Static task
static1
General
-
Target
tor.exe
-
Size
3.0MB
-
MD5
fe7eb54691ad6e6af77f8a9a0b6de26d
-
SHA1
53912d33bec3375153b7e4e68b78d66dab62671a
-
SHA256
e48673680746fbe027e8982f62a83c298d6fb46ad9243de8e79b7e5a24dcd4eb
-
SHA512
8ac6dc5bb016afc869fcbb713f6a14d3692e866b94f4f1ee83b09a7506a8cb58768bd47e081cf6e97b2dacf9f9a6a8ca240d7d20d0b67dbd33238cc861deae8f
-
SSDEEP
49152:5m9/gUvHrLaQ4Dt4PC+3xhae2cQX7E5zNvQIJZW/1h4+o4:MiuLSDt2C+3baAQX7ETQIr+h4+o
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource tor.exe
Files
-
tor.exe.exe windows:4 windows x86 arch:x86
3cd0e3276704041e9fa8d057ded2d924
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
Imports
libevent-2-0-5
evdns_add_server_port_with_base
evdns_base_clear_nameservers_and_suspend
evdns_base_config_windows_nameservers
evdns_base_count_nameservers
evdns_base_new
evdns_base_resolv_conf_parse
evdns_base_resolve_ipv4
evdns_base_resolve_ipv6
evdns_base_resolve_reverse
evdns_base_resolve_reverse_ipv6
evdns_base_resume
evdns_base_search_clear
evdns_base_set_option
evdns_close_server_port
evdns_server_request_add_a_reply
evdns_server_request_add_aaaa_reply
evdns_server_request_add_ptr_reply
evdns_server_request_get_requesting_addr
evdns_server_request_respond
evdns_set_log_fn
evdns_set_random_bytes_fn
evdns_shutdown
event_active
event_add
event_base_get_method
event_base_loop
event_base_loopexit
event_base_new_with_config
event_base_once
event_config_free
event_config_new
event_config_set_flag
event_config_set_num_cpus_hint
event_del
event_free
event_get_version
event_new
event_pending
event_set_log_callback
evutil_secure_rng_add_bytes
evutil_secure_rng_get_bytes
evutil_secure_rng_init
evutil_secure_rng_set_urandom_device_file
advapi32
CryptAcquireContextA
CryptGenRandom
kernel32
CloseHandle
CreateEventA
CreateFileA
CreateFileMappingA
CreatePipe
CreateProcessA
DeleteCriticalSection
EnterCriticalSection
FindClose
FindFirstFileA
FindNextFileA
FormatMessageA
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDiskFreeSpaceExA
GetExitCodeProcess
GetFileSize
GetLastError
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetProcAddress
GetStartupInfoA
GetSystemDirectoryA
GetSystemInfo
GetSystemTimeAsFileTime
GetTickCount
GetVersionExA
GlobalMemoryStatusEx
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
LoadLibraryA
LocalFree
MapViewOfFile
OpenProcess
PeekNamedPipe
QueryPerformanceCounter
QueryPerformanceFrequency
ReadFile
ResetEvent
SetEvent
SetHandleInformation
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
UnmapViewOfFile
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
msvcrt
__dllonexit
__getmainargs
__initenv
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_beginthread
_cexit
_chsize
_endthread
_environ
_errno
_exit
_fmode
_fstati64
_fullpath
_getpid
_getwch
_initterm
_iob
_lock
_locking
_lseek
_onexit
_putch
_snwprintf
_stati64
_stricmp
_strnicmp
atoi
calloc
exit
fclose
feof
fgets
fopen
fprintf
fputs
free
frexp
fwprintf
fwrite
gmtime
islower
isspace
isupper
localeconv
localtime
malloc
memchr
memcmp
memcpy
memmove
memset
mktime
printf
puts
qsort
raise
realloc
rename
signal
strcat
strchr
strcmp
strerror
strftime
strlen
strncmp
strncpy
strrchr
strspn
strstr
strtol
strtoul
_unlock
_vsnprintf
abort
atof
time
vfprintf
wcscpy
_write
_utime
_unlink
_strdup
_read
_open
_mkdir
_getcwd
_fileno
_fdopen
_close
shell32
SHGetMalloc
SHGetPathFromIDListA
SHGetSpecialFolderLocation
libssp-0
__stack_chk_fail
__stack_chk_guard
user32
MessageBoxW
ws2_32
WSACleanup
WSAGetLastError
WSASetLastError
WSAStartup
accept
bind
closesocket
connect
gethostbyname
gethostname
getsockname
getsockopt
htonl
htons
ioctlsocket
listen
ntohl
ntohs
recv
send
setsockopt
socket
libeay32
ASN1_TIME_print
BIO_ctrl
