thcrap_loader[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

thcrap_loader.exe
Size

58KB
MD5

8ba77bedbfd7e1f031da06ac852d0e49
SHA1

e467e9c9a97e6c5bb3f5d7dfb6315924b4d37f3d
SHA256

3a6fe4426bf5d7a728f452b540a66b9dc09b7a27cfda0371f8761a3e113cb323
SHA512

c620db2fece9cad6da4a1e1f9da1a3f06f382bf33cb7648c5399b7043e27602f68c08a616da886ad33b0c267724ac43fa546013fd732fd3b39a6e28267de8a06
SSDEEP

1536:QsvXQgVYyFSH+2SixEFLz64U9Qy3v+PtXGvvwubTFZ68:QsFSH+2SU9Qy3v+P8vvwMTFz

Score

1^/10

Malware Config

Signatures

Files

thcrap_loader.exe
.exe windows:5 windows x86 arch:x86

d36d89b9230b888b6fc6b62cad78c8f3

Code Sign

17:9e:ac:0a:35:7d:c7:a0:41:b7:8a:a5:20:e9:1e:3f
Certificate

Issuer

CN=Bruno Liron,1.2.840.113549.1.9.1=#0c1262726c69726f6e40686f746d61696c2e6672

Not Before

23/10/2015, 14:17

Not After

31/12/2039, 23:59

Subject

CN=Bruno Liron,1.2.840.113549.1.9.1=#0c1262726c69726f6e40686f746d61696c2e6672

Extended Key Usages

ExtKeyUsageCodeSigning

b9:fe:0a:bd:06:5c:b5:d7:ce:5d:57:9f:c6:25:d6:1c:2f:8c:63:89
Signer

Actual PE Digest

b9:fe:0a:bd:06:5c:b5:d7:ce:5d:57:9f:c6:25:d6:1c:2f:8c:63:89

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

thcrap_loader.pdb

Imports

thcrap

str_slash_normalize_win
json_load_file_report
log_print
json_object_get_string
PROJECT_NAME
json_object_merge
loader_update_with_UI_wrapper
log_printf
log_mboxf
json5_loadb
log_init
runconfig_load
json_object_get_create
globalconfig_get_boolean
globalconfig_init
log_mbox
runconfig_cmdline_get
json_flex_array_get
json_flex_array_size
str_slash_normalize
globalconfig_release
lasterror_str
runconfig_free

shlwapi

PathIsRelativeA
PathAddBackslashA
PathFindExtensionA
PathAppendA

win32_utf8

GetCurrentDirectoryU
PathRemoveFileSpecU
PathIsRelativeU
PathAppendU
win32_utf8_entry
PathAddBackslashU
GetModuleFileNameU
SetCurrentDirectoryU
PathFileExistsU
CreateDirectoryU
RemoveDirectoryU
MoveFileExU
FindFirstFileU
FindNextFileU
DeleteFileU

jansson

json_string_value
json_delete
json_array_size
json_array_get
json_object_set_new
json_object
json_dump_file
json_object_iter
json_string_length
json_object_iter_next
json_string
json_array_append_new
json_object_iter_value
json_object_iter_key
json_object_get

kernel32

TerminateProcess
GetCurrentProcess
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleW
GetFileAttributesA
FindClose
GetLastError
GetCurrentDirectoryW
AreFileApisANSI

msvcp140

?_Xlength_error@std@@YAXPBD@Z
?_Winerror_message@std@@YAKKPADK@Z
?_Execute_once@std@@YAHAAUonce_flag@1@P6GHPAX1PAPAX@Z1@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Syserror_map@std@@YAPBDH@Z
?_Winerror_map@std@@YAHH@Z
?_Xbad_function_call@std@@YAXXZ

vcruntime140

_CxxThrowException
__std_terminate
memmove
_except_handler4_common
memcpy
strchr
__std_exception_copy
__std_exception_destroy
__CxxFrameHandler3
memset

api-ms-win-crt-heap-l1-1-0

_callnewh
free
malloc
_set_new_mode

api-ms-win-crt-string-l1-1-0

strncmp
_strdup
_stricmp

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_initialize_onexit_table
_register_onexit_function
_c_exit
terminate
_cexit
_exit
_invalid_parameter_noinfo_noreturn
exit
_controlfp_s
_seh_filter_exe
_set_app_type
_crt_atexit
_configure_wide_argv
_initialize_wide_environment
_get_wide_winmain_command_line
_initterm
_initterm_e

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
___lc_codepage_func

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

Sections

.text
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 736B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d36d89b9230b888b6fc6b62cad78c8f3

Code Sign

17:9e:ac:0a:35:7d:c7:a0:41:b7:8a:a5:20:e9:1e:3fCertificate

Extended Key Usages

b9:fe:0a:bd:06:5c:b5:d7:ce:5d:57:9f:c6:25:d6:1c:2f:8c:63:89Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

thcrap

shlwapi

win32_utf8

jansson

kernel32

msvcp140

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

Sections

.text Size: 37KB - Virtual size: 37KB

.rdata Size: 13KB - Virtual size: 13KB

.data Size: 1024B - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 736B

.reloc Size: 2KB - Virtual size: 2KB

17:9e:ac:0a:35:7d:c7:a0:41:b7:8a:a5:20:e9:1e:3f
Certificate

b9:fe:0a:bd:06:5c:b5:d7:ce:5d:57:9f:c6:25:d6:1c:2f:8c:63:89
Signer

.text
Size: 37KB - Virtual size: 37KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 736B

.reloc
Size: 2KB - Virtual size: 2KB