cbf892bcba9fbc83dc69929df8d69b814cbbed11a287570ce497eb13d05b8e0f

Sharing

Copy URL Twitter E-mail

General

Target

cbf892bcba9fbc83dc69929df8d69b814cbbed11a287570ce497eb13d05b8e0f
Size

3.4MB
MD5

9fb92d5fa1a8a3414588320af1ff455c
SHA1

6bcb4dfca2b86058115c3217daaad3be977a0c58
SHA256

cbf892bcba9fbc83dc69929df8d69b814cbbed11a287570ce497eb13d05b8e0f
SHA512

f35ea89169e68dba254996cb79e2309770d2ecf0d80583e62523195adc47a32d2389fb65efe7f6c852b7cd81631cd2c5b805c18cd50d61451fee7ae9cae08333
SSDEEP

49152:wHZgy9HptOMCdkZ2z6BMZHdDH9i97v76J65zZYOvLlmkQXY+:iZgYxEdbaj6MEY+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cbf892bcba9fbc83dc69929df8d69b814cbbed11a287570ce497eb13d05b8e0f

Files

cbf892bcba9fbc83dc69929df8d69b814cbbed11a287570ce497eb13d05b8e0f
.exe windows:6 windows x64 arch:x64

384f495f469e6b3ddee8162e0bd0c30f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\tun2proxy\tun2proxy\target\x86_64-pc-windows-msvc\release\deps\tun2proxy.pdb

Imports

advapi32

SystemFunction036

kernel32

TryAcquireSRWLockExclusive
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
GetConsoleMode
SetConsoleMode
GetStdHandle
GetFileType
GetFileInformationByHandleEx
CloseHandle
WaitForSingleObject
CreateSemaphoreA
SetConsoleCtrlHandler
CreateNamedPipeW
GetLastError
WaitForMultipleObjects
SetEvent
CreateEventA
FormatMessageW
LoadLibraryExW
GetProcAddress
FreeLibrary
GetModuleFileNameW
SetThreadErrorMode
ReleaseSemaphore
GetProcessHeap
HeapFree
LoadLibraryExA
HeapAlloc
CreateEventW
ReleaseSRWLockShared
AcquireSRWLockShared
SetHandleInformation
CreateIoCompletionPort
CancelIoEx
ReadFile
GetOverlappedResult
WriteFile
PostQueuedCompletionStatus
GetQueuedCompletionStatusEx
SetFileCompletionNotificationModes
FreeEnvironmentStringsW
ReleaseMutex
FindClose
CompareStringOrdinal
AddVectoredExceptionHandler
SetThreadStackGuarantee
Sleep
GetCurrentProcess
GetCurrentThread
RtlCaptureContext
RtlLookupFunctionEntry
SetLastError
GetCurrentDirectoryW
GetEnvironmentStringsW
GetEnvironmentVariableW
SetEnvironmentVariableW
GetCommandLineW
DuplicateHandle
GetCurrentProcessId
WriteFileEx
SleepEx
ReadFileEx
GetExitCodeProcess
QueryPerformanceCounter
QueryPerformanceFrequency
HeapReAlloc
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
GetModuleHandleA
CreateFileW
GetFileInformationByHandle
FindFirstFileW
GetFinalPathNameByHandleW
CancelIo
GetModuleHandleW
ExitProcess
GetFullPathNameW
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
MultiByteToWideChar
WriteConsoleW
CreateThread
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
InitializeSListHead
GetCurrentThreadId
IsProcessorFeaturePresent

ws2_32

getaddrinfo
freeaddrinfo
WSACleanup
WSAStartup
socket
WSAGetLastError
WSAIoctl
sendto
send
recv
shutdown
ioctlsocket
connect
bind
WSASocketW
closesocket
recvfrom

iphlpapi

GetIfTable2
SetInterfaceDnsSettings
GetAdaptersAddresses
FreeMibTable

ole32

StringFromGUID2
CoCreateGuid
CLSIDFromString

oleaut32

SysStringLen
SysFreeString
GetErrorInfo

bcrypt

BCryptGenRandom

ntdll

NtCreateFile
NtDeviceIoControlFile
NtWriteFile
NtReadFile
RtlNtStatusToDosError
NtCancelIoFileEx

vcruntime140

__current_exception_context
__current_exception
__C_specific_handler
_CxxThrowException
memset
memcmp
memmove
memcpy
__CxxFrameHandler3

api-ms-win-crt-string-l1-1-0

wcslen
strlen

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-runtime-l1-1-0

_initterm
_configure_narrow_argv
_seh_filter_exe
_initterm_e
_initialize_narrow_environment
terminate
_set_app_type
_crt_atexit
_register_onexit_function
_initialize_onexit_table
exit
_exit
__p___argc
__p___argv
_get_initial_narrow_environment
_cexit
_register_thread_local_exe_atexit_callback
_c_exit

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

_set_new_mode
free

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 847KB - Virtual size: 847KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

384f495f469e6b3ddee8162e0bd0c30f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

ws2_32

iphlpapi

ole32

oleaut32

bcrypt

ntdll

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 2.4MB - Virtual size: 2.4MB

.rdata Size: 847KB - Virtual size: 847KB

.data Size: 1KB - Virtual size: 1KB

.pdata Size: 96KB - Virtual size: 96KB

.reloc Size: 17KB - Virtual size: 16KB

.text
Size: 2.4MB - Virtual size: 2.4MB

.rdata
Size: 847KB - Virtual size: 847KB

.data
Size: 1KB - Virtual size: 1KB

.pdata
Size: 96KB - Virtual size: 96KB

.reloc
Size: 17KB - Virtual size: 16KB