0535c347162bd4656e92eb4876282e1e4c0164fd31115044254cdf4a356b1c34[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

0535c347162bd4656e92eb4876282e1e4c0164fd31115044254cdf4a356b1c34.exe
Size

2.3MB
MD5

8a6135f08e7b30bc4d41774fcbedfec2
SHA1

d4388882fadaf3b3cebc190f121cdea2aba3ac60
SHA256

0535c347162bd4656e92eb4876282e1e4c0164fd31115044254cdf4a356b1c34
SHA512

b5f8d0018a4ab5e88ed7b14b76dbda0854e9c1544248a407d86dbce41cb00f56759fcd6b733025af69aeada0ec2137b05db90602602120831af687cb2513bbb4
SSDEEP

49152:PlIS1EoYydydyDo3e456yMZn/+4eFHTDK:f1EGn/VgHTDK

Score

10^/10

Malware Config

Signatures

Detects executables containing URLs to raw contents of a Github gist 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0535c347162bd4656e92eb4876282e1e4c0164fd31115044254cdf4a356b1c34.exe

Files

0535c347162bd4656e92eb4876282e1e4c0164fd31115044254cdf4a356b1c34.exe
.exe windows:6 windows x86 arch:x86

73540c9a19a7cd429998d2500b6d80c8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Fer\Desktop\examples\imgui-1.89.6\examples\Win32\Release\Yolov.pdb

Imports

xinput1_3

ord2

kernel32

SetConsoleTextAttribute
GetStdHandle
WaitForSingleObject
Module32FirstW
WideCharToMultiByte
GetConsoleWindow
Module32NextW
GetExitCodeProcess
MultiByteToWideChar
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
LoadLibraryA
QueryPerformanceFrequency
GetProcAddress
FreeLibrary
QueryPerformanceCounter
GetModuleHandleW
Process32FirstW
CreateFileW
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
CreateToolhelp32Snapshot
AreFileApisANSI
GetLastError
CloseHandle
Process32NextW
CopyFileA
AcquireSRWLockExclusive
Sleep
GetFileInformationByHandleEx
LocalFree
OpenProcess
TerminateProcess
FormatMessageA
GetLocaleInfoEx
WakeAllConditionVariable
SleepConditionVariableSRW
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
GetCurrentProcess
GetModuleFileNameA
GetCurrentDirectoryW
GetFileAttributesExW
ReleaseSRWLockExclusive

user32

GetClipboardData
SetClipboardData
MessageBoxW
GetAsyncKeyState
EmptyClipboard
GetWindowLongW
PostMessageW
SetWindowPos
CreateWindowExW
UnregisterClassW
RegisterClassExW
DispatchMessageW
PeekMessageW
SetWindowDisplayAffinity
SetLayeredWindowAttributes
TranslateMessage
DefWindowProcW
SetWindowLongW
PostQuitMessage
FindWindowA
UpdateWindow
DestroyWindow
UnregisterClassA
GetKeyState
GetMessageExtraInfo
ScreenToClient
GetCapture
ClientToScreen
TrackMouseEvent
CloseClipboard
OpenClipboard
GetCursorPos
SetCursorPos
ReleaseCapture
IsWindowUnicode
GetClientRect
SetCursor
SetCapture
LoadCursorW
GetForegroundWindow
FindWindowW
ShowWindow

shell32

ShellExecuteW

libcrypto-3

EVP_EncryptInit_ex
EVP_CIPHER_CTX_new
EVP_EncryptFinal_ex
EVP_EncryptUpdate
EVP_CIPHER_CTX_free
EVP_aes_256_cbc
RAND_bytes

libcurl

curl_global_init
curl_easy_init
curl_easy_cleanup
curl_easy_setopt
curl_global_cleanup
curl_easy_strerror
curl_easy_perform

