nyaa-0[.]5[.]0-x86_64-pc-windows-msvc[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

nyaa-0.5.0-x86_64-pc-windows-msvc.exe
Size

5.2MB
MD5

3ef093ac780f0e47e96c6d951ba9d757
SHA1

595f74125491b6d4ba4803dd4a5652309e18ad43
SHA256

379ee915529a566f53dee8830709083c574c0fc33532f51ce05758ab56c9e25a
SHA512

61a6aa39943e260f2cba18abf8078327b696bc86547ce8f93ae011b63d289e5fd851f8dad8de49c303a976307a08a28b7204745038f7aaf9a53c624330472e57
SSDEEP

49152:p2xsU1KhBDFXSw0ei8wtb5AzS+SGSqRlIQUTUboSoD+yLtmDC9fiDIMyOLMOJ4dp:pMQMyWqsR8DlLMOJkgC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
nyaa-0.5.0-x86_64-pc-windows-msvc.exe

Files

nyaa-0.5.0-x86_64-pc-windows-msvc.exe
.exe windows:6 windows x64 arch:x64

6e70156d8535f6a0ae4d30a79e37bc96

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

\\wsl$\Arch\home\brad\repos\nyaa\target\x86_64-pc-windows-msvc\release\deps\nyaa.pdb

Imports

kernel32

GetOverlappedResult
ReadFile
SetFileCompletionNotificationModes
lstrlenW
WaitForMultipleObjects
SetConsoleCursorInfo
SetConsoleCursorPosition
PostQueuedCompletionStatus
GetQueuedCompletionStatusEx
CreateIoCompletionPort
GetSystemInfo
Sleep
GetModuleHandleA
GetProcAddress
SetConsoleMode
GetConsoleMode
CreateFileW
CreateConsoleScreenBuffer
SetConsoleActiveScreenBuffer
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
FillConsoleOutputCharacterA
FillConsoleOutputAttribute
WriteConsoleW
ReadConsoleInputW
GetNumberOfConsoleInputEvents
SleepConditionVariableSRW
FreeEnvironmentStringsW
DeleteProcThreadAttributeList
CompareStringOrdinal
GetLastError
TryAcquireSRWLockExclusive
SetThreadStackGuarantee
SwitchToThread
WaitForSingleObject
QueryPerformanceCounter
RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry
SetLastError
GetCurrentDirectoryW
GetEnvironmentStringsW
GetEnvironmentVariableW
GetCurrentProcess
ReleaseSRWLockShared
GetCommandLineW
DuplicateHandle
SetFilePointerEx
AcquireSRWLockShared
WriteFileEx
SleepEx
GetExitCodeProcess
WakeAllConditionVariable
WakeConditionVariable
QueryPerformanceFrequency
HeapAlloc
GetProcessHeap
HeapFree
HeapReAlloc
ReleaseMutex
FindClose
GetFileInformationByHandle
GetFileInformationByHandleEx
CreateDirectoryW
FindFirstFileW
GetFinalPathNameByHandleW
CreateEventW
CancelIo
GetCurrentThreadId
GetModuleHandleW
FormatMessageW
GetModuleFileNameW
GetFullPathNameW
GetCurrentProcessId
CreateNamedPipeW
ReadFileEx
GetSystemDirectoryW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
AddVectoredExceptionHandler
MultiByteToWideChar
CreateThread
GetCurrentThread
GetSystemTimeAsFileTime
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetHandleInformation
SetUnhandledExceptionFilter
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetStdHandle
CloseHandle
IsProcessorFeaturePresent

secur32

AcceptSecurityContext
InitializeSecurityContextW
ApplyControlToken
DecryptMessage
EncryptMessage
FreeCredentialsHandle
AcquireCredentialsHandleA
DeleteSecurityContext
FreeContextBuffer
QueryContextAttributesW

ws2_32

setsockopt
WSASend
send
recv
shutdown
getsockopt
getpeername
getsockname
ioctlsocket
connect
bind
WSASocketW
WSAGetLastError
WSAStartup
WSACleanup
freeaddrinfo
getaddrinfo
closesocket
WSAIoctl

crypt32

CertGetCertificateChain
CertVerifyCertificateChainPolicy
CertFreeCertificateContext
CertDuplicateCertificateContext
CertFreeCertificateChain
CertDuplicateCertificateChain
CertEnumCertificatesInStore
CertAddCertificateContextToStore
CertOpenStore
CertCloseStore
CertDuplicateStore

advapi32

RegQueryValueExW
RegOpenKeyExW
SystemFunction036
RegCloseKey

ntdll

NtCreateFile
NtCancelIoFileEx
NtDeviceIoControlFile
NtWriteFile
NtReadFile
RtlNtStatusToDosError

shell32

SHGetKnownFolderPath

ole32

CoTaskMemFree

user32

GetForegroundWindow
ToUnicodeEx
GetKeyboardLayout
GetWindowThreadProcessId

bcrypt

BCryptGenRandom

vcruntime140

__CxxFrameHandler3
memmove
memcpy
memcmp
__current_exception_context
memset
_CxxThrowException
__C_specific_handler
__current_exception

api-ms-win-crt-math-l1-1-0

round
ceilf
__setusermatherr
floor
fmod
pow

api-ms-win-crt-runtime-l1-1-0

_initterm_e
exit
_get_initial_narrow_environment
_initialize_onexit_table
_exit
_register_onexit_function
_initialize_narrow_environment
__p___argc
__p___argv
_cexit
_configure_narrow_argv
_set_app_type
_c_exit
_seh_filter_exe
_register_thread_local_exe_atexit_callback
_crt_atexit
_initterm
terminate

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode

Sections

.text
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 151KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6e70156d8535f6a0ae4d30a79e37bc96

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

secur32

ws2_32

crypt32

advapi32

ntdll

shell32

ole32

user32

bcrypt

vcruntime140

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 3.2MB - Virtual size: 3.2MB

.rdata Size: 1.8MB - Virtual size: 1.8MB

.data Size: 12KB - Virtual size: 12KB

.pdata Size: 151KB - Virtual size: 151KB

.reloc Size: 42KB - Virtual size: 42KB

.text
Size: 3.2MB - Virtual size: 3.2MB

.rdata
Size: 1.8MB - Virtual size: 1.8MB

.data
Size: 12KB - Virtual size: 12KB

.pdata
Size: 151KB - Virtual size: 151KB

.reloc
Size: 42KB - Virtual size: 42KB