rustup-init[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

rustup-init.exe
Size

8.2MB
MD5

b41bba88051691d3038e7c7cad44cd48
SHA1

ffd0dba9a1901022e0c73001a024186076a60fa4
SHA256

365d072ac4ef47f8774f4d2094108035e2291a0073702db25fa7797a30861fc9
SHA512

a8c62860e89af6127254aa9901e5cf970bb29a31430e5030a07a37805a88c8eee18f6c28bda5f872cc06743b3000c78778429da2e844075df71a5424b8b66cbc
SSDEEP

98304:QKuggmFI9hZTJE49bt/9l9w7R1l4B21tg2+QHVh:JhIzo4Rl9w7Ll20/p

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
rustup-init.exe

Files

rustup-init.exe
.exe windows:6 windows x64 arch:x64

519de239f0e35036320070bb67e8af3b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\rustup\rustup\target\x86_64-pc-windows-msvc\release\deps\rustup_init.pdb

Imports

ntdll

NtDeviceIoControlFile
RtlLookupFunctionEntry
RtlCaptureContext
NtCancelIoFileEx
NtCreateFile
RtlVirtualUnwind
VerSetConditionMask
RtlNtStatusToDosError
RtlUnwind
RtlInitUnicodeString
RtlPcToFileHeader
RtlUnwindEx

kernel32

QueryPerformanceCounter
QueryPerformanceFrequency
GetCurrentProcess
IsProcessInJob
QueryInformationJobObject
SetFileInformationByHandle
SwitchToThread
LCMapStringW
CompareStringW
GetTimeFormatW
GetQueuedCompletionStatusEx
TryAcquireSRWLockExclusive
CreateIoCompletionPort
SetFileCompletionNotificationModes
GetDateFormatW
GetFullPathNameW
FlsFree
GetModuleHandleW
SleepConditionVariableSRW
WakeConditionVariable
WakeAllConditionVariable
GetSystemInfo
DeviceIoControl
GetConsoleScreenBufferInfo
GetStdHandle
FlsSetValue
FlsGetValue
FlsAlloc
OutputDebugStringW
GetConsoleOutputCP
GetCommandLineA
WriteFile
FreeLibraryAndExitThread
ExitThread
FindClose
FindNextFileW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetDriveTypeW
GetModuleHandleExW
AcquireSRWLockShared
GetFileType
ReleaseSRWLockShared
LoadLibraryExW
CreateFileA
SetConsoleCursorPosition
FillConsoleOutputCharacterW
FillConsoleOutputAttribute
SetConsoleTextAttribute
SetInformationJobObject
CreateJobObjectW
AssignProcessToJobObject
SetConsoleCtrlHandler
FlushFileBuffers
DeleteFileW
GetModuleHandleA
CreateDirectoryW
CreateFileW
WaitForSingleObject
TerminateProcess
GetExitCodeProcess
SleepEx
GetFileAttributesExW
RemoveDirectoryW
Sleep
SetFilePointerEx
MoveFileExW
DuplicateHandle
GetFileInformationByHandleEx
GetConsoleMode
SetStdHandle
GetNativeSystemInfo
HeapReAlloc
TlsFree
GetFileInformationByHandle
CreateToolhelp32Snapshot
Process32First
Process32Next
OpenProcess
GetLastError
SetThreadStackGuarantee
AddVectoredExceptionHandler
TlsSetValue
GetCurrentThread
WriteConsoleW
SetLastError
GetCurrentDirectoryW
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
ReleaseMutex
GetEnvironmentVariableW
FormatMessageW
GetTempPathW
GetModuleFileNameW
GetCommandLineW
GetFinalPathNameByHandleW
FindFirstFileW
ReadConsoleW
HeapSize
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
CompareStringOrdinal
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
CreateNamedPipeW
CreateThread
WriteFileEx
WaitForMultipleObjects
GetOverlappedResult
CreateEventW
CancelIo
ReadFile
ExitProcess
GetSystemTimeAsFileTime
CreateHardLinkW
CopyFileExW
SetHandleInformation
ReleaseSRWLockExclusive
EncodePointer
RaiseException
PostQueuedCompletionStatus
GlobalMemoryStatusEx
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetCurrentThreadId
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetTickCount
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
GetCurrentProcessId
GetProcAddress
GetSystemDirectoryA
FreeLibrary
AcquireSRWLockExclusive
CloseHandle
HeapFree
MultiByteToWideChar
WideCharToMultiByte
MoveFileExA
HeapAlloc
GetProcessHeap
SetEndOfFile
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetEnvironmentVariableW
GetStringTypeW
GetTimeZoneInformation
GetEnvironmentVariableA
VerifyVersionInfoW
GetFileSizeEx
ReadFileEx

advapi32

SystemFunction036
RegDeleteTreeW
RegSetValueExW
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
RegDeleteValueW
RegCreateKeyExW
OpenProcessToken

ole32

CoInitializeEx
CoCreateInstance

oleaut32

SysStringLen
SysFreeString

crypt32

CertGetEnhancedKeyUsage
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertFindExtension
CertFindCertificateInStore
CryptStringToBinaryA
CryptDecodeObjectEx
PFXImportCertStore
CertVerifyCertificateChainPolicy
CertFreeCertificateChain
CertGetCertificateChain
CertDuplicateStore
CertAddCertificateContextToStore
CertEnumCertificatesInStore
CertFreeCertificateContext
CertDuplicateCertificateContext
CertCloseStore
CertOpenStore
CertDuplicateCertificateChain

ws2_32

bind
WSAIoctl
ioctlsocket
recv
send
WSASend
WSACloseEvent
WSACreateEvent
shutdown
connect
WSAEnumNetworkEvents
WSAEventSelect
WSAResetEvent
getsockopt
closesocket
getsockname
WSAGetLastError
getpeername
WSACleanup
WSASocketW
WSAWaitForMultipleEvents
WSASetLastError
freeaddrinfo
ntohs
setsockopt
WSAStartup
htons
__WSAFDIsSet
select
accept
htonl
socket
listen
getaddrinfo

shell32

SHGetFolderPathW
ShellExecuteW

bcrypt

BCryptGenRandom

secur32

FreeContextBuffer
DeleteSecurityContext
EncryptMessage
FreeCredentialsHandle
ApplyControlToken
AcceptSecurityContext
InitializeSecurityContextW
QueryContextAttributesW
DecryptMessage
AcquireCredentialsHandleA

user32

SendMessageTimeoutA

userenv

GetUserProfileDirectoryW

Sections

.text
Size: 5.7MB - Virtual size: 5.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 231KB - Virtual size: 231KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

519de239f0e35036320070bb67e8af3b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntdll

kernel32

advapi32

ole32

oleaut32

crypt32

ws2_32

shell32

bcrypt

secur32

user32

userenv

Sections

.text Size: 5.7MB - Virtual size: 5.7MB

.rdata Size: 2.2MB - Virtual size: 2.2MB

.data Size: 6KB - Virtual size: 12KB

.pdata Size: 231KB - Virtual size: 231KB

_RDATA Size: 512B - Virtual size: 348B

.reloc Size: 46KB - Virtual size: 45KB

.text
Size: 5.7MB - Virtual size: 5.7MB

.rdata
Size: 2.2MB - Virtual size: 2.2MB

.data
Size: 6KB - Virtual size: 12KB

.pdata
Size: 231KB - Virtual size: 231KB

_RDATA
Size: 512B - Virtual size: 348B

.reloc
Size: 46KB - Virtual size: 45KB