-win-crt-stdio-l1-1-0
fclose
_open
_close
_write
_read
fputs
__p__commode
_set_fmode
fwrite
__stdio_common_vsscanf
feof
fseek
_lseeki64
ftell
fgets
__stdio_common_vsprintf
fputc
fflush
__acrt_iob_func
fread
fopen
api-ms-win-crt-runtime-l1-1-0
_initialize_onexit_table
_register_onexit_function
_crt_atexit
__p___argc
_exit
exit
_get_initial_narrow_environment
_initialize_narrow_environment
_configure_narrow_argv
__p___argv
_cexit
_set_app_type
_seh_filter_exe
terminate
_register_thread_local_exe_atexit_callback
__sys_nerr
_getpid
_beginthreadex
_initterm_e
_c_exit
strerror
_errno
_invalid_parameter_noinfo_noreturn
system
_initterm
api-ms-win-crt-environment-l1-1-0
getenv
api-ms-win-crt-string-l1-1-0
strncpy
strpbrk
strspn
isupper
_strdup
strcspn
strcmp
tolower
strncmp
api-ms-win-crt-time-l1-1-0
_gmtime64
_time64
api-ms-win-crt-utility-l1-1-0
qsort
api-ms-win-crt-filesystem-l1-1-0
_access
_stat64
_unlink
_fstat64
api-ms-win-crt-convert-l1-1-0
strtol
strtoul
strtoll
atoi
api-ms-win-crt-locale-l1-1-0
_configthreadlocale
___lc_codepage_func
api-ms-win-crt-math-l1-1-0
__setusermatherr
Sections
.text Size: 329KB - Virtual size: 328KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 82KB - Virtual size: 81KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 14KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