winmm

joyGetDevCapsW
joyGetNumDevs

msvcp140

??0facet@locale@std@@IAE@I@Z
??1facet@locale@std@@MAE@XZ
?_Getcoll@_Locinfo@std@@QBE?AU_Collvec@@XZ
?_Getname@_Locinfo@std@@QBEPBDXZ
??1_Locinfo@std@@QAE@XZ
??0_Locinfo@std@@QAE@HPBD@Z
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?_New_Locimp@_Locimp@locale@std@@CAPAV123@ABV123@@Z
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
??1?$codecvt@_WDU_Mbstatet@@@std@@MAE@XZ
??0?$codecvt@_WDU_Mbstatet@@@std@@QAE@I@Z
?in@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPA_W3AAPA_W@Z
?_Addfac@_Locimp@locale@std@@AAEXPAVfacet@23@I@Z
?_Xbad_function_call@std@@YAXXZ
??0_Locinfo@std@@QAE@PBD@Z
?_Incref@facet@locale@std@@UAEXXZ
?tolower@?$ctype@D@std@@QBEDD@Z
?tolower@?$ctype@D@std@@QBEPBDPADPBD@Z
_Query_perf_frequency
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?uncaught_exceptions@std@@YAHXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPBD@Z
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?_Random_device@std@@YAIXZ
?_Xlength_error@std@@YAXPBD@Z
_Thrd_sleep
_Query_perf_counter
_Xtime_get_ticks
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?good@ios_base@std@@QBE_NXZ
?always_noconv@codecvt_base@std@@QBE_NXZ
??Bid@locale@std@@QAEIXZ
?_Winerror_map@std@@YAHH@Z
?_Syserror_map@std@@YAPBDH@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AA_N@Z
_Strxfrm
?_Xruntime_error@std@@YAXPBD@Z
?_Makeloc@_Locimp@locale@std@@CAPAV123@ABV_Locinfo@3@HPAV123@PBV23@@Z
?_New_Locimp@_Locimp@locale@std@@CAPAV123@_N@Z
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A
?id@?$ctype@_W@std@@2V0locale@2@A
?wcin@std@@3V?$basic_istream@_WU?$char_traits@_W@std@@@1@A
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?id@?$ctype@D@std@@2V0locale@2@A
?id@?$collate@D@std@@2V0locale@2@A
_Strcoll
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??4?$_Yarn@D@std@@QAEAAV01@PBD@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?clear@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAH@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAH@Z
?ignore@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@_JG@Z
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?fail@ios_base@std@@QBE_NXZ
??Bios_base@std@@QBE_NXZ
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?widen@?$ctype@_W@std@@QBE_WD@Z

d3d11

D3D11CreateDeviceAndSwapChain

d3dcompiler_43

D3DCompile

dwmapi

DwmExtendFrameIntoClientArea

imm32

ImmSetCandidateWindow
ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow

vcruntime140

memset
_CxxThrowException
__current_exception_context
__current_exception
strchr
_except_handler4_common
__std_terminate
_purecall
__std_exception_copy
__std_exception_destroy
__CxxFrameHandler3
strstr
memcpy
memchr
memmove

api-ms-win-crt-runtime-l1-1-0

_seh_filter_exe
_set_app_type
_cexit
_get_initial_narrow_environment
_initterm
_initterm_e
_exit
exit
__p___argc
__p___argv
_c_exit
_register_thread_local_exe_atexit_callback
_crt_atexit
system
_controlfp_s
abort
_invalid_parameter_noinfo_noreturn
_register_onexit_function
_configure_narrow_argv
terminate
_initialize_onexit_table
_initialize_narrow_environment

api-ms-win-crt-stdio-l1-1-0

_wfopen
_get_stream_buffer_pointers
ftell
_fseeki64
fread
fsetpos
ungetc
__acrt_iob_func
fseek
setvbuf
fgetpos
fwrite
__stdio_common_vsscanf
__stdio_common_vsprintf
_set_fmode
__p__commode
fgetc
fclose
fflush
__stdio_common_vfprintf
fputc

api-ms-win-crt-heap-l1-1-0

realloc
_set_new_mode
malloc
_callnewh
free

api-ms-win-crt-utility-l1-1-0

rand
srand
qsort

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file
rename
remove

api-ms-win-crt-time-l1-1-0

_time64
_localtime64

api-ms-win-crt-string-l1-1-0

strncpy
_wcsicmp
toupper
strncmp

api-ms-win-crt-convert-l1-1-0

atof

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
___lc_codepage_func

api-ms-win-crt-math-l1-1-0

_CIfmod
_libm_sse2_cos_precise
_libm_sse2_acos_precise
_libm_sse2_sin_precise
_libm_sse2_sqrt_precise
_libm_sse2_pow_precise
ceil
_CIatan2
__setusermatherr

Sections

.text
Size: 426KB - Virtual size: 426KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 520KB - Virtual size: 527KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 373KB - Virtual size: 373KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

73540c9a19a7cd429998d2500b6d80c8

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

xinput1_3

kernel32

user32

shell32

libcrypto-3

libcurl

winmm

msvcp140

d3d11

d3dcompiler_43

dwmapi

imm32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

Sections

.text Size: 426KB - Virtual size: 426KB

.rdata Size: 1.0MB - Virtual size: 1.0MB

.data Size: 520KB - Virtual size: 527KB

.rsrc Size: 373KB - Virtual size: 373KB

.reloc Size: 17KB - Virtual size: 17KB

.text
Size: 426KB - Virtual size: 426KB

.rdata
Size: 1.0MB - Virtual size: 1.0MB

.data
Size: 520KB - Virtual size: 527KB

.rsrc
Size: 373KB - Virtual size: 373KB

.reloc
Size: 17KB - Virtual size: 17KB