alterware-launcher[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

alterware-launcher.exe
Size

2.2MB
MD5

a12faa4052307dfbd891c29edc8ca682
SHA1

229555d7e622ba18edf12b2784c67400de1c1992
SHA256

4349cf69c30e7113d5955273018fec0aa2efd9711ec5fdacfbe5f952a923aa74
SHA512

326e4d82fe44288a5d54437c1cf37981b29fd214c218766fa53ef3ea44ecd43e9cac0310fe2ddc2586758087ae0bfc035c48e767fb19396ee27b13b6bff08473
SSDEEP

49152:8Xana6kKxTmzQul17/6PTMWhxz2FEWQy9wj4siNo:Mex7sfsiN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
alterware-launcher.exe

Files

alterware-launcher.exe
.exe windows:6 windows x64 arch:x64

8a6f3bd0538156d95aa045be060c1b8c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\alterware-launcher\alterware-launcher\target\x86_64-pc-windows-msvc\release\deps\alterware_launcher.pdb

Imports

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
SystemFunction036

kernel32

CloseHandle
ReleaseSRWLockExclusive
CreateFileW
GetCurrentProcess
DuplicateHandle
GetModuleFileNameW
GetCommandLineW
WaitForSingleObject
DeleteFileW
LocalFree
CreateProcessA
ExitProcess
AcquireSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockShared
SetHandleInformation
GetCurrentProcessId
TryAcquireSRWLockExclusive
SleepConditionVariableSRW
GetSystemInfo
SetFileCompletionNotificationModes
CreateIoCompletionPort
GetQueuedCompletionStatusEx
PostQueuedCompletionStatus
GetStdHandle
GetConsoleMode
SetConsoleMode
GetConsoleScreenBufferInfo
SetConsoleCursorPosition
FillConsoleOutputCharacterA
FillConsoleOutputAttribute
GetFileInformationByHandleEx
FreeEnvironmentStringsW
ReleaseMutex
FindClose
DeleteProcThreadAttributeList
CompareStringOrdinal
GetLastError
AddVectoredExceptionHandler
SetThreadStackGuarantee
SwitchToThread
Sleep
QueryPerformanceCounter
GetCurrentThread
RtlCaptureContext
GetProcAddress
RtlLookupFunctionEntry
SetLastError
GetCurrentDirectoryW
GetEnvironmentStringsW
GetEnvironmentVariableW
WriteFileEx
SleepEx
ReadFileEx
GetExitCodeProcess
WakeAllConditionVariable
WakeConditionVariable
QueryPerformanceFrequency
HeapAlloc
GetProcessHeap
HeapFree
HeapReAlloc
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
GetModuleHandleA
FindNextFileW
GetFileInformationByHandle
CreateDirectoryW
FindFirstFileW
MoveFileExW
GetFinalPathNameByHandleW
CopyFileExW
GetFileType
GetModuleHandleW
FormatMessageW
SetCurrentDirectoryW
GetFullPathNameW
CreateNamedPipeW
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
MultiByteToWideChar
WriteConsoleW
WideCharToMultiByte
ReadConsoleW
CreateThread
GetSystemTimeAsFileTime
GetTempPathW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
InitializeSListHead
GetCurrentThreadId
IsProcessorFeaturePresent

ntdll

NtCancelIoFileEx
NtCreateFile
NtDeviceIoControlFile
NtReadFile
NtWriteFile
RtlNtStatusToDosError

ws2_32

ioctlsocket
shutdown
recv
send
WSASend
setsockopt
WSAIoctl
WSAGetLastError
WSAStartup
WSACleanup
freeaddrinfo
getaddrinfo
select
connect
bind
WSASocketW
getsockname
getpeername
getsockopt
closesocket

secur32

AcquireCredentialsHandleA
FreeCredentialsHandle
EncryptMessage
DecryptMessage
FreeContextBuffer
AcceptSecurityContext
InitializeSecurityContextW
DeleteSecurityContext
QueryContextAttributesW
ApplyControlToken

crypt32

CertFreeCertificateChain
CertDuplicateCertificateContext
CertVerifyCertificateChainPolicy
CertGetCertificateChain
CertDuplicateCertificateChain
CertCloseStore
CryptStringToBinaryA
CertCreateCertificateContext
CertFreeCertificateContext
CertDuplicateStore
CertEnumCertificatesInStore
CertAddCertificateContextToStore
CertOpenStore

shell32

CommandLineToArgvW

bcrypt

BCryptGenRandom

vcruntime140

__current_exception
__current_exception_context
memmove
memset
__C_specific_handler
memcmp
memcpy
__CxxFrameHandler3

api-ms-win-crt-convert-l1-1-0

_wtoi64

api-ms-win-crt-math-l1-1-0

truncf
trunc
ceil
round
__setusermatherr
pow

api-ms-win-crt-runtime-l1-1-0

_initterm
_get_initial_narrow_environment
_initterm_e
_configure_narrow_argv
exit
_set_app_type
_seh_filter_exe
_exit
__p___argc
__p___argv
_cexit
_c_exit
_initialize_narrow_environment
terminate
_register_thread_local_exe_atexit_callback
_crt_atexit
_register_onexit_function
_initialize_onexit_table

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 709KB - Virtual size: 709KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 106KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8a6f3bd0538156d95aa045be060c1b8c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

ntdll

ws2_32

secur32

crypt32

shell32

bcrypt

vcruntime140

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 709KB - Virtual size: 709KB

.data Size: 12KB - Virtual size: 12KB

.pdata Size: 53KB - Virtual size: 53KB

.rsrc Size: 106KB - Virtual size: 105KB

.reloc Size: 20KB - Virtual size: 20KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 709KB - Virtual size: 709KB

.data
Size: 12KB - Virtual size: 12KB

.pdata
Size: 53KB - Virtual size: 53KB

.rsrc
Size: 106KB - Virtual size: 105KB

.reloc
Size: 20KB - Virtual size: 20KB