a8b499e6eabbd4660d7292f06b2eee627820126db2828ba86f9bec1474facf7d

Sharing

Copy URL

Twitter E-mail

General

Target

a8b499e6eabbd4660d7292f06b2eee627820126db2828ba86f9bec1474facf7d
Size

163KB
MD5

726e7cd554b876281bde4271bb6bbdf0
SHA1

5739535f9c2d8cfb54595783f5ff7760b1ef03dd
SHA256

a8b499e6eabbd4660d7292f06b2eee627820126db2828ba86f9bec1474facf7d
SHA512

73158bba52ad7909fd2805fdeed11c7de979d355bfc1fecd8a4ee8913008e97ce07ce4633901dcaa664b56c12835c13ca51f8e9d2c7b399d27e7b3ceb332f047
SSDEEP

3072:5p13eKsQLzXRlYy3xpePT510FXvNw4EN2D1PqLle8lEuA6N3U6:t3eKPLLR9eP9AENq1PW3yuA6q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a8b499e6eabbd4660d7292f06b2eee627820126db2828ba86f9bec1474facf7d

Files

a8b499e6eabbd4660d7292f06b2eee627820126db2828ba86f9bec1474facf7d
.exe windows:6 windows x64 arch:x64

d907d1094ecec7a770f4c0b5fadcdff2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\UserData\Arbeit\Visual Studio\GitHub\NSudo\Source\Native\Output\Binaries\Release\x64\NSudoLC.pdb

Imports

kernel32

ExpandEnvironmentStringsW
GetModuleFileNameW
OpenProcess
MultiByteToWideChar
GetTickCount64
LockResource
QueryPerformanceFrequency
GetConsoleOutputCP
LoadResource
GetProcAddress
FreeLibrary
WideCharToMultiByte
SleepEx
QueryPerformanceCounter
RtlLookupFunctionEntry
ReadFile
GetFileInformationByHandleEx
SizeofResource
GetCurrentProcessId
DeleteCriticalSection
GetLocalTime
WaitForSingleObjectEx
ResumeThread
GetCurrentThreadId
InitializeCriticalSection
LeaveCriticalSection
GetCurrentProcess
EnterCriticalSection
SetPriorityClass
GetModuleHandleW
GetProcessHeap
HeapAlloc
CloseHandle
GetThreadUILanguage
GetLastError
CreateFileW
SetThreadUILanguage
WriteFile
GetStdHandle
GetCommandLineW
SetLastError
HeapFree
FindResourceExW
GetModuleHandleExW
ExitProcess
Sleep
RaiseException
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
EncodePointer
VirtualQuery
RtlUnwindEx
InitializeSListHead
GetSystemTimeAsFileTime
RtlCaptureContext

advapi32

GetTokenInformation
AdjustTokenPrivileges
GetAce
CloseServiceHandle
OpenSCManagerW
AllocateAndInitializeSid
IsWellKnownSid
AddAce
CreateRestrictedToken
FreeSid
StartServiceW
InitializeAcl
OpenServiceW
GetLengthSid
AddAccessAllowedAce
QueryServiceStatusEx
LookupPrivilegeValueW
SetTokenInformation
OpenProcessToken
SetThreadToken
CreateProcessAsUserW
DuplicateTokenEx

ole32

CoInitializeEx

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

wtsapi32

WTSEnumerateSessionsW
WTSFreeMemory
WTSEnumerateProcessesW
WTSQueryUserToken

msvcrt

_wcsnicmp
_callnewh
_initterm
_initterm_e
_set_fmode
abort
_errno
strcpy_s
__pctype_func
tolower
___mb_cur_max_func
wcsnlen
wcstol
_mbtowc_l
?terminate@@YAXXZ
__getmainargs
_environ
_msize
_XcptFilter
__set_app_type
__argc
__argv
?_set_new_mode@@YAHH@Z
_commode
___lc_codepage_func
ceil
log10
realloc
_clearfp
free
strncmp
_wcsicmp
strrchr
memmove
_local_unwind
__DestructExceptionObject
_amsg_exit
memset
__C_specific_handler
_CxxThrowException
wcsstr
wcsrchr
malloc
__CxxFrameHandler3
memcpy
memcmp

Sections

.text
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 212B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d907d1094ecec7a770f4c0b5fadcdff2

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

ole32

userenv

wtsapi32

msvcrt

Sections

.text Size: 83KB - Virtual size: 82KB

.rdata Size: 24KB - Virtual size: 24KB

.data Size: 1024B - Virtual size: 2KB

.pdata Size: 5KB - Virtual size: 4KB

.rsrc Size: 48KB - Virtual size: 48KB

.reloc Size: 512B - Virtual size: 212B

.text
Size: 83KB - Virtual size: 82KB

.rdata
Size: 24KB - Virtual size: 24KB

.data
Size: 1024B - Virtual size: 2KB

.pdata
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 48KB - Virtual size: 48KB

.reloc
Size: 512B - Virtual size: 212B