BIO_f_buffer
BIO_free
BIO_new
BIO_new_mem_buf
BIO_new_socket
BIO_next
BIO_number_read
BIO_number_written
BIO_s_mem
BIO_write
BN_bin2bn
BN_bn2bin
BN_bn2hex
BN_clear_free
BN_cmp
BN_copy
BN_dup
BN_hex2bn
BN_mod_word
BN_new
BN_num_bits
BN_set_word
BN_sub_word
BN_to_ASN1_INTEGER
CONF_modules_unload
CRYPTO_THREADID_set_callback
CRYPTO_THREADID_set_numeric
CRYPTO_cleanup_all_ex_data
CRYPTO_free
CRYPTO_num_locks
CRYPTO_set_locking_callback
DH_check
DH_compute_key
DH_free
DH_generate_key
DH_new
DH_size
DH_up_ref
EC_KEY_free
EC_KEY_new_by_curve_name
ENGINE_by_id
ENGINE_cleanup
ENGINE_ctrl_cmd_string
ENGINE_free
ENGINE_get_cipher_engine
ENGINE_get_default_DH
ENGINE_get_default_ECDH
ENGINE_get_default_ECDSA
ENGINE_get_default_RAND
ENGINE_get_default_RSA
ENGINE_get_digest_engine
ENGINE_get_id
ENGINE_get_name
ENGINE_load_builtin_engines
ENGINE_register_all_complete
ENGINE_set_default
ERR_free_strings
ERR_func_error_string
ERR_get_error
ERR_lib_error_string
ERR_load_crypto_strings
ERR_peek_error
ERR_reason_error_string
ERR_remove_thread_state
EVP_CIPHER_CTX_cleanup
EVP_CIPHER_CTX_free
EVP_CIPHER_CTX_new
EVP_EncryptInit
EVP_EncryptUpdate
EVP_PKEY_assign
EVP_PKEY_base_id
EVP_PKEY_bits
EVP_PKEY_cmp
EVP_PKEY_free
EVP_PKEY_get1_RSA
EVP_PKEY_new
EVP_aes_128_ctr
EVP_aes_192_ctr
EVP_aes_256_ctr
EVP_cleanup
EVP_sha1
EVP_sha256
HMAC
OBJ_txt2nid
OPENSSL_add_all_algorithms_noconf
PEM_read_bio_RSAPrivateKey
PEM_read_bio_RSAPublicKey
PEM_write_bio_RSAPrivateKey
PEM_write_bio_RSAPublicKey
PKCS5_PBKDF2_HMAC_SHA1
RAND_SSLeay
RAND_bytes
RAND_get_rand_method
RAND_poll
RAND_seed
RAND_set_rand_method
RAND_status
RSAPrivateKey_dup
RSAPublicKey_dup
RSA_check_key
RSA_free
RSA_generate_key_ex
RSA_new
RSA_private_decrypt
RSA_private_encrypt
RSA_public_decrypt
RSA_public_encrypt
RSA_size
SHA1
SHA1_Final
SHA1_Init
SHA1_Update
SHA256
SHA256_Final
SHA256_Init
SHA256_Update
SHA512
SHA512_Final
SHA512_Init
SHA512_Update
SSLeay
SSLeay_version
X509_NAME_add_entry_by_NID
X509_NAME_free
X509_NAME_new
X509_STORE_add_cert
X509_cmp
X509_cmp_time
X509_dup
X509_free
X509_get_pubkey
X509_get_serialNumber
X509_new
X509_set_issuer_name
X509_set_pubkey
X509_set_subject_name
X509_set_version
X509_sign
X509_time_adj
X509_verify
d2i_RSAPrivateKey
d2i_RSAPublicKey
d2i_X509
i2d_RSAPrivateKey
i2d_RSAPublicKey
i2d_X509
sk_num
sk_value
ssleay32
SSL_CIPHER_find
SSL_CIPHER_get_id
SSL_CIPHER_get_name
SSL_CTX_check_private_key
SSL_CTX_ctrl
SSL_CTX_free
SSL_CTX_get_cert_store
SSL_CTX_new
SSL_CTX_set_verify
SSL_CTX_use_PrivateKey
SSL_CTX_use_certificate
SSL_accept
SSL_connect
SSL_ctrl
SSL_free
SSL_get_current_cipher
SSL_get_error
SSL_get_ex_data
SSL_get_ex_new_index
SSL_get_peer_cert_chain
SSL_get_peer_certificate
SSL_get_rbio
SSL_get_session
SSL_get_wbio
SSL_library_init
SSL_load_error_strings
SSL_new
SSL_pending
SSL_read
SSL_set_bio
SSL_set_cipher_list
SSL_set_ex_data
SSL_set_info_callback
SSL_set_session_secret_cb
SSL_set_verify
SSL_shutdown
SSL_state
SSL_state_string_long
SSL_write
SSLv23_method
zlib1
deflate
deflateEnd
deflateInit2_
inflate
inflateEnd
inflateInit2_
zlibVersion
Sections
.text Size: 2.2MB - Virtual size: 2.2MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 55KB - Virtual size: 55KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 578KB - Virtual size: 577KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.bss Size: - Virtual size: 17KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 13KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.CRT Size: 512B - Virtual size: 52B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 512B - Virtual size: 32B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 87KB - Virtual size: 87KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